How would you explain this to your boss?  “We forgot about them?”  “What-his-name must have done that just before he retired?”  “We have backups?” 

Security lapse exposed New York airport’s critical servers for a year

Zack Whittaker reports:

A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found.

The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing anyone to access their contents.

Read more on ZDNet.

“Icantremembermypassword” is not a good password. 

http://www.bespacific.com/many-password-challenged-internet-users-dont-take-steps-that-could-protect-their-data/

Many ‘password challenged’ internet users don’t take steps that could protect their data

by Sabrina I. Pacifici on Feb 26, 2017

“In today’s digitally connected world, where accessing medical records, ordering groceries and paying taxes can all be done online, many internet users find it daunting to keep up with all the various passwords associated with their online accounts.  One consequence is that a significant minority of users settle for less secure passwords they can more easily remember.  A new Pew Research Center report finds that 39% of online adults report having a hard time keeping track of their passwords.  Compared with the 60% of online adults who do not express difficulties keeping up with their passwords, this “password challenged” group also tends to be more worried over the safety and security of their passwords…”

A tool for my Computer Security students.

http://www.securityweek.com/google-hands-over-email-encryption-app-community

Google Hands Over Email Encryption App to Community

The tech giant first announced its End-to-End email encryption project in June 2014 and released its source code a few months later.  The goal was to create a Chrome extension that would make it easier for less tech savvy people to encrypt their emails using the OpenPGP standard.

The End-to-End crypto library has been used for several projects, including E2EMail, a Gmail client that runs independently of the normal Gmail interface and allows users to send and receive encrypted emails.

The E2EMail source code has been available on GitHub for the past year and it has received contributions from several security engineers.  The search giant has now announced that E2EMail is not a Google product and instead it has become a “fully community-driven open source project.”

Make Ebola at home?

https://www.wsj.com/articles/diy-gene-editing-fast-cheapand-worrisome-1488164820?mod=rss_Technology

DIY Gene Editing: Fast, Cheap—and Worrisome

…   Crispr gene editing by amateurs and hobbyists brings an unusual set of challenges. Crispr-Cas9 is easier, faster and cheaper than previous gene-editing techniques. While that raises the prospect of people with nefarious intent gaining access, the greater concern with amateur enthusiasts is that someone might make a seemingly innocuous gene edit in a fungus, insect or plant that turns out to wreak havoc on the environment.

“The question is, can we rely on individuals to conduct their experiments in an ethical and appropriately safe way?” says Maxwell Mehlman, a professor of law and bioethics at Case Western Reserve University, who is working with do-it-yourself scientists to develop DIY Crispr ethical guidelines.

…   A do-it-yourself Crispr kit with enough material to perform five experiments gene-editing the bacteria included in the package is available online for $150.  Genspace, the Brooklyn, N.Y., community lab where Mr. Sadeghi is learning how to use Crispr to edit a gene in brewer’s yeast, charges $400 for four intensive sessions.  More than 80 people have taken the classes since the lab started offering them last year.

Good news or bad?  If they are bolted to the floor of an auto assembly plant, will they feel the need to revolt?  Somehow, I’m not too worried.

Supersmart Robots Will Outnumber Humans Within 30 Years, Says SoftBank CEO

Within 30 years, artificial intelligence will be smarter than the human brain.

That is according to Masayoshi Son, chief executive of SoftBank Group Corp, who says that supersmart robots will outnumber humans and more than a trillion objects will be connected to the internet within three decades.

…   In his speech, Mr. Son said that while average humans had an IQ of roughly 100 and that geniuses such as Albert Einsten were believed to score around 200, superintelligent computers would have IQs of 10,000.  He said computer chips possessing superintelligence would be put into robots big and small that can fly and swim.  These robots will number in the billions and would be greater than the human population within 30 years, he said.

The chips would also be in everyday objects.  “One of the chips in our shoes will be smarter than our brain,” he said.  “We will be less than our shoes, and we will be stepping on them.”

The next offensive in the grocery wars?  (All quiet on the mid-western front?) 

http://www.reuters.com/article/us-walmart-pricing-exclusive-idUSKBN1660I4

Exclusive: Wal-Mart launches new front in U.S. price war, targets Aldi in grocery aisle

Wal-Mart Stores Inc. is running a new price-comparison test in at least 1,200 U.S. stores and squeezing packaged goods suppliers in a bid to close a pricing gap with German-based discount grocery chain Aldi and other U.S. rivals like Kroger Co, according to four sources familiar with the moves.

Wal-Mart launched the price test across 11 Midwest and Southeastern states such as Iowa, Illinois and Florida, focusing on price competition in the grocery business that accounts for 56 percent of the company's revenue, said vendor sources with direct knowledge of the matter who did not wish to be identified for fear of disrupting business relations with Wal-Mart.

…   Spot checks by Reuters on a basket of grocery items sold by competing Aldi and Wal-Mart stores in five Iowa and Illinois cities showed Wal-Mart's bid to lower prices is already taking hold.  Wal-Mart consistently offered lower prices versus Aldi, an improvement over recent analyst estimates that Wal-Mart's prices have been as much as 20 percent higher than Aldi on many grocery staples.

The competition at these stores is intense, with both competitors selling a dozen large eggs for less than a dollar.  A gallon of milk at some stores was priced at around $1. 

(Related)

https://www.forbes.com/sites/panosmourdoukoutas/2017/02/25/minimum-wage-hikes-and-online-sales-will-save-wal-mart-but-not-neighborhood-stores/#5a67ea716981

Minimum Wage Hikes And Online Sales Will Save Wal-Mart, But Not Neighborhood Stores

…   Minimum wage hikes have a mixed impact on Wal-Mart, the company that is.  On the one side, they help the top line, as they place more money into low-income customers who shop in its stores.

On the other hand, they hurt the bottom line, as they raise the cost of its own labor, which rises in line with minimum wage hikes.

This mixed impact of minimum wage hikes is reflected in Wal-Mart's most recent financial statement, revealing that same store sales rose slightly while earnings dropped sharply.

…   Wal-Mart is also partnering with Uber and Lyft to home deliver groceries and general merchandise, bridging the “last mile” between customers and warehouses.  

…   What does all this mean for the future of the company's stores? They will either be turned into warehouses that fill on-line orders or into fully automated Wal-Mart Go stores where customers will pick up merchandise ordered on-line.

Think of this as virtual robots, taking over trivial tasks in your home.  Soon women won’t need husbands at all!  

Google Assistant is coming to all Android 6.0 and above devices

…   As for what you can do with Assistant, think of it as an evolution of Google Search and "OK Google," with a bit of added functionality like smart home controls, remembering things, and an open API developers can plug into.  However, don't be surprised if you notice that Assistant on your phone is still oddly missing some features that Google Search has had for a while, like recognizing songs, reading messages, and adding items to specific Google Keep lists.

A word to my students (wise or other wise)

A New Kind of Jobs Program for Middle America

Across the U.S., change is coming for the ecosystem of employers, educational institutions and job-seekers who confront the increasingly software-driven nature of work.  A potent combination—a yawning skills gap, stagnant middle-class wages and diminished career prospects for millennials—is bringing about a rapid shift in the labor market for coders and other technical professionals.

Riding into the breach are “code schools,” a kind of vocational training that rams students through intense 12-week crash courses in precisely the software-development skills employers need.

Code schools aren’t the place to go if you want to be a “rock star” at Google or Facebook .  These are designed to turn out junior developers, or “apprentices” as they’re known at Software Guild, which currently has 16 instructors and 148 students split between in-person and online programs.  Students learn just enough to be dropped into teams of more experienced coders and continue their education at a company, even as they draw a competitive full-time salary.

My next lecture to my Computer Security students…

https://techcrunch.com/2017/02/22/eff-half-the-web-is-now-encrypted/

EFF: Half of web traffic is now encrypted

Half of the web’s traffic is now encrypted, according to a new report from the EFF released this week.  The rights organization noted the milestone was attributable to a number of efforts, including recent moves from major tech companies to implement HTTPS on their own properties.  Over the years, these efforts have included pushes from Facebook and Twitter, back in 2013 and 2012 respectively, as well as those from other sizable sites like Google, Wikipedia, Bing, Reddit and more.

Google played a significant role, having put pressure on websites to adopt HTTPS by beginning to use HTTPS as a signal in its search ranking algorithms.  This year, it also ramped up the push towards HTTPS by marking websites that use HTTP connections for transmitting passwords and credit data as insecure.

“In order to protect your privacy, we had to destroy it.”  Why does that sound so familiar? 

How Einstein changes the way government does business

Sean D. Carberry reports:

The Department of Commerce has long granted confidentiality to people who submit sensitive survey data about international investments or foreign transactions.  But Commerce is now revising its confidentiality agreements because of Einstein.

Einstein, the Department of Homeland Security’s comprehensive system of preventing and mitigating cyber threats to federal civilian networks, scans electronic traffic in and out of agencies like the Commerce Department.  As a result, it could capture a survey email sent to Commerce’s Bureau of Economic Analysis if that email contains malware or other threat indicators.

“Because it is possible that such packets entering or leaving BEA’s information system may contain a small portion of confidential statistical data, it can no longer promise its respondents that their responses will be seen only by BEA personnel or its sworn agents,” states the Federal Register announcement that Commerce is revising its confidentiality language. 

Read more on FCW.

Does being pro-tech automatically challenge President Trump?  At least we have an opposite to compare US policy to. 

http://venturebeat.com/2017/02/25/__trashed-87/?google_editors_picks=true

Shedding Soviet history, Estonia aims to be world’s most pro-tech nation

…   The Estonian ecosystem has been carefully cultivated by a government that has itself radically embraced the future to reinvent its relationship with its citizens.

…   Country as a Platform

On a frozen evening in Helsinki, Finland, Estonian president Kersti Kaljulaid arrived to represent her country’s most ambitious startup: its government.

Under its sweeping e-Estonia initiative, the government has become an incubator for programs pioneering advances in digital citizenship, security, virtual business, and education.

…   Kaljulaid took to the stage to discuss the progress the country has made with its e-Estonia initiatives, particularly its e-Residency program.

The residency program allows anyone to become an official resident of Estonia without having to move there.  E-Residents are given an identification card with a chip that uses 2048-bit public key encryption.  With that digital ID, they can access government services to set up a company or open a bank account in Estonia without ever needing to actually visit.

…   Earlier this month, the Estonian government announced the creation of Startup Visa, its latest program to build a bridge to the rest of the world.

Whether it’s someone wanting to move their startup to Estonia or someone who wants to come work for an Estonian startup, the government has dramatically streamlined the application process.  People from outside the European Union can apply for visas for anywhere from one to a given number of years in length.

…   “I don’t think tanks would be rolling in tomorrow,” said Teleport’s Tamkivi.  “But our friendship circles now are global, and we’re very reliant on being part of a global community.”

He added: “Of course, if something does happen, we could go somewhere else and hold parliamentary elections.  We have our entire state backed up in the cloud.  Estonia wouldn’t just disappear again.”

An interesting background read.

https://backchannel.com/inside-facebooks-ai-machine-7a869b922ea7

Inside Facebook’s AI Machine

…   Last month, Candela addressed an audience of engineers at a New York City conference.  “I’m going to make a strong statement,” he warned them.  “Facebook today cannot exist without AI.  Every time you use Facebook or Instagram or Messenger, you may not realize it, but your experiences are being powered by AI.”

Clearly, they have no idea.

Yahoo responds to Senators’ questions about breaches

Yahoo has responded to the letter sent by Republican Senators John Thune, Commerce Committee Chairman, and Jerry Moran, Consumer Protection, Product Safety, Insurance and Data Security Subcommittee Chairman.  The letter had been sent because the senators felt they weren’t getting enough cooperation from the firm.

You can read Yahoo’s response here (pdf).  See what you think.  The firm hasn’t yet identified the intrusion associated with the recently revealed 2013 incident that compromised over one billion accounts.  They first learned of that one in November 2016 when law enforcement brought them data.

As readers likely know, Yahoo’s claims about state-sponsored actors has been disputed by InfoArmor, who cite evidence from their investigations and operations on the dark web and who provide a different understanding of the breaches.  And while Yahoo did not appear to accept InfoArmor’s findings or claims, the proof is somewhat in the pudding, as it was InfoArmor who subsequently brought evidence of the then-undetected 2013 breach to law enforcement that law enforcement then took to Yahoo.  InfoArmor seemed to know much more about their breaches than the firm did.

So why is Yahoo still claiming state actors were involved in their response to Congress?  Where is that evidence?

Optimistic or naive?  IF you know you are in this database and IF you can find your picture and IF you make a request then that particular picture will be deleted UNLESS it is “necessary for a policing purpose.”  (Like the entire database is necessary?)   

UK: Police told to delete on request millions of images of innocent people

Alan Travis reports:

The home secretary has ordered police forces to delete on request millions of images of innocent people unlawfully retained on a searchable national police database.

A Home Office review published on Friday found that police forces make extensive use of more than 19m pictures and videos, known as custody images, of people they have arrested or questioned on the police national database.

Despite a high court ruling in 2012 that keeping images of innocent people was unlawful, police forces have quietly continued to build up a massive database without any of the controls or privacy safeguards that apply to police DNA and fingerprint databases.

Read more on The Guardian.

Illogical?  Have I lost touch?  Are soda sales really such a large percentage of profits for supermarkets? 

https://www.washingtonpost.com/business/industry-philadelphia-soda-tax-killing-sales-layoffs-loom/2017/02/22/69f812ae-f937-11e6-aa1e-5f735ee31334_story.html?utm_term=.232f0e815b78

Industry: Philadelphia soda tax killing sales, layoffs loom

Some Philadelphia supermarkets and beverage distributors say they’re gearing up for layoffs because the city’s new tax on soft drinks has cut beverage sales by 30 percent to 50 percent — worse than the city predicted.

Jeff Brown, who owns six local ShopRite supermarkets, told The Philadelphia Inquirer (http://bit.ly/2loWwJi ) he expects to cut 300 jobs.  Bob Brockway, chief operating officer of Canada Dry Delaware Valley, has predicted a 20 percent workforce reduction by March.

…   Mayor Jim Kenney pushed through the 1.5 cent-per-ounce tax on sweetened and diet beverages to pay for nearly 2,000 pre-kindergarten slots and other programs.  The tax amounts to $1.44 on a six-pack of 16-ounce bottles.

In dismissing reports of forthcoming layoffs, the Democratic mayor told the Inquirer he doesn’t think it’s possible for the industry “to be any greedier.”  [How to win friends and influence people?  Bob]

An update.  Not as widely watched as the Apple iPhone vs. FBI case, because there aren’t as many Alexa devices out there yet? 

http://hothardware.com/news/amazon-asserts-alexa-first-amendment-speech-protection-for-echo-speaker-in-murder-case

Amazon Asserts Alexa First Amendment Speech Protection For Echo Speaker In Murder Case

Is Amazon’s Alexa protected under the First Amendment of the United States?  As part of an ongoing homicide investigation, Amazon argues that any information contained or recorded by the device is protected under “freedom of speech”.  The corporation claims that it is not trying to obstruct the investigation, but protect the privacy rights of its customers.

James Andrew Bates of Bentonville, Arkansas has been accused of drowning his friend Victor Collins in a hot tub back in November 2015

…   Bates owned an Amazon Echo and the Bentonville police believe that recordings from the device may provide evidence for the case.  Amazon Echo speakers technically only record information after hearing their “wake” word, “Alexa”.  The devices, however, continuously listen for a command and therefore could potentially also record background noise.

Amazon has so far provided the police with the suspect’s account information and purchase history, but not with the recordings from the Echo.  In December 2016 it stated, “Amazon will not release customer information without a valid and binding legal demand properly served on us.  Amazon objects to overbroad or otherwise inappropriate demands as a matter of course.”  The Bentonville police subsequently responded with a search warrant. Amazon has now filed a 90-page motion to stop the warrant.  

Amazon argued that the recordings would reveal too much about the user and their private life.

…   For the time being, the warrant has been tabled. Amazon has requested that if the court decides that they do have a “compelling need” for the Echo recordings, that the court review the requested material first to guarantee that it is relevant to the case.

(Related) 

Law Enforcement Using Facebook and Apple to Data-Mine Accounts of Trump Protest Arrestees

Sarah Lazare writes:

Law enforcement is compelling Apple and Facebook to hand over the personal information of users who were mass arrested at protests against the inauguration of Donald Trump in Washington, D.C., AlterNet has confirmed.  The tech giants appear to be complying with the data-mining requests, amid mounting concerns over the heavy-handed crackdown against the more than 200 people detained on January 20, among them journalists, legal observers and medics.

Read more on AlterNet.

For my Computer Security students and the Ethical Hacking geeks, too.

http://www.securityweek.com/what-hackers-think-your-defenses

This What Hackers Think of Your Defenses

Billions of dollars are spent every year on cyber security products; and yet those products continually fail to protect businesses.  Thousands of reports analyze breaches and provide reams of data on what happened; but still the picture worsens.  A new study takes a different approach; instead of trying to prevent hacking based on what hacking has achieved, it asks real hackers, how do you do it?

The hackers in question are the legal pentesters attending last Summer's DEFCON conference.  Seventy were asked about what they do, how they do it, and why they do it -- and the responses are sobering.  The resulting report, The Black Report by Nuix, is a fascinating read.  It includes sections on the psycho-social origins of cybercrime and a view from law enforcement: but nothing is as valuable as the views from the hackers themselves.  These views directly threaten many of the sacred cows of cyber security.  They are worth considering: "The only difference between me and a terrorist is a piece of paper [a statement of work] making what I do legal.  The attacks, the tools, the methodology; it's all the same."

Another swing of the pendulum?

Judge rejects warrant provision allowing compelled thumbprints to unlock iPhones

Orin Kerr writes:

A federal magistrate judge in Chicago has rejected a request by the government for a provision in a search warrant that would authorize agents to compel people present to unlock seized phones using biometric readers.  I think the judge was right to reject the provision, although I disagree with substantial parts of the reasoning.

Read more on The Volokh Conspiracy.

Are my Data Management students paying attention?  Should this be on your Final Exam?

http://www.technewsworld.com/story/84327.html?google_editors_picks=true

Social Marketing Grows Up

For an article that lands on the social marketer like a proverbial ton of bricks, check out "What's the Value of a Like?" in the March-April issue of the Harvard Business Review.

"Social media doesn't work the way many marketers think it does.  The mere act of endorsing a brand does not affect a customer's behavior or lead to increased purchasing, nor does it spur purchasing by friends," concluded authors Leslie K. John, Daniel Mochon, Oliver Emrich, and Janet Schwartz in their report on four years of experiments, 23 in all, that engaged 18,000 people.

If that's all you read, you might believe that everything we've thought and acted upon involving social media marketing was wrong.  However, it's not -- though the research clearly signals that we have to adjust our thinking.

(Related)

http://thehill.com/policy/energy-environment/320862-dakota-access-developer-underestimated-social-media-opposition

Dakota Access developer ‘underestimated’ social media opposition

The chief executive of the company developing the Dakota Access pipeline said he “underestimated the power of social media” in the wake of massive protests agains the project. 

On a call with investors on Thursday, Energy Transfer Partners CEO Kelcy Warren said he was surprised by the way Dakota Access opponents could share stories about the project online and “get away with it,” Bloomberg reports. 

“There was no way we can defend ourselves,” Warren said, according to the report.  “That was a mistake on my part.”

Perhaps we should send it to all our elected officials.    

http://www.bespacific.com/nuts-and-bolts-of-encryption-a-primer-for-policymakers/

Nuts and Bolts of Encryption: A Primer for Policymakers

by Sabrina I. Pacifici on Feb 23, 2017

Nuts and Bolts of Encryption: A Primer for Policymakers, Edward W. Felten, Center for Information Technology Policy. Department of Computer Science, Woodrow Wilson School of Public and International Affairs, Princeton University, version of February 20, 2017.  An up-to-date version of this paper will be available at https://www.cs.princeton.edu/~felten/encryptionprimer.pdf

“This paper offers a straight forward introduction to encryption, as it is implemented in modern systems, at a level of detail suitable for policy discussions.  No prior background on encryption or data security is assumed.  Encryption is used in two main scenarios.  Encrypted storage allows information to be stored on a device, with encryption protecting the data should a malicious party get access to the device.  Encrypted communication allows information to be transmitted from one party to another party, often across a network, with encryption protecting the data should a malicious party get access to the data while it is in transit.  Encryption is used somewhat differently in these two scenarios, so it makes sense to present them separately.  We’ll discuss encrypted storage first, because it is simpler.  We emphasize that the approaches described here are not detailed description s of any particular existing system, but rather generic descriptions of how state-of-the-art systems typically operate.  Specific products and standards fill in the details differently, but they are roughly similar at the level of detail given here.”

I’ve been out of this too long to have a good read on North Korea, but these events are what we used to call “significant.”  Is North Korea coming apart at last? 

http://www.nbcnews.com/news/north-korea/north-korea-condemns-lone-ally-china-publicly-first-time-n725086

North Korea Condemns Lone Ally China Publicly for ‘First Time’

North Korea is not a country with a lot of allies.

So when its state-run news agency appeared to lash out at key supporter China — alleging it was "dancing to the tune of the U.S." — it raised eyebrows.

(Related).  Is the BBC suggesting it was not Kim Jong Un?  (Technically, using VX is the same as using nuclear weapons.) 

http://www.bbc.com/news/world-asia-39073839

Kim Jong-nam: Who in North Korea could organise a VX murder?

For my Math students, if they are not too trivial.

http://www.freetech4teachers.com/2017/02/nudge-interactive-algebra-lessons-on.html#.WLBFsTlH4wg

Nudge - Interactive Algebra Lessons on iPads and Android Tablets

Nudge is a free iPad and Android app that provides students with interactive, on-demand algebra tutorials.  The free app provides students with practice problems that they attempt to solve on their iPads or Android devices.  When they get stuck on a problem students can ask for hint or for a demonstration of how to solve the problem.  In addition to showing students hints and demonstrations, Nudge will show them where they made their mistakes in solving a problem.

I think I can print a wall sized version of this. 

http://www.businessinsider.com/new-yorker-russian-cover-hits-trump-putin-2017-2?google_editors_picks=true

New Yorker magazine goes Russian with cover skewering Trump and Putin

…   Mouly also notes that this issue features a sizeable investigation into the two presidents' ties, with the subtitle, "Trump, Putin, and the new Cold War."

A follow-up to yesterday’s first article.  Fortunately, Brian Krebs didn’t let them get away with that. 

https://krebsonsecurity.com/2017/02/how-to-bury-a-major-breach-notification/

How to Bury a Major Breach Notification

Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance.  The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation’s largest companies.  Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure.  This post is an attempt to remedy that.

Something to keep my Computer Security students busy.

http://www.securityweek.com/netflix-releases-open-source-security-tool-stethoscope

Netflix Releases Open Source Security Tool "Stethoscope"

Netflix this week released Stethoscope, an open source web application that gives users specific recommendations for securing their computers, smartphones and tablets.

Stethoscope was developed by Netflix as part of its “user focused security” approach, which is based on the theory that it is better to provide employees actionable information and low-friction tools, rather than relying on heavy-handed policy enforcement.

Netflix believes employees are more productive when they don’t have to deal with too many rules and processes.

…   The Stethoscope source code, along with instructions for installation and configuration, are available on GitHub.  

Consider this: Self-driving cars will be more “software complex” than the cars in this article.  

http://trendsreader.com/article/technology-hangups-drive-car-durability-complaints

Technology Hangups Drive Car-Durability Complaints

…   In its annual Vehicle Dependability Study, J.D. Power & Associates saw the average number of problems increase for the second year in a row, with the audio, communication, entertainment and navigation issues being the most commonly reported.

I wonder which parts of town they are surveilling?

http://www.reuters.com/article/us-ge-sandiego-idUSKBN1611YU

GE, Intel, AT&T team up to put cameras, mics in San Diego

General Electric will put cameras, microphones and sensors on 3,200 street lights in San Diego this year, marking the first large-scale use of "smart city" tools GE says can help monitor traffic and pinpoint crime, but raising potential privacy concerns.

Based on technology from GE's Current division, Intel Corp and AT&T Inc, the system will use sensing nodes on light poles to locate gunshots, estimate crowd sizes, check vehicle speeds and other tasks, GE and the city said on Wednesday.  The city will provide the data to entrepreneurs and students to develop applications.

Companies expect a growing market for such systems as cities seek better data to plan and run their operations. San Diego is a test of "internet of things" technology that GE Current provides for commercial buildings and industrial sites.

…   A 2014 estimate by Frost & Sullivan predicted the market for cities could be valued at $1.5 trillion by 2020, she said.

Why is this a bad thing?  Should the NSA not use tools that analyze Big Data? 

How Peter Thiel’s Palantir Helped the NSA Spy on the Whole World

…   Palantir has never masked its ambitions, in particular the desire to sell its services to the U.S. government — the CIA itself was an early investor in the startup through In-Q-Tel, the agency’s venture capital branch.

…   Palantir Gotham (formerly Palantir Government) is designed for the needs of intelligence, law enforcement, and homeland security customers.  Gotham works by importing large reams of “structured” data (like spreadsheets) and “unstructured” data (like images) into one centralized database, where all of the information can be visualized and analyzed in one workspace.  For example, a 2010 demo showed how Palantir Government could be used to chart the flow of weapons throughout the Middle East by importing disparate data sources like equipment lot numbers, manufacturer data, and the locations of Hezbollah training camps.  Palantir’s chief appeal is that it’s not designed to do any single thing in particular, but is flexible and powerful enough to accommodate the requirements of any organization that needs to process large amounts of both personal and abstract data.

Interesting change in approach.  Cheapest is not always bestest? 

http://www.technewsworld.com/story/84320.html?google_editors_picks=true

Federal IT Acquisition Worth $50B Cleared for Takeoff

…   Under the "lowest price technically acceptable" (LPTA) method, agencies focused provider selections on cost, as long as the vendor displayed a minimum technical competency.

GSA specifically ruled out the LPTA method with Alliant 2.  Instead, GSA appeared to flip the LPTA concept around and instead focused on vendor quality with a selection criteria based on "highest technically rated, with fair and reasonable price."

What that means is that under Alliant 2, GSA first will rank vendors using a quality rating scale for various categories of IT and organizational competency.  Then, after developing a list of qualified vendors, GSA will assess whether the prices are fair and reasonable.

I may have my students design a LEGO datacenter.

Now You Can Play LEGO on Your Windows Desktop

…   Building LEGO in the real world is great, but it can be a pain if you don’t have the right bricks to realize your imagination.  Enter LEGO Digital Designer, an entirely free and official tool that allows you to build virtual LEGO creations.  You select bricks from the vast sets and can build whatever your heart desires.  You can stack, align, rotate and color the bricks, giving you almost endless options.

Think about this one, Computer Security students.  Why can’t they identify (or at least communicate with) people who purchased their analyzer? 

http://www.securityweek.com/serious-breach-linked-chinese-apts-comes-light

Serious Breach Linked to Chinese APTs Comes to Light

A report published earlier this month by RSA describes Kingslayer, a supply chain attack that apparently targeted system administrators in some large organizations.  The attackers breached the systems of a company that offers event log analyzers and replaced a legitimate application and its updates with a backdoored version.

…   While it’s unclear exactly how many organizations downloaded the backdoored software in the April 9-25 timeframe, RSA said the portal that hosted it had numerous subscribers, including four major telecoms providers, over ten western military organizations, more than two dozen Fortune 500 companies, five major defense contractors, and tens of IT solutions providers, government organizations, banks and universities.

While RSA has not named the company whose systems were compromised, investigative journalist Brian Krebs determined that it was Canada-based Altair Technologies Ltd.

…   The EventID.Net website hosted EvLog, the software hijacked by the attackers.  A notice posted on the site on June 2016 provides some details on the incident and recommendations for potentially affected users.

However, as Krebs pointed out, the advisory does not appear to have been shared on social media and there was no link to it from anywhere on the site – a link was added this week after the journalist contacted Altair Technologies.  The company told Krebs it had no way of knowing who downloaded the software so potential victims were not notified directly either.

Stealing data is easy! 

‘Juice-jacking:’ how hackers steal your private data from public charging stations

From AirTalk:

Before fighting everyone in the room to plug your smartphone into the communal charger: please don’t.

Or at least, beware.

Coffee shops, airports and almost every other kind of public meeting space have become regular safe havens whenever we’re desperate for that extra juice.  But with the ubiquity of USB ports built into today’s phone chargers, this flow of “juice” isn’t just power anymore – it’s data.  Important data.

All it takes is one easily disguised charging kiosk, or even a power strip, for hackers to hijack your charge, and once you’re juice-jacked, there’s little that can be done to stop it; from installing malware onto your device, to sucking out personal messages, photos and information – all for the simple cost of offering sweet-relief and a fully-powered phone.

Listen to the show on SCPR.org.

Acquiring personal information is even easier.

https://www.theatlantic.com/technology/archive/2017/02/the-algorithm-is-watching-you/517440/?utm_source=feed

The Facebook Algorithm Is Watching You

You can tell a lot about a person from how they react to something.

That’s why Facebook’s various “Like” buttons are so powerful.  Clicking a reaction icon isn’t just a way to register an emotional response, it’s also a way for Facebook to refine its sense of who you are.  So when you “Love” a photo of a friend’s baby, and click “Angry” on an article about the New England Patriots winning the Super Bowl, you’re training Facebook to see you a certain way: You are a person who seems to love babies and hate Tom Brady.

About time.  Note that apparently, there was nothing illegal here, it was ‘just’ unethical.  No way to recover any money (from bonuses already paid). 

http://www.forbes.com/sites/maggiemcgrath/2017/02/21/wells-fargo-fires-four-senior-managers-amid-phony-account-scandal-investigation/#dd822e073137

Wells Fargo Fires Four Senior Managers Amid Phony Account Scandal Investigation

…   Wells Fargo announced Tuesday that it has terminated four current or former senior managers from the community banking division based on the bank's board of directors' investigation into the phony account scandal.

…   All four individuals have been terminated for cause by a unanimous vote by the board of directors.  None will receive a bonus for 2016, Wells said, and they will forfeit all of their unvested equity awards and vested outstanding options.

…   Consumers have exacted their own sort of punishment on the bank: account openings in October, the first full month of results after news of the account scandal broke, plunged 44%.  Account openings in November fell 41% and, in a banking activity report released last week, Wells said that account openings in December fell 31% compared to the prior year.

Interesting but futile?  “If we can’t operate under these rule, we’ll re-write them!” 

I still worry that I will have to have a (several?) smartphones or social media accounts to get back in the country.  Currently, I have neither. 

https://www.theatlantic.com/technology/archive/2017/02/ron-wyden-border-searches/517353/?google_editors_picks=true

A Stand Against Invasive Phone Searches at the U.S. Border

…   Senator Ron Wyden, a Democrat from Oregon, has a few questions about that legal authority.  He sent a letter to the secretary of the Department of Homeland Security on Monday, expressing dismay at reports that people were being asked to unlock and hand over their smartphones at the border.  He also said he’s planning on introducing a bill to require agents to get a warrant before searching a device, and to prevent DHS from implementing a new policy that would require foreign visitors to turn over their online passcodes before visiting the U.S.

…   Wyden asked DHS Secretary John Kelly for detailed statistics on the number of times customs agents asked for or demanded a smartphone or computer password in the past five years as well as since Trump took office in January.  He also asked how Customs and Border Protection, or CBP, justifies these searches legally, focusing specifically on the Fifth Amendment, which protects people from testifying against themselves.  (I’ve written before how the Fifth Amendment prevents law enforcement from demanding that someone give up a password—and how it may not apply to devices that are unlocked via fingerprint, iris scans, or speech patterns.)

…   The senator also took aim at a proposal that Kelly put forward in front of the House Homeland Security Committee two weeks ago.  He suggested that visitors may be required to turn over passwords to their social-media accounts or risk being denied entry.  The idea alarmed privacy advocates, who say such a rule would give CBP agents an overly broad look into travelers’ digital lives.

Issuing a blanket approval for social-media searches at the border could run into thorny legal issues, too.  To get a subject’s personal information from a company like Facebook, Google, or Apple, law enforcement must first obtain a subpoena or a search warrant, which it can then use to ask the company to turn over relevant data.  Getting social media passwords straight from a traveler would end-run this system.

Another phone search restriction.

The police can’t just share the contents of a seized iPhone with other agencies, court rules

Orin Kerr writes:

If a police agency gets a search warrant and seizes a target’s iPhone, can the agency share a copy of all of the phone’s data with other government agencies in the spirit of “collaborative law enforcement among different agencies”?  Not without the Fourth Amendment coming into play, a federal court ruled last week in United States v. Hulscher, 2017 WL 657436 (D.S.D. February 17, 2017).

Read more on The Volokh Conspiracy.

Fast managers, not just fast computers.

http://sloanreview.mit.edu/article/ai-and-the-need-for-speed/

AI and the Need for Speed

Artificial intelligence (AI) holds substantial promise for organizations to reduce costs and increase quality, but how AI affects organizations’ use of and relationship to time — in reacting, managing, and learning — may be the most jarring.

Another interesting move.  Why start in India?  A deal with Modi?  Need for workers in the smartphone factories?

http://www.computerworld.com/article/3172559/internet/linkedin-will-help-people-in-india-train-for-semi-skilled-jobs.html

LinkedIn will help people in India train for semi-skilled jobs

Microsoft has launched Project Sangam, a cloud service integrated with LinkedIn that will help train and generate employment for middle and low-skilled workers.

The professional network that was acquired by Microsoft in December has been generally associated with educated urban professionals, but the company is now planning to extend its reach to semi-skilled people in India.

Having connected white-collared professionals around the world with the right job opportunities and training through LinkedIn Learning, the platform is now developing a new set of products that extends this service to low- and semi-skilled workers, said Microsoft CEO Satya Nadella at an event on digital transformation in Mumbai on Wednesday.

Project Sangam, which is in private preview, is “the first project that is now the coming together of LinkedIn and Microsoft, where we are building this cloud service with deep integration with LinkedIn, so that we can start tackling that enormous challenge in front of us of how to provide every person in India the opportunity to skill themselves for the jobs that are going to be available.”  

Will retail banks be replaced by social media?

http://www.bespacific.com/bank-accounts-for-the-unbanked-evidence-from-a-big-bang-experiment/

Bank Accounts for the Unbanked: Evidence from a Big Bang Experiment

by Sabrina I. Pacifici on Feb 21, 2017

Chopra, Yakshup and Prabhala, Nagpurnanand and Tantri, Prasanna L., Bank Accounts for the Unbanked: Evidence from a Big Bang Experiment (February 12, 2017).  Available at SSRN: https://ssrn.com/abstract=2919091

“Over 2.5 billion individuals around the world are unbanked.  How they can be brought into the formal financial system is a question of policy and academic interest.  We provide evidence on this question from India’s PMJDY program, a “big bang” shock that supplied bank accounts to virtually all of its 260 million unbanked.  We analyze activity in the new PMJDY accounts using actual transaction data in the accounts.  While the newly included individuals are typically poor, unfamiliar with banking, and do not undergo literacy or other training, transaction levels nevertheless increase as accounts age and converge or exceed levels in non-PMJDY accounts of similar vintage.  Usage is led by active transactions and is aided but not entirely explained by benefit transfer programs.  The results suggest that the unbanked have unmet (possibly latent) demand for banking, or that the supply of banking perhaps stimulates its own demand.” 

(Related).

http://venturebeat.com/2017/02/21/transferwise-launches-facebook-messenger-bot-for-easy-global-money-transfers/

TransferWise launches Facebook Messenger bot for easy global money transfers

There’s no App for that?  Will the first App to check IDs make the author a fortune?  Or does the law say it must be a “person?” 

http://www.recode.net/2017/2/21/14671694/amazon-go-store-beer-wine-seattle-convenience

Amazon plans to sell beer and wine at its new high-tech convenience store

…   “When we start offering beer and wine, there will be an associate checking identification,” an Amazon spokesperson wrote in an email. 

I’m going to be watching this one.  How could they steal so much without detection?

http://www.businessinsider.com/switzerlands-abb-hit-by-100-million-south-korean-fraud-2017-2

Switzerland's ABB hit by $100 million South Korean fraud

Swiss engineering group ABB revealed the discovery of what it called a "sophisticated criminal scheme" in its South Korean subsidiary on Wednesday, which it expects will result in a $100 million pre-tax charge.

…   The Swiss company said the alleged theft was limited to South Korea, where it employs around 800 people and generated sales of $525 million in 2015.  [And this guy stole 20% of everything they sold?  Bob] 

"The treasurer of the South Korean unit is suspected of forging documentation and colluding with third parties to steal from the company," ABB said.

A “little” change, but a big investment.  How do they “Deliver?”  Fly over and just drop the package?  Fly onto your porch and set it in full view of package thieves?  Open the garage door and set it on your work bench? 

https://techcrunch.com/2017/02/21/ups-tests-show-delivery-drones-still-need-work/

UPS tests show delivery drones still need work

…   The logistics juggernaut specifically launched an octocopter, or multi-rotor drone, from the top of a delivery van.  The drone delivered a package directly to a home, then returned to the van which had now moved down the road to a new location.

…   The truck for the test was custom-built to be able to launch the HorseFly drone from its roof, then grab it upon its return with robotic arms.  A cage suspended beneath the drone extends through a hatch in the truck, where the drone can be lowered down and loaded up with another package.  While docked, the drone recharges through a physical connection between its arms and the truck’s electric battery.

Not even as an historical collection?  If I faced or used these weapons, shouldn’t I be allowed to show others what they can do?  Am I limited to guns labeled “Not for military use?” 

http://www.bespacific.com/appeals-court-rules-banned-assault-weapons-are-designed-to-kill-or-disable-enemy-on-battlefield/

Appeals court rules banned assault weapons are designed to kill or disable enemy on battlefield

by Sabrina I. Pacifici on Feb 21, 2017

Slate – Appeals Court Rules that Second Amendment Doesn’t Protect Right to Assault Weapons: “On Tuesday [February 21, 2017] , the U.S. Court of Appeals for the 4th Circuit ruled that the Second Amendment doesn’t protect assault weapons—an extraordinary decision keenly attuned to the brutal havoc these firearms can wreak.  Issued by the court sitting en banc, Tuesday’s decision reversed a previous ruling in which a panel of judges had struck down Maryland’s ban on assault weapons and detachable large capacity magazines.  Today’s ruling is a remarkable victory for gun safety advocates and a serious setback for gun proponents who believe the Second Amendment exempts weapons of war from regulation…”   

Something all my students should read.  In particular, those who think our writing center won’t help them.

Why Your Organization Needs a Writing Center

…   this is the story of how a group of bank examiners at the Federal Reserve Bank of Philadelphia, one of 12 banks in the U.S.’s Federal Reserve System, dramatically improved the clarity and impact of their written reports.

Tools for school?

5 Methods to Bypass Blocked Sites

Tools for home?

How to Copy DVDs that You Own

Interesting new malware.  Is it Russian? 

Hackers who took control of PC microphones siphon >600 GB from 70 targets

Dan Goodin reports:

Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including critical infrastructure, news media, and scientific research.

The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX.  Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails.  Once compromised, infected machines upload the pilfered audio and data to Dropbox, where it’s retrieved by the attackers.

Read more on Ars Technica.

Would you believe none of these things were required before the Department of Financial Services thought them up? 

http://www.pionline.com/article/20170217/ONLINE/170219859/new-york-financial-firms-will-have-to-implement-cybersecurity?google_editors_picks=true

New York financial firms will have to implement cybersecurity programs

…   “These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place in order to protect themselves and the New Yorkers they serve from the serious economic harm caused by these devastating cyber crimes,” New York Gov. Andrew M. Cuomo said in a news release.

The state's move comes as the Federal Reserve and Federal Deposit Insurance Corp. are seeking suggestions and comments for potential cybersecurity requirements for U.S. banks.

Requirements under the new regulation include:

• a cybersecurity program based on a risk assessment of each regulated firm;
• a written cybersecurity policy approved by each firm's senior officer or board of directors;
• a chief information security officer appointed by each firm;
• annual testing of cybersecurity systems and biannual system vulnerability assessments;
• an audit trail for all cyber activity;
• multifactor or risk-based authentication procedures for all system users' access; and
• secure processes for data disposal.

The New York DFS cybersecurity regulation is available on the department's website.

For my Data management students.

https://www.wsj.com/articles/at-kroger-technology-is-changing-the-grocery-store-shopping-experience-1487646362?mod=rss_Technology

At Kroger, Technology Is Changing the Grocery-Store Shopping Experience

…   For a glimpse of how technology can affect shopping, consider Kroger Co., whose 2,778 stores make it the largest supermarket chain in the U.S.  Kroger has deployed cameras and infrared sensors to monitor foot traffic, and is using data algorithms to help schedule cashiers in real time.  Its mobile app can analyze shopping habits and produce relevant digital coupons.  Kroger’s latest move: testing sensor-laden interactive shelves that detect shoppers in the aisles via their smartphones to offer them personal pricing and product suggestions as they walk along.

…   In an interview, Mr. Hjelm discussed the imperative to make store shopping more like online shopping—cutting wait times and creating a more interactive experience—with technology such as the Internet of Things, data analytics and video.  Edited excerpts follow:

Interesting.  Should my rates drop because I don’t have a smartphone?  Is the assumption that everyone has one? 

https://www.businessreport.com/article/smartphone-addicts-driving-car-insurance-rates-higher

Smartphone addicts driving car insurance rates higher

Distracted by their smartphones, America’s drivers are becoming more dangerous by the day. And as The Wall Street Journal reports, their behavior is pushing auto-insurance rates even higher as insurers struggle to keep up.

Costs associated with crashes are outpacing premium increases for some companies, and insurers say the use of smartphones to talk, text and access the internet while on the road is a new and important factor behind the wrecks.

Apparently, there is money in moving money.

http://www.reuters.com/article/us-transferwise-facebook-idUSKBN1600D0

TransferWise launches international money transfers via Facebook

Money transfer company TransferWise has launched a new service that allows users to send money internationally through Facebook Inc's chat application, as competition in the digital payments landscape intensifies.

The London-based startup said on Tuesday that it had developed a Facebook Messenger "chatbot", or an automated program that can help users communicate with businesses and carry out tasks such as online purchases.

(Related).

http://fortune.com/2017/02/21/alibaba-ant-financial-kakao-pay-south-korea/

Alibaba’s Ant Financial Will Invest $200 Million in This Korean Payment Firm

China's Ant Financial will invest $200 million in Kakao Pay, the mobile payment subsidiary of South Korean messaging platform giant Kakao Corp, extending a major push by the Chinese firm to create a global network of financial assets.

…   The firm, the payment affiliate of Chinese e-commerce giant Alibaba Group Holding, announced an $880 million deal for U.S. money-transfer firm MoneyGram International last month.

…   "Ant's ultimate goal is to become a global payments monster—the biggest, broadest option for consumers," said Ben Cavender, Shanghai-based principle for China Market Research.

"The challenge is facing strong local players around the world, so it's cheaper to buy into these companies rather than burning money to steal market share from them."

Another large investment area…

http://www.digitaltrends.com/mobile/samsung-billion-artificial-intelligence-fund-news/

Spending spree: Samsung rumored to have $1 billion put aside to buy AI companies

…   The massive sum won’t only be used for acquisitions, but also to invest in companies involved in AI.  Although there’s no question a billion dollars will buy you plenty of talent and tech, it’s still only a fraction of the $8 billion Samsung recently spent acquiring Harman International.  However, while the two may not initially seem connected — Harman is best known for its in-car infotainment systems and other audio/visual equipment — it has divisions hard at work on AI projects, smart cities, and voice control.  These are all key applications for AI and machine learning technology.