Friday, December 16, 2011


Normally, the Auditors would run their checklist before products are released with “features” engineers haven't considered.
"The much-hyped payment application from Google on Android has been examined by viaForensics and appears to store some cardholder data in plaintext. Google wallet is the first real payment system to use NFC on Android. Version 2 of the PCI DSS (the current standard) mandates the encryption of transmitted cardholder data encourages strong encryption for its storage. viaForensics suggest that the data stored in plain text might be sufficient to allow social engineering to obtain a credit card number."

(Related)
Stolen iPhone? Your iMessages May Still Be Going To The Wrong Place
Some unlucky iPhone owners are beginning to discover that, despite their best efforts to remove all information from their stolen phones, thieves and unsuspecting buyers are still able to send and receive iMessages as the original owner — even after the device is registered under a new account. Almost nothing seems to work — remote wiping, changing Apple ID passwords, or even moving the old phone number to a new phone — and users are becoming more than frustrated that thieves are so easily able to pose as them.


Wait, don't tell me! Elections are coming? Have any of these folks had a Privacy Pulse ever before?
Obama fills vacancies on independent privacy board
December 16, 2011 by Dissent
Jim McElhatton reports:
President Obama has named two lawyers and a former federal judge to an independent privacy board recommended by the 9/11 Commission that has sat dormant for years under he and President George W. Bush.
The nominations Thursday fill out the five-member Privacy and Civil Liberties Oversight Board, where vacancies have left the panel unable to meet for years.
The Washington Times reported on the vacancies in August. At the time, the White House declined to say why the board had languished so long even as critics openly called on Mr. Obama to fill the seats.
The appointments Tuesday were David Medine, a partner at the WilmerHale law firm specializing in privacy and data security; Rachel Brand, chief counsel for regulatory litigation at the Chamber of Commerce; and Patricia Wald, who served for 20 years on the U.S. Court of Appeals for D.C.
The president previously nominated James Dempsey, vice president of public policy at the Center for Democracy and Technology, and Elisebeth Collins Cook, a lawyer who worked for the Justice Department in the Bush Administration.
Read more on The Washington Times.
Okay, well, I wish he’d named someone from EFF, EPIC, or the ACLU – or former Senator Russ Feingold – as this panel sounds a bit too business/govt-friendly for my taste, but time will tell. In the meantime, best of luck to the new panel and get busy – our privacy is under siege.


Anyone want a drone? I'm NOT suggesting that my Ethical Hackers are taking orders, but we are curious about the hardware and software they use...
"Following up on the earlier Slashdot story, the Christian Science Monitor now reports that GPS spoofing was used to get the RQ-170 Sentinel Drone to land in Iran. According to an Iranian engineer quoted in the article, 'By putting noise [jamming] on the communications, you force the bird into autopilot. [You block the remote piloting signals Bob] This is where the bird loses its brain.' Apparently, once it loses its brain, the bird relies on GPS signals to get home. By spoofing GPS, Iranian engineers were able to get the drone to 'land on its own where we wanted it to, without having to crack the remote-control signals and communications.'" [This suggests they know exactly where the Drone is supposed to land... Bob]


What could JPMorgan do with all that computer time it saves? Offer other banks access to their computers – sort of a calculation outsourcing option. This is also an illustration of the type of computing that should thrive in the cloud.
"JP Morgan is expanding its use of dataflow supercomputers to speed up more of its fixed income trading operations. Earlier this year, the bank revealed how it reduced the time it took to run an end-of-day risk calculation from eight hours down to just 238 seconds. The new dataflow supercomputer, where the computer chips are tailored to perform specific, bespoke tasks (as explained in this Wall Street Journal article) — will be equivalent to more than 12,000 conventional x86 cores, providing 128 Teraflops of performance."


Go where your customers are. Eventually, there will be Cloud all over the globe.
Amazon Opens Data Center in Brazil
Amazon is opening a data center in Sao Paulo, Brazil, its first in South America. The facility will provide the region with quicker access to the company’s Amazon Web Services, an “infrastructure cloud” that serves up various computing resources, including processing power and storage.
Amazon data centers already serve four regions in the U.S. and three others in Europe and Asia. AWS can be accessed from anywhere, but it helps to have a data center in your backyard.

(Related) Go where the raw materials (smart people) are.
Apple to Set up R&D Center in Israel,The First Ever Outside California


This will really upset some IT shops, but they may be able to filter it out... (The comments don't reflect much concern)
"Microsoft will be upgrading all Windows XP, Vista and 7 users to the latest IE silently. They are doing this because they have found a large number of non-patched systems. Microsoft pointed out that Chrome and Firefox do this regularly. They will start with Australia and Brazil in January, then go world-wide after they have assured there are no issues."


This is not new, but interesting to see it move under its own power.
"Commercial satellite company DigitalGlobe Inc. has announced that it has an image of the People's Republic of China's first functional aircraft carrier, taken during the carrier's first sea trials in the Yellow Sea. The carrier was originally meant for the Soviet navy, but its construction was halted as the Soviet Union collapsed in 1991 and engineers in the Ukraine disarmed it and removed its engines before selling it to China in 1998 for $20 million. The vessel, an Admiral Kuznetsov class aircraft carrier measuring 304.5 meters long, and having a displacement of 58,500 tons, has been refitted for research and training in China. The Ministry of National Defense says the steam-powered aircraft carrier has completed all refitting and testing work as scheduled after its first sea trial in mid-August, and was heading back out to sea for additional scientific research and experiments. According to Andrew S. Erickson at the US Naval War College, China's long term strategic dilemma is whether to focus on large-deck aviation or on submarines (PDF)."
[This earlier image shows it with a few planes on its deck. No doubt training the troops...
[Not quite as many planes as the Nimitz carries...


Geeky stuff
New “Android Training” Program Helps Developers Make Better Apps
… The team has just recently rolled out a new beta initiative called Android Training, which as you may be able to tell from the name, is meant to teach developers how to create better apps.


Because backups are important!
… Enter Redo Backup, a user-friendly live CD that makes cloning or restoring your entire drive simple. Tell the program where you’d like your cloned drive to be and you’re pretty much set.

(Related)
… While taking full backups of your entire system is important, you may want to more frequently back up really important directories or files.
Microsoft SyncToy is a free tool that lets you “pair” up folders for either an echo clone or full synchronization. I’ll explain the difference below. However, the point here is that before you can automate the directory and file backups, you need to set up all of the areas you want to copy and where you want the archived copy to go.


One of the Blogs I read daily won an EduBlog Award.
Thursday, December 15, 2011
Last night the 2011 Edublog Awards were given out. This year Free Technology for Teachers won in the Best Ed Tech Blog category.

(Related) Find one for yourself!
Thursday, December 15, 2011
Whether you agree or disagree with giving out awards for blogging, the Edublog Awards are a good way to discover some excellent new-to-you blogs to add to your RSS reader.

1 comment:

Unknown said...

The post was really amazing and great to read. Thanks for sharing the great information to the community. Amazed to read.