Saturday, January 06, 2018

What have they found? Do they ever disclose that information?
Warrantless phone, laptop searches at the US border hit record levels
New figures released Friday reveal that Customs and Border Protection (CBP) officers searched 30,200 devices – an increase of about 60 percent year-over-year – between October 2016 and September 2017.
That averages out to about 2,500 searches each month out of more than 397 million who crossed the border -- or less than 0.01 percent of all international travelers, according to the agency charged with enforcing immigration and customs rules at the nation's ports of entry.
… The agency said newly-issued guidelines, replacing a 2009 directive that allow border searches of devices belonging to both Americans and foreign nationals without a warrant, will now require "reasonable suspicion" for border authorities to conduct a deeper, so-called "advanced search" of a travelers' phone or laptop.
But basic searches carried out at random – which don't require any reasonable suspicion – are still permitted, the guidelines say.

Perspective. Something my Data Management students will have to consider.
On-demand streaming now accounts for the majority of audio consumption, says Nielsen
U.S. album sales declined in 2017 as streaming continues to grow, according to Nielsen’s year-end music report released this week. The report found that album sales, including both digital and physical, fell 17.7 percent last year to 169.15 million copies, down from 205.5 million in 2016. Meanwhile, streaming once again soared, leading the overall music industry to growth, largely due to the significant 58.7 percent increase in on-demand audio streams over last year.
In total, on-demand audio streams surpassed 400 billion streams in 2017, compared to 252 billion in 2016, and overall on-demand streams, including video, exceeded 618 billion. This led to the music industry’s growth of 12.5 percent in total volume, over 2016.

If I call it (register it) as a drone, can I skip all that tedious training to get a pilots license?
Humans Can Fly in This Drone-Like Electric Hybrid 'Octocopter'
The company that partnered with UPS to create a package-delivering drone is ready to fly its new passenger aerial vehicle.
The SureFly, a two-seater electric hybrid helicopter (or “octocopter,” because of its eight propellers), has received approval from the FAA to take a test flight at CES in Las Vegas on Jan. 8.

Clearly we can’t recognize a human mind that is ready to commit violence...
AI Weekly: If we create artificial intelligence, will we know it?
When people talk about creating an artificial intelligence, the conversation is often focused on human or superhuman AI — systems that would equal or surpass us in intelligence. But what if we create an artificial intelligence that’s deserving of respect, but don’t recognize it as such?
That’s a question I’ve had bouncing around in my head for the past several months. Over the course of human history, we’ve proven very poor as a species at successfully evaluating the intelligence of other beings, whether they’re human or non-human. Consider crows, who learn from their dead, recognize individuals, use tools, and even bring gifts to those they like — are they … intelligent?
… Take octopuses, for instance, which have proven to be highly intelligent and talented escape artists. Should they — or AIs that match them in intelligence — be treated differently because of the way their brains work?


Surprise! Surprise! Surprise!
Twitter admits world leaders like Trump have special status
Twitter Inc on Friday reiterated its stance that accounts belonging to world leaders have special status on the social media network, pushing back against users who have called on the company to banish U.S. President Donald Trump.
“Blocking a world leader from Twitter or removing their controversial Tweets would hide important information people should be able to see and debate,” Twitter said in a post on a corporate blog.
Twitter had already said in September that “newsworthiness” and whether a tweet is “of public interest” are among the factors it considers before removing an account or a tweet.

For my Java geeks.

Ciao, comrade?

Friday, January 05, 2018

A variation on the Nigerian Prince?
Florida colleges receive extortion demands to avert attacks on campuses (UPDATED)
Stephanie Brown reports:
An extortion email apparently sent to several colleges and universities demands payment in Bitcoin, threatening to commit an attack against campus students and faculty.
We first told you Wednesday that the University of North Florida confirmed they had received an emailed extortion threat. The UNF Crime Alert said law enforcement believed the threat was “likely non-credible”, but that state and federal partners continued to investigate, in an effort to find out who was responsible.
UNF is not disclosing the contents of the email they received, but our partner Action News Jax obtained the email that was sent to Hillsborough Community College. Action News Jax also checked with the University of Florida, where a spokesperson says she believes this threat was the same as UNF received.
Read more on WOKV.
Okay, I probably know what you’re wondering. I’m curious, too, but no one’s posted a copy of the threat email, so there’s not enough information to go on. The reporting doesn’t even clearly indicate whether either of the colleges were actually hacked and data exfiltrated or what.
If anyone has more details on these threats, please let me know.
Updated: A report from TBO provides additional details that sound familiar to me. Noting that it is not yet clear how many institutions received the 1,250-word message from the threat actors, or whether it was limited to Florida, they report that:
The suspicious email is written so that it doesn’t make any reference to a specific campus or institution. It demands a payment of 1.2 bitcoin, or about $18,035 in the volatile, untraceable digital currency.
Should the recipient refuse, the sender threatens to wage a campaign of confusion, making repeated false threats of bombings and mass shootings.
“One of these threats will be legitimate. Which one will be a surprise,” the email reads. “You will be forced to evacuate the campus.”
The sender adds a dramatic twist: “Every night I will roll a single die. If a six comes up, I will instruct my compatriots to follow through on the attack and kill as many people as possible … It will be public knowledge that you failed to take this threat seriously.”

Old technology is not “proven” technology.
Russian ATM hacked with 5 keystrokes – Video
In early December, an employee of Russian website Habrahabr went to get some cash from a Sberbank ATM that incidentally had a full-size keyboard. Out of boredom, as the man recalls, he started hitting the Shift key repeatedly when, all of the sudden, the Sticky Keys feature switched on, giving him full access to the machine’s underlying Windows XP operating system.
… By pressing the Shift key five times in a row, Windows serializes keystrokes, allowing the user to press and release modifier keys. This eliminates the need to hold one key with a finger while reaching for other keys.
While it’s certainly helpful to users who have physical disabilities or to those with Emacs Pinky syndrome, Sticky Keys leaves Windows-based ATMs vulnerable to attacks – especially when customers are offered a full-size keyboard. The hack was captured on video and posted to YouTube (embedded below) for everyone’s viewing pleasure.

“What you are” is a password.
Behavioral biometrics will replace passwords by 2022 – Gartner
… Gartner analysts believe on-device AI, as opposed to cloud-based AI, will mark a paradigm shift in digital security, and will do so sooner than most people think.
… The research company outlines 10 AI solutions expected to run on 80% of smartphones in 2022 that will become an essential part of vendor roadmaps and our everyday lives. At least four of them impact security.
… “Smartphones will be an extension of the user, capable of recognizing them and predicting their next move,” reads the report. “They will understand who you are, what you want, when you want it, how you want it done and execute tasks upon your authority.”
… New-generation smartphones will collect behavioral data to more accurately profile the user, paving the way for dynamic protection and assistance in emergency situations. It will also benefit insurers. Gartner speculates that car insurers will be able to adjust insurance rates based on driving behavior.
… A device with on-board AI could automatically detect inappropriate content – such as objectionable images, videos or text – and flag it, or block it altogether.
… Probably the boldest, but also the most-likely-to-materialize prediction from the report is the idea that on-device AI will render password-based authentication obsolete

A resource for policy writers?
Handbook for Safeguarding Sensitive PII Privacy Policy Directive 047-01-007, Revision 3. Published by the DHS Privacy Office. December 4, 2017.
This Handbook provides best practices and DHS policy requirements to prevent a privacy incident involving PII/SPII during all stages of the information lifecycle: when collecting, storing, using, disseminating, or disposing of PII/SPII. This handbook explains: how to identify PII and SPII, how to protect PII and SPII in different contexts and formats, and what to do if you believe PII and/or SPII has been lost or compromised…”

How should your policy define harassment?
Crossing the Line: What Counts as Online Harassment?
Americans agree that certain behaviors constitute online harassment, but they are more divided on others – “Pew Research Center surveys have found that online harassment is a common phenomenon in the digital lives of many Americans, and that a majority of Americans feel harassment online is a major problem. Even so, there is considerable debate over what online harassment actually means in practice. In an effort to examine more deeply where people “draw the line” when it comes to online harassment, the Center conducted a survey in which respondents were presented with fictional scenarios depicting different types of escalating online interactions. The survey then asked them to indicate which specific elements of the story they considered to be harassment. Their answers indicate that Americans broadly agree that certain behaviors are beyond the pale. For instance, in various contexts most agree that online harassment occurs when people make direct personal threats against others. At the same time, the public is much more divided over whether or not other behaviors – such as sending unkind messages or publicly sharing a private conversation – constitute online harassment….”

Or not...
Read all 539 pages of the FCC’s final order repealing net neutrality
Roughly a month after the Federal Communications Commission voted to scrap the U.S. government’s net neutrality rules, the agency has released the full, final text of its repeal.
… It also gives us a lot more to read: as in 539 pages (which you can read in full below). Pai and his fellow Republican commissioners — Michael O’Rielly and Brendan Carr — also released fuller statements explaining their votes, as did their Democratic counterparts — Jessica Rosenworcel and Mignon Clyburn — who opposed the repeal.

I like this approach. No monopoly. City can upgrade to “all fiber.” Many other potential benefits.
Fort Collins, Colorado moves ahead with civic broadband after net neutrality repeal
This week, the Fort Collins City Council voted to move ahead with a ballot measure approved by 57 percent of voters in November, which allowed, but did not require, the city council to establish a telecommunications utility to provide broadband services.
Specifically, the city voted this week to approve some of the first steps needed to install civic broadband. They voted to provide a $1.8 million loan to “support first year startup costs associated with recruiting and hiring personnel, consulting, equipment, and branding to support the initiative” and to make certain changes to the city code that will allow the city to become a telecommunications provider.
… The city of Fort Collins laid out a broadband business plan on its website, which “does not call for any restrictions on access, including uploads, downloads, delivery methods, or providers (email, Skype, Netflix, etc.).” The plan also notes that the city will develop additional policies concerning net neutrality and security.
… One of the best-known municipal broadband networks in the U.S. is the one installed by the city of Chattanooga in 2010. At the time, the city garnered national attention as the only city-wide network with speeds of up to 1 gigabyte per second.

Maybe Social Media IS mind control!

Thursday, January 04, 2018

It’s never “if,” it’s always “when.”
Security flaws put virtually all phones, computers at risk
Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings.
… Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.
… The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

Governments don’t do IT well. (I may have said that a few times.)
India's National ID Database With Private Information Of Nearly 1.2 Billion People Was Reportedly Breached
… The Tribune, a local Indian newspaper, published a report claiming its reporters paid Rs. 500 (approximately $8) to a person who said his name was Anil Kumar, and who they contacted through WhatsApp. Kumar was able to create a username and password that gave them access to the demographic information of nearly 1.2 billion Indians who have currently enrolled in Aadhaar, simply by entering a person’s unique 12-digit Aadhaar number. Regional officers working with the Unique Identification Authority of India (UIDAI), the government agency responsible for Aadhaar, told the Tribune the access was “illegal,” and a “major national security breach.”
A second report, published on Thursday by the Quint, an Indian news website, revealed that anyone can create an administrator account that lets them access the Aadhaar database as long as they’re invited by an existing administrator. [Think: Hackers inviting hackers. Bob]

(See the comment above.)
If you were part of a Department of Homeland Security Office of the Inspector General investigation at some time between 2002 through 2014, DHS wants you to know that you may be a breach victim. Unfortunately, due to “technological” issues, it seems that DHS can’t directly contact you to alert you, so read on…..
A few more details have emerged in the matter of a breach involving the Department of Homeland Security. The breach, which involved the May discovery of an unauthorized copy of DHS’s investigative case management system in the possession of a former DHS OIG employee, was first reported in November by USA Today.
Joseph Marks reports that the Inspector General has now confirmed that the breach affected more approximately 247,167 DHS employees, but DHS has now also revealed that the breach impacted non-employees who contacted or interacted with the department: “individuals (i.e., subjects, witnesses, and complainants) associated with DHS OIG investigations from 2002 through 2014 (the “Investigative Data”).”
DHS’s statement can be found on their site. Of note, DHS writes:
The privacy incident did not stem from a cyber-attack by external actors, and the evidence indicates that affected individual’s personal information was not the primary target of the unauthorized exfiltration.
Affected individuals are being offered 18 months of free credit monitoring and identity protection services.
But of course, there are lots of raised eyebrows that the agency responsible for protecting our homeland from terrorist attacks and the like had an insider breach that went unprevented and undetected until May of this year. In response to the incident, DHS notes:
The Department of Homeland Security takes very seriously the obligation to serve the Department’s employees and is committed to protecting the information in which they are entrusted. Please be assured that we will make every effort to ensure this does not happen again. DHS is implementing additional security precautions to limit which individuals have access to this information and will better identify unusual access patterns. We will continue to review our systems and practices in order to better secure data. DHS OIG has also implemented a number of security precautions to further secure the DHS OIG network.
Will their changes also enable them to identify and notify any non-employees who might get caught up in any future breaches? Shouldn’t the agency have some way of doing that unless someone was a confidential witness who did not provide their real details in dealing with the agency – or something like that?

The Security implications are clear, but there are also significant Data Management challenges. Hint: Every Presidential Tweet is an “Official Record.”
White House bans personal cellphones from the West Wing
The White House on Thursday banned the use of personal cellphones and other personal devices from the West Wing, citing security concerns.
...Officials said the decision was made because too many devices were connected to the White House network, and because personal devices are not as secure.
The White House said staffers will still be able to use their government-issued devices.
But some staffers are worried that it will be harder for them to reach family and friends when they need to at work.

An article for my Data Management class. What to do with the data you have.
In the age of rapid advances in data science and artificial intelligence, many organizations still struggle to incorporate advanced analytics capabilities into their business models. True incorporation requires bold decisions about reorganizing the business to make analytics a key component of strategy. Here we present the case of Grupo Financiero Banorte (GFNorte), a large Mexican financial group, where the analytics transformation has been a success story.
… GFNorte recently established a Central Analytics Business Unit (ABU) with the mandate to convert information into profits at a rate of 10X cost and to lead the adoption of a customer-centric approach within the organization. The results significantly exceeded expectations: In its first year the ABU yielded profits 46X its costs, in the second year 106X (equivalent to $275 million of net income), and during its third year it is on course to produce 200X. These results, along with other transformational initiatives, have contributed to GFNorte leapfrogging its competitors within three years to attain second place in profit generation (up from fourth) in the Mexican financial system.

I can’t keep up now.

Something for my geeks?
Apple Developer Program fee waivers are now available for nonprofits, schools and government

Wednesday, January 03, 2018

It’s a work in progress.
Facebook’s Uneven Enforcement of Hate Speech Rules Allows Vile Posts to Stay Up
… We asked Facebook to explain its decisions on a sample of 49 items, sent in by people who maintained that content reviewers had erred, mostly by leaving hate speech up, or in a few instances by deleting legitimate expression. In 22 cases, Facebook said its reviewers had made a mistake. In 19, it defended the rulings. In six cases, Facebook said the content did violate its rules but its reviewers had not actually judged it one way or the other because users had not flagged it correctly, or the author had deleted it. In the other two cases, it said it didn’t have enough information to respond.

Something for my Computer Security Managers in training…
Are you a 'cyberloafer'? Experts warn employees are spending over two hours a day slacking off online - and say it's causing major security risks
… My research group's new study shows this practice of using work computers for personal internet browsing can become a serious security threat to a company when it goes too far.
Most companies accept that their employees will occasionally check social media or send personal emails from work computers. But in some cases things can get more serious, with people people spending significant amounts of time updating their own websites, watching videos or even pornography.

Governments don’t do IT very well.
Get a pencil: California marijuana-tracking system not used
California’s legal pot economy was supposed to operate under the umbrella of a vast computerized system to track marijuana from seed to storefronts, ensuring that plants are followed throughout the supply chain and don’t drift into the black market.
But recreational cannabis sales began this week without the computer system in use for pot businesses. Instead, they are being asked to document sales and transfers of pot manually, using paper invoices or shipping manifests. That raises the potential that an unknown amount of weed will continue slipping into the illicit market, as it has for years.
… The state Department of Food and Agriculture, which is overseeing the tracking system, said in a statement it was “implemented” Tuesday. However, it conceded that growers and sellers are not required to use it yet and training on how to input data will be necessary before it becomes mandatory, apparently later in the year.

Would this me a better fit than Sears?
Amazon Will Buy Target in 2018, Tech Analyst Predicts
… “Target is the ideal offline partner for Amazon for two reasons, shared demographic and manageable but comprehensive store count,” Munster wrote, noting both companies focus on mothers and families.

The new business model for music?
Shake It Off: Despite Negative Press, Taylor Swift's Reputation Tour Could Be One of the Biggest of All Time
Taylor Swift is on track to chart one of the highest-grossing tours of all time, with projections that she could sell $450 million worth of tickets on her Reputation stadium tour which kicks off this summer.
Swift is using a strategy deployed by Jay-Z and bands like The Rolling Stones – price tickets high and have seats available on the primary market up until the day of show. That means few, if any, early sellouts but huge revenues, as tickets, especially premium seats, are marked up much higher than previous tours. While several recent stories have warned of poor ticket sales – including a New York Post article this morning – those close to Swift say the “Look What You Made Me Do” singer sold $180 million worth of tickets in the first seven days of sales

Maybe I could have my students create an ebook rather than a simple post?
5 Ed Tech Tools to Try in 2018
Earlier today I went on live on my YouTube channel to share five ed tech tools that I recommend trying in 2018 if you didn't try them in 2017. Watch the video for my explanations of my recommendations then jump to the list to find tutorial videos for my recommended tools.
[I liked this one:

Tuesday, January 02, 2018

I don’t think I’ve ever seen these words in an initial breach announcement.
Passport System Down, Thousands Delayed At Airports Around The Country
Thousands of passengers reported being stranded at airports across the United States, in a delay that was caused because the passport system across the country was down Monday.
… According to the stranded passengers, the delay was because the computer system to check passports, operated by the U.S. Customs and Border Protection, had failed. CBP later put out a statement on its Twitter page, saying all the airports were back online after a brief outage of its processing systems.
"During the disruption, CBP had access to national security-related databases and all travelers were screened according to security standards," it added and also said that disruption did not appear to be of a malicious nature.
… Strangely, a quite similar incident took place on Jan.2, 2017, almost one year to the date, where extensive delays were caused due to computer outage affecting customs procedures.
At the time, the U.S. Customs and Border Protection agents were forced to process travelers through a slower backup system when the computers went down, NY Daily News said.

A big data example.
How Do You Vote? 50 Million Google Images Give a Clue
What vehicle is most strongly associated with Republican voting districts? Extended-cab pickup trucks. For Democratic districts? Sedans.
Those conclusions may not be particularly surprising. After all, market researchers and political analysts have studied such things for decades.
But what is surprising is how researchers working on an ambitious project based at Stanford University reached those conclusions: by analyzing 50 million images and location data from Google Street View, the street-scene feature of the online giant’s mapping service.

Social Media is not simple.
Over 90% of medium and large businesses have used social media in their marketing for five years or longer. Yet the CMO Survey reveals that nearly half of marketers are unable to show the impact of their social media investments. That’s why, no matter what your social media strategy is, it’s always a good idea to go back and make sure you have the basics covered. Your company may discover that it needs a strategic do-over.

It’s no longer sorting punch cards, mounting magnetic tapes, and separating six part (carbon) printed reports.
It’s going to be a Happy New Year for Artificial intelligence and robotics experts in 2018
Artificial intelligence (AI) is the buzz in the jobs bazaar as machine learning and the Internet of Things (IoT) increasingly influence business strategies and analytics. Human resource and search experts estimate a 50-60% higher demand for AI and robotics professionals in 2018 even as machines take over repetitive manual work.
"Machines are taking over repetitive tasks. Robotics, AI, big data and analytics will be competencies that will be in great demand," said Shakun Khanna, senior director at Oracle for the Asia-Pacific region.


My students have the same kind of car!

Monday, January 01, 2018

Examples of poor security even my students will recognize!
Security Vulnerabilities in Star Wars
A fun video describing some of the many Federation security vulnerabilities in the first Star Wars movie.

My Data Management students are using an eTextbook this quarter. Perhaps they will use this App to do research? (Probably not.)
Libby App Connects eReaders to Business Titles from Most Major Metro Public Libraries
… The Libby app connects local libraries and the thousands of eBooks and audiobooks on their digital bookshelves 24/7.
The Libby app is developed by OverDrive.
… After you download the Libby app on your Android or iOS smartphone or tablet, (or on your Windows PC) all it takes is your library card to start borrowing books. If you happen to have an Amazon Kindle, the books you borrow on Libby can be sent to the device.
Once you have the app, it will help you find your local library and even get you a card using your mobile phone number. You can sign into multiple libraries using one or more cards.
When it comes to reading or listening to the books, you can stream or download them. And best of all, the company says it will always be free.

Why you need to think carefully before you pass a law?
Child porn law goes nuts: 14-year-old girl charged for nude selfie
A 14-year-old girl is facing charges in Minnesota juvenile courts that could lead to her being placed on a sex offender registry—all for taking a nude selfie and sending it to a boy at her school. Prosecutors say that she violated Minnesota's child pornography statute, which bans distributing sexually explicit pictures of underaged subjects.
But a legal brief filed this week by the ACLU of Minnesota says that this is ridiculous. Charging a teenager for taking a nude selfie means the state is charging the supposed victim—an absurd result that the legislature can't have intended when it passed Minnesota's child pornography statute, the ACLU argues.
… The ACLU also argues that charging a teen for taking nude selfies violates the First Amendment. In a 2002 case, the Supreme Court ruled that the First Amendment protected the creation of virtual child pornography—in which no actual children were used in the creation of works that appeared to involve sex with children. The court held that laws against child pornography were justified because protecting children against exploitation was a compelling state interest. But that argument doesn't apply to a ban on virtual child pornography.
The ACLU argued that a similar point applies here. It doesn't make sense to say that a 14-year-old girl is coercing herself into creating child pornography. Hence, in the ACLU's view, the state lacks a compelling interest to limit the expressive rights of 14-year-olds to create nude selfies and voluntarily share them with peers.

Looks like I’m a big hit in Italy! No idea why…

Sunday, December 31, 2017

Looks like everyone is on vacation.

Not everyone sees it this way.
More on a case and opinion previously noted on this site. It’s a useful short version or recap for those who didn’t follow the case. Max Miller reports:
A trio of Wyoming Supreme Court decision released Dec. 19 have established an avenue for plaintiffs to collect damages for privacy invasion in the Cowboy State for the first time.
In the cases, Casper area residents Steve Winn, Audrey Kinion and Gretchen Howard had separately filed suit against defendant Aaron’s Sales and Leasing, franchised by Aspen Way Entertainment, Inc.
The rent-to-own company had invaded their privacy, the plaintiffs asserted, by renting them laptop computers which came with software pre-installed to track physical location, monitor key-strokes, capture screen shots and remotely activate the devices’ webcams.
Read more on Cody Enterprise.
[From the article:
First in Natrona County Circuit Court, and then in Wyoming’s Seventh District Court before judge Catherine Wilking, Aspen Way argued successfully that Wyoming law recognizes no such right to privacy and therefore the consumers lacked standing to sue.
The Supreme Court decision reverses those findings, and sends the cases back to Circuit Court for further adjudication.
The decision, written by Justice William Hill, due to retire in February, finds that many other jurisdictions recognize a right to privacy even in the absence of specific legislation codifying such a right.

Anything here suggest they won’t keep doing it?
What Russian Journalists Uncovered About Russian Election Meddling