Thursday, March 15, 2018

My students easily identified this as insider trading, why did the CIO think no one would notice?
Equifax CIO Put ‘2 and 2 Together’ Then Sold Stock, SEC Says
The text from the Equifax Inc. executive sounded ominous: “We may be the one breached.”
Yet before the wider world learned of the credit bureau’s massive hack – in which sensitive information for more than 140 million U.S. consumers had been compromised – the executive, Jun Ying, was selling Equifax stock, federal authorities now say.
Six months after the cyberattack shook Equifax and raised questions about suspicious trading by several executives there, the Department of Justice on Wednesday charged Ying with insider trading. Prosecutors say he searched on the internet for what might happen to Equifax stock when the news of the attack broke, then exercised all of his stock options. The move netted him more than $480,000. Ying’s lawyers, Douglas I. Koff and Craig S. Warkol of Schulte Roth & Zabel, declined to comment on Ying’s behalf.
… Ying, who was next in line to become the company’s global CIO, avoided more than $117,000 of losses by selling his shares, the SEC said.

My students are aware that new technologies are often introduced before security is considered. Not everyone has got the “design for security” word yet.
Why do the Vast Majority of Applications Still Not Undergo Security Testing?
Did you know that 84% of all cyber attacks target applications, not networks? What’s even more curious is that 80% of Internet of Things (IoT) applications aren’t even tested for security vulnerabilities.
It is 2018, and despite all the evidence around us, we haven’t fully accepted the problem at hand when it comes to software security. Because we haven’t accepted the problem, we are not making progress in addressing the associated vulnerabilities. Which is why after an active 2017, we are already seeing numerous new attacks before we leave the first quarter of the year.

Always interesting.
Microsoft Publishes Bi-annual Security Intelligence Report (SIR)
Microsoft's 23rd bi-annual Security Intelligence Report (SIR) focuses on three topics: the disruption of the Gamarue (aka Andromeda) botnet, evolving hacker methodologies, and ransomware. It draws on the data analysis of Microsoft's global estate since February 2017, including 400 billion email messages scanned, 450 billion authentications, and 18+ billion Bing webpage scans every month; together with the telemetry collected from the 1.2 billion Windows devices that opt in to sharing threat data with Microsoft.
The report has five primary recommendations to counter the threat of ransomware: backup data; employ multi-layered security defenses; upgrade to the latest software and enforce judicious patching; isolate or retire computers that cannot be patched; and manage and control privileged credentials. A new survey from Thycotic demonstrates just how poor many organizations are at managing privileged accounts.
There is no mention of a sixth potential recommendation -- if infected with ransomware, immediately visit the NoMoreRansom project website. This project aggregates known ransomware decryptors, and it is possible that victims might be able to recover encrypted files without recourse to the risky option of paying the ransom. For now, Microsoft does not appear to be a partner in this project.

Cool! I could ping your phone to get the same information. If I was a stalker, I be giggling! On the other hand, I don’t own a smartphone. Will I still be able to drive?
Joe Cadillic sent me an email with a subject line comment all in capital letters. That’s usually a clue that I’m about to read a very disturbing news development.
Jerry Smith reports:
Delaware could be among the first states to use mobile driver’s licenses.
Features of the mDL that will be tested include:
• Enhanced privacy for age verification: No need to show a person’s address, license number and birthdate. The mobile driver’s license will verify if the person is over 18 or 21 and display a photo.
• Law enforcement use during a traffic stop: The mobile driver’s license will allow law enforcement officers to ping a driver’s smartphone to request their driver’s license information before walking to the vehicle.
Read more on Delaware Online. I’m guessing it was that second bullet that really made Joe apoplectic.

Guidelines for anyone wishing to influence an election? Grab them fast, because they will likely get wiped too.
Facebook Quietly Hid Webpages Bragging of Ability to Influence Elections
The Intercept: “When Mark Zuckerber was asked if Facebook had influenced the outcome of the 2016 presidential election, the founder and CEO dismissed the notion that the site even had such power as “crazy.” It was a disingenuous remark. Facebook’s website had an entire section devoted to touting the “success stories” of political campaigns that used the social network to influence electoral outcomes. That page, however, is now gone, even as the 2018 congressional primaries get underway… The case studies that Facebook used to list from political campaigns, however, included more interesting claims. Facebook’s work with Florida’s Republican Gov. Rick Scott “used link ads and video ads to boost Hispanic voter turnout in their candidate’s successful bid for a second term, resulting in a 22% increase in Hispanic support and the majority of the Cuban vote.” Facebook’s work with the Scottish National Party, a political party in the U.K., was described as “triggering a landslide.” The “success stories” drop-down menu that once included an entire section for “Government and Politics” is now gone. Pages for the individual case studies, like the Scott campaign and SNP, are still accessible through their URLs, but otherwise seem to have been delisted…”

(Related) It’s a start, but they better not screw it up!
YouTube announces plan to provide users with info cues to combat conspiracy theory videos
Wired: “After the mass shooting in Parkland, Florida, in February, the top trending video on YouTube wasn’t a news clip about the tragedy, but a conspiracy theory video suggesting survivor David Hogg was an actor. The video garnered 200,000 views before YouTube removed it from its platform. Until now, the company hasn’t said much about how it plans to handle the spread of that sort of misinformation moving forward. On Tuesday, however, YouTube CEO Susan Wojcicki detailed a potential solution. YouTube will now begin displaying links to fact-based content alongside conspiracy theory videos. Wojcicki announced the new feature, which she called “information cues,” during a talk with WIRED editor-in-chief Nicholas Thompson at the South by Southwest conference in Austin, Texas. Here’s how it will work: If you search and click on a conspiracy theory video about, say, chemtrails, YouTube will now link to a Wikipedia page that debunks the hoax alongside the video. A video calling into question whether humans have ever landed on the moon might be accompanied by the official Wikipedia page about the Apollo Moon landing in 1969. Wojcicki says the feature will only include conspiracy theories right now that have “significant debate” on the platform…”

(Related) I wonder if they checked to see if a high volume of referrals could harm Wikipedia?
YouTube didn’t tell Wikipedia about its plans for Wikipedia
YouTube doesn’t need to officially partner with Wikimedia to use information from Wikipedia, but it’s still a bemusing tactic to make such an announcement without any official word passed between the two.

This will never be anonymous. (Anonymous entity #4567 arrested for 17 counts of murder in Parkland, Florida)
Florida Could Start a Criminal-Justice Data Revolution
There’s no such thing as the US criminal justice system. There are, instead, thousands of counties across the country, each with their own systems, made up of a diffuse network of sheriffs, court clerks, prosecutors, public defenders, and jail officials who all enforce the rules around who does and doesn’t end up behind bars. It’s hard enough to ensure that key details about a case pass from one node of this convoluted web to the other within a single county; forget about at the state or national level.
That's what makes a new criminal justice reform bill now making its way to Florida governor Rick Scott’s desk especially noteworthy. On Friday, the Florida Legislature approved a bill, introduced by Republican state representative Chris Sprowls, that requires every entity within the state’s criminal justice system to collect an unprecedented amount of data and publish it in one publicly accessible database. That database will store anonymized data about individual defendants—including, among other things, previously unrecorded details about their ethnicities and the precise terms of their plea deals. It will also include county-level data about the daily number of people being held in a given jail pre-trial, for instance, or a court’s annual misdemeanor caseload. All in, the bill requires counties to turn over about 25 percent more data than they currently do.

The law, she keeps a-changing!
German Court's Privacy Ruling Against Facebook Will Have Far-Reaching Effects
Facebook has millions of users in the European Union, and a German court recently ruled against the company in a case involving its Privacy Policy. Few ever read privacy policies except judges, who must examine them when challenges arise.
The new EU General Data Protection Regulations, which go into effect on May 25, will make things even more complicated.
If you have any customers who are EU residents, the new GDPR will impact you.
… A German court earlier this year ruled that Facebook's terms of use did not comply with informed consent.
Informed consent is specific under EU rules. Article 4(11) of the GDPR defines consent as
"any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."
Five criteria must be met to constitute consent:
  • freely given
  • specific
  • informed
  • unambiguous
  • affirmative

… Facebook and many U.S. websites use default privacy settings. The German court found several of those settings were difficult for the user to find and change. By implementing default settings, Facebook had failed to get informed consent.

At what point do you need to talk to a real lawyer? Perhaps an AI app could help answer that.
Legal tech is opening the system to those who need legal representation the most
TechCrunch: “…Emerging startups like and legal tech products like LegalZoom and DocuSign have lowered the barrier to entry for legal protection that was previously confined to law offices. Now anyone can write their will or incorporate a company without having to seek legal counsel. The dissolution of the traditional legal business model is good news for public interest law. Access to justice is a fundamental human right, but most can’t afford to hire legal representation when the need arises. Public defenders, pro bono lawyers, and immigration attorneys provide a great service to citizens, yet the demand for legal support far outweighs the supply of legal aid services. There simply aren’t enough public interest lawyers to go around. Financial hardship shouldn’t be a barrier to justice. Fortunately, simple applications of technology can streamline legal representation, and with wider adoption, may reduce a key contributor to the economic inequality equation. While law firms have been slow to embrace new disruptive technologies, public interest law is different. Tech allows them to serve more clients. It’s a disruption for good, and nonprofit tech companies are spearheading this movement….”

Making my students more productive?
If you’re a programmer who doesn’t use Chrome, you’re in the minority.

Might be useful for students describing their projects to potential employers.
A Great List of Tools for Making Cool Infographics
Cool Infographics is a book and a blog written by Randy Krum. I read his book a few years ago and came away with some great design ideas that I now use in my slides and in some social media posts. On his blog Randy critiques the design quality and information accuracy of infographics found around the Internet. His blog also contains a section in which he lists dozens of tools for creating all kinds of data visualizations.
The Cool Infographics tools page lists dozens of tools for building all kinds of data visualizations from simple word clouds to complex interactive designs. The Cool Infographics tools page also lists resources for free images, resources on picking the right design for your project, and places to find data to use in your projects.
Some of the tools on the Cool Infographics tools page will be familiar to readers of this blog. Canva and Timeline JS, for example, have been featured many times on this blog. Some tools, like Zanifesto, were completely new to me.

This could be useful for many of my students.

(Related) This one, not so much. Apparently, they think there is a market.
Duolingo targets Trekkies with new Klingon language course

No comments: