Saturday, November 11, 2017

Another Equifax update.
Equifax faces hundreds of class-action lawsuits and an SEC subpoena over the way it handled its data breach
Equifax, the credit reporting firm, is facing more than 240 class-action lawsuits from consumers — in addition to suits from shareholders and financial institutions — over the way it handled a massive data breach that affected 145.5 million Americans.

Google says hackers steal almost 250,000 web logins each week
Looking at cybercriminal black markets and public forums, the company found millions of usernames and passwords stolen directly through hacking. It also uncovered billions usernames and passwords indirectly exposed in third-party data breaches.
For one year, Google researchers investigated the different ways hackers steal personal information and take over Google accounts. Google published its research, conducted between March 2016 and March 2017, on Thursday.
… "One of the interesting things [we found] was the sheer scale of information on individuals that's out there and accessible to hijackers," Kurt Thomas, security researcher at Google told CNN Tech.
Even if someone has no malicious hacking experience, he or she could find all the tools they need on criminal hacker forums.

Now here’s a market I clearly don’t understand.
Sex toy company admits to recording users' remote sex sessions, calls it a 'minor bug'
I have some news: the Internet of Things is a mess. A hacked refrigerator sounds slightly scary, but a vibrator-controlling app that records all your sex sounds and stores them on your phone without your knowledge? That's way worse.
Today, a Reddit user pointed out that Hong Kong-based sex toy company Lovense's remote control vibrator app (Lovense Remote) recorded a use session without their knowledge. An audio file lasting six minutes was stored in the app's local folder. The users says he or she gave the app access to the mic and camera but only to use with the in-app chat function and to send voice clips on command — not constant recording when in use. Other users confirmed this app behavior, too.

Perspective. Some of my students don’t understand how companies like Lyft can operate for years without making a profit.
Lyft Set to Claim Third of U.S. Market in 2017, Document Shows
… A major investor is projecting Lyft will have boosted its share of U.S. ride-hailing business some 61 percent by the end of the year, climbing to about a third of the market. The gains come as market-leader Uber’s reputation is in tatters following a string of scandals that culminated with the resignation of its chief executive officer in June.
… The document shows that Lyft projected it would escape the red for the first time next year. The San Francisco-based company was forecasting that its earnings, excluding expenses such as taxes and interest, would increase to $500 million in 2019 and $1 billion in 2020. However, Lyft has been spending at a faster rate than expected to take advantage of Uber’s weaker position and now is telling investors the company won’t break even by the end of next year, said the people who asked not to be identified discussing private financial information.
This year, Lyft is on pace for $1.5 billion in net revenue -- the amount of money it generates after paying drivers -- on losses of $400 million, according to the document, which was prepared at the end of the second quarter.

Never admit a failure.
Russia named as likely source of Europe radioactivity spike
An apparent accident at a Russian facility is suspected of causing a recent spike in radioactivity in the air over much of Europe, according to a report by France’s nuclear safety agency.

Now that the tour is over, time to start planning his campaign? I think Mark believes that Facebook’s image is his image.
Facebook will teach the unemployed digital/social media skills in 30 cities
Whether it’s to “bring the world closer together” or improve its public image, Facebook today announced Community Boost. Facebook tells me it’s investing tens of millions of dollars into the program that will travel to 30 cities around the U.S. in 2018. It will teach digital job skills to the unemployed, internet literacy to those just getting online, startup methodology to entrepreneurs and customer growth to small business owners.
Unsurprisingly, though, all these skills revolve around Facebook, which Facebook clearly thinks is the key to a better life. Stops on the tour include Houston, St. Louis, Albuquerque, Des Moines and Greenville, South Carolina — which are conspicuously all red states that voted for Trump in the 2016 election. Perhaps Facebook hopes to reduce unemployment that led to the dissatisfaction with current political systems which landed us Trump.

Try them. You might like one or two.

Friday, November 10, 2017

We only do that if we want the data to be secure.
Equifax ex-CEO: Hacked data wasn't encrypted
Customer data that was compromised during a massive breach of Equifax's systems was not encrypted, the company's ex-CEO told a congressional committee Tuesday.
During a three-hour hearing before the House Energy and Commerce Committee, Richard Smith blamed the massive hack on a combination of failed technology and human error. [Neither excuse explains why nothing was encrypted. Bob]
… Then, responding to a question from Rep. Adam Kinzinger, R-Illinois, Smith said the data was "not encrypted."

Something for my Computer Security students to consider.
Marissa Mayer had one alarming takeaway from Yahoo’s massive data breach
Marissa Mayer, the former CEO of Yahoo, testified Wednesday before the Senate Commerce Committee that Yahoo has “not been able to determine who perpetuated the 2013 breach” that its parent company Verizon said affected nearly all of the company’s three billion user accounts.
“To this day, we have still not been able to identify the intrusion that led to the attack,” Mayer said. Yahoo had a separate data breach in 2014, which the Justice Department in March said was the work of Russian government spies. That breach impacted some 500 million Yahoo accounts.
The testimony that Yahoo doesn’t know who instigated the 2013 breach was “more than a little disconcerting,” said Rick McElroy, a security strategist at the firm Carbon Black. The incidence of two breaches in such quick succession shows “a long period of time with no knowledge of what was happening when with their systems,” McElroy said.
What’s more, Mayer’s testimony also showed that companies are essentially competing in an arms race against bad actors, said Jeff Dennis, a managing partner and lead in the cybersecurity practice of Newmeyer & Dillion, a law firm based in Newport Beach, Calif. “Even Yahoo’s allegedly robust defenses were not enough in a fight with a foreign nation state, to ward off this type of attack,” he said.

Arming my Computer Security students.

I should use these more…
Comparison of Screencasting Tools
Screencasting is a fast and easy way to capture what is happening on your screen along with your voice or video of you speaking. Teachers can use screencasts to create self-paced lessons for students, tutorials, and supplements to sub plans. Students can use screencasting to tell stories or demonstrate their understanding of a topic or concept. There really are no limitations on screencasting can be used in schools.
The are quite a few screencasting apps available and sometimes it is difficult to figure out which one to use. My advice is to try out a couple of different ones to see which one you are most comfortable with. All of these are free and some allow you to access additional features for no additional cost by referring friends and colleagues. All of them work nearly the same way.
This chart compares Screencastify, Screencast-o-matic, Nimbus, Soapbox, and Loom.

Thursday, November 09, 2017

More on the Equifax debacle.
Equifax says it owns all its data about you – really!
by Sabrina I. Pacifici on Nov 8, 2017
Senate Commerce Committee Hearing – Protecting Consumers in the Era of Major Data Breaches – November 8, 2017: “…“Massive data breaches have touched the vast majority of American consumers,” said [Senator John] Thune [R- S.D.]. “When such breaches occur, urgent action is necessary to protect sensitive personal information. This hearing will give the public the opportunity to hear from those in charge, at the time major breaches occurred and during the subsequent response efforts, at two large companies who lost personal consumer data to nefarious actors.”
Washington Post – “The hearing into the data breaches — the fifth so far — featured testimony from current and former officials from Equifax, Yahoo and Verizon, and added to the uproar about the company’s policies and its response to the breach. In one notable exchange, Sen. Catherine Cortez Masto (D-Nev.) asked the interim chief executive officer of Equifax, Paulino do Rego Barros, why consumers do not have a say in opting in or out of the company’s data collection. “This is part of the way the economy works,” Barros said. But he was swiftly interrupted. “The consumer doesn’t have a choice, sir. The consumer does not have a choice on the data that you’re collecting,” Masto said…” [emphasis added]
See also – Testimony and Statement for the Record of Bruce Schneier, Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School Fellow, Berkman Center for Internet and Society at Harvard Law School. Hearing on “Securing Consumers’ Credit Data in the Age of Digital Commerce” Before the Subcommittee on Digital Commerce and Consumer Protection Committee on Energy and Commerce United States House of Representatives. 1 November 2017.

A source of common (if not always the best) practices.
The Building Security In Maturity Model (BSIMM, pronounced “bee simm”) is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variations that make each unique.
BSIMM is not a how-to guide, nor is it a one-size-fits-all prescription. Instead, it is a reflection of software security.

Another legal wrangle, and an indication of poor crime scene procedure when phones are involved.
The FBI can't figure out how to unlock the Texas church shooter's iPhone, and Apple has offered help
Another fight between Apple and the FBI is brewing, this time over an iPhone reportedly used by Devin Patrick Kelly, the man who went on a shooting rampage on Sunday that left 26 people dead at a church in Sutherland Springs, Texas.
In a press conference on Tuesday, the FBI said it hadn't been able to access data on a phone used by the gunman. The Washington Post identified the phone as an iPhone.
… Apple told Business Insider that it contacted the FBI after it saw the press conference on Tuesday.
"Our team immediately reached out to the FBI after learning from their press conference on Tuesday that investigators were trying to access a mobile phone. We offered assistance and said we would expedite our response to any legal process they send us," an Apple representative said in a statement.
… The Apple representative went on to confirm that law enforcement had not yet asked for any help from Apple accessing data on Kelley's phone.
The implication is that had law enforcement contacted Apple sooner, it would have received tips and guidance that could have helped it preserve access to the data on Kelley's phone.
For example, as a security measure, the fingerprint sensor on iPhones won't work if the user hasn't used it in the past 48 hours. That suggests that for the two days after the rampage and after Kelley's death, but before the press conference, law enforcement could have used Kelley's actual finger or a copy of his fingerprint to access his phone.

Can I be anonymous anywhere?
Okay, this is the kind of ruling I especially dislike. reports:
Glassdoor Inc., the online job-review site, must comply with a federal grand jury subpoena that seeks identifying information about anonymous users of the website, a federal appeals court ruled Wednesday in rejecting the company’s privacy claims.
A panel of the U.S. Court of Appeals for the Ninth Circuit upheld an Arizona trial judge who had denied Glassdoor’s effort to quash the grand jury subpoena. The government is seeking information about eight users who posted anonymous reviews about a federal health care contractor under investigation for fraud.
San Francisco-based Glassdoor, represented by a team from Perkins Coie, argued that complying with the subpoena would violate its users’ First Amendment rights to anonymous free speech and to associate privately with a group, a concept known as “associational privacy.”
And no, I still have no resolution on a grand jury subpoena issued to Twitter for my details and the details of a few lawyers because we were all tagged with an emoji in a tweet by Justin Shafer. Shafer has been charged with cyberstalking an FBI agent in Dallas. I was not even in any conversation with Shafer on Twitter, but for reasons known only to him, he added me to a conversation and tweeted a smiley to me and others. No words. just a smiley. And this justifies a grand jury trying to unmask me on Twitter? Wow….

Once considered a boon to democracy, social media have started to look like its nemesis
The Economist – “…Looking at the role that social media have played in politics in the past couple of years, it is the fake-news squalor of Gamergate, not the activist idealism of the Euromaidan, which seems to have set the tone. In Germany the far-right Alternative for Germany party won 12.6% of parliamentary seats in part because of fears and falsehoods spread on social media, such as the idea that Syrian refugees get better benefits than native Germans. In Kenya weaponised online rumours and fake news have further eroded trust in the country’s political system….”

Perspective. Companies will spend a lot of money to protect a monopoly.
Sorry, Comcast: Voters say “yes” to city-run broadband in Colorado
… Fort Collins voters said "yes" to a ballot question that gives the city council permission "to establish a telecommunications utility to provide broadband services," The Coloradoan wrote.
… The anti-municipal broadband group, called "Priorities First Fort Collins," spent $451,000 campaigning against the broadband network ballot question. Priorities First Fort Collins received nearly all of its funding from the Colorado Cable Telecommunications Association and a group run by the city's chamber of commerce. Comcast is a member of both groups that funded the anti-municipal broadband campaign, while CenturyLink is a member of the chamber.
The pro-municipal broadband group in Fort Collins, the Fort Collins Citizens Broadband Committee, spent less than $10,000 in the campaign.
… Colorado has a state law requiring municipalities to hold referendums before they can provide cable, telecom, or broadband service. Yesterday, voters in Eagle County and Boulder County authorized their local governments to build broadband networks, "bringing the total number of Colorado counties that have rejected the state law to 31—nearly half of the state's 64 counties," Motherboard wrote today.
Another 16 municipalities also voted to opt out of that Colorado law yesterday.

Perspective. Note that the police officers are writing paper tickets – isn’t there an App for that?
Human at fault in accident with Las Vegas driverless shuttle
The driverless electric shuttle bus that made its debut downtown Wednesday was involved in a minor accident in its first few hours of service, but the human driver of the other vehicle was at fault, police said.
… Police determined that the shuttle came to a stop when it sensed the truck was trying to back up. However, the truck continued to back up until its tires touched the front of the shuttle.
The truck’s driver was cited for illegal backing.

Why Waiting for Perfect Autonomous Vehicles May Cost Lives
Some people think autonomous vehicles must be nearly flawless before humans take their hands off the wheel. But RAND research shows that putting AVs on the road before they’re perfect improves the technology more quickly—and could save hundreds of thousands of lives over time.

Better get that fence up quick! {Does the agent in this picture have a hand grenade clipped to his vest?}
Border Patrol losing agents faster than it can hire them
The U.S. Border Patrol is losing agents faster than it can hire them, according to a new audit released Wednesday that said competition with other federal law enforcement and the difficulty of passing a polygraph test have sapped the agency of nearly 2,000 agents it’s supposed to have.
More than 900 agents leave each year on average but the Border Patrol only hires an average of 523 a year, the Government Accountability Office said in a broad survey of staffing and deployment challenges at the key border law enforcement agency.

For history buffs.
Abraham Lincoln Papers Now Available in Full Color Online
Library of Congress: “The papers of Abraham Lincoln (1809-1865), lawyer, representative from Illinois, and sixteenth president of the United States, contain approximately 40,550 documents dating from 1774 to 1948, although most of the collection spans from the 1850s through Lincoln’s presidency (1861-1865). Roughly half of the collection, more than 20,000 documents, comprising 62,000 images, as well as transcriptions of approximately 10,000 documents, is online.
… Treasures in the collection include Lincoln’s first and second inaugural addresses, his preliminary draft of the Emancipation Proclamation, the two earliest known copies of the Gettysburg Address (the Nicolay and Hay copies), his August 23, 1864, memorandum expressing his expectation of being defeated for re-election in the upcoming presidential contest, and a condolence letter written to Mary Todd Lincoln by Queen Victoria following the assassination of Abraham Lincoln in 1865. The Lincoln Papers are characterized by a large number of correspondents, including friends and associates from Lincoln’s Springfield days, well-known political figures and reformers, and local people and organizations writing to their president…”

Anything to get rid of help my students!
Resume Assistant” uses LinkedIn’s data to make Word a better résumé builder
Writing and updating your résumé is a task that few of us enjoy. Microsoft is hoping to make it a little less painful with a new feature coming to Word called Resume Assistant.
Resume Assistant will detect that you're writing a résumé and offer insights and suggestions culled from LinkedIn.
… The feature will also show job openings that are suitable for your résumé directly within Word, putting résumé writers directly in contact with recruiters.
… The Resume Assistant will become available to Office 365 users that have opted in to the Insider early access program on Thursday. ... Microsoft will then roll it out to other Office 365 users more broadly over the next few months.

Wednesday, November 08, 2017

So many fail to protect their data that Amazon is now checking how they set up security. Still not making “best practices” the default. I wonder why?
New tools help could help prevent Amazon S3 data leaks
If you do a search for Amazon S3 breaches due to customer error of leaving the data unencrypted, you’ll see a long list that includes a DoD contractor, Verizon (the owner of this publication) and Accenture, among the more high profile examples. Today, AWS announced a new set of five tools designed to protect customers from themselves and ensure (to the extent possible) that the data in S3 is encrypted and safe.
For starters, the company is giving the option of default encryption. [But not encryption by default? Forcing the client to override “best practice” Bob]
… Amazon is putting a signal front and center on the administrative console that warns admins with a prominent indicator next to each S3 bucket that has been left open to the public. [But not private by default? Bob]
… Finally, should all else fail, there is a report, which includes the encryption status of each object in S3. Of course, you have to read it, but it’s there as an additional tool in the battle against human error. [No doubt the Auditors will want a copy. Bob]

My Computer Security students have been discussing how to hack an election.
The Computer Scientist Who Prefers Paper
Barbara Simons believes there is only one safe voting technology.

This can’t be right. There are a few hundred questions I might ask before I would consider recommending this. Why not have the “hash” created on the victim’s computer? Will they accept video from children? Won’t a man-in-the-middle attack siphon off every photo or video?
Facebook’s unorthodox new revenge porn defense is to upload nudes to Facebook
Facebook is testing a new preemptive revenge porn defense in Australia that may, at first blush, feel counterproductive: uploading your nude photos or videos directly to Messenger. According to the Australia Broadcasting Corporation, Facebook has partnered with the office of the Australian government’s e-Safety Commissioner, which works primarily to prevent the online abuse of minors, to develop the new system for combating the nonconsensual sharing of explicit media.
By uploading the images or videos you fear may be shared in the future in an attempt to shame or harass you online, Facebook can digitally “hash” the media, effectively giving it a digital footprint. This allows the social network to track the media using the same artificial intelligence-based technologies it uses in its photo and face matching algorithms, and then prevent it from being uploaded and shared in the future. This works only if you’re in possession of the original file, but it would seem to bypass any attempts from a malicious third party to alter the metadata by analyzing and tagging the actual content of the image or video.
Facebook first implemented a similar, although less preemptive, mechanism for preventing the proliferation of revenge porn back in April, with the implementation of a photo-matching system to prevent the spread of images that have already been reported and taken down. The company has also liberally banned accounts for revenge porn activities. But now Facebook seems to be asking users to think ahead and play it safe if they feel particularly vulnerable, which could be the case in a relationship that becomes abusive over time or only after it’s ended.

Facebook doesn’t just know too much about you — it allows other people to know too much about you! The social network’s privacy settings are so complicated that we managed to write a 4,500-word guide about them and still didn’t manage to cover everything.
Did you know you can use a secret URL to see the entire Facebook history of any two people on the network? (For people you aren’t friends with, it’ll only show their publicly-available interactions.)

(Related) Maybe this social media stuff is really hard? How would you do it?
Facebook's fake news experiment backfires
A Facebook test that promoted comments containing the word fake to the top of news feeds has been criticised by users.
The trial, which Facebook says has now concluded, aimed to prioritise "comments that indicate disbelief".
It meant feeds from the BBC, the Economist, the New York Times and the Guardian all began with a comment mentioning the word fake.
The test, which was visible only to some users, left many frustrated.
The comments appeared on a wide range of stories, from ones that could be fake to ones that were clearly legitimate. The remarks, which would appear at the top of the comments section, came from a variety of people but the one thing that they had in common was the word fake.
"Clearly Facebook is under enormous pressure to tackle the problem of fake news, but to question the veracity of every single story is preposterous," said Jen Roberts, a freelance PR consultant.
"Quite the reverse of combating misinformation online, it is compounding the issue by blurring the lines between what is real and what isn't. My Facebook feed has become like some awful Orwellian doublethink experiment."

Finding “acceptable” reasons for intensive surveillance?
Mobile phone tracking data 'could replace census questions'
Thousands of people have had their movements tracked by the Office for National Statistics to see if they can find out where they live and work.
The ONS is trying to build up a picture of people's daily commute - something it normally asks about in the census.
Mobile phones create a record of every location visited by the user if the phone is switched on.
The experiment ... tracked where phones were overnight, to work out where users lived, and where they travelled during the day, which was assumed to be their place of work.
… The census has been carried out every 10 years since 1801, with the exception of 1941, to provide a snapshot of the size of the country's population and details about how people live and work.
But the government wants the next census, in 2021, to be the final one to be carried out using the traditional paper-based questionnaire method.

If it is really needed, I’m sure the FBI can hire the same firm that cracked the phone used in the San Bernardino attack. They should already know who he called or received calls from.
FBI can’t unlock Texas shooter’s phone

Moving too quickly into unfamiliar tech areas could also be dangerous. I like the idea of shared security though.
Deutsche Bank's CEO Hints at Thousands of Job Cuts
Deutsche Bank CEO John Cryan dropped his clearest hint about the scale of his planned slash-and-burn exercise at Germany’s biggest lender.
“We employ 97,000 people,” Cryan told the Financial Times. “Most big peers have more like half that number.”
Cryan has warned repeatedly that technology will allow big savings across his sprawling empire, and recent media reports suggest he’s under increasing pressure from shareholders to deliver, having also suspended the bank’s regular dividend.
… “We’re too manual, which can make you error-prone and it makes you inefficient. There’s a lot of machine learning and mechanisation that we can do,” Cryan said.
… Cryan told the FT that further branch closures and cooperation with rivals in the area of crime prevention and detection were also areas where savings can be made. “Every bank at the moment has a huge and burgeoning department of people who are doing the same stuff,” he said. “It’s not a source of competitive advantage and you’re exposed to making your own mistakes.

Tuesday, November 07, 2017

“They’re going to cut off my Netflix? Oh the horror!”
How to Spot the Netflix Email Scam Hitting Millions of Subscribers
A new phishing email scam is targeting millions of Netflix subscribers. The email scam is designed to trick Netflix users into thinking their accounts are in danger of suspension, which means that any subscribers worried about having their latest Stranger Things binge interrupted could be in danger of falling prey to a scheme seeking their personal and credit card information.
According to Deadline, the new scam has already targeted roughly 110 million Netflix subscribers with phishing emails disguised as official correspondence from Netflix warning users that their accounts could be suspended if their billing information is not updated. The emails include a link to a fake Netflix page that asks users to enter log-in details and, eventually, updated personal and billing information.

The ethics of reporting the details of stolen data seem to depend on how interesting it is.
Hack of Global Law Firm Appleby Exposes Rich and Famous
Following the huge 2016 leak of documents stolen from Panamanian firm Mossack Fonseca (aka, the Panama Papers), the expected analyses of documents stolen more recently from the Appleby law firm (aka, the Paradise Papers) has begun. The route is the same in both cases -- the German newspaper Suddeutsche Zeitung obtained the stolen documents from an anonymous source (possibly the hacker, or via a third party), and passed them to the International Consortium of Investigative Journalists (ICIJ).
The ICIJ then worked with 95 media partners to explore a total of 13.4 million documents comprising those stolen from Appleby together with other documents from the smaller family-owned trust company, Asiaciti, and from company registries in 19 secrecy jurisdictions.
"While the mechanics of the breach itself have yet to be revealed, this was clearly a targeted attack," comments Mark Sangster, VP and industry security strategist at eSentire. "Appleby took appropriate response steps in notifying their clients; but you can't insure [against] this. This class of events demonstrates why law firms must protect their clients' confidential information. No amount of cyber insurance, data back strategies, nor business continuity planning can ever put this genie back in the bottle."
Incident response is relatively meaningless if no incident is detected -- or not, as in this case, detected until too late.

For my Computer Security students.
Windows 10: If you want a highly secure device, follow these rules, says Microsoft
Microsoft has released a new document explaining the minimum hardware and firmware requirements to create a "highly secure" Windows 10 device.
… "Systems must be on the latest, certified silicon chip for the current release of Windows," Microsoft notes on the issue of processor generations.
… The processor must have a 64-bit architecture,

(Related) Arguments my student will hear.
The Myth of Security Enabling Your Business
Every year there are reports and surveys which make the case that security inhibits innovation, productivity and generally holds businesses back. I am not going to argue with that sentiment. Security requires that things are done in a certain manner, which can act as a constraint on wanting to do things a different way. What I do want to address is the notion that this is the case because security people just don’t get business. It’s actually the reverse – businesses do not get security. And this misconception is based on several fallacies, false beliefs and myths.
The first myth is that security is an add-on cost.
The second myth is that security can be bolted on after the fact.
The greatest myth of all is that security people should make security easy.

As an Auditor or as a Security Manager, I would like some of these metrics. But I only want to see them when something changes significantly.
Big Brother isn't just watching: workplace surveillance can track your every move
… To monitor productivity, software can measure proxies such as the number of emails being sent, websites visited, documents and apps opened and keystrokes. Over time it can build a picture of typical user behaviour and then alert when someone deviates.
“If it’s normal for you to send out 10 emails, type 5,000 keystrokes and be active on a computer for three hours a day, if all of a sudden you are only active for one hour or typing 1,000 keystrokes, there seems to be a dip in productivity,” said Miller.
“Or if you usually touch 10 documents a day and print two and suddenly you are touching 500 and printing 200 that may mean you’re stealing documents in preparation of leaving the company.”

Politicians are not held to the same standard as CEOs. If a CEO does not know what is happening in his company, he is still responsible for it. No politician will accept responsibility for anything that may cost them votes.
FBI originally deemed Clinton ‘grossly negligent’ in handling of secret emails
The FBI originally planned to say that Hillary Clinton was “grossly negligent” in her handling of secret emails, a top senator said Monday, revealing early drafts of the statement that James B. Comey drew up as FBI director.
… Gross negligence would seem to be a high enough standard to have prosecuted Mrs. Clinton — though Mr. Comey ended up not recommending charges, saying that while the former first lady, senator and top diplomat was clueless, he couldn’t prove she knew how badly she was risking national security.
… In an original statement that Mr. Grassley says appears to have been drafted May 2, Mr. Comey said there was “evidence to support a conclusion that Secretary Clinton, and others, used the private email server in a manner that was grossly negligent with respect to the handling of classified material.”
He also wrote in that draft that “the sheer volume of information that was properly classified as Secret at the time it was discussed on email (that is, excluding the ‘up classified’ emails) supports an inference that the participants were grossly negligent in their handling of that information.”
By June 10, those sentences were deleted and Mr. Comey wrote: “Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information.”

Monday, November 06, 2017

With apologies to Santayana: Those who do not study technology are doomed to screw it up.
McConnell: Tech companies could help US 'retaliate against the Russians'
… “What we ought to do with regard to the Russians is retaliate, seriously retaliate against the Russians,” McConnell told MSNBC’s Hugh Hewitt on Saturday. “These tech firms could be helpful in giving us a way to do that.”
McConnell did not elaborate on what that retaliation might look like.

Interesting argument. It’s not a violation of the law because it track a vehicle, not a person.
The Rutherford Institute has asked the Virginia Supreme Court to prohibit police from using license plate readers as mass surveillance tools to track citizens whether or not they are suspected of a crime. In filing an amicus brief in Neal v. Fairfax County Police Department, Rutherford Institute attorneys argue that Fairfax County’s practice of collecting and storing license plate reader data violates a Virginia law prohibiting the government from amassing personal information about individuals, including their driving habits and location.

Do first, think about the downside later?
This may be one of those “the-road-to-Hell” stories. Joe Cadillic sent it along and we are both of the opinion that regardless of any good intentions, this is not a good idea.
Meaghan Ybos reported:
Nearly 70 victims of domestic violence and rape in Memphis are wearing GPS devices thanks to the city’s Sexual Assault Kit Taskforce, according to its monthly progress report published in October.
The GPS devices, which are tracked in real time, “provide an extra measure of safety by alerting victims when alleged perpetrators out on bond come within a certain range of victims who voluntarily wear the device,” taskforce leader Dewanna Smith told me in an October 23 e-mail.
Read more on In Justice Today.
Yeah…. no….. if a victim really wants to wear the device, then I guess that’s their right and decision, assuming that they have been fully informed of how data are collected and stored and what THEIR data may be used for and by whom. But otherwise, this strikes me as a pretty bad idea.
And does the perpetrator get a signal that they have gotten too close to their victim? Does a loud alarm on their monitor start shrieking at them? And if so, could that actually help a perpetrator find their victim if they were looking for them?
There’s too much wrong with this. Joe: jump in with your thoughts, please. I tend to agree with this statement in the story:
“If somebody accused of rape is enough of a risk that a victim would need to wear a safety monitoring device,” said Carrie Goldberg, a New York civil rights attorney and pioneer in the field of sexual privacy, “then perhaps it would make more sense to rethink that [perpetrator’s] being on the streets in the first place.

Is this education?
Beatrice Dupuy reports:
Teachers in one Oregon school district who fail to report the sexual activity of their students could be at risk of being fined or losing their jobs.
The Salem-Keizer district officials told teachers that if they hear about their students having sex they must report it to law enforcement or Department of Human Services officials. District officials say they are just following state law that has put them in a bind with their students.
Read more on Newsweek.
And here we have yet another horrible idea/law. Schools should be creating an environment where it is safe for students to share information with school personnel. These types of snitch laws work against that.

A model for entrepreneurs?
How Facebook’s Oracular Algorithm Determines the Fates of Start-Ups
… One night in the summer of 2015, over Sichuan at Han Dynasty on 85th Street, Cogan asked Horwitz for advice about his latest notion: selling contact lenses online. The contacts business was dominated by a handful of companies like Johnson & Johnson and Bausch & Lomb, which seemed to charge whatever they wanted — at least in Cogan’s view, based on the price increases for his own lenses. Surely a low-cost competitor could tempt away customers

Perspective. Consistent with my classroom.
The Disappearing American Grad Student
There are two very different pictures of the students roaming the hallways and labs at New York University’s Tandon School of Engineering.
At the undergraduate level, 80 percent are United States residents. At the graduate level, the number is reversed: About 80 percent hail from India, China, Korea, Turkey and other foreign countries.
… The dearth of Americans is even more pronounced in hot STEM fields like computer science, which serve as talent pipelines for the likes of Google, Amazon, Facebook and Microsoft: About 64 percent of doctoral candidates and almost 68 percent in master’s programs last year were international students, according to an annual survey of American and Canadian universities by the Computing Research Association.

Yet another PowerPoint competitor? There is a free limited EDU option.
Create Interactive Content Using Joomag
Joomag is a platform which allows users to design and publish professional looking publications. It contains hundreds of templates which can be use to create the perfect foundation for your publication. Incorporate videos and music directly from popular platforms like YouTube, Vimeo, and Soundcloud or upload these types of files directly from your computer. Create customized slideshows using your own images or from Getty Images. This platform also incorporates an image editor. Joomag publications can be embedded on websites and shared easily on social media channels.
… Click here and here to see examples of how two school districts use Joomag.

Sunday, November 05, 2017

Tracking the cost of a breach…
Wells Fargo Adds $1 Billion to Possible Legal Cost
Wells Fargo & Co. added $1 billion in the third quarter to what it says the bank may face in possible legal expenses.
Legal costs could potentially be $3.3 billion more than what the San Francisco-based bank has reserved, Wells Fargo said Friday in a regulatory filing. While that figure was unchanged from the previous three-month period, it constitutes a $1 billion increase because Wells Fargo moved a similar amount into legal reserves during the period.
The bank announced a surprise $1 billion charge in the third quarter for a previously disclosed regulatory investigation into its pre-financial crisis mortgage activity when it reported third quarter earnings. Banks typically move funds into an accrual when they determine a cost is no longer “reasonably possible” and instead becomes probable.

(Related). A new risk for managers who don’t know what is happening in their corporations? I hope so!
Bringing Accountability to the Wells Fargo Boardroom
It’s distressingly common for directors of public companies to skate away from liability when corporate misconduct occurs on their watch. That’s why a recent ruling by a federal judge hearing two cases against Wells Fargo’s officers and directors is both unusual and welcome.
The cases were filed against the bank by shareholders seeking to recover losses that were sustained, they say, in the wake of Wells Fargo’s widespread creation of fake or unauthorized accounts — a scandal that has besieged the bank, hurt its shares and caused the ouster of its chief executive last year.
The defendants in the case recently ruled on by the judge are 15 current or former directors and four current or former officers. It is a so-called derivative action, brought on behalf of Wells Fargo on the grounds that it was harmed by the improprieties.
The officers named in the suit include Timothy J. Sloan, Wells Fargo’s current chief executive, and Carrie Tolstedt, the former senior executive vice president of the community banking unit where the account-opening improprieties originated. The defendants had asked the judge to dismiss the case; among their arguments was a claim that the plaintiffs had not presented enough specificity on what each defendant had done wrong.
But Jon S. Tigar, the judge hearing the cases in United States District Court in San Francisco, disagreed. In early October, he allowed the case to go forward so the plaintiffs would have a chance to prove their allegations.
While that may seem an incremental and mostly procedural step, legal experts not involved in the case said Judge Tigar’s ruling sent a clear message to public company officers and directors: be vigilant for bad behavior in your operations, or else.

Senior management needs better ears. Sometimes the low level worker can see the forest despite all the trees.
Trump's account was deactivated after years of employees warning Twitter
Last night, a rogue Twitter employee celebrated their last day with the company by deactivating President Donald Trump’s account. In response, Twitter said it has “implemented safeguards to prevent this from happening again.” But the company declined to offer any explanation for how it would restrict access to tools that have been accessible to a range of Twitter employees, including contractors. Former employees say the company has known about the risks of rogue employees for years — and that Trump’s 11-minute deactivation isn’t the first time an employee targeted an account on their way out of the company.

Another “How To” guide for my Ethical Hackers.
Inside story: How Russians hacked the Democrats’ emails
… An Associated Press investigation into the digital break-ins that disrupted the U.S. presidential contest has sketched out an anatomy of the hack that led to months of damaging disclosures about the Democratic Party’s nominee. It wasn’t just a few aides that the hackers went after; it was an all-out blitz across the Democratic Party. They tried to compromise Clinton’s inner circle and more than 130 party employees, supporters and contractors.
… The rogue messages that first flew across the internet March 10 were dressed up to look like they came from Google, the company that provided the Clinton campaign’s email infrastructure. The messages urged users to boost their security or change their passwords while in fact steering them toward decoy websites designed to collect their credentials.

Perspective. And another example of disintermediation.
How the internet changed the market for sex
… Gregory DeAngelo, an economist at the University of West Virginia, scraped 17 years’ worth of data from The Erotic Review, a website that is like the Yelp for illegal sex services. The dataset features about 1.1 million reviews, which contain extremely detailed descriptions of encounters, time spent, features of the sex worker, and price. According to data on the site, average inflation-adjusted hourly rates increased 38% between 2000 and 2015.

Job advice for my students.
The biggest roadblock to AI adoption is a lack of skilled workers
In spite of nearly universal agreement that artificial intelligence promises revolutionary benefits, Gartner recently found that almost 60 percent of organizations surveyed have yet to take advantage of these benefits. Perhaps even more surprisingly, only a little more than 10 percent of surveyed businesses have deployed or implemented any AI solution at all.
Further confirmation of this gap between AI’s promise and enterprises’ ability to implement it is the finding that close to half of the surveyed organizations stated that they prefer to buy pre-packaged AI solutions or use AI capabilities already embedded in their applications.
… A vital factor driving the preference for pre-packaged AI or AI-embedded applications is that few businesses have the in-house skills to enact a custom solution themselves.
Gartner’s analysis has concluded that this skills gap is the most significant barrier to AI adoption.