Sunday, January 14, 2018

Some big names on this list. Better check for your site!
by Steven Englehardt, Gunes Acar, and Arvind Narayanan
Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data behind our findings, including a list of 8,000 sites on which we observed session-replay scripts recording user data.
As one case study of these 8,000 sites, we found health conditions and prescription data being exfiltrated from walgreens.com. These are considered Protected Health Information under HIPAA. The number of affected sites is immense; contacting all of them and quantifying the severity of the privacy problems is beyond our means. We encourage you to check out our data release and hold your favorite websites accountable.
Student data exfiltration on Gradescope
As one example, a pair of researchers at UC San Diego read our study and then noticed that Gradescope, a website they used for grading assignments, embeds FullStory, one of the session replay scripts we analyzed. We investigated, and sure enough, we found that student names and emails, student grades, and instructor comments on students were being sent to FullStory’s servers. This is considered Student Data under FERPA (US educational privacy law). Ironically, Princeton’s own Information Security course was also affected. We notified Gradescope of our findings, and they removed FullStory from their website within a few hours.
Read more on Freedom to Tinker.
wordpress.com
microsoft.com
adobe.com
godaddy.com
skype.com




An opportunity to talk about proper procedures with my Computer Security students. One accidental button push? Also, imagine the little fat kid who runs North Korea ordering his hackers to send these warnings.
Hawaii missile false alarm triggers shock, blame and apologies
The alert of an incoming ballistic missile was sent wrongly on Saturday morning by an emergency system worker.
Victims of the ordeal spoke of hysteria and panicked evacuations.
The false alarm sparked recriminations, with state officials apologising and President Donald Trump's response called into question.
It was a mistake by an employee at Hawaii's Emergency Management Agency (EMA) who "pushed the wrong button" during procedures that occur during the handover of a shift.
Mobile phone users received the message at 08:07 (18:07 GMT):
"Ballistic missile threat inbound to Hawaii. Seek immediate shelter. This is not a drill."
The alert was corrected by email 18 minutes later but there was no follow-up mobile text for 38 minutes, the Honolulu Star-Advertiser reports.




Tools for all my students.
In 2016, a University of Phoenix study revealed that two out of three U.S. adults were aware that their social media accounts had been hacked. Furthermore, a majority of adults limit what personal information they share.
But the hackers keep on coming.




Microsoft is asking the Supreme Court about this…
David Fraser of McInnes Cooper writes:
Whether a provincial court will grant police a “production order” under the Criminal Code of Canada requiring a non-Canadian company to produce any of its records has, to date, depended on the province in which police seek it. Some courts refuse an order where the company is wholly outside of Canada; some require an address in Canada for service to grant the order; and others grant the order, apparently unconcerned about the company’s Canadian “presence”. That could however change with the B.C. Court of Appeal’s January 9, 2018, decision in British Columbia (Attorney General) v. Brecknell. The Court’s decision that Craigslist is “present” in B.C. and can be subject to a Criminal Code production order issued from its provincial court might lead to greater national uniformity – and more exposure to foreign companies doing only virtual business in Canada:
[Much more follows. Bob]




Perspective.
John Sculley: Why AI Is the Tech Trend to Watch in 2018
… “AI is going to be foundational in every industry. I’m seeing it in fintech, market tech, health tech…. It’s one of those fundamental changes. In the previous industrial age, it was all about electricity and oil; in the future [AI is] going to be a commodity that will be deployed in many, many different ways, and will be something you can just plug into.




Perspective.
39 million Americans now own a smart speaker, report claims
One in six Americans now own a smart speaker, according to new research out this week from NPR and Edison Research – a figure that’s up 128 percent from January, 2017. Amazon’s Echo speakers are still in the lead, the report says, as 11 percent now own an Amazon Alexa device compared with 4 percent who own a Google Home product.
Today, 16 percent of Americans own a smart speaker, or around 39 million people.




Also one of my favorites.
W3Schools - Your HTML Reference
W3Schools is my go-to reference for all questions regarding how to write any aspect of HTML code. In fact, when I was recently asked a question about writing HTML that I couldn't immediately answer, I turned to W3Schools.
W3Schools offers complete tutorials for learning to write HTML, CSS, Javascript, and PHP. If you're just getting started, work through the tutorials in sequences. Each tutorial has a little interactive section where you can test your new knowledge. If you're experienced and just need a quick reminder or clarification, W3Schools has that too.
W3Schools is a great resource for the student who is capable of directing himself or herself through a sequence of tutorials. W3Schools is not great for a student who needs a clearly defined "do this now," "do this next" type of lesson. For that type of student, I would recommend trying Thimble by Mozilla.




Will the US Navy follow suit?
The Royal Navy updated a famous WWII propaganda poster to warn its sailors about tweeting



No comments: