Saturday, July 30, 2011

Hackers have a process for a light-speed attack. Do banks (any organizations) have people and a process for immediate response?

http://www.databreaches.net/?p=19914

Bank recovers some of $28K stolen from Eliot account – but was this crime preventable?

OK, now this is somewhat disturbing: it appears that even when a bank was warned that accounts were about to be raided, they failed to prevent it.

David Ramsay reports:

TD Bank has notified the town it has recovered a portion of the $28,000 stolen on July 12 from the town’s direct deposit bank account.

We have received some of it back. I can’t tell you the exact amount; I don’t have that information,” Town Administrator Dan Blanchette told the Board of Selectmen on Thursday night. “I suspect it’ll take two weeks before we know much more.”

A former Washington Post staffer Brian Krebs, who now blogs on security issues, had alerted the town’s controller and TD Bank on July 11, prior to the theft, that town accounts likely were being raided by computer crooks overseas.

TD Bank was unable to detect any unusual activity and later missed the withdrawals by the thieves.

Read more on Seacoastonline.com

Did the town change the passwords on its accounts as soon as they were warned? Did the bank put an additional lawyer [Layer? But a lawyer would be a good idea too Bob] of security on the town’s accounts after they warned? What happened here? It’s not usual to have a reporter call you with a warning (and thumbs up to Brian for taking the time and effort to try to prevent the crime). So why wasn’t this crime prevented?



How seriously should we take these hacks? That depends on how secure the systems were in the first place. If the hackers are getting in by trying simple/common passwords, like “password” then the system was never intended to be secure in the first place.

http://news.cnet.com/8301-27080_3-20085723-245/hackers-strike-government-cybersecurity-contractor/

Hackers strike government cybersecurity contractor

Hackers flying the AntiSec banner today released what they said was 400 megabytes of internal data from a government cybersecurity contractor, ManTech, as part of their campaign to embarrass the FBI every Friday, as well as target other government agencies and their partners.

"Today is Friday and we will be following the tradition of humiliating our friends from the FBI once again. This time we hit one of their biggest contractors for cyber security: Mantech International Corporation," the hackers said in a statement on PirateBay.

"What ManTech has to do with the FBI? Well, quite simple: In Summer 2010 the FBI had the glorious idea to outsource their Cybersecurity to ManTech. Value of the contract: 100 Million US-Dollar," the statement said. The batch of documents mostly involves NATO, another ManTech client, along with the Department of Homeland Security (DHS), U.S. military branches, and the State and Justice departments, according to the hackers. There was a rumor on Twitter that one of the files in the data release contains a Trojan horse, but another Twitter post said that was a false positive.



We respect our users' privacy... At least, we respect how much money it makes us.”

http://www.wired.com/epicenter/2011/07/undeletable-cookie/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged

Researchers at U.C. Berkeley have discovered that some of the net’s most popular sites are using a tracking service that can’t be evaded — even when users block cookies, turn off storage in Flash, or use browsers’ “incognito” functions.

The service, called KISSmetrics, is used by sites to track the number of visitors, what the visitors do on the site, and where they come to the site from — and the company says it does a more comprehensive job than its competitors such as Google Analytics.

But the researchers say the site is using sneaky techniques to prevent users from opting out of being tracked on popular sites, including the TV streaming site Hulu.com.

KISSmetrics is a 17-person start-up founded in 2008 and based in the San Francisco Bay Area. Founder Hitten Shah confirmed that the research was correct, but told Wired.com Friday morning that there was nothing illegal about the techniques it was using.

We don’t do it for malicious reasons. We don’t do it for tracking people across the web,” Shah said. “I would be having lawyers talk to you if we were doing anything malicious.”

Shah says KISSmetrics is used by thousands of sites to track incoming users, and it does not sell or buy data about those visitors, according to Shah. After this story was published, the company tweeted a link that explains how its tracking works

The research was published Friday by a team UC Berkeley privacy researchers that includes veteran privacy lawyer Chris Hoofnagle and noted privacy researcher Ashkan Soltani.

The stuff works even if you have all cookies blocked and private-browsing mode enabled,” Soltani said. “The code itself is pretty damning.”

The researchers dug into Hulu.com’s tracking code and discovered the KISSmetrics code. Using it, Hulu was able to track users regardless of which browser they used or whether they deleted their cookies. KISSmetrics used a number of methods to recreate cookies, and the persistent tracking can only be avoided by erasing the browser cache between visits.

They also say that Shah’s defense that the system is not used to track people around the web doesn’t hold up.

Both the Hulu and KISSmetrics code is pretty enlightening,” Soltani told Wired.com in an e-mail. “These services are using practically every known method to circumvent user attempts to protect their privacy (Cookies, Flash Cookies, HTML5, CSS, Cache Cookies/Etags…) creating a perpetual game of privacy ‘whack-a-mole’.”

Berkeley researcher Soltani, who consulted for the Wall Street Journal’s reporting on privacy, notes that the code includes function names like “cram cookie.”

One of the techniques used involves using something called ETags in the browser cache, a once-theoretical technique that’s never before been seen in the wild on a major site, according to the researchers.

The research also found that many top websites have adopted new ways to track users using HTML5 and that Google tracking cookies are present on 97 of the top sites, including government sites such as IRS.gov.

The full report from the Berkeley researchers



This works only if you can identify encryption, which looks a lot like random noise or sensor data.

Pakistan Tries To Ban Encryption

"Pakistan has a new Telecoms Law going into effect, which requires widespread monitoring of internet usage. In response, new reports are saying that the country is banning encryption, including VPNs, because it would interfere with the ability of ISPs to monitor internet usage."



Without context, we still don't know what constitutes a “heavy user” Related articles put the number at 2.5 GB per month, but the AT&T Press Release makes it look like a dynamic (constantly changing) 5% of users will be impacted. In other words, if you move a lot of data early in the billing period, they slow your connection, which allows other users to leapfrog into the “top 5%” which may or may not mean your speeds go back to normal.

AT&T To Start Data Throttling Heaviest Users

"AT&T has announced that starting on Oct. 1 it will throttle the data speeds of users with unlimited data plans who exceed bandwidth thresholds on its 3G network. AT&T is following in the tracks Verizon and Virgin Mobile in reducing data throughput speeds of its heaviest mobile data users."

[The AT&T Press Release:

One new measure is a step that may reduce the data throughput speed experienced by a very small minority of smartphone customers who are on unlimited plans - those whose extraordinary level of data usage puts them in the top 5 percent of our heaviest data users in a billing period. In fact, these customers on average use 12 times more data than the average of all other smartphone data customers. This step will not apply to … the vast majority of smartphone customers who still have unlimited data plans.



Now avoiding cliches is as easy as pie!

http://www.makeuseof.com/tag/5-websites-english-writer-search-clichs/

5 Websites For The English Writer That Help In The Search For Clichés

Clichesite

Cliché Finder

Sports Clichés

Cliché Web

101 Clichés


Friday, July 29, 2011

See? It can be done! I'd like some additional details, like the costs of software, end-user training, etc. Clearly the $6,000,000 figure is largely the cost to “do it over, correctly” What are their ongoing costs?

TN BlueCross Encrypts All Data After 57 Disks Stolen

"After dozens of hard disk drives were stolen from a leased facility in Chattanooga, potentially exposing the personal data of more than 1 million customers, BlueCross decided to go the safe route: they spent $6 million to encrypt all stored data across their enterprise. The health insurer spent the past year encrypting nearly a petabyte of data on 1,000 Windows, AIX, SQL, VMware and Xen server hard drives; 6,000 workstations and removable media drives; as well as 136,000 tape backup volumes."

[From the article:

The company said it spent more than 5,000 man-hours on the encryption effort, which encompassed about 885TB of at-rest data.

BCBS said it is now encrypting all data on 1,000 Windows, AIX, SQL, VMware and Xen server hard drives; 6,000 workstation hard drives and removable media drives; 136,000 tape backup volumes; and 25,000 voice call recordings per day.

BCBS completed the encryption project in just over a year.



How does one distinguish theft by Spammers from theft by intelligence agencies or an act of war?

35 Million SK Telecom Accounts Stolen By Chinese Hackers

"South Korea's SK Telecom has revealed that earlier this week hackers stole 35 million account details from two sites. A portal called Nate Portal that provided e-mail services and a social networking site called CyWorld were the two targets by hackers who, SK Telecom claims, used IP addresses originating from China. From the article, 'The stolen data included user IDs, passwords, social security numbers, names, mobile phone numbers and email addresses. Nate said the social security numbers and passwords are encrypted so that they are not available for illegal use.'"



The real reason for the Debt Ceiling kerfuffle?

Senators Want Secret Warrantless Wiretap Renewal

"A group of Senators are meeting in secret today, while most people are focused on the 'debt ceiling' issue, in order to try to rush through a renewal of the FISA Amendments Act, which expressly allowed warrantless wiretapping in the U.S. The law isn't set to expire until next year, but some feel that the debt ceiling crisis is a good distraction to pass the extension without having to debate the issue in public. The meeting is being held in secret, but it's not classified, so people can demand to know how their Senator voted."



Copyright Piracy is as evil as Child Pornography!

http://techcrunch.com/2011/07/28/british-court-orders-isp-to-block-filesharing-website-in-potential-landmark-ruling/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

British Court Orders ISP To Block Filesharing Website In Potential Landmark Ruling



http://www.wired.com/threatlevel/2011/07/fbi-gadgets/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Document: FBI Surveillance Geeks Fear, Love New Gadgets

According to an internal FBI document (.pdf), the law enforcement agency has a keen interest in evaluating each new technology for its surveillance possibilities and challenges.

The FBI fears, for example, that 4G will require agencies to “deal with significantly higher data rates than in current wireless network intercepts,” according to the document. “Managing this ‘fire hose’ of data is complicated by the lack of buffering or reliable delivery requirements. … These higher data rates could place a greater emphasis on the filtering of data to identify specific content.”

To intercept VoIP, or voice-over IP traffic, in this environment, “voice packets will need to be extracted from the packet stream in near real-time,” the document states.

The unclassified document is a handy primer on all of the latest wireless technologies, presumably to help FBI engineers devise strategies for circumventing any surveillance obstacles the technologies might pose. Each technology section includes a discussion of the potential challenges to surveillance, but most of these discussions were redacted by the FBI before releasing the document. The document covers net neutrality, 4G, public Wi-Fi, anonymity services like Tor, and cloud storage and file-sharing services such as Dropbox, SpiderOak and SugarSync.

On the other hand, the FBI appears to be excited about the new opportunities for surveillance and evidence-gathering that Microsoft’s new Greenfield application might provide. Greenfield is reportedly an“activity-based navigation” system from Microsoft Research that will be able to track a phone user’s movements through a suite of sensors on the mobile phone, allowing a trail to be gathered indoors, where GPS tracking doesn’t reach.

There’s also a fascinating description of a device called Slurp (see below) that was developed by a former MIT Media Lab student. The device resembles a large eye dropper, and uses infrared ports to allow a user to easily slurp up (extract) and squirt out (inject) data from one device to another. The user touches the dropper to a file icon on a computer screen to slurp up the file, and then points it at a second display while squeezing the dropper to squirt the file back out.

Because of the device’s small and inconspicuous design, the document notes, the “act of capturing or transferring data may go undetected.” [Watch the video http://www.youtube.com/watch?feature=player_embedded&v=ICAUOwpeecI Bob]

In a show of irony, the document holds an uncharitable view of another cutting edge technology: an Apple patent for a “killswitch” that uses voice and facial recognition to shutdown an iPhone or its data if the device detects that the person using it is not the rightful owner. The FBI calls Apple’s concept “Big Brother-ish”.


(Related) One of my students has one of these, as a supplement to his smartphone, tablet and iPad. Imaging copying data to this device without ever removing it from your pocket... All for $200!!

http://www.seagate.com/www/en-us/products/external/external-hard-drive/goflex-satellite

GoFlex Satellite™ Mobile Wireless Storage

Take your media library with you. Stream it to your iPad®.

  • Take more than 300 HD movies on-the-go1

  • Stream media over Wi-Fi to 3 iPads at the same time

  • Automatically sync media and documents from your PC or Mac® computer

  • Up to 5 hours battery life2



Find me three engineers, quick!

http://www.wired.com/epicenter/2011/07/nsf-i-corps/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Feds Giving Engineers and Scientists $50K to Learn to Start Companies

The Innovation Corps program — which starts in September at Stanford University –will give $50,000 to 100 different teams (3 or more people per team) every year to go through an intensive entrepreneurial education class. The I-Corps class will be modeled on a Stanford engineering class called Lean LaunchPad that was taught earlier this year by serial entrepreneur Steve Blank and a coterie of entrepreneurial thought leaders, technologists and venture capitalists.



Interesting service. Caution: Who owns the map?

http://www.killerstartups.com/Web-App-Tools/topo-ly-put-excel-addresses-on-a-map?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+killerstartups%2FBkQV+%28KillerStartups.com%29

Topo.ly - Put Excel Addresses On A Map

This web service can take as many addresses as you have in the same document, and turn them into markers on a map that you can proceed to click upon at will.

Best of all, this service can be used absolutely for free. You can throw as many addresses as you wish at it, and they all will be handled with the same speed and precision.

http://blog.topo.ly/



Global Warming is real. It's just Al Gore's graphs that are bogus...

New NASA Data Casts Doubt On Global Warming Models

"Satellite data from NASA covering 2000 through 2011 cast doubt on current computer models predicting global warming, according to a new study. The data shows that much less heat is retained by carbon dioxide in the earth's atmosphere than is assumed in current models. 'There is a huge discrepancy between the data and the forecasts that is especially big over the oceans,' said Dr. Roy Spencer, a co-author of the study and research scientist at the University of Alabama."

Note: the press release about the study is somewhat less over the top.



This could be exceptionally useful. It could also be a way to support my online students!

Show Me What's Wrong - Help Your Friends With Their Computer Problems

Show Me What's Wrong is a free service offered byScreencast-O-Matic. The service is designed to help you help others with their computer problems. To use the service enter your name and email address to have a custom url assigned to you. You then send that url to the person who needs help. They open the link and can start recording their screens and talk about the trouble they're having. When they finish recording the screencast is sent directly to you. Watch the two minute video below to see Show Me What's Wrong in action.

[The video on Youtube: http://www.youtube.com/watch?v=lNqO_uKui6s&feature=player_embedded


Thursday, July 28, 2011

Another day where (apparently) nothing interesting happened?



Officer Friendly now Facebook friendly?

Fighting Crime With Facebook

"Demond Fernandez writes that Facebook has become a hot, new crime fighting tool for police in Conroe, Texas. Sergeant Joe Smart says Conroe police have been using its Facebook page to profile suspects and criminals since May — like a woman accused of stealing credit cards, masked gunmen caught on tape burglarizing a local store and a suspected computer thief, who the department's Facebook friends just helped police catch. 'It works. The witnesses are looking at it and they are giving us information,' says Smart. Police say Facebook friends in Conroe already helped them catch two wanted suspects and gather leads on several other open cases. Apparently the idea of using facebook to catch criminals is getting picked up in other places as the Toronto Police Service announced their goal is to have about 175 officers with online profiles by early November. 'We've prevented some pretty serious incidents simply because people reached out to the few police officers that were using social media,' says Constable Scott Mills, the force's social media officer. 'This is going to lead to a lot more trust and a lot more transparency.'"



Think of these as an “Anti-Cloud” Many useful alternatives are profiled...

http://www.makeuseof.com/tag/3-ways-escape-cloud-storage-solutions-trust/

3 Ways To Escape Cloud Storage Solutions If You Don’t Trust Them

Most major IT companies seem convinced that shoving everything into giant data centres in the sky is the solution to many essential computing tasks. Google has weened us into the cloud over the last few years with documents, storage, email – all of Google services in fact; Apple is hot on their heels with the launch of iCloud; and Dropbox is ubiquitous for simple file sharing. But what if you don’t want all your stuff on someone else’s servers? What if you want it at home, where you can physically touch it and have complete control over it?

Let me show you how you can escape the cloud, without losing any of the functionality.



Because I like lists, especially lists of free stuff...

http://www.thesofthelp.com/2011/07/top-10-free-software-download-sites.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+alisoft7+%28alisoft7%29

Top 10 Free Software Download Sites


Wednesday, July 27, 2011

How “anonymous” is Anonymous?

http://www.wired.com/threatlevel/2011/07/op_payback/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

In ‘Anonymous’ Raids, Feds Work From List of Top 1,000 Protesters

It turns out there’s a method behind the FBI’s raids of suspected Anonymous members around the country. The bureau is working from a list, provided by PayPal, of the 1,000 internet IP addresses responsible for the most protest traffic during Anonymous’ DDoS attacks against PayPal last December.

FBI agents served 40 search warrants in January on people suspected of hosing down PayPal during ”Operation Payback” — Anonymous’ retaliatory attack against companies who blacklisted WikiLeaks. On July 19, the feds charged the first 14 defendants under the Computer Fraud and Abuse Act, and raided an additional 35 suspects for evidence.

An FBI affidavit first published Tuesday by an NBC affiliate in Dallas lays out how the FBI decided on its targets, and suggests the bureau may have plenty more.

According to the affidavit, by FBI agent Chris Thompson, PayPal security officials were in close contact with the bureau beginning on December 6, two days after PayPal froze WikiLeaks’ donation account and the first day it began receiving serious denial-of-service traffic. FBI agents began monitoring Anonymous press releases and Twitter postings about Operation Payback, while PayPal collected traffic logs on a Radware intrusion prevention system installed on its network.

On December 15, the company turned over a USB thumb drive containing the Radware reports, which documented “approximately 1,000 IP addresses that sent malicious network packets to PayPal during the DDoS attacks.” The list represented the “IP addresses that sent the largest number of packets.”

Anonymous Affidavit



If OnStar can do it, why can't Script Kiddies?

http://news.cnet.com/8301-27080_3-20083906-245/expert-hacks-car-system-says-problems-reach-to-scada-systems/

Expert hacks car system, says problems reach to SCADA systems

Researcher Don A. Bailey will be showing at the Black Hat security conference next week how easy it is to open and even start a car remotely by hacking the cellular network-based security system. Even more disturbing is the message that demonstration brings, that cars aren't the only things at risk.

"We are seeing more GSM [Global System for Mobile Communications]-enabled systems popping up in consumer culture and industrial control systems. They're not just in Zoombak [Global Positioning System] location devices and personal security control systems, but also in sensors deployed for waste treatment facilities, SCADA [Supervisory Control and Data Acquisition] and call-back systems, physical security systems, industrial control systems," Bailey, a senior security consultant at iSec Partners, said today. "These GSM modules open up that world to attacks in a whole new way."



...but it is Okay to search everyone equally?

http://www.pogowasright.org/?p=23837

Can school personnel search your child’s bra without individualized suspicion?

Can your teenage daughter’s school personnel lift or search her bra if the whole school is going through a search for drugs? Not if there’s no individualized reasonable suspicion of her, according to a North Carolina decision.

Via FourthAmendment.com, from In re T.A.S., 2011 N.C. App. LEXIS 1472 (July 19, 2011):

Where the blanket search of the entire school lacked any individualized suspicion as to which students were responsible for the alleged infraction or any particularized reason to believe the contraband sought presented an imminent threat to school safety, the search of T.A.S.’s bra was constitutionally unreasonable and we reverse the trial court’s order denying her suppression motion.



“I'm shocked... Shocked!”

http://yro.slashdot.org/story/11/07/26/201214/Chief-NSA-Lawyer-Hints-That-NSA-May-Be-Tracking-US-Citizens?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Chief NSA Lawyer Hints That NSA May Be Tracking US Citizens

"Responding to questions from the Senate Select Committee on Intelligence yesterday, Matthew Olsen, the NSA's general counsel, said that the NSA 'may', under 'certain circumstances' have the authority to track U.S. citizens by intercepting location data from cell phones, but it's 'very complicated.' 'There's no need to panic, or start shopping for aluminum-foil headwear,' says blogger Kevin Fogarty, but clearly the NSA has been thinking about it enough 'that the agency's chief lawyer was able to speak intelligently about it off the cuff while interviewing for a different job.'"



No Privacy implications here... Move along...

http://www.wired.com/gadgetlab/2011/07/blood-monitor-tattoo-iphone/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Digital Tattoo Gets Under Your Skin to Monitor Blood

Instead of the dye used for tribal arm bands and Chinese characters, these tattoos will contain nanosensors that read the wearer’s blood levels of sodium, glucose and even alcohol with the help of an iPhone 4 camera.

Dr. Heather Clark, associate professor of pharmaceutical sciences at Northeastern University, is leading the research on the subdermal sensors. She said she was reminded of the benefits of real-time, wearable health monitoring when she entered a marathon in Vermont: If they become mass-produced and affordable for the consumer market, wireless devices worn on the body could tell you exactly what medication you need whenever you need it.

I had no idea how much to drink, or when,” said Clark, reflecting on her marathon run. “Or if I should have Gatorade instead.”

Clark’s technology could spell out the eventual demise of the painful finger pricks required for blood tests — assuming users have an iPhone, which Northeastern bioengineering grad student Matt Dubach has customized to read light from the tiny sensors to collect and output data.



For my Computer Security and Computer Forensic students.

http://www.wired.com/dangerroom/2011/07/sue-cybercrook-pals/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

How to Stop Cybercrooks: Take Their Pals to Court

The best way to stop the tide of global cybercrime may be to sue the pants off of the hosting companies and Internet Service Providers Online that are backing the crooks.

That’s the central conclusion of my policy paper, out today from the Brookings Institution. (You can find avery condensed version in Sunday’s Washington Post.)

No one knows exactly how big the cybercrime underground is. But it is huge. According to the British government, online thieves, scammers, and industrial spies cost U.K. businesses an estimated $43.5 billion in the last year alone. Crooks-for-hire will infect a thousand computers for seven dollars – that’s how simple it’s become. 60,000 new malicious software variants are detected every day, thanks in part to a new breed of crimeware that makes stealing passwords about as hard as setting up a web page. Even the Pentagon’s specialists are worried, noting in their new cybersecurity strategy that “the tools and techniques developed by cyber criminals are increasing in sophistication at an incredible rate.”



“Oh lookie. Thousands of angry Netflix customers. Let's offer them an alternative!”

http://entertainment.slashdot.org/story/11/07/26/2219250/Wal-Mart-Jumps-Into-Video-Streaming?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Wal-Mart Jumps Into Video Streaming

"Today Wal-Mart has added streaming video to their website. What better time to compete with Netflix, now that they have raised their prices? On Wal-Mart's website, the movies will be available the same day the DVDs go on sale in stores. Walmart.com general manager Steve Nave said the retailer is following its customers as they increasingly embrace digital movie rentals and purchases. 'We know customers are starting to shift their behavior, in terms of how they consume their media,' Nave said, adding, 'As as customers make that change, we don't want to lose that customer as they shift to digital.' Wal-Mart, long the nation's leading seller of DVDs, signaled its intent to double down on digital movie distribution in February 2010, when it spent a reported $100 million to acquire Vudu, a Silicon Valley start-up that was gradually being added to home entertainment devices."


(Related) Actually, the market is even larger...

http://www.bespacific.com/mt/archives/027868.html

July 26, 2011

Pew: 71% of online adults now use video-sharing sites

Video, Web 2.0 - 71% of online adults now use video-sharing sites by Kathleen Moore, July 26, 2011

  • "Fully 71% of online Americans use video-sharing sites such as YouTube and Vimeo, up from 66% a year earlier. The use of video-sharing sites on any given day also jumped five percentage points, from 23% of online Americans in May 2010 to 28% in May 2011. Rural internet users are now just as likely as users in urban and suburban areas to have used these sites, and online African-Americans and Hispanics are more likely than internet-using whites to visit video-sharing sites."



This is what happens when you think of technology as a tool...

7 Ways Google+ Users Are Getting More Out of Their Circles

Organizing your circles in Google+ can be the most confusing part of the new social network. Yet people are learning to embrace and even optimize their circles for better productivity, filtering and privacy.

We spoke with some Google+ mavericks about how they’ve corralled their circles to be more effective. Below, they share their clever tricks and best practices so you can learn from both their mistakes and their successes.


Monday, July 25, 2011

Bad choice, if they even considered security before they designed it this way...

http://mobile.slashdot.org/story/11/07/24/1715232/Android-Password-Data-Stored-In-Plain-Text?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Android Password Data Stored In Plain Text

"The Hacker News is reporting that Android password data is being stored as plain text in its SQlite database. Hackers News says that 'The password for email accounts is stored into the SQLite DB which in turn stores it on the phone's file system in plain text. Encrypting or at least transforming the password would be desirable.' I'm sure most would agree encrypted password data in at least SHA or MD5 would be kind of a good idea!"



No comment...

http://www.pogowasright.org/?p=23821

New privacy guidelines would give FBI leeway to abuse privacy

Frank Askin, who is a professor of law and director of the Constitutional Litigation Clinic at Rutgers Law School-Newark, writes:

Twenty-five years ago, Congress passed and President Gerald Ford signed the Federal Privacy Act. In an effort to end the abuses committed by the FBI against anti-war and civil rights activists that director J. Edgar Hoover disliked, Section (e)(7) of that Act prohibited any agency of the federal government from “maintaining records describing how any individual exercises rights guaranteed by the First Amendment . . . unless pursuant to and within the scope of an authorized law enforcement activity.”

The FBI and the federal courts have spent the last 25 years honoring that statute in the breach; and Congress seems perfectly satisfied to let them do so. And as reported in the New York Times on June 13, the FBI is again about to amend its Domestic Investigations and Operations Guide to further thumb its nose at the privacy act.

Read more on NJ.com


(Related) Even citizens want to surveil... “We should do this...” But does anyone want to me the Online Emily Post?

http://www.wired.com/magazine/2011/06/st_thompson_videomonitoaring/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Clive Thompson on Establishing Rules in the Videocam Age

… Sousveillance is the monitoring of events not by those above (surveiller in French) but by citizens, from below (sous-). The neologism was coined by Steve Mann, a pioneer in wearable computing at the University of Toronto. In the ’90s, Mann rigged a head-mounted camera to broadcast images online and found that it was great for documenting everyday malfeasance, like electrical-code violations. He also discovered that it made security guards uneasy. They’d ask him to remove the camera—and when he wouldn’t, they’d escort him away or even tackle him.

“I realized, this is the inverse of surveillance,” he said.

… Right now, sousveillance requires an act of will; you have to pull out your phone when you see something fishy. But always-on videocams are spreading. Many new cars, for example, have cameras for backing up, and forward-looking ones are gaining popularity. And wearable video devices like the Looxcie are already hitting the market: Pop one over your ear like a Bluetooth headset and it’ll capture a rolling five-hour buffer of everything you see and do, publishable to Facebook with a single click.

… As citizens turn their videocams on the authorities, we need some new rules of engagement.



Something to share?

http://www.bespacific.com/mt/archives/027847.html

July 24, 2011

Looks Too Good To Be True.com webstie

"While the Internet can be a safe and convenient place to do business, scammers are out there in "cyber world" targeting unsuspecting consumers. The Looks Too Good To Be True.com website was built to educate you, the consumer, and help prevent you from becoming a victim of an Internet fraud scheme. The website was developed and is maintained by a joint federal law enforcement and industry task force. Funding for the site has been provided by the United States Postal Inspection Service and the Federal Bureau of Investigation. Key partners include the National White Collar Crime Center, Monster.com, Target and members of the Merchants Risk Council."



Beware of ePolitics. There is no reason why an eParty couldn't run an eCandidate and when eLected we find he/she is a virus...

http://politics.slashdot.org/story/11/07/24/1322210/Internet-Based-Political-Party-Opens-Doors?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Internet-Based Political Party Opens Doors

"New York Times Op-Ed Columnist Thomas L. Friedman writes (edited for brevity): 'If [...] idiocy by elected officials [...] leaves you wishing that we had more options today [...] not only are you not alone, but help may be on the way. Thanks to a quiet political start-up that is now ready to show its hand, a viable, centrist, third presidential ticket,elected by an Internet convention, is going to emerge in 2012.' Currently it looks like more liberal-inclined individuals are registering, but it would make for a healthier system if more viewpoints were represented."



Oh great. Now all my students will want me to design learning games...

http://games.slashdot.org/story/11/07/25/0144209/Can-AI-Games-Create-Super-Intelligent-Humans?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Can AI Games Create Super-Intelligent Humans?

"A technology CEO sees game artificial intelligence as the key to a revolution in education, predicting a synergy where games create smarter humans who then create smarter games. Citing lessons drawn from Neal Stephenson's The Diamond Age, Alex Peake, founder of Primer Labs, sees the possibility of a self-fueling feedback loop which creates 'a Moore's law for artificial intelligence,' with accelerating returns ultimately generating the best possible education outcomes. ' What the computer taught me was that there was real muggle magic ...' writes Peake, adding 'Once we begin relying on AI mentors for our children and we get those mentors increasing in sophistication at an exponential rate, we're dipping our toe into symbiosis between humans and the AI that shape them.'"



For my Intro to IT students...

http://news.cnet.com/8301-1035_3-20082175-94/a-beginners-guide-to-more-telecom-jargon/

A beginner's guide to more telecom jargon



Another tool to torture my students!

http://www.makeuseof.com/dir/spiderscribe-free-form-mind-mapping/

Spiderscribe: Free-Form Mind Mapping & Brainstorming Tool

A lot of online mind mapping tools today are usually limited by their very structured form. While they are very useful for basic brainstorming sessions, their capabilities are quite limited. SpiderScribe offers a unique online mind mapping and brainstorming tool that provides more flexibility with the structure and the kind of items that you can put on it. With SpiderScribe, you may create free-style, multi-directional maps, as well as combine various elements such as text, images, files, calendar events, and geographic locations in your mind map.

http://www.spiderscribe.net

Similar Tools: Diagramly, Sneffel, and Think.


Sunday, July 24, 2011

Are they saying it is impossible to prevent card skimming?

http://www.databreaches.net/?p=19795

Margarita’s Mexican Restaurant breach raises issues of law enforcement’s role in notifying the public

July 23, 2011 by admin

Brandon Scott reports that authorities have now named the source of a rash of card fraud reports in Huntsville, Texas. But what may be most significant about the news report is its focus on how law enforcement decided whether to – or when – reveal the point of compromise:

… Huntsville Police Department, Walker County Sheriff’s Office, University Police Department and the U. S. Secret Service worked together to determine the source of the thefts of debit and credit card numbers by virus-infected computers at Margarita’s Mexican Restaurant.

Margarita’s was hit by a type of “skimming,” in which credit card numbers are stolen before they can be encrypted by the restaurant’s point of sale system.

Skimming debit and credit cards numbers can occur many ways, remotely by computer hacking or on-site by a device placed on a computer, authorities said.

Residents began alerting the police to the problem almost three weeks ago, and a large jump in reported cases occurred about two weeks ago. Victims are still bringing cases to authorities as they find evidence in their bank and credit card statements.

At some point in the investigation, authorities knew most of the cases were connected to computers at Margarita’s, but they said they were reluctant to release the business’s name to the public for fear of retribution against the restaurant.

“We had determined it was Margarita’s, but it wasn’t necessarily something they had done,” said Huntsville Police Department Lt. Curt Landrum. “This was not one of their employees or a situation where someone who was directly affiliated with Margarita’s was selling information. We were seeing they had done the things they should do to prevent this. [Apparently, “doing everything you should” is insufficient to prevent skimming. Bob] We were afraid that it would hurt their business.”

Once it became clear that the credit card numbers had been sold by thieves in a batches on an underground market but not yet used by thieves, investigators decided the threat to the public took precedence over the threat to Margarita’s. [“It hadn't, until the mayor pointed out that people voted, and restaurants did not.” Bob]

Read more on the Huntsville Item.

Should law enforcement be withholding information like point of compromise for fear of hurting a business? Law enforcement may take the position that it’s not their place to notify the public and that it’s on the entity to disclose the information, but there’s something that doesn’t sit right about this approach. Doesn’t law enforcement work for us and not for the business? I wouldn’t mind if they tell an entity, “Look, we’ll give you today to get a press release or notice out to the media or on your web site or store door, but after that, we will disclose if you haven’t.” But that doesn’t seem to be what happened here. In this case, law enforcement decided that the risk to consumers outweighed other concerns. But if it hadn’t….. then what?

The banks cancel cards and don’t tell us where a breach occurred – often because they’re not told, either.

Law enforcement may not tell us where a breach occurred.

Breached entities may not tell us when they’ve been breached.

This is really unacceptable.

And no, there’s no notice on Margarita’s web site about the breach as of the time of this posting.



Leading or following?

http://www.pogowasright.org/?p=23818

Privacy law updated for California libraries

July 23, 2011 by Dissent

Richard Chang reports:

With the enactment of stricter privacy regulations for library patrons in California, you need not worry about Googling “how to divorce your spouse” at the local library. Before the new law, your spouse could request and possibly obtain all your Internet records from the library.

Authored by Sen. Joe Simitian, D-Palo Alto, the law was suggested by one of Simitian’s constituents through his annual “There Oughta Be A Law” contest. Cupertino resident and library law consultant Mary Minow proposed the law after hearing about an event in Florida.

Read more on the Ventura County Star

[From the article:

"In Florida, marketers and politicians were requesting email addresses from libraries," said Minow. [Were the libraries acting as ISP's? If so, weren't they covered by the same laws? If not, why would they have the email addresses? Bob]



I suppose this is cheaper than separating international and domestic flights?

Heathrow To Install Facial Recognition Scanners

"Slashdot readers will recall that back in February, Heathrow airport required full body scanning for select individuals. Now we learn that the airport is installing facial recognitions scanners. The scanners will be used to capture passengers' faces before entering security checks and again before boarding. The stated goal is to prevent illigal immigration."

[The Comments point to the major security hole that they are trying to close:

… The facial recognition scanners will ensure that ticketed passengers board their correct flight. It will prevent, for example, a passenger who arrives from Miami from trying to use a domestic ticket obtained from someone else in the departure lounge and then flying to Glasgow. Since domestic flights do not have immigration counters, it would be possible with the departure lounge arrangement in those terminals for a passenger from Miami to avoid immigration.



It's in the constitution, we just haven't bothered to enact any laws...

The Politics of Surveillance: The Erosion of Privacy in Latin America

While most Latin American countries have democratically-elected governments, many still fail to respect human rights, including the right to privacy. Across the region, there have been multiple scandals involving government officials and intelligence agencies engaged in illegal surveillance of communications. These include numerous chilling examples of how interception technologies are being misused to spy on politicians, dissidents, judges, human rights organizations and activists. Although privacy violations vary from country to country, and the full extent of government surveillance in the region remains largely unknown, newly disclosed data gathering programs hint at the architecture of surveillance lying beneath the surface of ostensibly democratic societies.



Wouldn't this make an interesting final exam: “Build a tutorial that explains the things you were supposed to learn...”

http://www.makeuseof.com/dir/tildee-create-step-by-step-tutorial/

Tildee: Search, Share & Create Step By Step Tutorials For A Variety Of Tasks

www.tildee.com

  • Also read related articles:

5 Free Screencasting Apps for Creating Video Tutorials
12 Great Free Video Tutorial Sites To Brush Up Your Tech Skills
6 Digital Photography Websites With Free Tutorials