Saturday, December 29, 2018

When your failures are immediately obvious…
FCC Investigates Widespread CenturyLink Outage That Disrupted 911 Service
… The telecommunications giant CenturyLink, based in Monroe, La., says the outage began at 8:18 a.m. ET on Thursday. The website Down Detector says it primarily affected Western states, but emergency service providers on both coasts reported disruptions. CenturyLink has said "a network element ... was impacting customer services" but has offered no further details on the cause of the outage or the number of customers affected.
… The FCC says its last investigation of a 911 outage was launched in March of last year. It fined AT&T $5.25 million for two nationwide outages in March and May 2017 that lasted a total of approximately six hours and resulted in the failure of 15,200 failed 911 calls.
In addition to disrupting 911 services, the CenturyLink outage also caused outages of Verizon network services in at least two states, New Mexico and Montana. Some ATMs in Montana and Idaho also failed to work, and at the North Colorado Medical Center in Greeley, Colo., doctors and nurses for a time had difficulty accessing patient records.

These skills will be back home in a year.
National Guard From 4 States Will Help With Cyber Operations
National Guard soldiers from Colorado, North Dakota, South Dakota and Utah are deploying to Fort Meade, Maryland, as part of a cyber protection team supporting U.S. military operations in Afghanistan.
The Colorado guard said Thursday Cyber Protection Team 174 will help the Defense Department with network security and cyber defensive operations.
The team's assignment is to help commanders operate freely in the cyber domain as well as on the ground while denying adversaries that ability.

Facebook corrects all the things the Times got wrong.
Facts About Content Review on Facebook
Our policies are public, not “secret” or “closely held.”
For years, we’ve published our Community Standards, the overarching guide that outlines what is and isn’t allowed on Facebook. Earlier this year we went a step further and published the internal guidelines we use to enforce those standards. Anyone can view them at

Did you ever wonder where President Trump looks for his brainstorm?
Russia builds border fence between Crimea and Ukraine proper
Russia has built a 60km fence on the border with Ukraine on the north of the Russian-annexed Crimea, according to the de facto Crimean authorities.
… "to protect the local population from the crazy antics of the current Ukrainian government".

Friday, December 28, 2018

GDPR inspired laws are coming closer.
Isabel Carvalho, Rafael Loureiro, and Daniel Crespo of Hogan Lovells write:
The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on 15 February 2020. The new data protection law significantly improves Brazil’s existing legal framework by regulating the use of personal data by the public and private sectors. Very similar to the General Data Protection Regulation (“GDPR”) implemented in the European Union, the LGPD imposes strict regulations on the collection, use, processing, and storage of electronic and physical personal data. In conjunction with the passing of the LGPD, the National Data Protection Authority will be created in order to adequately implement the new legislation.

Yeah, it’s tough. Deal with it.
Inside Facebook’s Secret Rulebook for Global Political Speech
… The company, which makes about $5 billion in profit per quarter, has to show that it is serious about removing dangerous content. It must also continue to attract more users from more countries and try to keep them on the site longer.
How can Facebook monitor billions of posts per day in over 100 languages, all without disturbing the endless expansion that is core to its business? The company’s solution: a network of workers using a maze of PowerPoint slides spelling out what’s forbidden.
… The closely held rules are extensive, and they make the company a far more powerful arbiter of global speech than has been publicly recognized or acknowledged by the company itself, The New York Times has found.
The Times was provided with more than 1,400 pages from the rulebooks by an employee who said he feared that the company was exercising too much power, with too little oversight — and making too many mistakes.

Amazon's rise forces laundry detergents to shrink
Tide and Seventh Generation have introduced redesigned laundry detergents that are several pounds lighter by cutting down on plastic in their packaging and using less water in their formulas. Why? To please Amazon and other online stores: Lighter packaging means retailers pay less to ship the detergent to shopper's doorsteps, making each sale more profitable.
… The downsized detergents are a sign of Amazon's growing influence. Companies that have designed products for decades to stand out on store shelves are now being pressured by online retailers to make their packaging lighter to cut down on shipping costs, said Gary Liu, vice president of marketing at Boomerang Commerce, which makes software for consumer goods companies.

For the Research toolkit.
Instagram viewer search engine
Pikbee is the best Instagram online web viewer on the Internet. Discovering top trending media on Instagram…”

Thursday, December 27, 2018

An article I missed. Could this be a shot at Hillary?
FEC: Lawmakers and staff may use campaign funds for personal cybersecurity
… FEC Commissioner Caroline Hunter wrote on behalf of the commission that spending on cyber hygiene and protective services would not constitute, "impermissible conversion of campaign funds to personal use."
… The unanimous vote Thursday will allow members of Congress and staff to use campaign funds to purchase a range of hardware and software products to bolster their own security, including cell phones and computers, home routers, personal software and applications, firewalls, antivirus software, security keys, secure cloud services, password management tools, consulting, incident response services and others.
"With growing threats posed by foreign governments, it's crucial that elected officials get smarter about their cybersecurity," said Wyden on Twitter.
… While members of Congress can draw from cybersecurity resources at the House and Senate Sergeant-At-Arms to protect their official devices and accounts, they were unable to do so for personal ones or those of their families.

(Related) Apparently, this is an approved use of campaign funds. “I didn’t know what they did but I gave them $750,000.”
Linkedin founder Reid Hoffman apologizes after $750,000 campaign donation linked to misinformation in Alabama senate race
Linkedin co-founder and Greylock Partner's investor Reid Hoffman apologized Wednesday for funding a group linked to a misinformation campaign during Alabama's 2017 special election for the US Senate.
… Hoffman donated $750,000 to AET, according to the Washington Post, who first reported Hoffman's statement Wednesday.
Hoffman, a vocal democratic donor, said in the statement that he was not aware of the group's work with New Knowledge before it was reported last week.

Another article I missed. Fake news is even dangerous to robots (algorithms).
Market volatility: Fake news spooks trading algorithms
Fake news and inaccurate headlines may have contributed to recent stock market volatility, as trading algorithms try to interpret market-related news.
Hugh Son, at CNBC reported that in a note written to clients by J.P. Morgan Chase's top quant, Marko Kolanovic, blamed a media landscape that's a mix of real and fake news, which makes it easy for others to amplify negative news. The effects can be seen that, in spite of a booming economy and positive signals, the markets are reacting strongly to this mix of negative news.

How Much of the Internet Is Fake? Turns Out, a Lot of It, Actually.
… For a period of time in 2013, the Times reported this year, a full half of YouTube traffic was “bots masquerading as people,” a portion so high that employees feared an inflection point after which YouTube’s systems for detecting fraudulent traffic would begin to regard bot traffic as real and human traffic as fake. They called this hypothetical event “the Inversion.”

I guess they never heard of Fake News. (Sounds like a business opportunity, but keep your plans off social media.)
IRS wants to use social media to catch tax cheats
Quartz: “The Internal Revenue Service is looking for ways to scour social media platforms like Facebook, Instagram, and Twitter in its ongoing quest to catch tax cheats. That’s according to a request for information issued December 18 by the IRS’s National Office of Procurement. The mining of social media data by the agency has been suspected in the past, but the IRS has never before confirmed the practice.
“Businesses and individuals increasingly use social media to advertise, promote, and sell products and services,” the IRS solicitation reads. “For example, taxpayers can create ‘online stores’ on social networking sites free of cost. Much of this information is unrestricted, allowing the public, businesses and various governmental agencies to discover taxpayers’ locations and income sources. But the IRS currently has no formal tool to access this public information, compile social media feeds, or search multiple social media sites.”…

An interesting approach. (So, Flipkart can’t sell anything from Walmart?)
India tightens e-commerce rules, likely to hit Amazon, Flipkart
India will ban e-commerce companies such as and Walmart-owned Flipkart Group from selling products from companies in which they have an equity interest.
… The All India Online Vendors Association (AIOVA) in October filed a petition with the anti-trust body Competition Commission of India (CCI) alleging that Amazon favours merchants that it partly owns, such as Cloudtail and Appario. The lobby group filed a similar petition against Flipkart in May, alleging violation of competition rules through preferential treatment for select sellers.

Perspective. We practiced hiding from nuclear weapons. I guess every generation needs to learn what their parents fear.
More than 4.1M students were in a school lockdown last year
Washington Post: “School shootings remain rare, even after 2018, a year of historic carnage on K-12 campuses. What’s not rare are lockdowns, which have become a hallmark of American education and a byproduct of this country’s inability to curb its gun violence epidemic. Lockdowns save lives during real attacks, but even when there is no gunman stalking the hallways, the procedures can inflict immense psychological damage on children convinced that they’re in danger. And the number of kids who have experienced these ordeals is extraordinary. More than 4.1 million students endured at least one lockdown in the 2017-2018 school year alone, according to a first-of-its-kind analysis by The Washington Post that included a review of 20,000 news stories and data from school districts in 31 of the country’s largest cities…”

Wednesday, December 26, 2018

Timely. Computer Security class starts January 2nd.
Teaching Cybersecurity Law and Policy: Revised 62-Page Syllabus/Primer
Teaching Cybersecurity Law and Policy: My Revised 62-Page Syllabus/Primer (Bobby Chesney, Charles I. Francis Professor in Law and Associate Dean for Academic Affairs at the University of Texas School of Law) – “Cybersecurity law and policy is a fun subject to teach. There is vast room for creativity in selecting topics, readings and learning objectives. But that same quality makes it difficult to decide what to cover, what learning objectives to set, and which reading assignments to use. With support from the Hewlett Foundation, I’ve spent a lot of time in recent years wrestling with this challenge, and last spring I posted the initial fruits of that effort in the form of a massive “syllabus” document. Now, I’m back with version 2.0. At 62 pages (including a great deal of original substantive content, links to readings, and endless discussion prompts), it is probably most accurate to describe it as a hybrid between a syllabus and a textbook. Though definitely intended in the first instance to benefit colleagues who teach in this area or might want to do so, I think it also will be handy as a primer for anyone—practitioner, lawyer, engineer, student, etc.—who wants to think deeply about the various substrands of this emergent field and how they relate to one another.”

Cellphones, Law Enforcement, and the Right to Privacy
“Cell phones are ubiquitous. As of 2017, there were more cell phones than people in the United States. Nearly 70 percent of those were smartphones, with 94 percent of millennials carrying a smart device. Cell phones go nearly everywhere, and users are increasingly dependent on smartphone applications for daily activities, such as texting, email, and location-assisted direction services.. This white paper surveys the landscape of government acquisition of location data about cell phone users — from cellular providers’ collection of location information to the use of technologies that pinpoint where individuals and cell phones are located. It describes how cell phones operate, how that location information is accrued and disseminated, and the technologies that can be used to establish where a phone is, where it has been, and what other users have been in proximity…The paper then analyzes both the legal and policy landscape: how courts have ruled on these issues, how they can be expected to rule in the future, and how agencies have addressed these issues internally, if at all. It adds to concerns that cell phone-based monitoring could violate the constitutional privacy rights of millions of ordinary Americans…”

Preparing for the 2020 election.
Why Americans Fell for Russian Internet Trolls
… Researchers found an average of 1.73 likes, retweets or replies for Russian trolls’ posts in Russian or any language other than English; for English-language posts, the rate was nine times that high (15.25). Americans, it turned out, were easy targets for the Russian propaganda.
… What remains unclear is why Americans were so much more vulnerable than other targets.
An answer proposed by the study’s authors was that the former Soviets were “immunized” against the Russian propaganda. Because of their history, they expect to be lied to, and so are generally more cynical than Americans.

Perspective. This neatly sums up what we’ve been saying all along. (Is there an opportunity here?)
New on LLRX – The Bullshit Algorithm
Via LLRX.comThe Bullshit Algorithm – Jason Voiovich goes directly to the heart of the matter with his statements that are a lessons learned guide that no researcher can afford to ignore – “Wasn’t the promise of data-driven, search engine and social media algorithms that they would amplify the truth and protect us from misinformation by tapping the wisdom of crowds? The fact is that they do not. And cannot. Because that is not what they are designed to do. At the heart of every social media algorithm is a fatal flaw that values persuasion over facts. Social media platforms (as well as search engines) are not designed for truth. They are designed for popularity. They are bullshit engines.”

“They’re skilled at avoiding (not evading) taxes. They make a lot of money. We should take it from them.” This was inevitable – tax laws have to change to reflect global business.
France to introduce tax on large internet, tech firms
France has been pushing hard for a new so-called "GAFA tax" -- named after Google, Apple, Facebook and Amazon -- to ensure the global giants pay a fair share of taxes on their massive business operations in Europe.
"The tax will be introduced whatever happens on January 1 and it will be for the whole of 2019 for an amount that we estimate at 500 million euros ($570 million)," Le Maire told a press conference in Paris.
… Policymakers across the world have had difficulty in taxing the US-based giants who dominate their sectors internationally, but who often route their revenues and profits via low-tax jurisdictions to reduce their liabilities.
France's move to introduce the tax on January 1 could be driven by domestic budget concerns, with the finance ministry looking for new sources of revenues and savings.
… Some other EU member states such as Britain, Spain and Italy are also working on national versions of a digital tax, with Singapore and India also planning their own schemes.

Perspective. For some reason, this astonishes my students. “Didn’t Amazon kill all the bookstores?”
Instagram is helping save the indie bookstore
The internet is killing independent bookstores. Right? Maybe not.
For years, that’s been the prevailing narrative: The internet is killing IRL bookstores, particularly your beloved mom-and-pop local independent bookstore. Since Amazon launched in 1995, it has been lamented as earth-shattering for the brick-and-mortar bookstore business. And when Amazon subsequently launched the Kindle e-reader device in 2007, it sold out immediately. People fretted that it was ushering in the death of the print book in favor of the e-book.
… Between 2009 and 2015, the number of independent bookstores grew by 35 percent, according to the American Booksellers Association. Print book sales are on the rise too: Sales of physical books have increased every year since 2013. In 2017, print book sales were up 10.8 percent from 2013, while sales of traditionally published e-books actually dropped 10 percent from 2016 to 2017.

To share with all my students.
The Top Free Online University Courses of 2018, Ranked by Popularity
… At the end of every year, I do an extensive analysis of the MOOC space. To help me with analysis, I send the top MOOC providers a set of questions, one of them being the top enrolled courses of 2018.
The list below contains the top enrolled courses from the major MOOC providers: Coursera, edX, Udacity, and FutureLearn. Combined, these providers represent a big chunk of the MOOC learners (70+ million!).
[I selected a few...

Tuesday, December 25, 2018

A Christmas gift for hackers.
How a government shutdown affects America’s cybersecurity workforce
… Among the heaviest hit agencies would be the National Institute of Standards and Technology, which would have 85 percent of its staff furloughed. Only 435 employees are considered “essential,” according to a planning document from the Department of Commerce.
… Also seeing sharp reductions are the Director of National Intelligence’s analysis and operations workforce, which would see a 60 percent reduction in active workforce to just 345 employees, according to documents.
… It appears that the Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency, created just last month, is among the most protected in the event of a government shutdown. The agency would only have 45 percent of its workforce furloughed, with 2,008 employees exempt.

For my Software Architecture students to ponder.
Last-Minute Shoppers Increasingly Trust Only Amazon to Deliver
Olivia Zimmermann started her holiday shopping early this year, buying a Bluetooth speaker from Best Buy for her sister. It was supposed to arrive by Dec. 10, two weeks before Christmas.
The speaker never showed up — and the post office said it had delivered the package to a different town. Best Buy apologized and offered to reship it. But Ms. Zimmermann, who works in marketing in Chicago, was over it.
“I just want a refund,” she told the retailer, and then added: “At this point, I have already ordered from Amazon because I know for a fact it will be here when they say it will.”

Perspective. How tight do you get before you reach Big Brotherhood?
Russia’s Tightening Control of Cyberspace Within its Borders
Russian federal lawmakers have just drafted legislation that would ban the publication of online materials that “blatantly disrespect Russian society, the state, official state symbols, the Russian Constitution, and law enforcement agencies.” Such a law would exacerbate the severity of existing laws, which Human Rights Watch has said already “sought to stigmatize criticism or alternative views of government policy as disloyal, foreign-sponsored, or even traitorous” and crack down on physical mechanisms of protest like public assembly.
At the same time as that new legislation, Russia’s internet “regulator,” Roskomnadzor, has proposed a law that would permit the agency to entirely block search engines that don’t comply with requests of state authorities.

Monday, December 24, 2018

Sometimes data has an immediate value.
Tyler Durden reports:
We break from tonight’s episode of “Powell in turmoil” to let you know that an “unknown” hacker appears to have inside info on a substantial portion of the global pipeline of upcoming M&A deals. According to The Times, thousands of “sensitive documents” have been stolen by hackers in a cyber-attack on M&A and restructuring giant Evercore.
According to the report, one of the boutique bank’s junior administrators in London was the victim of a “phishing” attack – similar to the way in which John Podesta allegedly handed over control of his inbox to an unknown hacker – in which a recipient is lured into clicking on a corrupt link in an email. The hackers gained access to her inbox, leading to the theft of 160,000 “data objects” such as diary invitations, documents and emails. It is likely that among the tens of thousands of stolen objects was confidential data on the countless merger deals the company is currently working on.
Read more on ZeroHedge.

What my Computer Security students need to watch for.
Impulsive personalities most likely to fall victim to cybercrime, research shows
New research from Michigan State University examining the behavior that leads someone to fall victim to cybercrime reveals that impulse online shopping, downloading music and compulsive email use are all signs of a certain personality trait that make you a target for malware attacks.
“People who show signs of low self-control are the ones we found more susceptible to malware attacks,” said Tomas Holt, professor of criminal justice and lead author of the research. “An individual’s characteristics are critical in studying how cybercrime perseveres, particularly the person’s impulsiveness and the activities that they engage in while online that have the greatest impact on their risk.”

Evidence based. Next we should demand facts!
Congress votes to make open government data the default in the United States
On December 21, 2018, the United States House of Representatives voted to enact H.R. 4174, the Foundations for Evidence-Based Policymaking Act of 2017, in a historic win for open government in the United States of America.
The Open, Public, Electronic, and Necessary Government Data Act (AKA the OPEN Government Data Act) is about to become law as a result. This codifies two canonical principles for democracy in the 21st century:
  1. public information should be open by default to the public in a machine-readable format, where such publication doesn’t harm privacy or security
  2. federal agencies should use evidence when they make public policy

Sunday, December 23, 2018

Will 2019 be the year everyone finally learns their security lessons? I doubt it.
Davey Winder writes:
It hasn’t been the greatest week for the non-profit sector with the revelation that two well-known charities have fallen victim to less than charitable cyber con-artists. In the same week that the Save the Children Federation confirmed it had been scammed out of $1 million by email fraudsters, so the Wellcome Trust has revealed the email of four senior executives was compromised and sensitive information monitored for several months. Without wishing to be uncharitable, both of these cyber-attacks fall firmly into the ‘oldest trick in the book’ category.
Let me start by saying that I am not in the habit of victim shaming; the focus must be on the threat actor when it comes to attributing bad guy status. That said, as we fast approach 2019, I also think the time for pussy-footing around the lack of security awareness issue within many large organizations has long since passed. The Wellcome Trust is most certainly a large organization any which way you look at it; in fact, with some £26 billion of assets, it is the biggest charity in Britain. So, when I read in my copy of the Times today that no less than four senior executives were “misled into entering their passwords when sent a link to click on” my will live to live starts fading away.
Read more on Forbes.

If the best you can do is identify “last year’s” election interference, the 2020 election is doomed!
Facebook suspends 5 accounts for 'inauthentic behavior' during Alabama special election
… One of the accounts that Facebook suspended belonged to Jonathon Morgan, the chief executive of research firm New Knowledge. Morgan confirmed that his account had been suspended through a New Knowledge spokesperson.
Morgan told The Washington Post on Dec. 18 that he had engaged in an experiment with misleading online tactics during the 2017 special election in Alabama.
During race between Republican Roy Moore and Democrat Doug Jones, who was elected to serve in the U.S. Senate, Morgan told the Post he created a Facebook page under false pretenses to test his ability to appeal to conservative voters, according to the report.

A great summary.
Privacy and Cybersecurity: A Global Year-End Review

Perspective. It is amazing that this did not happen much earlier. Implications for smartphone manufacturers.
The GPS wars have begun
… Countries around the world, including China, Japan, India and the United Kingdom plus the European Union are exploring, testing and deploying satellites to build out their own positioning capabilities.
That’s a massive change for the United States, which for decades has had a practical monopoly on determining the location of objects through its Global Positioning System (GPS), a military service of the Air Force built during the Cold War that has allowed commercial uses since mid-2000 (for a short history of GPS, check out this article, or for the comprehensive history, here’s the book-length treatment).
… Today, the only global alternative to that system is Russia’s GLONASS, which reached full global coverage a couple of years ago following an aggressive program by Russian president Vladimir Putin to rebuild it after it had degraded following the break-up of the Soviet Union.

This seemed a little “off.” But it did help to ‘justify’ resuming flights.
Gatwick drones pair 'no longer suspects'
The 47-year-old man and 54-year-old woman, from Crawley, West Sussex, were arrested on Friday night on suspicion of "the criminal use of drones".
Sussex Police said the pair were no longer suspects.
Meanwhile, Det Ch Supt Jason Tingley told Sky News officers had found a damaged drone near the airport.
… Det Ch Supt Tingley said the arrested man and woman had "fully co-operated" with inquiries and he was "satisfied that they are no longer suspects in the drone incidents at Gatwick".