Saturday, February 17, 2018

Last week we discussed Backups and Disaster Recovery. Here’s another good ‘bad example.’
Ben Coley reports:
The Davidson County government’s ability to conduct business on computers has been stopped by a software virus known as ransomware, according to County Manager Zeb Hanner.
Hanner said officials learned about the issue around 2 a.m. Friday. He noted that all the files are encrypted and that the hackers are asking for an undisclosed amount of bitcoin, a type of cyber currency gaining popularity. None of the phone systems for county offices are working, as well.
Read more on The Dispatch.

The cost of a failure to ‘design for security?’
Intel facing 32 lawsuits over Meltdown and Spectre CPU security flaws
Intel has revealed today that the company is facing at least 32 lawsuits over the Meltdown and Spectre CPU flaws. “As of February 15, 2018, 30 customer class action lawsuits and two securities class action lawsuits have been filed,” says Intel in an SEC filing today. The customer class action lawsuits are “seeking monetary damages and equitable relief,” while the securities lawsuits “allege that Intel and certain officers violated securities laws by making statements about Intel’s products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities.”
Intel is also facing action from three shareholders who have each filed shareholder derivative actions that allege certain board members and officers at Intel have failed “to take action in relation to alleged insider trading.” These filings appear to be related to the concerns that have been raised over Intel CEO Brian Krzanich’s stock sales.

No way to tell how many Snapchat users received the phishing email, but probably over a million.
Casey Newton reports:
In late July, Snap’s director of engineering emailed the company’s team in response to an unfolding privacy threat. A government official from Dorset in the United Kingdom had provided Snap with information about a recent attack on the company’s users: a publicly available list, embedded in a phishing website named, that listed 55,851 Snapchat accounts, along with their usernames and passwords.
The attack appeared to be connected to a previous incident that the company believed to have been coordinated from the Dominican Republic, according to emails obtained by The Verge.
Read more on The Verge.
[From the article:
The accounts compromised in July represent a tiny fraction of Snap’s 187 million active users. But the incident illustrates how sites set up to mimic login screens can do an outsized amount of damage — and how companies must increasingly rely on machine-learning techniques to identify them in real time.

A link to the indictment (PDF).
Special counsel Mueller: Russians conducted 'information warfare' against US during election to help Donald Trump win
A federal grand jury has indicted 13 Russian nationals and three Russian entities for alleged illegal interference in the 2016 presidential elections, during which they strongly supported the candidacy of Donald Trump, special counsel Robert Mueller's office said Friday.
The indictment says that a Russian organization called the Internet Research Agency sought to wage "information warfare" against the United States and to "sow discord" in the American political system by using fictitious American personas and social media platforms and other Internet-based media.

(Related). The UN is often the last to ‘notice’ trends. Who is the leader here?
Global Powers Must Address 'Episodes of Cyberwar': UN Chief
World leaders must lay the groundwork on how countries respond to cyberattacks that have proven to be a daunting threat, whether by state actors or criminal enterprises, UN secretary general Antonio Guterres said Friday.
"It is clear we are witnessing in a more or less disguised way cyberwars between states, episodes of cyberwar between states," Guterres said during one of the opening speeches at the Munich Security Conference.
"It's high time to have a serious discussion about the international legal framework in which cyberwars take place," he said.
"The fact is we haven't been able to discuss whether or not the Geneva convention applies to cyberwar and whether international humanitarian law applies to cyberwar."

The pendulum swings again!
Rejecting years of settled precedent, a federal court in New York has ruled [PDF] that you could infringe copyright simply by embedding a tweet in a web page. Even worse, the logic of the ruling applies to all in-line linking, not just embedding tweets. If adopted by other courts, this legally and technically misguided decision would threaten millions of ordinary Internet users with infringement liability.
… Courts have long held that copyright liability rests with the entity that hosts the infringing content—not someone who simply links to it. The linker generally has no idea that it’s infringing, and isn’t ultimately in control of what content the server will provide when a browser contacts it. This “server test,” originally from a 2007 Ninth Circuit case called Perfect 10 v. Amazon, provides a clear and easy-to-administer rule. It has been a foundation of the modern Internet.

My students were sure this would not happen for years and years.
Waymo is readying a ride-hailing service that could directly compete with Uber
Waymo is preparing to launch a ride-hailing service akin to Uber’s, but with driverless cars.
The self-driving carmaker spun out of Google was approved on Jan. 24 to operate as a transportation network company (TNC) in Arizona, the state department of transportation told Quartz. Waymo applied for the permit on Jan. 12.

Something for my students to ponder…
Florida Shooter: When Social Media Foretells a Mass Shooting
Disturbing social-media posts apparently made by Nikolas Cruz before a deadly shooting spree have rekindled questions about what responsibilities and capabilities technology companies and law-enforcement authorities have for detecting threats among the billions of words, images and videos online.

Does SIRI (and similar software) know about this?
Why What You Say Reveals More Than You Think
… People’s word choices can reveal such things as their mental health, ability to persuade or even if they’ll default on a loan. A company’s choice of pronouns can affect a customer’s experience and whether it will lead to a purchase. Words used by the media influence how the public thinks about social issues like casino gambling. And the placement of gender — men and women vs. women and men — affect whom the reader believes is on top.

Something for my entrepreneurs.
55 Must-Know SEO Tricks for Business Websites (Infographic)

Something for my geeks.

Something for the Intro to Computers class?
How Computers Work
We use computers every day. But how many of us actually know how they work? Sure we know how to use the software, but I'm thinking about the hardware. How does that aspect of your computer work? has a new video series that addresses that question and more.
Through watching the videos in How Computers Work you can learn about memory, logic, circuits, binary, and the interaction between hardware and software. Get started by watching Bill Gates introduce the series.

Friday, February 16, 2018

Note that there is no mention of cyber retaliation. Russia, North Korea and other actors are showing us some of what they can do. I’m hoping we keep our cyber weapons hidden, for the time being.
US will impose costs on Russia for cyber ‘acts of aggression,’ White House cybersecurity czar says
Russia will be made to pay for its acts of cyber aggression on the international stage, Rob Joyce, special assistant to the president and White House cybersecurity coordinator, told CNBC on Friday.
The act in question was the malware attack known as NotPetya that wiped out billions of dollars as it spread across 64 countries in July 2017. The White House, for the first time Thursday, directly blamed Russia's military for the attack.

I have a hard time remembering names. Perhaps this technology would help?
EFF Report on Law Enforcement Use of Face Recognition Technology
“Face recognition—fast becoming law enforcement’s surveillance tool of choice—is being implemented with little oversight or privacy protections, leading to faulty systems that will disproportionately impact people of color and may implicate innocent people for crimes they didn’t commit, says an Electronic Frontier Foundation (EFF) report released today. Face recognition is rapidly creeping into modern life, and face recognition systems will one day be capable of capturing the faces of people, often without their knowledge, walking down the street, entering stores, standing in line at the airport, attending sporting events, driving their cars, and utilizing public spaces. Researchers at the Georgetown Law School estimated that one in every two American adults—117 million people—are already in law enforcement face recognition systems. This kind of surveillance will have a chilling effect on Americans’ willingness to exercise their rights to speak out and be politically engaged, the report says. Law enforcement has already used face recognition at political protests, and may soon use face recognition with body-worn cameras, to identify people in the dark, and to project what someone might look like from a police sketch or even a small sample of DNA…

Chris Burt reports:
Many vendors of biometrics-based solutions have not anticipated legal and compliance challenges posed by their products, or expressly deny responsibility for those challenges, leading to increased legal action, according to the National Law Review. The article “Buyer Beware: Facial Recognition and the Current Legal Landscape” urges U.S. retailers to be prepared for consumer privacy laws to evolve as they consider implementing such technologies.
The article was authored by partners of law firm Morgan, Lewis & Bockius LLP, and compares the current context for biometrics with that of the earliest text messaging marketing programs.
Read more on Biometric Update.

Hack ahead, wait for the best time to strike.
Chris Bing reports:
Hackers armed with destructive malware appear to have compromised the main IT service provider for the Winter Olympic Games months before last week’s highly publicized cyberattack.
Publicly available evidence analyzed by experts and reviewed by CyberScoop suggests that whoever deployed the Olympic Destroyer malware on Feb. 9 likely previously penetrated a series of computer systems around December belonging to Atos, a multinational information technology service provider that is hosting the cloud infrastructure for the Pyeongchang games.
Read more on CyberScoop.

Tools for Ethical (and other) Hacking.
Joseph Cox reports:
Contractors, governments, and telecom giants have all previously left data on exposed Amazon Web Services (AWS) servers, meaning anyone can access them without a username or password. Now, a search engine makes combing through leaky AWS datasets that much easier. Think of it as a barebones Google, but for info that the owners may have mistakenly published to the world.
Read more on Motherboard.

I’ll follow this to see how it works. Could be useful for my Ethical Hackers.
Google Tests System to Help Locate 911 Callers
Google quietly ran a test of new technology to make it easier for 911 operators to locate cellphone callers, and 911 centers that participated said the results were promising.
The nation’s existing 911 system, which turns 50 this month, has struggled with the explosion of cellphones. The vast majority of 911 calls these days are made using a cellphone, but the location of the caller is hard to pinpoint. Federal regulators estimate shaving a minute off response times could save as many 10,000 lives each year.

Perspective. This makes our “Top 10 targets we’d love to hack (or hack again)”
Apple, Inc. Just Hit a Ridiculously Impressive Milestone
… Market researcher Strategy Analytics has just released its estimates for the smartphone market in the fourth quarter, and the numbers show that Apple has just hit a ridiculously impressive milestone: The iPhone maker just took over half of all global smartphone revenue. Specifically, Apple grabbed 51% revenue share, with Samsung coming in at a distant No. 2.

The other day, my students were wondering how anyone could compete with Amazon or Walmart…
How This Entrepreneur Helps Passionate People Stand up for Their Beliefs With Socks

A timely addition to the toolkit?

Thursday, February 15, 2018

I think training is the right choice.
Security Awareness Training Top Priority for CISOs: Report
Thirty-five percent of CISOs in the financial sector consider staff training to be the top priority for cyber defense. Twenty-five percent prioritize infrastructure upgrades and network defense.
.. The FS-ISAC's 2018 Cybersecurity Trends Report (PDF) notes a distinction in priorities based on the individual organization's reporting structure. Where CISOs report into a technical structure, such as the CIO, the priority is for infrastructure upgrades, network defense and breach prevention. Where they report into a non-technical function, such as the COO or Legal, the priority is for staff training.

Not sure what this buys the UK. Perhaps some diplomatic leverage?
U.K. Officially Blames Russia for NotPetya Attack
British Foreign Office Minister for Cyber Security Lord Tariq Ahmad said the June 2017 NotPetya attack was launched by the Russian military and it “showed a continued disregard for Ukrainian sovereignty.”
The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it,” the official stated.
The U.K. was also the first to officially accuse North Korea of launching the WannaCry attack. The United States, Canada, Japan, Australia and New Zealand followed suit several weeks later.

Gosh Harvard, we’ve been saying that for years!
… we found that a good corporate privacy policy can shield firms from the financial harm posed by a data breach — by offering customers transparency and control over their personal information — while a flawed policy can exacerbate the problems caused by a breach. Together, this evidence is the first to show that a firm’s close rivals are directly, financially affected by its data breach and also to offer actionable solutions that could save some companies hundreds of millions of dollars.

Interesting article.
The Age of Unregulated Social Media Is Over
… Last week, U.K. Members of Parliament traveled to the United States to meet with experts on questions at the intersection of technology, media and democracy ahead of a day receiving testimony from technology executives in Washington DC. Dubbed the “Inquiry on Fake News,” the panel produced seven hours of pointed — sometimes heated — discussion on issues ranging from the role of companies like Facebook and Twitter in enabling propagandists, to questions about how recommendations systems can be gamed by bad actors, to the problems of algorithmic bias.
Despite little clarity from either the politicians or the executives on the specifics of what should be done, one thing was abundantly clear: as far as the House of Commons members are concerned, the age of unregulated social media is over.

Good idea or bad?
Twitter's Marjory Stoneman Douglas High School Live Stream Was Part Of A New Initiative
Twitter is starting to show live, local news broadcasts in a live streaming window next to its timeline during major breaking news events.
Twitter's initiative to air these videos is currently rolled out across the platform, a company spokesperson confirmed to BuzzFeed News. The company will rely on a set of partnerships with local news stations to select the footage.
On Wednesday, Twitter put the initiative into action in a big way, streaming hours of footage from Miami's WSVN 7 next to the timelines of US users as the news station covered the shooting at Broward County's Marjory Stoneman Douglas High School in Florida.

Fits with my Computer Security class discussion of eDiscovery. Was this data stored in the US?
Rafia Shaikh reports:
Following Bill Gates comments yesterday that encouraged tech companies to share consumer data when the government comes calling to avoid future regulation, it appears at least the company’s rival is doing exactly the same. In potentially one of the first such incidents, Sony has coughed up PS4 data to the Federal Bureau of Investigation (FBI) on a user who was suspected of planning to fly from Kansas to the Middle East to join a terrorist organization.
The FBI warrant (link) mentions nine related search warrants (from Facebook, Microsoft, Yahoo, and others) that will help the agency get information from the suspect’s social media accounts and electronic devices, including his PlayStation 4.
Read more on WCCFTech.

Might be interesting if you are planning your argument... What are the hot buttons and how to push them?
U of M crowdsourcing project transcribes Supreme Court justices’ handwritten notes
University of Minnesota News: “…If you have ever wanted to be a fly on the wall during deliberations by U.S. Supreme Court justices or travel back in time to witness Supreme Court decisions, a new crowdsourcing project led by researchers at the University of Minnesota and Michigan State University allows you to do just that. The project, named SCOTUS Notes, is the newest citizen science project under the Zooniverse platform originated at the University of Minnesota. Zooniverse, the world’s largest and most popular people-powered online research platform, runs on support from volunteers that now number more than 1.5 million. These volunteers act as armchair scientists and archivists helping academic research teams with their projects from the comfort of their own homes. In this project, members of the public transcribe handwritten notes from U.S. Supreme Court justices. Unlike members of Congress, justices cast their votes in complete privacy during weekly conference meetings. Only justices are allowed in the Chief Justice’s conference room when they discuss, deliberate, and make initial decisions on cases that focus on some of the nation’s most pressing legal issues. The only record of what has been said, and by whom, is provided by the handwritten personal notes the justices themselves take during conference. These crucial documents detail the discussions and debates that took place in thousands of cases spanning multiple decades…”

Perspective. A look at that cloud thing we’re all moving to.
Top cloud providers 2018: How AWS, Microsoft, Google Cloud Platform, IBM Cloud, Oracle, Alibaba stack up
… a few things to note: This list of public cloud providers revolves around the service providers that offer software-, platform- and infrastructure-as-a-service offerings. There are many more cloud providers that specialize in some part of the enterprise software stack.
Increasingly, companies will combine the large public cloud providers along with a specialist.

Perspective. (And for those of us keeping score.)
Amazon dethrones Microsoft to become the world’s third most valuable company
Amazon stock climbed 2.6 percent Wednesday, giving the company a market value of $702.5 billion and topping Microsoft’s market cap for the first time. The online retailer now trails only Apple and Google’s parent, Alphabet, as the most valuable companies in the world.

Wednesday, February 14, 2018

Since this is in essence a ‘free shot’ at our elections, why would anyone stop?
Russian Threat To Elections To Persist Through 2018, Spy Bosses Warn Congress

Can The U.S. Combat Election Interference If Some Don't Believe It's Happening?
America's adversaries are circling like coyotes just beyond the light from the campfire, top intelligence officials warn — but that's not the scariest thing to some members of the Senate intelligence committee.
What bothers them is the need to convince people the coyotes are there.
"My problem is, I talk to people in Maine who say, 'the whole thing is a witch hunt and it's a hoax,' because that's what the president told me," said Sen. Angus King, I-Maine.

Intelligence Chiefs: Trump Has Not Directed Us to Stop Russian Meddling

IRS Issues Urgent Warning On New Tax Refund Scam - And It's Not What You'd Expect
Just when you thought you'd read about all of the tax scams: The Internal Revenue Service (IRS) is warning taxpayers about a new – and growing – scam involving erroneous tax refunds being deposited into real taxpayer bank accounts. Then, the crooks use various tactics to con taxpayers into turning over the funds. It's a new twist on an old scam.
Here's how it works. Thieves are using phishing and other schemes to steal client data from tax professionals. Then, using that data, they file fraudulent tax returns and use the taxpayers' real bank accounts to deposit erroneous tax refunds. Finally, the thieves, posing as IRS or other law enforcement, call attention to the error and ask taxpayers to return the money to them.

It’s good that they are concerned about Security, but why take this approach?
Sara A. Arrow and Craig A. Newman
Recently-issued guidance from the U.S. Department of Education (ED) threatens to “yank” Title IV funding for post-secondary institutions lacking appropriate data security safeguards. The guidance comes as the risk of educational data breaches has intensified, as we have previously reported. The stakes are even higher now that ED has put Title IV recipients on notice that, beginning in fiscal year 2018, they may be subject to compliance audits regarding their data security programs.

Is this the future of Online Retail, for example? A measure of your readiness for citizenship?
China's Dystopian Tech Could Be Contagious
… Home to half a billion human beings, beset by pressures both shared with other urban places and uniquely Chinese, it’s remarkable that churning conurbations like Shanghai, Chengdu, or Beijing are not constantly breaking out into open, ungovernable chaos. Just like cities anywhere, though, they do not—a stability that appears to arise almost entirely from self-organization.
Perhaps spurred on by their distaste for everything implied by such liberality, the Chinese government has become convinced that a far greater degree of social control is both necessary and possible. It now has access to a set of tools for managing the complexity of contemporary life that it believes will deliver better, surer, and more reliable results than anything produced by the model of order from below.
Known by the anodyne name “social credit,” this system is designed to reach into every corner of existence both online and off. It monitors each individual’s consumer behavior, conduct on social networks, and real-world infractions like speeding tickets or quarrels with neighbors. Then it integrates them into a single, algorithmically-determined “sincerity” score. Every Chinese citizen receives a literal, numeric index of their trustworthiness and virtue, and this index unlocks, well, everything. In principle, anyway, this one number will determine the opportunities citizens are offered, the freedoms they enjoy, and the privileges they are granted.

I actually know a few people who might find this useful!
KDP is Amazon’s self-publishing tool, and it’s a simple way to take your book, turn it into a Kindle file, and start selling it on Amazon. They’ll help you sell it and pay royalties on each sale. It’s a great way to publish and sell a book, especially if you don’t want to pay a fortune for printing a hard copy.

Tuesday, February 13, 2018

We’ll probably have to wait for the Olympics to end before they start naming names. (Russia)
Cyberattack Caused Olympic Opening Ceremony Disruption
… The cyberattack took out internet access and telecasts, grounded broadcasters’ drones, shut down the Pyeongchang 2018 website, and prevented spectators from printing out reservations and attending the ceremony, which resulted in an unusually high number of empty seats.
Security experts said they had uncovered evidence that the attack had been in the works since late last year. It was directed at the Pyeongchang Organizing Committee and incorporated code that was specifically designed to disrupt the Games or perhaps even send a political message.
… “This attacker had no intention of leaving the machine usable,” a team of researchers at Cisco’s Talos threat intelligence division wrote in an analysis Monday. “The purpose of this malware is to perform destruction of the host” and “leave the computer system offline.”
In an interview, Talos researchers noted that there was a nuance to the attack that they had not seen before: Even though the hackers clearly demonstrated that they had the ability to destroy victims’ computers, they stopped short of doing so. They erased only backup files on Windows machines and left open the possibility that responders could still reboot the computers and fix the damage.
“Why did they pull their punch?” asked Craig Williams, a senior technical leader at Talos. “Presumably, it’s making some political message” that they could have done far worse, he said.
… Adam Meyers, vice president of intelligence at CrowdStrike, said his team had discovered time stamps that showed the destructive payload that hit the opening ceremony was constructed on Dec. 27 at 11:39 a.m. Coordinated Universal Time — which converts to 6:39 a.m. Eastern Time, 2:39 p.m. in Moscow and 8:39 p.m. in South Korea.
Attackers clearly had a target in mind: The word was hard-coded into their payload, as was a set of stolen credentials belonging to Pyeongchang Olympic officials. Those stolen credentials allowed attackers to spread their malware throughout the computer networks that support the Winter Games on Friday, just as the opening ceremony was timed to begin.
Security companies would not say definitively who was behind the attack, but some digital crumbs led to a familiar culprit: Fancy Bear, the Russian hacking group with ties to Russian intelligence services.

Food for thought.
What could possibly go wrong, right?
Read this presser to get some more background and details.
Thanks to Joe Cadillic for these links. I imagine he’ll have tons to say on his blog about all this. Me, I’m just stockpiling those little thingees that block cameras on devices.

How very Facebook of them.
Facebook is suggesting mobile users 'Protect' downloading a Facebook-owned app that tracks their mobile usage
Facebook is now offering some mobile app users a wireless-networking app without first disclosing that it's owned by Facebook, or that it collects information for the social networking company.
The app, Onavo Protect, provides users with a virtual private network, or VPN. Typically, a VPN cloaks the user's identity and adds other security features, making it a more secure way to get online, particularly when using public Wi-Fi networks.
Yet the Onavo app also tracks data that it shares with Facebook and others, "including the applications installed on your device, your use of those applications, the websites you visit and the amount of data you use," according to its own privacy policies.
Facebook can use that data to track what users do online even when they're not on one of its websites. The company could also find out how apps made by its rivals, such as Snap and Twitter, are being used.

Interesting. I wonder what else the UK will want to block in the future?
UK unveils extremism blocking tool
The UK government has unveiled a tool it says can accurately detect jihadist content and block it from being viewed.
Home Secretary Amber Rudd told the BBC she would not rule out forcing technology companies to use it by law.
Ms Rudd is visiting the US to meet tech companies to discuss the idea, as well as other efforts to tackle extremism.
Thousands of hours of content posted by the Islamic State group was run past the tool, in order to "train" it to automatically spot extremist material.
The government provided £600,000 of public funds towards the creation of the tool by an artificial intelligence company based in London.
ASI Data Science said the software can be configured to detect 94% of IS video uploads.
… The company said it typically flagged 0.005% of non-IS video uploads. On a site with five million daily uploads, it would flag 250 non-IS videos for review.
It is intended to lighten the moderation burden faced by small companies that may not have the resources to effectively tackle extremist material being posted on their sites.

(Related) “We can, therefore we must!”
Universities Rush to Roll Out Computer Science Ethics Courses
The medical profession has an ethic: First, do no harm.
Silicon Valley has an ethos: Build it first and ask for forgiveness later.
Now, in the wake of fake news and other troubles at tech companies, universities that helped produce some of Silicon Valley’s top technologists are hustling to bring a more medicine-like morality to computer science.
This semester, Harvard University and the Massachusetts Institute of Technology are jointly offering a new course on the ethics and regulation of artificial intelligence. The University of Texas at Austin just introduced a course titled “Ethical Foundations of Computer Science” — with the idea of eventually requiring it for all computer science majors.
And at Stanford University, the academic heart of the industry, three professors and a research fellow are developing a computer science ethics course for next year.

Cisco: Cloud computing workloads to skyrocket by 2021
Cloud computing workloads continue to skyrocket and will account for 95% of all data center traffic by 2021, according to Cisco's most recent Global Cloud Index study, released this week. The vendor said global cloud data center traffic will more than triple in the next three years, rising from 6 zettabytes in 2016 to 19.5 zettabytes by 2021.
In the study, Cisco said security concerns that formerly hindered the extent of cloud adoption have diminished, further contributing to the increase in cloud computing workloads.
In addition, IoT and related systems, encompassing such operations as connected healthcare and digital utilities, have further fueled the growth in cloud traffic. Cisco said IoT connections are projected to reach almost 14 billion in 2021, more than twice as many as there were in 2016.

Oracle Leaps Into the Costly Cloud Arms Race
Oracle Corp. plans to quadruple the number of its giant data-center complexes over the next two years, a move that could significantly boost capital spending as it tries to chip away at Inc.’s massive lead in the cloud-infrastructure market.
The expansion thrusts Oracle into an expensive arms race against the market’s biggest spenders, Amazon, Microsoft Corp. and Alphabet Inc.’s Google. Those giants are working to wrest away traditional Oracle database customers shifting from their own data centers to web-based...

Perspective. Fueling the next ‘energy crisis?’
Energy riches fuel bitcoin craze for speculation-shy Iceland
Iceland is expected to use more energy “mining” bitcoins and other virtual currencies this year than it uses to power its homes.

Perspective. Up until WWII, the British navy probably went through the South China Sea every week. (And their navigators knew that was not “on the way home” from Australia.)
British defense secretary says warship bound for South China Sea: media
A British warship will sail through the South China Sea next month to assert freedom-of-navigation rights, British Defence Secretary Gavin Williamson said in remarks published on Tuesday.
… The frigate HMS Sutherland will sail through the region after a visit to Australia, Williamson said in an interview with The Australian newspaper.
“She’ll be sailing through the South China Sea (on the way home) and making it clear our navy has a right to do that,” he said, according to the newspaper.

Nicely done!
Dow Jones – 100 Year Historical Chart
Macrotrends: “Interactive chart of the Dow Jones Industrial Average stock market index for the last 100 years. Historical data is inflation-adjusted using the headline CPI and each data point represents the month-end closing value. The current month is updated on an hourly basis with today’s latest value.

For my Data Management students.

For my Computer Security students.

Interesting tool for pointing out evidence?
Pixorize - Free Image Annotation Tool
Pixorize is a free tool for adding interactive annotations to your images. Using Pixorize is a fairly straight-forward process. To get started just upload any picture that you have saved on your computer. (After your image is uploaded you may need to resize it to make it fit into your browser). Once the image is uploaded you can add points, circles, squares, and stars as annotation markers on your image. After adding an annotation marker you can write text to explain the element of the image to which you are calling attention.
To save and or share your work on Pixorize you must create an account. However, creating an account didn't require validating your email address (I created an account with a fake email address that I have for one of my dogs). After saving your image on Pixorize you can share a link to it or embed it in a blog post as I have done below.
Pixorize is still a new product, but it has great potential as an alternative to Thinglink. You could have students use Pixorize to annotate diagrams, maps, or images like the one in my example featured above.

Monday, February 12, 2018

Hijack a popular add-on, gain the access you couldn’t otherwise hack.
Thousands of US, UK government, academic websites hijacked
The Register: “Thousands of websites around the world – from the UK’s NHS and ICO to the US government’s court system – were today secretly mining crypto-coins on netizens’ web browsers for miscreants unknown. The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people. This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud’s source code – to silently inject Coinhive’s Monero miner into every webpage offering Browsealoud. For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper. A list of 4,200-plus affected websites can be found here

Just a reminder…
NoMoreRansom: Free Decryption for Latest Cryakl Ransomware
Decryption keys for a current version of Cryakl ransomware have been obtained and uploaded to the NoMoreRansom website. Victims of Cryakl can potentially recover encrypted files with the Rakhni Decryptor available for free from Kaspersky Lab or NoMoreRansom.
NoMoreRansom is a collaborative public/private project launched by Europol, the Dutch National Police, Kaspersky Lab and McAfee in July 2016.

My answer: Nope!
The ethics of AI: Robots will rise, but will they rule us all?
David Danks thinks a lot about the implications of artificial intelligence. In fact, the Carnegie Mellon University philosophy and psychology professor presented his very first research paper at an artificial intelligence conference in Seattle in 2001.
Now, 17 years later, Danks sits at the center of one of the most fascinating (and some might say terrifying debates): How will artificial intelligence effect the human species?
Or, put another way, should we be scared of the robotic future?
… There’s a 50 percent chance that AI will be able to outperform humans in all jobs in the next 45 years, with full automation potentially occurring in 120 years, according to recent research. Some jobs — like retail sales — are projected to be fully automated in less than 20 years.
… Danks — whose research papers have titles such as Trust But Verify: The Difficulty of Trusting Autonomous Weapons Systems and Algorithmic Bias in Autonomous Systems— is in a perfect place to discuss weighty topics of AI and automation, in part because his counterparts at the nearby School of Computer Science at Carnegie Mellon are some of the best in the world at developing intelligent robots. In that regard, Danks has a front row seat to the coming revolution, one that Barack Obama even warned about in his last public interview as president.

(Related). Should Aetna use AI instead of people?
Former Aetna Medical Director Admits To Never Reviewing Medical Records Before Denying Care

Why the internet dooms the sneaker industry as much as it helps it
Take its effect of flattening the world, for instance. It doesn’t matter if two people are a thousand miles away or sitting in the same room, the internet allows them to send or receive money with the mere tap of a smartphone button. Of course, this also means hackers a world away can even wipe out someone’s life savings in a matter of seconds.
From an e-commerce perspective, the internet allows for the selling of literally anything to anyone. Regarding the sneaker industry, this fact turned a culture predicated on love into one based on business. Because of this, the internet is equally the best, and worst, innovation to happen to sneakers.
Today, hyper sneaker enthusiasts — colloquially referred to as “sneakerheads” — are normally the ones scouring the internet for hyped sneakers with high demand. People make tens of thousands of dollars per month simply reselling shoes, a central reason the sneaker resale market is estimated to be worth roughly $1 billion. An entrepreneurial spirit is well and good until you realize in order for those sneakerheads to make that much money, they have to use the internet to ensure the average person never has a chance at the most coveted of releases.

If it is truly replacing the Simpsons as the face of America, that’s great!
Podcasting Is the New Soft Diplomacy
My friend Lynne Haultain is one of the smartest Australians I know. A dark-haired former radio host, she can boil down just about any complicated subject to a single, delicious epigram. So not long ago, when she told me her theory of the media and globalism and Donald Trump, my ears shot up like Tom Friedman’s. “Podcasting,” Haultain said, “is the new soft diplomacy.”
The idea, she explained over lunch this week, is simple. Haultain always maintained a relationship with America. For decades, that relationship was forged through watching The Wire and reading books like The Art of Fielding and stacking up back issues of The New Yorker next to her bedside. Haultain’s husband and daughter can recite every line from the Australia episode of The Simpsons.
But around the time Donald Trump announced he was running for president, podcasts began to elbow their way into that relationship. These days, the person explaining the wonders and outrages of America is as likely to be New York Times podcast host Michael Barbaro as it is Homer Simpson.
“I listen to The Daily,” Haultain said. “I listen to Up First on NPR. I listen to Trumpcast. I listen to Ezra Klein on Vox. I listen to Mike Pesca on The Gist. Then I have a whole bunch of historical ones. I just listened to Slow Burn on Slate.”
… Whatever appeal American podcasts might have had in Australia is doubled if they offer an explanation for the Trump phenomenon. A lot of Australians wonder how Trump got elected, and how he maintains even sub-40-percent levels of support. Moreover, Trump generates so much news that Australian newspapers and TV shows often don’t get deeper than the outrageous headlines. A podcast — like it does for Americans — offers the “forensic detail,” Haultain said.
… American podcasting serves a final diplomatic function. It not only explains Trump but is an antidote to him. Where Trump is insular and anti-intellectual, podcasting is a reminder that a large swath of America isn’t. “I don’t want to sound trite about this,” Haultain said, “but it saves your reputation.”

Global Warming! Global Warming!
The sun to be cooler by 2050 – study
Based on the cooling spiral of recent solar cycles, scientists from University of California, San Diego believe the next “grand-minimum” is just decades away, during which the Sun will be seven per cent cooler.
… During the grand-minimum in the mid-17th century, named Maunder Minimum, the temperature dropped low enough to freeze the Thames River.
… The phenomenon appears to offer a natural solution to global warming, but scientists invalidated that idea.
They explained that the cooling effect of the grand minimum could merely slow down global warming, but cannot stop it.

Free is good!
Free to Use and Reuse: Making Public Domain and Rights-Clear Content Easier to Find
The Library of Congress: “One of our biggest challenges is letting you know about all of the content available at Another challenge we have is letting you know what you can do with it (in a nice way). We are working on several fronts to improve the visibility of public domain and rights-clear content. We moved one step in that direction today with the launch of our Free to Use and Reuse page…”

(Related) Free is good, but at what cost?
Verge: Science’s pirate queen Alexandra Elbakyan is plundering the academic publishing establishment
The Verge: “The publisher Elsevier owns over 2,500 journals covering every conceivable facet of scientific inquiry to its name, and it wasn’t happy about either of the sites. Elsevier charges readers an average of $31.50 per paper for access; Sci-Hub and LibGen offered them for free. But even after receiving the “YOU HAVE BEEN SUED” email, Elbakyan was surprisingly relaxed. She went back to work. She was in Kazakhstan. The lawsuit was in America. She had more pressing matters to attend to, like filing assignments for her religious studies program; writing acerbic blog-style posts on the Russian clone of Facebook, called vKontakte; participating in various feminist groups online; and attempting to launch a sciencey-print T-shirt business. That 2015 lawsuit would, however, place a spotlight on Elbakyan and her homegrown operation. The publicity made Sci-Hub bigger, transforming it into the largest Open Access academic resource in the world. In just six years of existence, Sci-Hub had become a juggernaut: the 64.5 million papers it hosted represented two-thirds of all published research, and it was available to anyone…”
See also previous BeSpacific postings on SciHub:
[From the Verge article:
If you’re looking to access an article behind a paywall, the only way to get it legally is to pay, says Peter Suber, director of Harvard’s Open Access Project. But there is a gray area: you can ask an author for a copy. (Most academics will oblige.) Aside from either that or finding articles published in free Open Access journals, the next best option is to find pre-publication copies of papers that authors have put in open-access repositories like Cornell’s

Are we subtly exploring the Trump Presidency?

Sunday, February 11, 2018

Who hates the Olympics?
South Korea Probes Cyber Shutdown During Olympics Ceremony
South Korea on Saturday investigated a mysterious internet shutdown during the Winter Olympics opening ceremony, which follows warnings of possible cyberattacks during the Pyeongchang Games.
Internal internet and wifi systems crashed at about 7:15 pm (1015 GMT) on Friday and were still not back to normal at midday on Saturday, Games organizers said.
Cyber-security teams and experts from South Korea's defence ministry, plus four other ministries, formed part of a taskforce investigating the shutdown, they said, adding that it didn't affect the high-tech opening ceremony.
The outage follows warnings of malware phishing attacks targeting organizations working at the Olympics, and allegations of cyberattacks from Russia – which has denied any involvement.

You can secure some of the data all of the time, and all of the data some of the time, but you can’t secure all of the data all of the time.” (With apologies to Abe Lincoln)
Kieran Andrews reports:
Lost confidential papers, leaked email addresses and the release of sensitive personal information were just some of the 4000 “data security incidences” recorded by the UK Government recorded last year.
Data uncovered by the SNP has revealed that in one case an assault victim’s new name and address was inadvertently sent to the perpetrator of the crime as part of an amended restraining order.
The Ministry of Justice said the affected individual and the Information Commissioner’s Office were notified and an investigation was launched. It did not disclose a conclusion.
Meanwhile, Whitehall’s Education Department mistakenly sent full application forms from 14 teachers containing personal data to a contractor, left official papers in taxis, and published actual grammar tests online instead of practice versions.
Read more on The Sunday Post.

An old debate. As a rule of thumb, assume the government has resolution an order of magnitude better than what is allowed “civilians,” that means they can see objects as small as one inch across.
How the Government Controls Sensitive Satellite Data
… The feds can limit how good commercially available images can be when taken by US companies. And it can issue a directive barring imaging over a given location.

I don’t think this will be the terrible shock this article suggests. Companies will need to change their model, but that’s nothing new.
GDPR: Europe's new privacy law will hand a huge advantage to American tech companies
New online privacy laws going into effect in Europe this spring will hand a huge advantage to large American tech companies like Apple, Facebook, Google and Amazon, at the expense of smaller European publishers and advertising companies, according to research from five different investment analysts, seen by Business Insider.
… Two new laws will come into effect in the European Union, including Britain, sometime after May this year. The first, called "the General Data and Privacy Regulation" (GDPR), requires tech companies to get affirmative consent from any user for any information they gather on you.
The second, "the ePrivacy law," governs tracking cookies, and requires tech companies to get affirmative permission from consumers for every cookie they use, each time they use them. The laws apply to any company that does business in Europe, even if they are based outside the continent. So most American tech companies have to obey this, too.
… Macquarie analyst Tim Nollen and his team describe it this way (emphasis in the original):
"For each cookie dropped, both publishers and consumers will need to ask if the placement of the cookie improves the internet experience in order to be in compliance. Companies will thus be forced to justify and may need to acquire consent for each cookie that they place on each user. Each time.”
… GDPR contains some exceptions for companies that have ongoing direct relationships with their users. Amazon, Facebook, Google and Apple all require logins, and thus will find obtaining consent from their users easier, according to Goldman Sachs analyst Lisa Yang and her team. A login could function as pre-existing consent for all future visits. She recently told clients:
“We think organisations that have a direct and trusted relationship with clients and can demonstrate a clear value exchange are more likely to gain user consent (e.g. renowned brands and publishers, GOOGL, FB, AMZN), while those that rely on third-party data for targeting purposes with no direct user relationship may find it more challenging (e.g. ad tech, ad agencies). In our view, coping with the new requirements and costs associated is also likely to be more difficult for the smaller players (be it ad tech, brands or publishers)."

Something for our Criminal Justice students?
Free Webinar - Inquiry-based Learning and the Fire Lab
Join on Monday at 3pm EST for a free webinar about inquiry-based learning. The webinar, sponsored by Xplorlabs by Underwriters Laboratories, will feature strategies for using inquiry-based learning, the role of the teacher in inquiry-based learning, and research on the benefits of inquiry-based learning. We'll take a look at how Xplorlabs's Fire Forensics: Claims and Evidence online learning experience can be used in an inquiry-based learning setting.
Click here to register for this free webinar.

Yes, it will be recorded! The recording will be posted here on Free Technology for Teachers the next day. You don't need to email me to get the recording.