Thursday, November 17, 2011


Yes I got hacked. (No, it was actually the Hotmail server that was hacked) The Bad Guys grabbed my email address list and sent emails in my name. Looks like most of the recipients were wise enough to recognize a scam when they saw one or more likely, would never open a link I “suggest.”
I found this old Q&A that matches this hack exactly, so I'm going to suggest this is 1) Common, as in happens often and 2) Relatively trivial, as in it does not impact more than a few mail users at a time.
My hotmail has been sending random spam emails to my contacts, and I have no idea how to stop it. I have scanned my Harddrive, and I don't have any viruses. So what could be causing this?
Justin
As above, extremely common Hotmail problem that seems to have been going around for over a year. You probably got it from a legit looking e-mail from a friend but changing your password should fix it. If I recall it sends out spam (or legit looking e-mails with a link on it from you) in blocks of 6 contacts vs sending straight to all contacts in one go.
Most people only know they have had it if a friend questions them because I don't think it shows up on the sent items list. Because it's not a virus that runs on your computer, a virus scanner won't find anything.
Fair dues to the maker, it's a clever idea for it to still be running around causing mild confusion to random people after all this time. I don't think it's especially dangerous, just annoying.


If I was a cynical, sarcastic SoB, I might suggest that to me, “medical diagnoses” IS a medical record. As to being “in the process of encrypting” I have students who claim that “thinking about planning to take a few minutes to consider starting” means they are “working on it.”
By Dissent, November 16, 2011
Statement from Sutter Health today:
Sutter Physicians Services (SPS) and Sutter Medical Foundation (SMF) — two affiliates within the Sutter Health network of care — announced the theft of a company-issued password-protected unencrypted desktop computer from SMF’s administrative offices in Sacramento the weekend of Oct. 15, 2011. Following discovery of the theft, Sutter Health immediately reported it to the Sacramento Police Department. It also began an internal investigation. The computer did not contain patient financial records, social security numbers, patients’ health plan identification numbers or medical records. While no medical records themselves were on the computer, some medical information was included for a portion of patients.
Following a thorough internal review, Sutter Health discovered that the stolen computer held a database that included two types of information:
  1. For approximately 3.3 million patients whose health care provider is supported by Sutter Physician Services (SPS), the database included only the following patient demographic information dated from 1995 to January 2011: name, address, date of birth, phone number and email address (if provided), medical record number and the name of the patient’s health insurance plan. SPS is an organization that provides billing and managed care services for health care providers with which it contracts, including facilities within the Sutter Health network. Patients who think they may be affected should visit www.sutterhealth.org/noticeforpatients to see the list of impacted health care providers.
  2. For approximately 943,000 SMF patients, the database contained the above demographic data as well as the following information dated from January 2005 to January 2011: dates of services and a description of medical diagnoses and/or procedures used for business operations. Because the data of SMF patients was broader in scope, Sutter Medical Foundation has begun the process to notify these patients by mail. Patients should receive letters no later than Dec. 5.
“Sutter Health holds the confidentiality and trust of our patients in the highest regard, and we deeply regret that this incident has occurred,” said Sutter Health President and CEO Pat Fry. “The Sutter Health Data Security Office was in the process of encrypting computers throughout our system when the theft occurred, and we have accelerated these efforts.”
More to follow….


A clear indication that Japan will soon have much tighter Privacy & Breach laws...
Computer IDs, passwords of Japan lawmakers leaked
November 16, 2011 by admin
The computer IDs and passwords of all the lawmakers in the House of Representatives were leaked during recent cyber-attacks against the lower house’s server and personal computers, it has been revealed.
In a report released Monday, the lower house also said e-mails sent to its lawmakers might have been accessible to hackers for a maximum of 15 days.
On the same day, the House of Councillors said 29 of its personal computers were also found to have made improper communications with overseas Web sites as a result of cyber-attacks it discovered following the revelation of the lower house case.
According to the House of Representatives, the virus infection started July 25, when a lawmaker using a computer distributed for public use opened a virus-infected file attached to a targeted e-mail sent to the computer.
Eventually, the virus infection spread to the lower house’s server and a total of 32 computers.
Information stored in the computer first infected with the virus was suspected of having been stolen up to Sept. 1.


Today's “Compare & Contrast” exercise.
Europe Bans X-Ray Body Scanners Used at US Airports
Tuesday 15 November 2011 by: Michael Grabell , ProPublica
The European Union on Monday prohibited the use of X-ray body scanners in European airports, parting ways with the U.S. Transportation Security Administration, which has deployed hundreds of the scanners as a way to screen millions of airline passengers for explosives hidden under clothing.
The European Commission, which enforces common policies of the EU's 27 member countries, adopted the rule “in order not to risk jeopardizing citizens’ health and safety.”

(Related)
"ProPublica reports that the TSA is backing off a previous promise to conduct a new independent study of X-ray body scanners used at airport security lanes around the country. Earlier this month, an investigation found that TSA had glossed over research about the risks from the X-rays."


No matter how well written, editorials, commentary, opinion pieces only reach people who can read (paper) not those who “text.”
Philip Hensher: The state wants to know what you’re up to. But why do we let it?
November 17, 2011 by Dissent
Philip Hensher has a great commentary on surveillance, privacy, and control in The Independent today, inspired by news that Oxford City Council wants CCTV in taxis. Here are a few excerpts from his piece:
But what balanced means, in this context, is what a three-year-old means by fair on Christmas morning. It means I think I ought to get whatever I want.
[...]
The truth is that what is driving these diverse attempts to introduce surveillance, based on such very different social issues, is not any serious attempt to diminish an evil. Most research shows that means of surveillance alone don’t have a cost-effective result in general, and that they often diminish in effectiveness quite quickly over time. There are much simpler, less intrusive, much cheaper remedies which have been shown to have a bigger effect. So what is driving a council to decide to record private conversations, for doctors to propose that the Government should inquire into and prevent a private habit in a private place?
Simply, the desire to control and subjugate. With the mantra that “If you’ve nothing to hide, you’ve nothing to fear”, the authorities have created a world in which it seems normal for some pathetic local authority to record your private conversations, to go through your bins, to inquire into what you do behind your front door in the evening. All we have left is the response that it’s none of your business. I wish there was some less feeble response to this constant, exhausting, draining surveillance we live under.
You can read the full commentary on The Independent.


What a concept!
IL: State says electronic messages from council meetings are public records
November 16, 2011 by Dissent
A reader sends in this pro-transparency ruling in Illinois:
City officials must turn over electronic correspondence council members send and receive during meetings, regardless of what kind of media or means they use to do so, the state attorney general’s office said Tuesday.
The legally binding opinion was sent to city officials and The News-Gazette after the city denied a July request from the newspaper under the Freedom of Information Act seeking “all electronic communications, including cellphone text messages, sent and received by members of the city council and the mayor during city council meetings and study sessions since and including May 3.”
[...]
On Tuesday, the binding opinion from the attorney general’s office stated that “whether information is a ‘public record’ is not determined by where, how or on what device the record was created.”
The question is whether one or more members of a public body used the record to conduct the affairs of government, the office determined.
“The City’s argument that text messages and emails pertaining to public business which are generated from private equipment are not public records is clearly inconsistent with the General Assembly’s intention, as stated in section 1 of FOIA (5 ILCS 140/ 1 (West 2010)), that the public have ‘full disclosure of information relating to the decisions, policies, procedures, rules, standards, and other aspects of government activity,’” wrote Michael Luke, counsel to the attorney general.
Read more on The News-Gazette.


Interesting to speculate on how this strategy evolved. (Which came first, the opportunity or the tools?)
Why Would Google Sell Music? 4 Big Reasons
… According to Bloomberg and others Google’s music store will do the same thing Amazon and iTunes do: sell individual music downloads for $.99 to $1.29. The twist: each song will apparently include some sort of sharing feature — a rumor that borne out by the apparent refusal of Warner Music Group to license the service yet, according to Bloomberg, due to “pricing and piracy concerns.”
… Bloomberg holds Google’s feet to the fire for launching a music store eight years after Apple launched iTunes, the first digital music store in the world to sell music from all (then five) major labels.
1. Eight years is not too late to figure out digital music.
Yes, eight years is a long time, but two incredibly important things happened in those eight years, both very recently. First, music can be delivered by apps now, rendering the need for consumer-visible DRM moot, even for subscription services. Second, everybody’s on social networks now, meaning that sharing can be built into these apps in ways that make iTunes look like an Edsel.
2. Google wants to be like Apple
As Apple has proven, companies with their fingers in multiple pies benefit from building entire ecosystems of hardware, software, services, and stores. Google already copied Apple’s approach to selling apps with the unified Android.com market, and copied iOS with Android. In order to complete the next step, Google needs a music store that works seamlessly with those things, and with its music locker, even if it loses money.
Facebook made major inroads with music this year. If Google+ wants to compete, it needs music too, and this is one way to do that. Sweetening the pot: Apple’s Ping didn’t take off; Facebook doesn’t have a music store; and Amazon doesn’t have a social network.
Also, music functions as a sort of “social glue,” sort of like how alcohol is a “social lubricant.” We figured out a way to use Google+ Hangouts to listen to music with other people at the same time, but that was a kludge. A real social music feature within Google+ would be far better. In addition, as wementioned this summer when we first started examining Google’s music potential closely, Google is tying employee bonuses to the social features they create, and music lends itself to social sharing.
Facebook didn’t kill MySpace as a music destination — YouTube did. Until recently, when Spotify launched in America and Rdio, Rhapsody, and MOG reacted by unveiling free, on-demand trials that similarly do not require a credit card, YouTube was by far the best place to find out what a band sounds like in seconds, and still works great for that purpose. With a music store, Google can attach “buy” links to all of those videos.


For the gang in Computer Forensics... The challenges are: 1) Create a detector/decoder and 2) find another protocol we can exploit.
"A group of researchers from the Warsaw University of Technology have devised a relatively simple way of hiding information within VoIP packets exchanged during a phone conversation. The called the method TranSteg, and they have proved its effectiveness by creating a proof-of-concept implementation that allowed them to send 2.2MB (in each direction) during a 9-minute call. IP telephony allows users to make phone calls through data networks that use an IP protocol. The actual conversation consists of two audio streams, and the Real-Time Transport Protocol (RTP) is used to transport the voice data required for the communication to succeed. But, RTP can transport different kinds of data, and the TranSteg method takes advantage of this fact."


For my Math students Don't let the fact that it is intended for grammar school students turn you off... (Also has a few Trig examples)
Wednesday, November 16, 2011
Math Open Reference is a free online reference for geometry teachers and students. Math Open Reference features animated and interactive drawings to demonstrate geometry terms and concepts. The table of contents on Math Open Reference is divided into four basic categories; plane geometry, coordinate geometry, solid geometry, and function explorer tools. Click on any subject in the first three categories to find definitions, examples, and interactive drawings. In the function explorer category users can select linear functions, quadratic functions, or cubic functions to explore how changes in variables affect the graphed output.
Math Open Reference probably still isn't complete enough to replace a textbook, but it could make a great supplement to the mathematics textbooks that you do use. For students who need visual references, Math Open Reference could be particularly helpful.


For my “students who read”
Litfy: A Resource For Reading Various Free eBooks Online
Litfy is a free to use website that offers you eBooks to read online. These eBooks cover a variety of genres that include mystery, romance, and fantasy.
Also read related articles:

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)