Saturday, September 08, 2018

I wish the GAO would do this more often. Makes an interesting case for my Computer Security class.
US government releases post-mortem report on Equifax hack
The Government Accountability Office (GAO) has published a report to detail how the Equifax hack went down and how the credit reporting company answered during and after the incident.
The report comes a day before the one-year anniversary of the public announcement of the Equifax breach that exposed the personal details of 145.5 million Americans, but also of millions of British and Canadian citizens.
… Equifax IT administrators circulate this advisory on an internal mailing list. Unbeknownst to its IT administrators, the mailing list was out-of-date and did not include all its systems administrators, indirectly leading to an incomplete patch of Equifax's servers.
… A week after the US-CERT advisory, Equifax staff scans its own systems for the presence of the Struts vulnerability, but the dispute portal does not show up as vulnerable.
… During this second intrusion, Equifax says attackers issued queries from the online dispute portal systems to other databases in search of personal data.
"This search led to a data repository containing PII, as well as unencrypted usernames and passwords that could provide the attackers access to several other Equifax databases," the report says.
This data helped attackers to expand their initial access from three databases to 48. Logs showed attackers then ran approximately 9,000 queries to gather Equifax customer info.
The GAO report says this happened because Equifax failed to segment its databases into smaller networks. This, in turn, allowed the attacker direct and easy access to all of its customers' data.
… Equifax said that the reason hackers were not detected for 76 days was because a device meant to inspect network traffic had been misconfigured and didn't check encrypted traffic for signs of malicious activity.

Interesting. A Russian in Georgia.
Russian national extradited to US for alleged hacking campaign against financial institutions
A Russian man accused of launching a major hacking campaign against U.S. financial institutions was extradited to the United States on Monday, the U.S. Attorney’s Office for the Southern District of New York announced Friday.
Andrei Tyurin was extradited from the country of Georgia and arrived in the U.S. on Friday.
… “Tyurin’s alleged hacking activities were so prolific, they lay claim to the largest theft of U.S. customer data from a single financial institution in history, accounting for a staggering 80 million-plus victims,” U.S. Attorney for Manhattan Geoffrey Berman said in a statement.

Friday, September 07, 2018

plus ça change, plus c'est la même chose” I hope my students can change that.
A year later, Equifax slammed while boasting of change
A year after hackers broke into Equifax’s network and stole the personal information of 148 million Americans, a report by a consumer watchdog group is lambasting the credit reporting agency for not addressing its vulnerabilities earlier and for botching its response to the unprecedented breach.
Moreover, the report — issued Thursday by the U.S. Public Interest Research Group and the National Consumer Law Center — criticized lawmakers and regulators for not holding the Atlanta-based company accountable for its failures.
“Equifax has yet to pay a price or provide consumers with the information and tools they need to adequately protect themselves,” said Mike Litt, consumer campaign director for the U.S. Public Interest Research Group.

Will we share our wisdom? Will other states ask?
Homeland Security Head: Colorado Tops US in Vote Security
Colorado, whose election systems are ranked among the nation's safest, held a cyber-security and disaster exercise Thursday for dozens of state, county and federal elections officials to reinforce the state's preparedness for, and public confidence in, November's midterm elections.
Colorado was the only one among 21 targeted states to report to Homeland Security — not the other way around — that Russian interests attempted to hack into its systems in 2016, said state elections director Judd Choate.
It's invested in new vote tabulating machines and creates a separate paper trail of each ballot cast. Since 2013, it's required two-factor authentication for elections systems operators to access equipment. The secretary of state's office has more internet technology staff than purely elections-related staff, and it has plans, which Choate wouldn't disclose for security reasons, to guarantee security and privacy in the remote case the state's voter registration database is hacked.
This year, the state also will monitor Facebook, Twitter and Instagram starting well ahead of the election to detect and respond to false rumors about voting procedures, outages, and other voting problems. It also will collect intelligence on efforts to sway voters on social media, Choate said. He noted that Colorado's collaboration with Homeland Security is strong.

“Golly gee willikers Bob, why bother naming these guys? You know North Korea will never extradite them.”
“True grasshopper, but telling North Korea or Russia that we know exactly who was responsible also suggests we also know where to drop a smart bomb if it comes to that.”
David E. Sanger, Katie Benner and Adam Goldman report:
The Justice Department plans to charge a North Korean spy in the hacking of Sony Pictures Entertainment in 2014, according to three government officials familiar with the indictment.
The attack wiped out 70 percent of Sony Pictures’ computer capability and was done in retaliation for the company’s production of a comedic film, “The Interview,” that mocked the North Korean leader Kim Jong-un and depicted a plot to assassinate him.
The United States government has long explored charging the hacker, Pak Jin-hyok, but indicting him took time because much of the information against him had been classified and could not be included in a criminal indictment.
Read more on The New York Times.

Opsec Mistakes Allowed U.S. to Link North Korean Man to Hacks

(Related) To stimulate the discussion…
Talking Global Cyberwar With Kaspersky Lab's Anton Shingarev
Theory Suggests we Need to Come to the Very Brink of Cyberwar Before Humanity Backs Down and Finds a Solution

A compliance issue.
Are You Ready to Report on GDPR Compliance?
Part 1: Enterprise Level Reporting
Organisations had two years to prepare for GDPR compliance in the run-up to May 25, 2018. Now that the GDPR is in force, what will Regulators want to see? The question is no longer theoretical. The Dutch DPA recently announced an investigation into 30 large organisations regarding their GDPR compliance and at the outset will ask to see their records of processing activities.
Regulator Ready reporting means organisations have the capacity to efficiently produce reports that clearly tell a story reflecting GDPR compliance and accountability and align with legal requirements.
… Nymity Accountability Report
To assist organisations in being able to report on GDPR compliance, Nymity Research™ identified 39 Articles under the GDPR that require evidence of a technical or organisational measure to demonstrate compliance. We have mapped those to the free Nymity Privacy Management Accountability Framework™. Nymity provides a host of free resources to assist organisations in understanding their GDPR obligations and prioritising compliance. To learn more about Regulator Ready reporting, read our white paper.

I wonder if Apple would share enough to allow us to train our CJ students?
Apple will launch a global web portal for law enforcement requests later this year
Apple has announced that it will launch a global web portal for processing and tracking requests from law enforcement officers for data, via MacRumors.
It’s a change from the current system, where law enforcement officers submit requests by messaging an Apple law enforcement email account. A website would offer a more convenient, centralized hub for requests that will make it easier to track current inquiries and manage responses.
In addition to the new portal, Apple has also said that it will build a team to help train law enforcement officers around the world (including developing a new online training module), with an aim toward helping smaller police forces and agencies that may not have the same resources as larger organizations.
According to a letter from Apple’s senior vice president and general counsel Katherine Adams that was obtained by MacRumors, Apple is working on these changes in response to recommendations from a recent report from the Center for Strategic and International Studies.
Apple has strict, published guidelines about what information it does and doesn’t give to law enforcement officers both within and outside of the US. The company also publishes transparency reports twice a year detailing requests for information from law enforcement and government agencies.

Perspective. Will they succeed?
Lyft rolls out its first electric scooters in Denver
Lyft is the latest company to jump on the shared-scooter bandwagon, announcing on Thursday that Denver would be its first market in the US for its dockless electric scooters. The ride-hail company is playing catch-up in a market that’s already flush with billion-dollar startups, but it believes its ability to play nice with city officials will allow it to scale more rapidly than its rivals.
… It won’t be a 24-hour operation, though: Lyft says the scooters will only be available to rent between 6AM and 8PM every day. Similar to other major operators, the scooters cost $1 to unlock and then 15 cents for each minute of riding.
The scooters are made by Chinese electronics giant Xiaomi, and they retail for around $500. They have a top speed of around 15 mph and a range of around 15 miles. When users locate the scooters through Lyft’s app on their phone, they can see the mileage and battery range before deciding to unlock them.

Perspective. Brazil would not have lost so much of their culture in that museum fire if they had digitized more.
Reinventing Museums for the Digital Generation

Something for my researching students.

Thursday, September 06, 2018

So who should we blame?
Facebook, Twitter Execs Admit Failures, Warn of ‘Overwhelming’ Threat to Elections
Gizmodo: “Openly recognizing their companies’ past failures in rare displays of modesty, Facebook and Twitter executives touted new efforts to combat state-sponsored propaganda across their platforms before the Senate Intelligence Committee on Wednesday, acknowledging that the task is often “overwhelming” and proving a massive drain on their resources. Despite frequent and contradictory remarks by President Donald Trump, America’s top national security officials have continued to warn of ongoing foreign influence operations aimed at the 2018 and 2020 U.S. elections. Weeks ago, FBI Director Christopher Wray said that U.S. officials had been targeted using traditional tradecraft, and that the bureau had detected criminal efforts to suppress voting and provide illegal campaign contributions. Among other tactics employed by foreign rivals, senior officials at FBI, Homeland Security, and U.S. Cyber Command cited open-ended efforts to spread disinformation on social media, directly targeting U.S. voters, as well as ongoing cyberattacks against the nation’s voting infrastructure. “Our adversaries are trying to undermine our country on a persistent and regular basis,” said Wray, “whether it’s election season or not…”

(Related) A search for someone to blame or something completely different (monopoly)?
Justice Dept. says social media giants may be ‘intentionally stifling’ free speech
… “The Attorney General has convened a meeting with a number of state attorneys general this month to discuss a growing concern that these companies may be hurting competition and intentionally stifling the free exchange of ideas on their platforms,” said Justice Department spokesman Devin O’Malley in an email.
It’s not clear exactly if the Justice Department is pushing for regulation or actively investigating the platforms for issues relating to competition — or antitrust.

Interesting article. Looks like disclosure laws will need to be more specific.
Who controls your data?
… we waded through all sorts of corporate responses to our data requests: emails, Excel spreadsheets, data-download tools. Beyond simply what was given to us, would it be understandable, even meaningful?
Netflix, for instance, provided full glossaries for its tables of data in a single PDF.
Spotify, in contrast, provided its data through an online-download function. Inside, one UK-based reporter received 101 JSON files, and another received 90. While admirably comprehensive, these are dumps from databases normally read by computers: There's no way to reasonably make sense of the file names, let alone their plain-text contents. Spotify Customer Service did not provide full explanations of the file names, and a spokeswoman said while we could ask about specific data fields, the company did not have a glossary for all of its files.

Not the death of Facebook, but an opportunity for someone else?
Pew – Americans are changing their relationship with Facebook
“Just over half of Facebook users ages 18 and older (54%) say they have adjusted their privacy settings in the past 12 months, according to a new Pew Research Center survey. Around four-in-ten (42%) say they have taken a break from checking the platform for a period of several weeks or more, while around a quarter (26%) say they have deleted the Facebook app from their cellphone. All told, some 74% of Facebook users say they have taken at least one of these three actions in the past year. The findings come from a survey of U.S. adults conducted May 29-June 11, following revelations that the former consulting firm Cambridge Analytica had collected data on tens of millions of Facebook users without their knowledge. Facebook has separately faced scrutiny from conservative lawmakers and pundits over allegations that it suppresses conservative voices. The Center found that the vast majority of Republicans think that social platforms in general censor political speech they find objectionable. Despite these concerns, the poll found that nearly identical shares of Democrats and Republicans (including political independents who lean toward either party) use Facebook. Republicans are no more likely than Democrats to have taken a break from Facebook or deleted the app from their phone in the past year…”

Facebook to invest $1 billion in first Asian data center in Singapore
Facebook said on Thursday it will invest more than $1 billion to build its first data center in Asia in Singapore, slated to open in 2022.
Facebook’s facility will be located in the west of the island, near where Google is expanding its Singapore data centers in an $850 million investment as mobile growth, e-commerce and cloud computing demand rise across the region.
… Facebook said in a statement the 170,000 square meter facility represented an investment of more than S$1.4 billion ($1 billion) and would support hundreds of jobs.
Facebook has a number of data centers in the United States as well as Ireland and Sweden, and it is building a facility in Denmark.

Perhaps now they will ask Google to help. No backups would be unforgivable!
The fire that destroyed a Brazilian museum containing 20 million artifacts also eliminated records of entire languages that nobody speaks anymore
As a massive fire destroyed roughly 20 million items at the National Museum in Rio de Janeiro on Sunday, many audio recordings of indigenous languages that are no longer spoken were lost as well.
It's not clear whether any of the material was digitized, but if it wasn't, it's likely these languages have essentially disappeared forever.

High comedy? Is this in support of President Trump, an active Bezos hater?
… The bill—titled the Stop Bad Employers by Zeroing Out Subsidies (Stop BEZOS) Act—would impose a tax on companies with 500 or more employees “equal to the amount of federal benefits received by their low wage workers.” Essentially, this would force large, profitable firms to pay into welfare programs the amount they’re currently getting for free from the federal government.

Wednesday, September 05, 2018

Suspicions confirmed.
I’m teaching email security to Democratic campaigns. It’s as bad as 2016.
… On one recent trip, I asked a Democratic campaign manager how he was keeping track of his personal passwords. When he hung his head, I knew what was coming.
“I use the same password for every site,” he confessed. He told me about a moment of panic when a college friend who shared his password on a sports site logged in to his Gmail account as a joke. Google noticed the out-of-state login and sent him a security alert. In the minutes before the friend admitted to the prank, he saw his career flash before his eyes.
… One problem is that campaign security isn’t anyone’s job. The Department of Homeland Security offers training through its National Cybersecurity and Communications Information Center (NCCIC) in theory, but it has shown little appetite for the topic in practice. The NCCIC’s audit and assessment services are targeted at large federal agencies, not small groups of people driving around Iowa. Campaigns that reach out to NCCIC get an email outlining options like a “six-week phishing vulnerability assessment” or an “audit of internal network security,” neither of which is much help to a campaign working off personal devices, seven weeks before an election.
… The Democratic Congressional Campaign Committee, deeply anxious about campaign security, distributes a nonpartisan tech playbook developed in conjunction with the Harvard Belfer Center. The playbook is meant to be a basic guide that any campaign can follow, and from a technical point of view, it is unimpeachable.
But it focuses almost entirely on protecting campaign data, such as financial reports or opposition research. When it comes to safeguarding staffers’ personal accounts, the handbook only suggests that they “enlist professional input from credentialed IT and cybersecurity professionals as needed.”

This Group Posed As Russian Trolls And Bought Political Ads On Google. It Was Easy.
In the summer of 2018, after months of public and legislator outcry over election interference, you might think it would be difficult for a Russian troll farm to purchase — with Russian currency, from a Russian ZIP code — racially and politically divisive ads through Google. And you might reasonably assume that if such a troll farm were able to do this, Google — which has said "no amount of interference that is acceptable" — would prevent it from successfully targeting those ads toward thousands of Americans on major news sites and YouTube channels.
But you’d be wrong.

If I had purchased a copy to demonstrate to my Ethical Hacking students, would I be in violation of any law? (I’m not really worried because I used the name and address of a certain lawyer friend.)
Google Notifies People Targeted by Secret FBI Investigation
“At least dozens of people have received an email from Google informing them that the internet giant responded to a request from the FBI demanding the release of user data, according to several people who claimed to have received the email. The email did not specify whether Google released the requested data to the FBI. The unusual notice appears to be related to the case of Colton Grubbs, one of the creators of LuminosityLink, a $40 remote access tool (or RAT), that was marketed to hack and control computers remotely. Grubs pleaded guilty last year to creating and distributing the hacking tool to hundreds of people. Several people on Reddit, Twitter, and on HackForums, a popular forum where criminals and cybersecurity enthusiast discuss and sometimes share hacking tools, reported receiving the email…”
“Google received and responded to legal process issue by Federal Bureau of Investigation (Eastern District of Kentucky) compelling the release of information related to your Google account,” the email read, according to multiple reports from people who claimed to have received it. The email included a legal process number. When Motherboard searched for it within PACER, the US government’s database for court cases documents, it showed that it was part of a case that’s still under seal…”

Security tools for my students.
Google Introduces Open Source Cross-Platform Crypto Library
Google last week took the wraps off Tink, an open source, multi-language, cross-platform cryptographic library designed to help simplify common encryption operations.
Under development for the past two years, the cryptographic library has been available on GitHub since its early days and has already attracted a few external contributors.
Tink can simplify many common cryptographic operations. Data encryption, digital signatures, and more would only require a few lines of code, the Internet giant claims.
The library is providing cryptographic APIs that Google says are secure, as well as easy to use correctly, but harder to misuse.

Is it bigness or controlling the market that causes problems. (What is their market and what percentage do they control?)
It’s time to break up Facebook
Tim Wu thinks it’s time to break up Facebook.
Best known for coining the phrase “net neutrality” and his book The Master Switch: The Rise and Fall of Information Empires, Wu has a new book coming out in November called The Curse of Bigness: Antitrust in the New Gilded Age. In it, he argues compellingly for a return to aggressive antitrust enforcement in the style of Teddy Roosevelt, saying that Google, Facebook, Amazon, and other huge tech companies are a threat to democracy as they get bigger and bigger.

Snap AV: Facebook antitrust fears
Research shop MoffettNathanson downgraded Facebook this morning to neutral, cutting its price target from $200 to $175.
Among the reasons: fears over antitrust due to Facebook's exceptional market power in the social media space, neatly encapsulated by this chart:
[Curiously, the chart shows Apps downloaded, not market share.]

Perspective. The post-Gutenberg revolution is: You can publish your book/magazine/newspaper without a printing press.
GPO grapples with ‘Keeping America Informed’ in the digital information age
fedscoop: “The Government Publishing Office (GPO) is tasked with “Keeping America Informed,” which practically means that the agency, through various channels, provides free public access to all the official publications of the federal government. In the days before the internet, this mandate was a lot easier to keep track of. In a recently released report, the Library of Congress’ Federal Research Division (FRD) explores how federal agencies tend to publish information these days (spoiler alert: online) and how the GPO can do a better job keeping tabs on official government documents in the information age. “The identification and acquisition of content are substantially more complex undertakings in the digital age as compared to the ink-on-paper era,” the report states. Before the web, agencies often approached GPO for publishing services, which made it easy for the agency’s Federal Depository Library Program (FDLP) to collect information on publications. More recently, however, “the onset of direct-to-web publishing, together with the diminishing share of publications in print, weakened the link between Federal publishing and the deposit of documents for FDLP distribution.” This situation leads to the existence of so-called “fugitive documents” — documents that fall within the FDLP’s purview but have not been collected or documented. “Digital fugitives,” the report states, “result from the tremendous volume of digital content being produced, the diversity of formats being used to create information products, the inconsistency of website designs across the Government, and Federal agencies’ failure to notify the Superintendent of Documents of newly released information products…”

Perspective. The new normal? What percentage of smartphones will stream this?
CBS will stream Super Bowl LIII on mobile devices without a sign-in
CBS is determined to make the most of the NFL's loosened streaming rules. The broadcaster has revealed its streaming plans for Super Bowl LIII, and you'll finally have the option to watch on mobile devices without a sign-in through CBS Sports' website and mobile apps. You'll also have mobile access through authenticated apps from CBS' cable, satellite, telecom and streaming TV partners. To no one's surprise, you can watch through All Access on mobile if you're a subscriber.

Perspective. I had no idea that Uber (et al) had impacted taxi service so much already. Have they already become this century’s buggy whip industry?
With nearly half of Chicago cabs in foreclosure or idled, cabbies' hopes riding on New York-style ride-share limits
… Nearly half of the city’s 6,999 licensed cabs are in foreclosure or idled, leading to an increasingly desperate call for regulatory intervention — including a newly floated idea to cap the number of ride-sharing licenses in Chicago — to keep taxi fleets on the streets.

Tuesday, September 04, 2018

Another example of poor design preventing good security.
A Google engineer discovered a vulnerability in the third-party system controlling access to doors across its campus in Sunnyvale, California, and took the opportunity to prove that he could bypass any RFID keycard-operated lock in the facility, Forbes reported on Monday.
According to Forbes, employee David Tomaschik discovered that Software House devices connected to Google’s network used an unsecure, hardcoded encryption key, and launched the attack to prove the consequences that could arise
… Tomaschik was also able to use his knowledge of the vulnerability to impede other Google staffers’ access to parts of the building. Worst of all, he could do all of this without leaving any trace
… The Software House devices’ design has since been updated to increase security, though the original devices cannot be updated by any method short of a hardware replacement due to memory restrictions, Forbes added.

No one is at fault? Why wasn’t the bank looking at the same things the “Dutch authorities” found?
ING fined €775m for lax crime prevention
Dutch bank ING has agreed to pay fines and other payments of €775m ($897m; £698m) after admitting errors in its policies to stop financial crime.
The bank said it regretted that its mistakes had let some customers use their accounts for things such as money laundering between 2010 and 2016.
… An investigation by Dutch authorities found no evidence that any ING staff had helped customers who may have used banking services for potential criminal activities.
It ruled that the errors were not down to individuals, but more the fault of "collective shortcomings at all responsible management levels".
Despite this, ING has started measures against a number of former senior employees, including holding back some of their financial packages.
In a statement, Dutch prosecutors said: "Clients for years were able to make use of ING bank accounts for criminal activities pretty much undisturbed.

(Related) Bad advice from their lawyers or just a risk they were willing to take?
SocGen expects around $1.27 billion in U.S. sanctions penalties
France’s Societe Generale expects penalties relating to its dispute with U.S. authorities over international sanctions violations to be close to 1.1 billion euros ($1.27 billion) which would almost entirely be covered by provisions.
… The last case that remains to be settled relates to dollar transfers made on behalf of entities based in countries subject to U.S. economic sanctions.
… In June, it agreed to pay $1.3 billion to authorities in the U.S. and France to end the disputes over transactions made with Libya and over the suspected rigging of Libor, a key interest rate used in contracts worth trillions of dollars globally.

Seems like a natural consequence of the effort to ‘sanitize’ the public discussion.
Facebook’s Private Groups Offer Refuge to Fringe Figures
… In recent months, though, he and other large-scale purveyors of inflammatory speech have found refuge in private groups, where they can speak more openly with less fear of being punished for incendiary posts.
Several private Facebook groups devoted to QAnon, a sprawling pro-Trump conspiracy theory, have thousands of members. Regional chapters of the Proud Boys, a right-wing nationalist group that Twitter suspended last month for its “violent extremist” nature, maintain private Facebook groups, which they use to vet new members. And anti-vaccination groups have thrived on Facebook, in part because they are sometimes recommended to users by the site’s search results and “suggested groups” feature.
… When it comes to public-facing pages, Ms. Sandberg will have plenty of company actions to cite. Facebook has taken many steps to clean up its platform, including hiring thousands of additional moderators, developing new artificial-intelligence tools and breaking up coordinated influence operations ahead of the midterm elections.
But when it comes to more private forms of communication through the company’s services — like Facebook groups, or the messaging apps WhatsApp and Facebook Messenger — the social network’s progress is less clear. Some experts worry that Facebook’s public cleanup may be pushing more toxic content into these private channels, where it is harder to monitor and moderate.

A question from ignorant me: Dos the EU produce 30% of the worlds “content.” Apparently, the answer is NO.
Local Product Quotas for Netflix, Amazon to Become Law, EU Official Says (EXCLUSIVE)
Quotas obligating Netflix, Amazon and other streaming services operating in the European Union to dedicate at least 30% of their on-demand catalogs to local content are set to become enshrined in law soon.
Roberto Viola, head of the European Commission department that regulates communications networks, content and technology, said the new rules, which will also demand visibility and prominence of European product on streamers, are on track to be approved in December.
“We just need the final vote, but it’s a mere formality,” he told Variety at the Venice Film Festival.
Netflix, Amazon and other streamers will be required to fund TV series and films produced in Europe by commissioning content, acquiring it or paying into national film funds through a small surcharge added to their subscription fee, something which is already happening in Germany. Netflix tried unsuccessfully to fight the German surcharge in court.

For my students who fear local retail is doomed.
Lessons learned from rise of e-commerce breathe new life into retail stores
… From the garden section at Walmart to the diamond counters at Tiffany & Co., old-school retailers are experiencing some of their best sales growth in years.
… The boom also reflects a broad reordering of the $3.5 trillion industry, with fewer retailers capturing more of the gains. Stores that have learned how to match the ease and instant gratification of e-commerce shopping are flourishing, while those that have failed to evolve are in bankruptcy or on the brink.
“The retailers that get it recognize that Amazon has forever changed consumer behavior,” said Barbara Kahn, a marketing professor and former director of the retailing center at the Wharton School. “I shouldn’t have to work to shop.”
Many successful stores are now a cross between a fast-food drive-through and a hotel concierge.
Target’s shoppers can order sunscreen or a Tokidoki Unicorno T-shirt on their phone, pull up to the parking lot and have the items brought to their car.
Nordstrom lets customers in some stores make returns by dropping their items into a box and walking out — no human interaction required.
Walmart is employing 25,000 “personal shoppers” to select and package groceries for curbside pickup.
In recent weeks, all three retailers reported stronger-than-expected sales growth for the quarter. Traffic to Target’s stores and online sites grew at its fastest pace since the company began keeping a record a decade ago.
… Retailers have been tweaking their store and online strategies for years. But it’s only recently that Amazon’s blistering success has prodded the incumbents to try to reinvent themselves.
Kahn of the Wharton School said retailers could have made these improvements decades ago if they had focused on what shoppers wanted.

Good luck. But then, if you are making the Grants, you should dictate the rules.
Radical open-access plan could spell end to journal subscriptions
Research funders from France, the United Kingdom, the Netherlands and eight other European nations have unveiled a radical open-access initiative that could change the face of science publishing in two years — and which has instantly provoked protest from publishers.
The 11 agencies, who together spend €7.6 billion (US$8.8 billion) in research grants annually, say they will mandate that, from 2020, the scientists they fund must make resulting papers free to read immediately on publication (see ‘Plan S players’). The papers would have a liberal publishing licence that would allow anyone else to download, translate or otherwise reuse the work. “No science should be locked behind paywalls!” says a preamble document that accompanies the pledge, called Plan S, released on 4 September.

For the student toolkit.
Visualizing Data in 3D
Visualizing Data in 3D – “Microsoft has published a free data visualization tool called Charts 3D that allows PC and Surface Hub users to create 3D visualizations of multi-axis data without knowing how to code. After users import datasets, Charts 3D generates an interactive graphic, such as a geospatial plot, scatter plot, or line graph. Users can filter their data, switch between 3D and 2D, and alter the visualizations using voice commands.”

Monday, September 03, 2018

I’m not sure I would turn this down.
Voting Machine Maker Defends Refusal of White-Hat Hacker Testing at DEF-CON
Not allowing its voting system to be submitted to independent hacking by security researchers at the “Voting Village” at the DEF CON cybersecurity conference does not mean ES&S shows any lack of commitment to security; on the contrary, it was actually meant to protect their systems, the company said.
“Forums open to anonymous hackers must be viewed with caution, as they may be a green light for foreign intelligence operatives who attend for purposes of corporate and international espionage,” ES&S President & CEO Tom Burt said in a letter last week. “We believe that exposing technology in these kinds of environment s makes hacking elections easier, not harder, and we suspect that our adversaries are paying very close attention.”
Burton’s letter was in response to one he received several days before from four U.S. senators calling out ES&S for not allowing its system to be tested by security researchers at DEF CON, and blatantly questioning the company’s commitment to security.
The Senators’ letter was not without merit. ES&S previously acknowledged that some of the voting machines it sold to local governments from 2000-2006 included a specially-configured copy of PCAnywhere, a remote access tool used for tech support. The news was worrying for the security community not just for the potential for hacking into the machines, but because it called into question the company’s credibility, as it had previously denied the inclusion of the tool.

How would this work? Would the government dedicate a few hundred really good programmers to build and continuously modify an algorithm to catch and delete all “inappropriate” content? Probably they would create a new, very large organization and attempt to review the billions of tweets, photos, videos and other types of content. Neither way would work.
UK broadcasters urge the government to create a social media watchdog
A smorgasbord of TV broadcasters, mobile network and internet service providers has urged the UK government to strengthen its oversight of social media companies. In a letter to The Sunday Telegraph, executives from the BBC, ITV and Channel 4, as well as Sky, BT and TalkTalk, called for a new, independent regulator to help tackle fake news, child exploitation, harassment and other growing issues online. "We do not think it is realistic or appropriate to expect internet and social media companies to make all the judgment calls about what content is and is not acceptable, without any independent oversight," the collective wrote.

Exclusive: U.N. Human Rights Experts Directly Engage With Facebook on “Overly Broad” Definitions in Regulating Terrorist Content
United Nations Special Rapporteur Fionnuala Ní Aoláin has asked Facebook Chief Executive Mark Zuckerberg to add precision and rigor to the social network’s guidelines on terrorism-related content. In a letter to Zuckerberg and a significant meeting last week with Facebook executives, Ní Aoláin said the existing definitions risk catching others, such as legitimate opponents of oppressive authorities, in a dangerous net. The rapporteur told Just Security her office will take a similar approach to “other platforms whose practices mirror Facebook.”
George Washington a Terrorist?
Facebook’s broad definition of terrorism does not comport with common or expert understanding of the term. Under Facebook’s definition, the Continental Congress and Washington’s Army might have been censored as terrorist organizations in the American Revolution, just as today’s authoritarian leaders seek to brand opponents to their regimes as “terrorists.”

Election Season in a Dangerous Democracy
Last Thursday’s morning papers in India settled something that we have been debating for a while. A front-page report about the arrests of five political activists in The Indian Express read, “Those held part of anti-fascist plot to overthrow govt, Pune police tell court.” We should know by now that we are up against a regime that its own police calls fascist. In the India of today, to belong to a minority is a crime. To be murdered is a crime. To be lynched is a crime. To be poor is a crime. To defend the poor is to plot to overthrow the government.

Sunday, September 02, 2018

I can find articles on this scam as far back as February, why so long to act?
Tech-Support Scams Prompt Google to Act
Alphabet Inc.’s Google is taking action to weed out scam artists who advertise on its platform aiming to defraud customers seeking technical support online.
The move comes after a Wall Street Journal investigation found fraudsters were exploiting Google’s advertising system by purchasing search ads and masquerading as authorized service agents for companies such as Apple Inc.

(Related) Surely they are aware of concerns with the security of Chinese hardware…
Experts Call for Transparency Around Google’s Chinese-Made Security Keys
Google's Titan Security Keys, used to lock down accounts, are produced in China. Several experts want more answers on that supply chain process, for fears of tampering or security issues.