Saturday, November 10, 2018

Can I join more than one group?
Daniel R. Stoller reports:
A French nongovernmental organization wants Facebook Inc. to pay 100 million euros ($113 million) and fix any problems stemming from recent data security incidents and privacy breaches.
The Internet Society of France, a public interest group that advocates for online rights, sent a formal notice to Facebook and its subsidiaries Instagram and WhatsApp, warning that it’ll launch an EU-based group action if the company doesn’t secure user personal data effectively.
Read more on Bloomberg Law.
[From the article:
The group is relying on the EU’s General Data Protection Regulation, which took effect May 25. The strict privacy law allows EU citizens to use group actions, similar to a U.S. class action, to go after allegedly infringing companies across borders. The Internet Society claims against Facebook aren’t the first group action but demonstrate the possible future legal risks for digital companies operating in the EU.


(Related) The Privacy regulation forces whistle blowers to give up their privacy?
Romania Orders Journalists Investigating Corruption to Give Up Sources
The Romanian Data Protection Authority (ANSPDCP) Thursday ordered investigative outlet RISE Project to reveal its sources for reporting on an alleged European Union (EU) fund fraud that may involve an eminent Romanian politician.
The reporting in question involves construction company Tel Drum SA and an alleged EU fund fraud and corruption case. RISE released a story on Monday describing the contents of a mysterious suitcase filled with documents, data, photos and videos that appear to connect Tel Drum to Liviu Dragnea, the leader of Romania’s ruling Social Democratic Party (PSD).
The authority’s letter to RISE cites the EU’s General Data Protection Regulation (GDPR) as a basis for ordering RISE to reveal its sources. Failure to respond within 10 days could lead to a fine of €650 (3,000 lei) per day, and additional fines up to a maximum of €20 million.




Interesting and complex.
Busting SIM Swappers and SIM Swap Myths
… Indeed, the theft of $100,000 worth of cryptocurrency in July 2018 was the impetus for my interview with REACT. I reached out to the task force after hearing about their role in assisting SIM swapping victim Christian Ferri, who is president and CEO of San Francisco-based cryptocurrency firm BlockStar.
In early July 2018, Ferri was traveling in Europe when he discovered his T-Mobile phone no longer had service. He’d later learn that thieves had abused access to T-Mobile’s customer database to deactivate the SIM card in his phone and to activate a new one that they had in their own mobile device.
Soon after, the attackers were able to use their control over his mobile number to reset his Gmail account password. From there, the perpetrators accessed a Google Drive document that Ferri had used to record credentials to other sites, including a cryptocurrency exchange. Although that level of access could have let the crooks steal a great deal more from Ferri, they were simply after his cryptocoins, and in short order he was relieved of approximately $100,000 worth of coinage.




Perspective. Inevitable that some of the less valuable bits of the ‘security theater’ fade away.
You won't need a boarding pass to cross security with new Sea-Tac Airport program
… The SEA Visitor Pass program will allow non-travelers to pass through airport security to visit with their traveling companions, whether they're picking up an arriving passenger, waiting with a departing passenger or just having a drink with someone during their layover.




Suspicions confirmed.
Social media use increases depression and loneliness
Social-media use increases depression and loneliness.
The link between the two has been talked about for years, but a causal connection had never been proven. For the first time, Penn research based on experimental data connects Facebook, Snapchat, and Instagram use to decreased well-being. Psychologist Melissa G. Hunt published her findings in the December Journal of Social and Clinical Psychology.

Friday, November 09, 2018

I thought this had all be straightened out when they hung that Chad guy… Apparently we don’t need the Russians to screw up an election.
Something Looks Weird In Broward County. Here’s What We Know About A Possible Florida Recount.
The Florida U.S. Senate race is still too close to call. According to unofficial results on the Florida Department of State website at 11:45 a.m. Eastern on Friday, Nov. 9, Republican Gov. Rick Scott led Democratic Sen. Bill Nelson by 15,046 votes — or 0.18 percentage points. We’re watching that margin closely because if it stays about that small, it will trigger a recount.
… The changing margin is due to continued vote-counting in Broward and Palm Beach counties, two of Florida’s largest and more Democratic-leaning counties.
… Unusually, the votes tabulated in Broward County so far exhibit a high rate of something called “undervoting,” or not voting in all the races on the ballot. Countywide, 26,060 fewer votes were cast in the U.S. Senate race than in the governor race. Put another way, turnout in the Senate race was 3.7 percent lower than in the gubernatorial race.
Broward County’s undervote rate is way out of line with every other county in Florida, which exhibited, at most, a 0.8-percent difference
… Generally, the higher the elected office, the less likely voters are to skip it on their ballots. Something sure does seem off in Broward County; we just don’t know what yet.




True, but depressing.
Why Social Media’s Misinformation Problem Will Never Be Fixed
Slate – Facebook and others have gotten more serious about hoaxes, hate speech, propaganda, and foreign election interference. Here’s how it helped in the midterms—and why they aren’t going away.
“At first grimace, the role of social media in the 2018 U.S. midterm elections looked a lot like the role it played in the 2016, when the hijacking of tech platforms by foreign agents and domestic opportunists became one of the major subplots of Donald Trump’s victory and sparked a series of high-profile congressional inquiries. Despite all of the backlash, all the scrutiny, all the promises made by the likes of Facebook CEO Mark Zuckerberg and Twitter CEO Jack Dorsey to do better, the boogeymen that reared their head then are still snarling today. That’s dispiriting, because the tech companies had two years to prepare, and untold resources at their disposal. Facebook even had a well-staffed election “war room” tasked with finding and addressing the very kinds of hoaxes that continued to crop up throughout the election cycle. If they haven’t fixed things by now, well: When will they? The answer is probably “never.”…”


(Related)
Hard Questions: What Are We Doing to Stay Ahead of Terrorists?
Online terrorist propaganda is a fairly new phenomenon; terrorism itself is not. In the real world, terrorist groups have proven highly resilient to counterterrorism efforts, so it shouldn’t surprise anyone that the same dynamic is true on social platforms like Facebook. The more we do to detect and remove terrorist content, the more shrewd these groups become.
… our overall enforcement effort was significantly better in Q2 2018 than it was previously, even though our median time to take action was 14 hours. By Q3 2018, the median time on platform decreased to less than two minutes, illustrating that the new detection systems had matured.




Something to look forward to.
Be still, my heart.
Ross Todd reports:
Mark your calendars, cyber-enthusiasts.
The federal judge overseeing a half dozen class action lawsuits targeting Facebook Inc. with claims related to a data breach affecting 50 million users has asked the lawyers in the case to give him a tutorial on data breaches, the dark web and all things cyber-related.
U.S. District Judge William Alsup of the Northern District of California, who makes a regular habit of asking lawyers in highly technical cases to help him get up to speed on the underlying technology, has asked for a tutorial in the Facebook cases in his San Francisco courtroom on Jan. 9 of next year. Alsup is giving each side one hour to present information on “the subject of data privacy and the technology used to both protect and attack it.”
Read more on Law.com (free registration required)




Something I’ll have to read slowly.
Forget Black Friday! We’ve got a new article by Ryan Calo to read and ponder. Having just skimmed the abstract, I see a terms/concepts that I am not familiar with, so much to learn here…..
Abstract
American Legal Realism numbers among the most important theoretical contributions of legal academia to date. Given the movement’s influence, as well as the common centrality of certain key figures, it is surprising that privacy scholarship in the United States has paid next to no attention to the movement. This inattention is unfortunate for several reasons, including that privacy law furnishes rich examples of the indeterminacy thesis—a key concept of American Legal Realism—and because the interdisciplinary efforts of privacy scholars to explore extra-legal influences on privacy law arguably further the plot of legal realism itself. The application of social science to privacy has, if anything, deepened its indeterminacy.
Citation and Access to Full Article (Free):
Calo, Ryan, Privacy Law’s Indeterminacy (November 8, 2018). 20 Theoretical Inquiries L. XX (2019). Available at SSRN: https://ssrn.com/abstract=




Perspective. Agrees with a study from last month that said people were basing decisions on where to work on the commute time.
Has the love affair with driving gotten stuck in traffic?
Washington Post: “America’s love affair with the automobile and those dreams of roaring off on open highways are on the wane as the nation grapples with too much stop-and-go traffic and too many hours spent behind the steering wheel. Those findings are contained in a report to be released Thursday by Arity, a technology research spinoff created two years ago by Allstate Corporation, parent company of Allstate Insurance. Arity underscored the growing disillusionment by using an illustration: Americans, on average, spend more time in their cars — mostly driving to and from work — than they receive in vacation time. Arity researchers said most people average 321 hours in the car each year and get 120 hours of vacation…”




None of these make me want to buy a Smartphone.


Thursday, November 08, 2018

If the school didn’t care enough to secure or monitor their systems, why take it out on these students?
They Hacked Their School District When They Were 12. The Adults Are Still Trying to Catch Up.
The hack started small, in 7th grade, when they bypassed their middle school’s internet filters to watch YouTube during lunch.
But by the time Jeremy Currier and Seth Stephens were caught, more than two years later, their exploits had given them extraordinary reign over the computer network of the Rochester Community Schools, a well-to-do suburban district about 45 minutes outside Detroit.
The teens had access to the logins, passwords, phone numbers, locker combinations, lunch balances, and grades of all 15,000 of their classmates.
They could view teachers’ tests, answer keys, and email messages.
They could control the district’s security cameras and remotely operate its desktop computers via their phones.
The boys were even using district servers to mine for cryptocurrency.
… Though there’s no evidence to date that Jeremy and Seth directly threatened anyone, the district expelled both boys, then referred them to the county sheriff’s office.
… Seventh grade was also the year the boys noticed a sticky note attached to one of the public computers in the middle school library. It had a username and password on it, they said, in case students or staff wanted to look up books but had forgotten their own credentials.
Jeremy and Seth discovered that by logging in with the information on the note, then closing out of the library software, they could access files that had been shared with the library’s adult staff.
One of the files, they said, was a Microsoft Excel spreadsheet with a filename that included the school year and the word “students.” The file was unprotected. They opened it up.
It contained the passwords for every student in the Rochester district.




Probably not Russians and probably not campaign related.
Caballero’s Merced office burglarized. An effort to ‘take down’ campaign, staff says
Campaign staffers working for Anna Caballero’s bid for the California Senate say a break-in and theft at the campaign’s Merced office resulted in stolen campaign material as well as computers and electronics containing voter information.
According to Bryan King, campaign manager for Senate Democrats, about 9,500 door hangers [What possible value to thieves? Bob] informing people where and how to vote had been stolen from the West Main Street office.
Additionally, every laptop was taken from the office as well as devices used to scan voter data and personal items such as cell phones used to call voters, according to King.
“They also ripped out our internet modem so we’re totally offline right now,” King said.




“Gosh, we never thought about security!”
U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service
A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. Secret Service issued an internal alert warning that many of its field offices have reported crooks are indeed using Informed Delivery to commit various identity theft and credit card fraud schemes.
The internal alert — sent by the Secret Service on Nov. 6 to its law enforcement partners nationwide — references a recent case in Michigan in which seven people were arrested for allegedly stealing credit cards from resident mailboxes after signing up as those victims at the USPS’s Web site.
… The Michigan incident in the Secret Service alert refers to the September 2018 arrest of seven people accused of running up nearly $400,000 in unauthorized charges on credit cards they ordered in the names of residents. According to a copy of the complaint in that case (PDF), the defendants allegedly stole the new cards out of resident mailboxes, and then used them to fraudulently purchase gift cards and merchandise from department stores.




Follow your ‘best practice’ procedures and this will never happen.
Catalin Cimpanu reports:
The personal details of nearly 700,000 American Express (Amex) India customers have been accidentally left exposed online via an unsecured MongoDB server.
The leaky server, which was left exposed online without a password, was discovered three weeks ago by Bob Diachenko, Director of Cyber Risk Research at cyber-security firm Hacken.
Most of the data on the server appeared to have been encrypted and required a decryption key to view, but the researcher says 689,272 records were stored in plaintext and accessible to anyone who stumbled upon the database.
Read more on ZDNet.




Another example of poor security by design.
Default Account Exposes Cisco Switches to Remote Attacks
A default account present in Cisco Small Business switches can allow remote attackers to gain complete access to vulnerable devices. The networking giant has yet to release patches, but a workaround is available.




The follow-on to GDPR…
First Came GDPR, Then Comes ePrivacy - What to Expect with Global Data Regulations
While the GDPR was designed to ensure protection for personal data related to European Union (EU) citizens, ePrivacy takes this approach a step further by ensuring personal and family privacy in relation to data collection, storage and usage. Put more simply, ePrivacy protects your right to a personal life and personal existence.




I’m not sure the reporters understand what she is saying. On one hand, BIG is not automatically dominant. On the other hand, individual slices of a company may be dominant in some areas. On a third hand, perhaps it’s just a language problem?
Europe's anti-monopoly chief conducted 'very preliminary investigations' into Apple but decided it's 'not a dominant company'
The European Commission conducted "very preliminary investigations" into whether Apple might be so large that it had an anti-competitive effect in Europe, but quickly realised that the company was not "dominant" enough in its markets to warrant further action, the European Commissioner for Competition said Wednesday.
… "Google in the legal term of dominance is a dominant company because they are dominant in search," she said. "The bigger you get the more responsibility you get. So if you are a dominant company, you also have a special responsibility because competition is weakened in the market that you're in. This is why we have the Google case. This is the legal basis of the Google case. And if a company is not dominant it can do all the things that a dominant company can do, and in some of the areas where we have had very preliminary investigations, we find that Apple is not a dominant company.




Interesting. Who knew that China produced 25% of the world’s beer?
Knoema - Huge Collections of Data Maps and Charts
Knoema is a service that offers a huge collection of data sets and maps for public use. Knoema offers data maps and charts for almost every country in the world. There are dozens of data categories to pick from. Some of the data categories that you will find include GPD Per Capita, Government Debt, Migration, Housing, Energy Consumption, and Agricultural Production.
To find a data map or chart on Knoema to use with your students first select a data set then choose a country from the drop-down menu tied to each data set. Each data set, map, and chart can be exported downloaded and or embedded into a blog post or webpage.




For the tool kit.
Visme - Great Tools for Making Flowcharts and Mind Maps
Visme is a graphic design tool that I've been using off and on for the last five years. Back when I started using Visme it was known as EWC Presenter and it was a good tool for designing slides and infographics. Recently, Visme added new flowchart design templates and tools. The flowcharts that you make on Visme can be downloaded as PDFs, shared via email and social media, or embedded into blog posts. If you use any of the online sharing options, you can include interactive elements in your flowcharts. Watch the following video to learn how to quickly create flowcharts and mind maps on Visme.




Perhaps it was Taylor Swift fans, perhaps Donald Trump haters, either way it seems 53% still don’t care.
A Boatload Of Ballots: Midterm Voter Turnout Hit 50-Year High
Voter turnout on Tuesday was massive: More than 47 percent of the voting-eligible population cast a ballot in the midterm elections on Tuesday. That's according to early estimates from the United States Election Project.


Wednesday, November 07, 2018

HSBC has been awfully quiet on this. Are they still counting victims?
HSBC bank confirms US data breach
HSBC has said some of its US customers' bank accounts were hacked in October.
The lender said that the perpetrators may have accessed information including account numbers and balances, statement and transaction histories and payee details, as well as users' names, addresses and dates of birth.
… The bank said the online accounts were breached between 4 and 14 October.
It is not clear whether the attackers have tried to make use of the data to steal savings.
A template of the alert sent to customers has been posted online by the California Attorney General's Office, although the hack was not limited to that state.
One expert said it appeared that the technique involved was a "credential stuffing" in which personal details harvested from elsewhere had been used to gain unauthorised access to the accounts. [Password reuse should be the customer’s problem, not the bank’s. Bob]




I suspect more will follow. (Yes, I have a very negative view of the election process.)
Don’t Be Fooled: There Was Election Interference in 2018
With Election Day 2018 behind us, many are breathing a sigh of relief. Those following closely the prospect of widespread election interference are indicating that, despite fears of everything from the changing of votes to the spread of disinformation, the 2018 midterms saw relatively little by way of such interference, or at least less than occurred in 2016. It’s true that there have been no credible reports of actual vote changing of the type that could call into question the Election Day results, and that’s reassuring. But, all told, it’s unfortunately misguided to suggest that this campaign season and ultimately this election were free from election interference. That’s for at least three reasons.


(Related) “Discovered” on Monday?
Facebook connects Russia to 100+ accounts it removed ahead of mid-terms




How did they identify the criminals in the mix? By looking at everyone? (Won’t the FBI be jealous?)
Police crack encrypted chat service IronChat and read 258,000 messages from suspected criminals
Dutch police have revealed that they were able to spy on the communications of more than 100 suspected criminals, watching live as over a quarter of a million chat messages were exchanged.
The encrypted messages were sent using IronChat, a supposedly secure encrypted messaging service available on BlackBox IronPhones.
Criminals were amongst those who purchased the IronPhones, and used the IronChat app to communicate openly about their activities, believing that they were safe as they paid up US $1500 for a six month subscription to the service. What they did not realise was that the app had been compromised by police.
… In a statement, police in the Netherlands explained that as a result of their surveillance, law enforcement agencies have seized automatic weapons, large quantities of hard drugs (MDMA and cocaine), 90,000 Euros in cash, and dismantled a drugs lab.
… “This operation has given us a unique insight into the criminal world in which people communicated openly about crimes,” said Aart Garssen, Head of the Regional Crime investigation Unit in the east of the Netherlands.




Will the FBI ask Facebook to retain the deleted messages? After all, they might contain evidence of a crime that will be unavailable to investigators. (Like encrypted messages)
Facebook’s unsend feature will give you 10 minutes to delete a message
Facebook Messenger will soon allow you to delete sent messages up to 10 minutes after you’ve originally sent them. The feature is listed as “coming soon” in the release notes for version 191.0 of Messenger’s iOS client. Compared to the hour Facebook gives you to delete an erroneous WhatsApp message, 10 minutes doesn’t give you too much time to correct yourself. But it’s a lot better than having your mistakes preserved eternally.




Start planning.
The Starter Pistol Has Been Fired for Artificial Intelligence Regulation in Europe
Paul Nemitz is principal advisor in the Directorate-General Justice and Consumers of the European Commission. It was Nemitz who transposed the underlying principles of data privacy into the legal text that ultimately became the European Union's General Data Protection Regulation (GDPR).
Now Nemitz has fired the starting gun for what may eventually become a European Regulation providing consumer safeguards against abuse from artificial intelligence (AI). In a new paper published in the Philosophical Transactions of the Royal Society, he warns that democracy itself is threatened by unbridled use of AI.




A case for my Architecture students.
Why Doctors Hate Their Computers
… A 2016 study found that physicians spent about two hours doing computer work for every hour spent face to face with a patient—whatever the brand of medical software. In the examination room, physicians devoted half of their patient time facing the screen to do electronic tasks. And these tasks were spilling over after hours. The University of Wisconsin found that the average workday for its family physicians had grown to eleven and a half hours. The result has been epidemic levels of burnout among clinicians. Forty per cent screen positive for depression, and seven per cent report suicidal thinking—almost double the rate of the general working population.
Something’s gone terribly wrong. Doctors are among the most technology-avid people in society; computerization has simplified tasks in many industries. Yet somehow we’ve reached a point where people in the medical profession actively, viscerally, volubly hate their computers…”




Perspective. I liked the quote, “My kids are trying to order by tapping on the images.”
Amazon looks to the past by sending out holiday toy catalogs
… Amazon has again taken a leaf from the brick-and-mortar world by launching its own catalog for the very first time, reports CNBC.
… The difference, however, is that Amazon's catalog has no prices listed on any of its pages, making parents use the Amazon app to scan product images to add it to their cart.




Something to learn and teach?
Facebook’s GraphQL gets its own open-source foundation
GraphQL, the Facebook -incubated data query language, is moving into its own open-source foundation. Like so many other similar open-source foundations, the aptly named GraphQL Foundation will be hosted by the Linux Foundation.
… At its core, GraphQL is basically a language for querying databases from client-side applications and a set of specifications for how the API on the backend should present this data to the client. It presents an alternative to REST-based APIs and promises to offer developers more flexibility and the ability to write faster and more secure applications. Virtually every major programming language now supports it through a variety of libraries.




So that’s what my students are calling me!
Green’s Dictionary of Slang to Go Free
“GDoS Online [Green’s Dictionary of Slang] was launched two years ago, in October 2016.
… Two years into the project, and having no intention to abandon my researches, I have decided that the dictionary in its entirety – headwords, etymologies, definitions and citations – will henceforth be made available for free…”




For my student vets…
Veterans Day discounts: Your comprehensive guide to free pizza, farm supplies, desserts, hotel stays and more




It’s not the same as reading, but it might lead to it.




This is not what we teach our students.


Tuesday, November 06, 2018

These are the people who will write our security laws.  God help us!  (A very long post everyone should read.)  I’ll post a few tidbits. 
In early August, “Flash Gordon” (@s7nsins on Twitter) contacted me to say that he discovered a leak involving the House of Representatives.
   Notifying the House of their leak was one of those misadventures in notification that I should probably write a book about one day.  Calling the House switchboard and asking to speak to whomever was responsible for their cybersecurity resulted in me being bounced from extension to extension for the next hour or so.  No one seemed to know what office I should be connected to. 
   In any event, they locked down the leak and I decided not to report publicly on everything at the time.
But then last week, yet another researcher (Lee Johnstone, @Cyber_War_News on Twitter) got in touch with me and told me that the House was leaking. 
   It’s now noon on Monday, and I received no call back yesterday or today.  And as of my last check, the door is still wide open.  So I’ve decided to report on this now and tweet it to members of Congress.  Maybe their staff can get through to the right person to secure their data.
Update 1:38 pm.  One of my followers on Twitter has a contact in the Chief Administrative Office, it seems, and he alerted the contact, who said he’ll check into it.  That would be nice.
Update 5:14 pm.  More than 24 hours after I called them, the data now appear to have been secured, although I’m not sure whether it would have been secured if not for a follower’s contact.   


When is a “ban” not a ban? 
Alex Jones banned from Facebook? His videos are still there — and so are his followers
  Infowars is gone from Facebook after a high-profile showdown over the summer between Silicon Valley and conspiracy theorist Alex Jones.  But another Facebook page, NewsWars, has taken its place — and Jones’s many fans have followed.
In the three months since Facebook removed four of Jones’s pages over allegations of hate speech, the NewsWars page has remained intact and surged in posts and page views.  The NewsWars Facebook page identifies NewsWars.com, which Jones said his company operates, as the website associated with the page and lists it under “Contact Info.” Jones said he doesn’t run the Facebook page.
   “It shows a huge failure in being able to control this stuff,” said Albright, research director for Columbia’s Tow Center for Digital Journalism.


We’ve been talking about this for years.
Chinese 'gait recognition' tech IDs people by how they walk
Chinese authorities have begun deploying a new surveillance tool: "gait recognition" software that uses people's body shapes and how they walk to identify them, even when their faces are hidden from cameras.
Already used by police on the streets of Beijing and Shanghai, "gait recognition" is part of a push across China to develop artificial-intelligence and data-driven surveillance that is raising concern about how far the technology will go.
Huang Yongzhen, the CEO of Watrix, said that its system can identify people from up to 50 meters (165 feet) away, even with their back turned or face covered.  This can fill a gap in facial recognition, which needs close-up, high-resolution images of a person's face to work.


We used to do this manually. 
Facebook is looking at how to suggest friends by tracking who you meet in person
Facebook has been granted a patent that it could use to detect the people who you spend time with on a regular basis.  The idea is that the person you sit next to on the bus and flirt with could be suggested as a Facebook friend by the social network.
The company wants to use the sensors in your phone to detect people near you in various situations.  That might be data from your phone's Bluetooth, Near Field Communications or other hardware.
The signal strength can also be measured. So standing very close and talking is discernible from just being in the same nightclub.  Perhaps Facebook will even be able to tell if you're dancing with each other - thanks to gyroscope data from the phones.


Perspective.  Helping to define our continuing debate about self-driving cars.
Securing Connected Cars: How to Create a Cost-Effective, Secure In-Vehicle Network Backbone
   Dubbed AV 3.0, the new policy will set federal guidelines for how autonomous and assisted driving solutions need to work on public roads.  A big part of making autonomous driving accessible will be the ability for car makers and suppliers to secure the networks that power these increasingly sophisticated vehicles.  In fact, that’s what cars today have become: highly-sophisticated mobile computer networks that just happen to travel at highway speeds. 


I’ll have to ask my students.  I stopped my subscription years ago. 
Are Newspapers Heading Towards Post-Print Obscurity?
Thurman, Neil J. and Fletcher, Richard, Are Newspapers Heading Towards Post-Print Obscurity?  A Case Study of the Independent’s Transition to Online-Only (2018).  Digital Journalism, doi: 10.1080/21670811.2018.1504625.  Available at SSRN: https://ssrn.com/abstract=3256638 [h/t Joe Hodnicki]
“With print circulations in decline and the print advertising market shrinking, newspapers in many countries are under pressure.  Some — like Finland’s Taloussanomat and Canada’s La Presse — have decided to stop printing and go online-only.  Others, like the Sydney Morning Herald, are debating whether to follow.  Those newspapers that have made the switch often paint a rosy picture of a sustainable and profitable digital future.  This study examines the reality behind the spin via a case study of The Independent, a general-interest UK national newspaper that went digital-only in March 2016.  We estimate that, although its net British readership did not decline in the year after it stopped printing, the total time spent with The Independent by its British audiences fell 81%, a disparity caused by huge differences in the habits of online and print readers.  This suggests that when newspapers go online-only they may move back into the black, but they also forfeit much of the attention they formerly enjoyed.  Furthermore, although The Independent is serving at least 50% more overseas browsers since going online-only, the relative influence on that growth of internal organizational change and external factors — such as the “Trump Bump” in news consumption — is difficult to determine.” 


Slick.  I’d enter my birth year but I’m afraid I see “fire’ listed as a new word. 
When was a word first used in print?
Merriam Webster Time Traveler – “When was a word first used in print?  You may be surprised!  Enter a date below to see the words first recorded on that year.  To learn more about First Known Use dates, click here.”


An extra resource or two can’t hurt.

Monday, November 05, 2018

“I’m shocked.  Shocked I tell you!”  We’ve been talking about the vulnerability of election databases and voting machinery for years.  Did they not think hackers might want to look for themselves? 
Hackers targeting election networks across country prior to midterms
Hackers have ramped up their efforts to meddle with the country’s election infrastructure in the weeks leading up to Tuesday’s midterms, sparking a raft of investigations into election interference, internal intelligence documents show.
The hackers have targeted voter registration databases, election officials, and networks across the country, from counties in the Southwest to a city government in the Midwest, according to Department of Homeland Security election threat reports reviewed by the Globe.  The agency says publicly all the recent attempts have been prevented or mitigated, but internal documents show hackers have had “limited success.” 

(Related)
Voting Machines: What Could Possibly Go Wrong?
   United States elections are not evidence-based elections.  According to computer science Professor Alex Halderman of the University of Michigan, only two states, Colorado and New Mexico, conduct manual audits sufficiently robust to detect vote tally manipulation.  More than half of US states do not require manual audits at all, while manual recount laws typically allow automatic state-funded recounts only if the margin of victory is less than 1 percent.


Interesting.  Can anyone craft a ‘safe harbor’ from GDPR? 

Another State Data Security Law: Ohio Gets in on the Action

Craig A. Newman of Patterson Belknap writes:
Starting today, Ohio businesses with written cybersecurity programs will be looking for a free pass if they are sued under state law over a data breach. 
Ohio’s Data Protection Act (Senate Bill 220, Ohio Rev. Code § 1354.01, et seq.) goes into effect today, creating a safe harbor from tort liability for businesses that meet specific cybersecurity standards.  The law won’t prevent litigation over a data breach, but provides an affirmative defense to companies hit with such claims if they have met the requirements of the new law.  This includes adopting data security policies that conform to a number of existing industry standards including the NIST Cybersecurity Framework.
Read more on Data Security Law Blog.


Inventing the news you wish for?
Oxford University’s Oxford Internet Institute aggregator tool tracks “junk” political views being shared on Facebook
TechCrunch: “Oxford University’s Oxford Internet Institute (OII), which has just launched an aggregator tool which tracks what it terms “junk” political views being shared on Facebook — doing so in near real-time and offering various ways to visualize and explore the junk heap.  What’s “junk news” in this context?  The OII says this type of political content can include “ideologically extreme, hyper-partisan, or conspiratorial news and information, as well as various forms of propaganda”.  This sort of stuff might elsewhere get badged ‘fake news’, although that label is problematical — and has itself been hijacked by known muck spreaders.  (So ‘online disinformation’ tends to be the label of choice in academic and policy circles, these days.)  The OII is here using its own political propaganda content categorization — i.e. this term “junk news” — which is based on what it describes as “a grounded typology” derived through analyzing a large amount of political communications shared by US social media users. 
Specifically it’s based on an analysis of more than 2.5 million tweets sent in the period September 21-30, 2018 — applying what the Institute dubs “rigorous coding and content analysis techniques to define the new phenomenon”.  This involved labelling the source websites of shared links based on “a grounded typology that has been tested over several elections around the world in 2016-2018”, with a content source getting coded as a purveyor of junk news if it failed on 3 out of 5 of criteria of the typology… 
  • The Visual Junk News Aggregator does what it says on the tin, aggregating popular junk news posts into a bipartisan thumbnail wall of over-inflated (or just out and out) BS. Complete with a trigger warning for the risk of graphic images and language. Mousing over the thumbnails brings up any title and description that’s been scraped for the post in question, plus a date stamp and full Facebook reaction data.
  • Another tool — the Top 10 Junk News Aggregator — shows the most engaged with English language junk news stories posted to Facebook in the last 24 hours, in the context of the 2018 US midterm elections. (With engagement being based on total Facebook reactions per second of the post’s life.)..”

(Related)  This story is in both of the databases described in the previous article.  Clearly, we don’t need Russians to create fake news. 
Kemp Cites Voter Database Hacking Attempt, Gives No Evidence
The office of Secretary of State Brian Kemp, who is also the Republican gubernatorial nominee, said Sunday it is investigating the state Democratic Party in connection with an alleged attempt to hack Georgia's online voter database, which is used to check in voters at polling places in the midterm elections.
The statement offered no evidence for the claim and didn't specify allegations against Georgia Democrats.  But it quickly became a last-minute flashpoint in one of the nation's most closely contested governor's races as Tuesday's election loomed.
Democrats viewed the development as more evidence that Kemp's office, which oversees elections, was serving as an extension of his gubernatorial campaign.  Republicans, meanwhile, framed it as an instance of Democrats trying to arrange nefarious votes.


What could possibly go wrong?
US Militia Groups Are Headed To The Southwest Border Despite Pentagon Concerns
Gun-carrying civilian groups and border vigilantes have heard a call to arms in President Donald Trump’s warnings about threats to American security posed by caravans of Central American migrants moving through Mexico.  They’re packing coolers and tents, oiling rifles and tuning up aerial drones, with plans to form caravans of their own and trail American troops to the border.
   Asked whether his group planned to deploy with weapons, McGauley laughed.  “This is Texas, man,” he said.


The question now is how best to use it.

Toronto criminologist has the world’s most comprehensive database on what makes serial killers tick

“Reid, a 30-year-old criminologist and developmental psychologist who’s finishing her PhD at the University of Toronto, has been collecting information on missing persons for more than two years.  She’s amassed an in-depth database of thousands of them — drawing from official Search and Rescue (SAR) reports, the Native Women’s Association of Canada (NWAC) database, collecting tips from crime-beat journalists as well as from friends and family of those missing — in order to obtain the age, ethnicity, demographic, and geographical information of victims.  For some of this data collection, she’s delegated research responsibilities to 13 volunteer undergraduates at the University of Toronto.  Often, she cross-references this database with another database that she’s been working on for closer to four years — her “serial killer” database — which includes up to 600 variables on the behavioral and psychological development of every known serial killer since the fifteenth century, making it the most complete database on the developmental traits of serial killers in existence…” 


Some of my students foresee an end to all exercise. 
   The Stator electric scooter is truly one-of-a-kind.
   Those wide wheels aren’t just for show either.  Not only do they house and protect a 1,000 W motor, but they are also part of the “self-balancing” nature of the scooter.  With the battery weight solidly below the wheel axles and a wide contact patch, the scooter is essentially self-righting and doesn’t require a kickstand.
Push it sideways and it functions like a Weeble – it wobbles but it won’t fall down.
   The Stator has a top speed of 25 mph (43 km/h), which is definitely faster than most other electric scooters.

(Related)
GM creates a global e-bike, looks for branding help with contest
   Part of that EV-savvy strategy, apparently—or a parallel one, perhaps—involves e-bikes intended for “consumers around the globe.”  Friday, the company showed first pictures of two e-bikes it’s developed—one folding and one compact—and that they’ll be available for sale in 2019.
   In the meantime, it’s looking for help with branding the bikes.  Those interested in submitting ideas can go here until 10 a.m. EST on November 26.  Challenge winners will receive $10,000, and runner-up submissions get $1,000.

Sunday, November 04, 2018

A defense attorney’s dream? Certainly sounds strange. You must train your people to seek help when anything like this happens. Where was the backup?
Records lacking for computer attack on sheriff’s office
Records of a ransomware attack on the Hidalgo County Sheriff’s Office are nonexistent, leaving little details available with the exception of an investigator’s testimony during a recent trial.
HCSO investigator Marco Antonio Mandujano lost data obtained from an early 2017 dump of a sexual assault victim’s cellphone because the computer on which it was downloaded got a “virus,” according to his Sept. 26 testimony in the 370th District Court.
… “The data on the phone dump was wiped out because we are connected to the Internet, [A contributing factor, but not the cause. Bob] and somehow the computer program — Well, actually, the computer itself got a virus … and we couldn’t get into it,” the transcript of his testimony reads. “... It was asking for ransom — the computer virus. So there was no way to get into it … The whole computer memory was erased — the hard drive.”
HCSO has no records of the attack, Sheriff J.E. “Eddie” Guerra said Friday, because neither Mandujano nor the IT technician submitted reports about the data loss. [Police fail to report a crime? Really? Bob]
The Monitor previously submitted an open records request on Oct. 16 for specifics about the date or dates of any ransomware attack on the sheriff's office in 2017, as well as details about the attack. HCSO replied on Oct. 24: “Our office does not have any information responsive to your request.”
Mandujano testified it was his opinion that the data obtained from the dump was of no use to the investigation, and thus the ransomware attack had no impact on his findings, according to the transcript. [Can you spell “Exculpatory?” Bob]
… The ransomware attack occurred on a computer in HCSO’s east substation in Weslaco, Guerra said. It is one of only two HCSO computers that is part of its internet-based computer network. These computers do not have restrictions on sites like Facebook and Craigslist that computers on HCSO’s internal network do.
… Guerra did not require the report be written retroactively, but said from now on, he would require investigators and IT personnel to write reports of any data lost from these computers.
The likelihood of lost data, however, is slim, the sheriff said, because since Mandujano lost the data from the cellphone dump, HCSO requires investigators to automatically backup the data on a disc.




Wow! The Google is a powerful tool! This is why we were taught not to repeat any public facing ‘things’ exactly. That should have included websites.
Iran Reportedly Used Google To Crack A CIA Communications System, Leading To ‘Dozens’ Of Deaths
Yahoo News reported that in a breach that occurred around 2010, Iranian agents used simple Google searches to identify and then infiltrate the websites that the CIA was using to communicate with agents, according to two former US intelligence officials. The breach would reportedly lead to dozens of deaths around the globe and a cascade of consequences that spanned years.
Former officials say they believe the breach originated with an Iranian double agent that was hired by the CIA — what they claim would be a result of lax vetting.
… According to one former official, the Iranian double agent showed Iranian intelligence the website that the CIA was using for their communications. By using Boolean search operators like “AND” and “OR”, stringing together characteristics of the communications and websites, Iranian intelligence was reportedly able to locate multiple other websites that the CIA was using for its communications. From there, Iran could track who was visiting the sites and from where — eventually exposing a large swath of the CIA’s network in Iran.




Not how I remember my MBA…