Saturday, December 10, 2011


This is unlikely to stop another “Arab Spring,” iPhones are too easy to use.
"Hot on the heels of recently passed legislation further restricting Freedom of Assembly, the National Front-led Malaysian Government is now working to make the registration of all tech workers mandatory, making it an offence punishable by a stiff fine and jail for anyone to plan, deploy, service and maintain any computing system without a license. A leaked draft of the legislation has ignited a backlash among the IT community, which fear the law, when passed, will be devastating to the tech industry in Malaysia."


So bring in the headsman and do it all at once!
"The Transportation Security Administration is getting a lot of negative attention, much of it from the U.S. government itself. A recent congressional report blasted the TSA for being incompetent and ineffective (PDF). A bill to force the TSA to reduce its screening of active duty U.S. military members and their families was approved unanimously by the House of Representatives. After a TSA employee was arrested for sexually assaulting a woman while in uniform, a bill has been introduced to prevent TSA agents from wearing police-style uniforms and badges or using the title 'officer.' The bill's sponsor calls these practices 'an insult to real cops.' The FBI is getting involved by changing its definition of rape [Rape is a federal crime? Bob] in a way that might expose the TSA's 'enhanced pat-down' screeners to prosecution. Lastly, public support for the TSA's use of X-ray body scanners drops dramatically when people realize there is a cancer risk."


Simple answer. RIAA runs the anti-piracy division of the Justice Department and they don't need no stinking constitution!
Senator Wants Answers from DHS Over Domain Name Seizures
Sen. Ron Wyden (D-Oregon) said Friday he would demand answers from the Department of Homeland Security about its domain seizure program known as Operation in Our Sites after it was revealed that the government kept a hip-hop music review site’s name for a year without affording the owner a chance to challenge the seizure.
Wyden also wants to know why there was no court record of the case, other than the initial seizure filing a year ago.


Cue the theme from Mission Impossible...
6 Holiday Gifts That Are Perfect For The Amateur Spy


Hey! Look what 'whats-his-name' is proposing! Project for my Ethical Hackers: De-anonymize his medical record (if it is on the database)
By Dissent, December 9, 2011
Earlier this week the Government announced proposals (40-page / 2.1MB PDF) to change the NHS Constitution so that information stored about patients would be automatically shared with life sciences researchers via a new anonymised database unless patients elect for their details not to be included.
While welcomed by the life sciences industry as a boost to research, the proposals raised concerns about the use of patient data.
[...]
“Let me be clear, this does not threaten privacy, it doesn’t mean anyone can look at your health records, but it does mean using anonymous data to make new medical breakthroughs,” Cameron said in a speech detailing the Government’s plans, according to a report by the BBC.
Mr. Cameron may firmly believe that, but studies on re-identifying supposedly “anonymized” data make it clear that data are often not as “anonymized” as one might think or home when the data are combined with other data often readily available in public databases.
The article also quotes Paul Ohm, who has been instrumental of increasing awareness about the risks of relying on “anonymization:”
Academic Paul Ohm, Associate Professor at University of Colorado Law School, told Out-Law.com in 2009 that research had shown that it is possible to use anonymised data to identify individuals. He said at the time that misplaced trust in anonymisation had been enshrined in privacy legislation.
“Virtually every privacy law allows you to escape the strictures and requirements of the privacy law completely once you’ve anonymised your data,” he said. “Every policy maker who has ever encountered a privacy law, and that’s in every country on earth, will need to re-examine the core assumptions they made when they wrote that law.”
Ohm said at the time that, in some fields of research such as health, it would be possible to open up much more data than is currently permitted as long as access to the information was controlled.
“We can’t trust technology any more but at the same time we don’t want to keep this information from researchers. So my solution is that we shift our trust from the technology to the people,” he said. “We write down the rules of trust among health researchers … [we say] you can get my data but only on a need to know basis,” he said.
Read more on Out-Law.com
Part of determining trustworthiness of a research clearly needs to be assessing their security and privacy protections, as the researcher may be professionally trustworthy, but if they outsource their database security to another party, well….


Interesting article...
The Future of Context: Mobile Reading from Google to Flipboard to FLUD
Reading is changing. And arguably, even more than e-readers, tablets, or “readers’ tablets,” smartphones are changing it.


Gee, I got them all right. Perhaps the school board member was a math-phobic?
New submitter newslash.formatb points to this Washington Post blog post, which
"discusses the National Assessment of Educational Progress test (specifically, the math part). One of the school board members took it and was unable to answer any of the 60 math questions, though he guessed correctly on 10 of them. He then goes on to claim that the math isn't relevant to many people. P.S. — if you want to feel like Einstein, check out some sample questions."
Maybe this is mostly about the kind of life skills that are sufficient to succeed in management.


Tools & Techniques
Quick Screen Share is a simple yet effective online web service that helps you instantly share screen activity with friends without having to download any software or extra add-ons. To get started, visit the site and check the “Your Screen” or “Their Screen” option; then enter your name to start the process. Note that you must have Java to make use of this service.
Once this is done, you will be given a URL you can send to the person who’d like to share the screen with you.


Anyone know where I can get a used Steinway? Yes, Mr. Bach, there's an app for that.
Etude is a must-have iPad application for all those users who want to learn piano using different digital tools.
Once installed, all you have to do is find the song which you want to learn and it will show you all the keys which you should press at each moment.
In case of pros, they can carry all their collections in one device rather than carrying piles of papers and books.


Gosh, I feel smarter already!
2 Ways To Easily Download TED Videos To Your Desktop


So they're not growling at me?
'Vocal Fry' Creeping Into U.S. Speech
A curious vocal pattern has crept into the speech of young adult women who speak American English: low, creaky vibrations, also called vocal fry. Pop singers, such as Britney Spears, slip vocal fry into their music as a way to reach low notes and add style. Now, a new study of young women in New York state shows that the same guttural vibration—once considered a speech disorder—has become a language fad.
Vocal fry, or glottalization, is a low, staccato vibration during speech, produced by a slow fluttering of the vocal chords (listen here).

Friday, December 09, 2011


So you took “naked or partially dressed” pictures of an under-aged female, and you're upset with her?
Lower Merion Laptop Lawsuit Redux: Robbins Family Sues School District Again
December 8, 2011 by Dissent
Thomas J. Walsh reports:
Charging that she was remotely monitored while naked or partially dressed, another webcam lawsuit has been filed against the Lower Merion School District—this time by Paige Robbins, 18, the sister of Harriton High School student Blake Robbins, who sued the district two years ago for invasion of privacy and other charges, eventually accepting a $175,000 settlement.
The Lower Merion School District (LMSD) fired back immediately Thursday, saying it appeared Paige Robbins purposefully waited until she turned 18 to file the suit as an adult, to win a separate payday of her own.
Read more on Patch.com


Not intended to be public, still what kind of “internal website” would this have been ? Customer service? Why would it even be possible to make this database accessible outside the company?
Telstra internal website made public, releasing account details of up to one million customers
December 9, 2011 by admin
Michelle Ainsworth reports:
Account details of up to one million Telstra customers have possibly been breached after an internal website was made public. The website listed Telstra customers on bundle plans and included their names, plan types, contact they had had with Telstra customer service and in some instances their account passwords, the Herald Sun reported.
It was found by a Telstra customer who had googled looking for a customer service phone number.
Read more on The Herald Sun.
Asher Moses and Ben Grubb of The Age provide additional details, including customer reactions:
Another customer and freelance writer, Emily Eklund of Rozelle in NSW, said she was “frustrated” that her username, password, credit check history and extensive correspondence with a Telstra staff member was available when she checked if her information was accessible on the Telstra site at 4.30pm AEDST today.
“My concern was that [anyone who knew about the site] had access to my email with a password,” she said. “They could have accessed any of my personal emails which could include details to other important information of mine.


Hacking US POS terminals from the comfort of your vacation home in beautiful Romania.
http://www.databreaches.net/?p=22065
Four Romanian nationals indicted for hacking Subway and 50 other merchants’ POS systems
December 8, 2011 by admin
The U.S. Dept. of Justice has issued a press release about an indictment that may relate to some breaches involving Subway Restaurant previously reported on this blog. The case was filed May 4, but the indictment has just been unsealed.
Four Romanian nationals have been charged in federal court for their alleged participation in an international multimillion dollar scheme to remotely hack into and steal payment card data from hundreds of U.S. merchants’ point of sale (POS) computer systems.
Adrian-Tiberiu Oprea, 27, of Constanta, Romania; Iulian Dolan, 27, of Craiova, Romania; Cezar Iulian Butu, 26, of Ploiesti, Romania; and Florin Radu, 23, of Rimnicu Vilcea, Romania, were charged in a four-count indictment filed in the District of New Hampshire with conspiracy to commit computer fraud, wire fraud and access device fraud. Oprea was arrested last week in Romania and is currently in custody there. Dolan and Butu were arrested upon their entry into the United States on Aug. 13 and Aug. 14, 2011, respectively, and remain in United States custody. Radu remains at large.
According to the indictment, from approximately 2008 until May 2011, Oprea, Dolan, Butu and Radu conspired to remotely hack into more than 200 U.S.-based merchants’ POS systems in order to steal customers’ credit, debit and gift card numbers and associated data. The indictment alleges that as part of the conspiracy, the members remotely scanned the internet to identify vulnerable POS systems with certain remote desktop software applications (RDAs) installed on them, and using these RDAs, the conspirators logged onto the targeted POS systems over the internet, either by guessing the passwords or using password-cracking software programs. The failure of a number of installers and users to change the default login credentials on such RDAs has been a factor in other cases reported on this blog in the past and Visa has repeatedly advised merchants to disable RDAs unless absolutely necessary. In this case, the members also allegedly installed keyloggers and a backdoor to allow them further access to the systems over time. Prosecutors allege that the conspirators repeatedly “downloaded a hacker tool that is designed to evade detection, “xp.exe,” from the “kitsite.info” “dump site” onto victims’ POS terminals.” Data were stored on domestic and non-U.S. servers including ftp.shopings.info, ftp.justfuckit.info, ftp.cindarella.info, ftp.kitsite.info, ftp.tushtime.info, ftp.canadasite.info, and sendspace.com. The dump sites also included compromised internet-connected computers belonging to unsuspecting small business owners or individuals, including a computer server owned by a small business in Pennsylvania. Many of the dump sites were registered with GoDaddy.com.
Merchant victims include more than 150 Subway restaurant franchises (which is less than 1 percent of all Subway restaurants), located throughout the United States, including in the District of New Hampshire, as well as more than 50 other identified retailers. According to the indictment, members of the conspiracy have compromised the credit card data of more than 80,000 customers, and millions of dollars of unauthorized purchases have been made using the compromised data. The other merchants were not named in the indictment.
If convicted, the defendants face a maximum of five years in prison for each count of conspiracy to commit computer related fraud, 30 years in prison for each count of conspiracy to commit wire fraud and five years in prison for each count of conspiracy to commit access device fraud. They also face fines up to twice the amount of the fraud loss and restitution.
Although it didn’t garner much media coverage, this blog had reported incidents involving card fraud at Subway locations in California and New York in 2009 and May 2010. Without knowing the identities of the other merchants, it’s unclear whether we knew about any of their breaches at the time or whether they ever notified affected customers.


Sure, why not? Some of my “financially challenged' students “Shop” for USBs in the school's lost & found. Also, If I “conduct security research” by examining a few dozen USB drives, I'll have plenty of 'stocking stuffers.'
AU: Railcorp blunder as personal details offered in rail sale
December 9, 2011 by admin
Finders, keepers? Can you just auction off lost USB drives left on trains without regard to whether they contain sensitive information? Maureen Shelley reports:
A bunch of USB memory sticks, which hold private photos and data, left by passengers on Sydney trains were sold by Railcorp at a lost property auction.
Computer security company Sophos, which bought the sticks, said they contained thousands of photographs, work projects, minutes of meetings and university assignments as well as a job application and resum aac (sic).
NSW Information and Privacy deputy commissioner John McAteer said that his office was investigating a possible breach of the Privacy Act by RailCorp and whether it had kept passengers’ private data safeguarded.
Read more on The Daily Telegraph.


At least when the Godfather said, “It's business, Sonny, it's not personal,” you knew the target wasn't civilians...
All she wants for Christmas is for us – and Congress – to ignore human rights
December 8, 2011 by Dissent
Tatiana Lewis, World Program Director of Intelligence Support Systems in Virginia, wrote a letter to the editors of the Wall Street Journal that is so simultaneously ludicrous and pathetic that I don’t know whether to spit, laugh, or suggest she take a course on human rights. Here’s her letter, and I’ll meet you on the other side:
The article “Document Trove Exposes Surveillance Methods” (page one, Nov. 19) will have a negative effect on job creation in the U.S. as attention of this kind makes U.S. manufacturers gun shy about developing, and eventually exporting, anything that can remotely be used to support government surveillance.
Based on our work with customers from around the globe, we expect that most countries outside the U.S. and Western Europe will begin to place intercept mandates on social networks, [“begin to?” Bob] especially following the Arab Spring. This would give U.S. companies an opportunity to develop such tools and thus create jobs.
We are concerned that the article and others like it contribute to an atmosphere where Congress isn’t likely to pass an updated lawful-interception law. The law would require social-networking companies to deploy special features to support law enforcement. Without the update, the opportunity for U.S. companies to develop and launch intercept products domestically for eventual export will be greatly curtailed.
Additionally, in some countries U.S. companies are already refusing to provide intercept support and are banned from doing business. But Chinese equivalents, with lawful-intercept features, crop up in their absence. [Lawful under whose laws? Bob] Like it or not, many countries will adopt the Chinese model, leaving U.S. companies and job growth behind.
So, to be clear, Ms. Lucas is arguing that we should throw human rights out the window to enable American businesses to make huge profits by supporting unconscionable surveillance of human rights activists. We should not put pressure on American businesses to behave ethically because, well hey, there’s big money to be made, and if American businesses don’t make it, Chinese businesses will. If people are going to be surveyed, tortured, and imprisoned anyway, we should just lie back and allow American businesses to make a profit off it.
Think again, Ms. Lucas.
And then again.
You seem to have an ethical screw that’s seriously loose.

(Related) My God, she's right! We'll have to move the business to China!
"The European Union is asking companies that sell surveillance and law enforcement tech to repressive regimes to stop doing so. The EU is not taking concrete action yet, but has warned that sanctions may be applicable. All this comes little more than a week after Wikileaks published the Spy Files, a name-and-shame list of the companies offering tools for mass surveillance and interception to despotic regimes, but also to Western governments."


Now this is smart! Proof you copied the game (often all a hacker wants is bragging rights) Still it shows off the game, perhaps enticing a purchase?
The developer of Serious Sam 3 came up with some creative DRM.
Pirates can play but not for long, as they are up against an invincible scorpion.
No mercy, let them bleed to death.


This is not really new. Microsoft has been pushing software “updates” to your computer for years.
"The terms of service for Microsoft's newly launched Windows Store allows the seller [not just Microsoft? Bob] to remotely kill or remove access to a user's apps for security or legal reasons. The story also notes that MS states purchasers are responsible for backing up the data that you store in apps that you acquire via the Windows Store, including content you upload using those apps. If the Windows Store, an app, or any content is changed or discontinued, your data could be deleted or you may not be able to retrieve data you have stored."


I'll take “Prior Art” for a $Billion, Alex. (“We don't need no stinking Patent Lawyers.” )
"IBM's Watson is made of many parts: speech recognition, natural language processing, machine learning, and data mining. All of these factors were perfectly combined to beat Ken Jennings in Jeopardy, and now each of these components are slowly finding their way into other applications. Health plan company WellPoint, for example, is using Watson to investigate patient records to improve diagnosis, and in a self-referential, possibly universe-destroying twist, IBM itself is using Watson to help sell Watson (and other IBM products) to other companies. Now, using Watson's data mining and natural language talents, IBM has created the Strategic IP Insight Platform, or SIIP, a tool that has already scanned millions of medical patents and journals for the sake of improving drug discovery — and in the future, it's easy to see how the same tool could be used to battle patent trolling, too."


This could be handy. I'll add it to the “portable Firefox” on my thumb drive for use at school. Be sure to watch the video!
CC:to me is one of those bookmarklets that you are elated to have discovered, and also makes you wonder why an idea as simple as this wasn’t implemented by anyone earlier. As the name suggests, it allows you to email stuff to yourself via a bookmarklet. The best part – you can drag and drop text, images, videos and more from the web onto it and it emails them flawlessly along with the link. It’s free at the moment (sign up needed), and the pro accounts (coming soon) will bring goodies like multiple recipients and more.


Try all 6, the price is right!
6 Best Desktop eBook Readers For Reading At Home (Or At Work)
… reading on a computer is nice because it’s a device you already have. Buying expensive hardware just to do one thing can be pricey, especially when computers can do pretty much everything those devices can (and more).
Calibre: The Ultimate eBook Software
Calibre is the ultimate way to manage your collection on a desktop computer. It’s compatible with seemingly every known ebook format on the planet, and supports sending books to a wide variety of handheld ereaders and smartphones.
This program does too much for me to describe here, so find out all about Calibre in Open Book: Managing Your eBooks With Calibre, a free MakeUseOf download.
Google Books
Prefer using something in your browser? You might not be able to install software on your work computer, or you might switch computers regularly. Whatever your reason, you should check out Google Books, which gives you access to an eBook reader in your browser.
Firefox EPUB Extension
Do you want to read in your browser, but have already downloaded the EPUB files you want to read? You’re in luck! A Firefox extension for reading EPUB files works really well, and is free to install right now.
Magic Scroll
Upload your EPUB file so you can read it in your browser. MagicScroll is a great web-based eBook reader, featuring a very minimal interface and intuitive keyboard shortcuts.
Kindle
Do you already own a Kindle eReader, or make use of the Kindle app on your smartphone? Make sue you install the Kindle software for your desktop computer, then. You’ll be able to read your Kindle eBooks on your desktop. Best of all, your pages and bookmarks will stay in sync with your device.
Kobo
Own a Kobo instead of a Kindle? Me too! Good news: Kobo’s desktop software gives you access to thousands of free eBooks, and it’s free to download.
Nook
Are you a Nook user? You should check out the Nook software then. Like the above two programs, this eBook reader gives you access to books you’ve purchased at its respective store, and syncs.

Thursday, December 08, 2011


Big win, temporarily?
Heartland gets most of banks’ claims dismissed over its massive data breach
December 7, 2011 by admin
Bonnie Barron reports that Heartland Payment Systems succeeded in getting a federal court judge to agree to dismiss most of the claims in a consolidated lawsuit filed by nine banks following a massive breach that affected millions of customers.
Rosenthal granted the banks leave to amend the dismissed claims for breach of contract, breach of implied contract, express misrepresentation, negligent misrepresentation based on nondisclosure, and violations of the California Unfair Competition Law, the Colorado Consumer Protection Act, the Illinois Consumer Fraud and Deceptive Business Practices Act and the Texas Deceptive Trade Practices-Consumer Protection Act.
Heartland failed only in its bid to dismiss the claim that it violated the Florida Deceptive and Unfair Trade Practices Act. The processor had argued that the act applies only to consumers, not banks, but the Florida Legislature substituted “person” for “consumer” when it amended the act in 2001.
Read more on Courthouse News.


Looks like another successful test of the “Make the election turn out correctly” app!
Report: About 60,000 E-Votes Uncounted in NY Election Last Year
… The report (.pdf), released by the Democracy Program at New York University’s Brennan Center for Justice, says that instructions displayed on new optical scan machines confused voters who cast too many votes in the gubernatorial race, causing some 20,000 votes to be spoiled in that race.
… New York recently switched to optical scan machines, after the state was ordered to replace its antiquated mechanical lever voting machines. With optical scan machines, voters select their candidates on a paper ballot, which is then fed into the optical scanner.
The problem occurred with voters who chose more than one candidate in a race, called “overvoting.”


No surprise. Same for laptops, tablets, smartphones, etc.
"Antivirus firm Sophos acquired a passel of USB sticks lost by commuters on trains in the Greater Sydney metro area at an auction organized by the Rail Corporation New South Wales. The company analyzed 50 USB sticks and found that not a single one was encrypted and 33 of them were infected with at least one type of malware."


Interesting, if confused. I guess they see things differently in Texas.
Federal district court rules student has cause of action for violation of privacy rights after school officials disclosed sexual orientation to her mother
December 7, 2011 by Dissent
Here’s a follow-up on a case previously mentioned on this blog: Wyatt v. Kilgore Indep. Sch. Dist., No. 10-674 (E.D. Tex. Nov. 30, 2011)
Abstract: A federal district court in Texas has ruled that a student has stated a valid cause of action for violation of her substantive due process right to privacy based on school officials’ disclosure of her sexual orientation to her mother. It rejected school officials’ assertion of qualified immunity as a defense to the privacy claim, as factual disputes remained regarding whether school officials acted in an objectively reasonably manner and violated the student’s clearly established right to privacy.
The district court also upheld the validity of the student’s claim of municipal liability based on the school district’s failure to properly train employees and having a policy of disclosing a student’s sexual orientation. As with the privacy claim, it found that there were factual disputes regarding whether the school district has a policy of disclosing students’ sexual orientation and whether the district was deliberately indifferent to its duty to properly train employees to keep students’ sexual orientation confidential.
Read more on NSBA Legal Clips. Note that this has nothing to do with FERPA, which only protects education records.


They really see things differently. I look at virtual training as a place for soldiers to make mistakes, without dying or killing the wrong people. Corrections (true training) happen outside the virtual world.
Could Playing Videogames Be a War Crime?
Is your Xbox illegal under the Geneva Convention? Could you be hauled before the International Criminal Court for playing shooter games like Battlefield 3 or Call of Duty?
Absolutely not, says a spokesman for the International Committee of the Red Cross. “War crimes are serious violations of the laws of war committed in real life situations, not on virtual battlefields,” the ICRC’s Bijan Frederic Farnoudi tells Danger Room.
But Farnoudi’s colleagues aren’t quite so sure. They believe that virtual worlds and real war crimes could conceivably be linked — especially if an army uses a virtual world to train its troops.
… Christian Rouffaer, head of the ICRC’s international humanitarian law and videogames project, says that “a soldier trained on a computer or by any other means to shoot wounded enemy combatants would probably not be the only one to be prosecuted as it is primarily the responsibility of his commander to train, educate and to give him lawful orders.” In other words according to Rouffaer, military training that violates the Geneva Conventions is still a crime — even if that training is virtual.

(Related) Also, something for my geeky ex-military students to think about?
"DARPA has a problem on its hands: Satellites, unmanned drones (UAVs), and myriad other worldwide sensors are now so ubiquitous and omnipotent that the Department of Defense (DOD) doesn't actually know how to make the best use of them. In other words, the hardware is there, but the software isn't. To tackle this particularly tricky issue, DARPA is looking for smartphone app developers to help build 'sophisticated, adaptive applications.' Yes, DARPA wants to give smartphone developers access to the DOD's fleet of Hellfire missile-equipped UAVs. Instead of using a single, remote pilot to fly just one UAV, DARPA imagines 'an app [...] that allows a swarm of small deployed UAVs to be controlled as a single unit (a hive [mind] so to speak).' DARPA also wants app developers to help out with easy-to-use app interfaces, novel uses of smartphone-like sensors (accelerometers, cameras, gyros) — and ultimately, it wants to make a War Market where a soldier can simply log in with his DOD-issued smartphone or tablet and download Angry UAVs, Nuke Ninja, and other battlefield apps."


It matters to me!
Oregon media shield law did not protect blogger from having to reveal her sources (updated)
December 7, 2011 by Dissent
Evan Brown reports on a case in Oregon that will be of interest to bloggers: Obsidian Finance Group, LLC v. Cox, 2011 WL 5999334 (D.Or. November 30, 2011)
Evan writes:
Plaintiff filed a defamation lawsuit against defendant, who self-identified as an “investigative blogger” and a member of the “media.” Defendant asked the court to protect her from having to turn over the identity of the sources she spoke with in connection with drafting the allegedly defamatory content. She claimed that she was covered under Oregon’s media shield law, which provides in relevant part that:
No person connected with, employed by or engaged in any medium of communication to the public shall be required by … a judicial officer … to disclose, by subpoena or otherwise … [t]he source of any published or unpublished information obtained by the person in the course of gathering, receiving or processing information for any medium of communication to the public[.]
The court gave two reasons for finding that defendant was not covered by the shield law.
Read what the reasons were on Internet Cases.


I thought they had all these nifty “get by the censors” apps they distributed...
"Less than 12 hours after the U.S. launched a virtual embassy for Iran, the Iranian government blocked access to the website, directing visitors to a government page proclaiming the site illegal. The White House condemned the move, calling Iran's internet policies 'an electronic curtain of surveillance and censorship around its people.'"


Do we now generally accept electronic signatures?
House Votes to Make Netflix Playlist Sharing Easier
The House of Representatives on Tuesday easily passed legislation that updates video privacy laws to make it easier for online rental services such as Netflix to share information about customers’ viewing habits with user consent.
Current law requires written consent to share video records, but the new law would allow companies to obtain consent over the web.


An interesting look at reality. Perhaps Cloud Computing isn't the “Perfect Solution?”
December 07, 2011
CSC Cloud Usage Index
"Independent research firm TNS surveyed more than 3,500 cloud computing users in eight countries around the world to find answers to these and other timely questions. The survey focused on capturing user information about outcomes and experiences rather than predictions and intentions. While much remains to be discovered about how cloud can transform enterprises, the findings of the CSC commissioned Cloud Usage Index are nonetheless informative — and often surprising."
  • News release: "A survey of information technology (IT) decision makers around the globe found that the shift to cloud computing is driven primarily by a desire to connect employees through the multitude of computing devices in use today. Turning conventional wisdom on its head, 33 percent of survey respondents cited accessibility to information through multiple devices as the most important reason for their decision to adopt cloud computing."

(Related) Employees probably have a cellphone...
December 07, 2011
Americans and Mobile Computing: Key Trends in Consumer Research
Americans and Mobile Computing: Key Trends in Consumer Research, by Aaron Smith. December 7, 2011 at the Government Mobility Forum
  • "The Gadget Landscape - The Rise of Ubiquitous Mobile Connectivity
  • How Americans Use Their Phones - Engagement With Mobile Activities and Applications
  • The Meaning of Mobile - What is the Value Users Place on Their Mobile Devices?"


This gets filed in my “Wow, that's a lot of data” and “Who cares?” folders. Still, it does have the potential to keep today's 12-year-old from being elected president in 2042 based on some snarky tweet he or she made.
"The Library of Congress and Twitter have signed an agreement that will see an archive of every public Tweet ever sent handed over to the library's repository of historical documents. 'We have an agreement with Twitter where they have a bunch of servers with their historic archive of tweets, everything that was sent out and declared to be public,' said Bill Lefurgy, the digital initiatives program manager at the library's national digital information infrastructure and preservation program. Researchers will be able to look at the Twitter archive as a complete set of data, which they could then data-mine for interesting information."


Tools for teachers?
http://www.makeuseof.com/tag/5-easy-ways-download-convert-online-videos/
5 Easy Ways To Download & Convert Online Videos
But the opposite is also true. Sometimes sending a link or embedding a video is not enough, and we need the actual file, or only its soundtrack. And when that happens, the default FLV file format rarely cuts it. Luckily, there are several downloaders-converters out there that make it easy as pie to download videos and convert them into almost every possible format.


All I could think of was a new definition for “Blue screen of death.” After Fukashima, this is probably the only market for nuclear power...
"Microsoft Corp. co-founder Bill Gates says he is in discussions with China to jointly develop a new kind of nuclear reactor. During a talk at China's Ministry of Science & Technology Wednesday, the billionaire said: 'The idea is to be very low cost, very safe and generate very little waste.' Gates backs Washington-based TerraPower, which is developing a nuclear reactor that can run on depleted uranium."


A reading list...
The Open Laboratory 2012 – the final entries
… we are ready to announce the 50 essays and 1 poem that will be published in the sixth annual anthology of the best science writing online.

Wednesday, December 07, 2011


Here's another first. ATM hackers are clearly after information to convert to cash – perhaps this is the right move? I bet the banks hate it...
Update: Lucky urges some customers to close bank accounts as losses mount
December 6, 2011 by admin
Kevin McCallum reports:
Shoppers who used the self-checkout lines at 21 Lucky supermarkets in the Bay Area should cancel their accounts to protect their money, the company that owns the grocery chain announced Monday.
The warning does not yet include Lucky’s Supermarkets in the North Bay, but a store in Petaluma was under investigation as a possible site of theft.
Save Mart Supermarkets, owner of about 70 Lucky markets in Northern California, issued an alert saying it “strongly recommend(s)” that shoppers take the precautionary measure following reports of a security breach at the stores’ ATM/credit card readers.
Read more on Press Democrat.
Usually businesses advise customers to remain alert and monitor their accounts. For a chain to advise canceling accounts is a bit unusual. According to the report, ”On Monday, the company confirmed that 80 employees and customers so far were victims of thefts or attempted thefts from their accounts. Most occurred over the weekend, Rockwell said.”


So you hack into the system and send money to hundreds or thousands of accomplices? How big is this criminal organization?
MoneyGram Security Breach
December 6, 2011 by admin
Chester Robards reports:
A MoneyGram agent in the Bahamas may have lost hundreds of thousands of dollars this weekend as a result of its system being hacked, The Tribune understands.
Harvey Morris, managing director of MoneyGram, Omni Transfers, explained that the agent’s system was likely hacked by someone residing outside of the Bahamas. He said his own system was not directly affected, but did not know which agent’s system was.
[...]
He said this weekend was not the first time individuals have attempted to hack into their system. However, he explained that he was surprised that someone was successful.
“I’m a bit surprised to see that this has taken place,” said Mr Morris.
Read more on The Tribune.
[From the article:
Harvey Morris, managing director of MoneyGram, Omni Transfers, explained that the agent's system was likely hacked by someone residing outside of the Bahamas.
… However, he said the effect of the breach of security was that MoneyGram set a cap of $400 on wire transfers on all their local agents this weekend until the threat was secured.
"It's the first time I have seen MoneyGram implement such draconian measures," said Mr Morris.


Interesting. Read and despair?
By Dissent, December 6, 2011
Micky Tripathi, President and CEO of Massachusetts eHealth Collaborative provides yeoman service by dissecting a security breach they experienced earlier this year.
For my money, every entity dealing with patient data should read this piece. If you’ve been through it yourself, you’ll be nodding your heads in empathy, and if you haven’t, well, it may get you off the dime to do some things you’ve been intending to do all along – like encrypting data or remind employees about not leaving laptops in cars. It will also make it clear how complex it can be trying to sort what federal and state laws require – particularly if you’re a contractor or your contractor was the entity that had the breach.
Thanks so much to the reader who sent me the link!


Ta da! Could this have been avoided if there was disclosure?
8 companies hit with lawsuit over Carrier IQ software
December 6, 2011 by Dissent
Jaikumar Vijayan reports:
Apple is one of eight companies that have been named in another class-action lawsuit filed over the use of Carrier IQ software in mobile handsets.
The lawsuit was filed last Friday in U.S. District Court for the District of Delaware and accuses Carrier IQ, three wireless carriers, and four handset makers of violating the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act.
Read more on InfoWorld.
Update: And then there were 12 (lawsuits)


I like it! ...at least it is moving in the right direction.
Europe to crack down on privacy breaches with steep fines
December 6, 2011 by Dissent
Joseph Parish reports:
The European Commission is finalizing privacy protection rules where companies could be fined up to five percent of their global sales for mishandling the data of customers, suppliers, or employees. Because the law would apply to foreign companies with branches in Europe, it gives the EU significant power to regulate privacy worldwide. Under the proposed system, all companies with more than 250 employees would be required to have dedicated data protection staff, and businesses would have 24 hours to notify authorities of a security breach.
Read more on The Verge.


Is this the first set of guidelines from outside the advetising industry?
Ca: Privacy watchdog unveils new online ad guidelines
December 6, 2011 by Dissent
Sarah Schmidt reports:
Advertisers who track people’s online behaviour better watch their own back.
Jennifer Stoddart, Canada’s privacy watchdog, released new online advertising guidelines Tuesday spelling out what advertisers, websites and browser developers can — and can’t — do when it comes to tracking, profiling and targeting people.
Read more on Vancouver Sun.
Related:


Always interesting...
The PII Problem: Privacy and a New Concept of Personally Identifiable Information
December 6, 2011 by Dissent
Paul Schwartz and Daniel Solove have a new article available for download from SSRN. Here’s the abstract:
Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one time can be transformed into PII at a later juncture. Due to the malleable nature of what constitutes PII, some commentators have even suggested that PII be abandoned as the mechanism by which to define the boundaries of privacy law.
In this Article, we argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. We develop a new approach called “PII 2.0,” which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 utilizes a continuum of risk of identification. PII 2.0 regulates information that relates to either an “identified” or “identifiable” individual, and it establishes different requirements for each category. To illustrate this theory, we use the example of regulating behavioral marketing to adults and children. We show how existing approaches to PII impede the effective regulation of behavioral marketing, and how PII 2.0 would resolve these problems.
You can download the paper here.
The PII Problem: Privacy and a New Concept of Personally Identifiable Information
Paul M. Schwartz University of California, Berkeley – School of Law
Daniel J. Solove George Washington University Law School


Apple wouldn't do that, would they?
EU opens antitrust probe of Apple, other e-book publishers
The European Union's antitrust watchdog is investigating whether Apple helped five major publishing houses illegally raise prices for e-books when it launched its iPad tablet and iBookstore in 2010.


Woolly Mammoth! Woolly Mammoth! The kurfuffle-du-jour? Start your protest now and avoid the rush. After all, if God wanted a Woolly Mammoth he would have made one! Oh, wait...
Woolly Mammoth to Be Cloned


Couple this with my Ethical Hacker generated list of Congressional cell phone numbers and schedule everything for 2-4 AM and I'm in!
"One of the great banes of election season is that any politician can shell out a few pennies per voter and phone-spam thousands of people who'd rather not hear a recorded pitch. But turnabout's fair play, and now a service called reverse robocall will deliver your recorded message to elected officials as often as you'd like for a nominal fee. If there's a representative you'd like to call repeatedly, check them out."

Tuesday, December 06, 2011


Since Carrier IQ grabs all the data, all my Ethical Hackers need to do is record (log) what Carrier IQ looks at.
"Security researchers who have investigated the inner workings of the Carrier IQ software and its capabilities say the application has some powerful, and potentially worrisome capabilities, but as it's currently deployed by carriers it doesn't have the ability to record SMS messages, phone calls or keystrokes. However, the researchers note there is still potential for abuse of the information that's being gathered, whether by the carriers themselves or third parties who can access the data legitimately or through a compromise of a device. Jon Oberheide, a security researcher who has done a lot of work on Android devices, also analyzed several versions of the Carrier IQ software and found the software has the ability to record some information, but that doesn't mean it's actually doing so. [“That doesn't mean...” isn't a clear denial, is it. Bob] That part is up to each individual carrier. However, he says the ability to collect such data is a dangerous thing. 'There is a lot of capability to collect sensitive data, which is dangerous in any scenario,' Oberheide said in an interview. 'It's up to the carriers to use the software as they choose, but you could sort of put some blame on Carrier IQ. But they put it on the carriers.'"
For those who don't want to trust in the good will of Carrier IQ or carriers themselves, here are a couple ways to get it off your phone.
[From the Comments:
Carrier IQ has admitted that it records URLs of every web site you visit on your mobile device, and sends it to the carrier. So there is another subpoena target for the authorities. Even your ISP doesn't necessarily get that information. Why should your carrier?


There is “Ad Supported” than there is “Ad Attack!”
"In a post to the Nmap Hackers list Nmap author Fyodor accuses Download.com of wrapping a trojan installer (as detected by various AV applications when submitted to VirusTotal) around software including Nmap and VLC Media Player. The C|Net installer bundles a toolbar, changes browser settings, and, potentially, performs other shenanigans — all under the logo of the application the user thought they might have been downloading. Apparently, this isn't the first time they have done this, either."


Is this a French problem or are all Nuclear Plants defended by Swiss cheese? Strange that I can't find pictures of the banners... You would think they would want to document their success.
"Greenpeace activists secretly entered a French nuclear site before dawn and draped a banner reading 'Hey' and 'Easy' on its reactor containment building, to expose the vulnerability of atomic sites in the country. Greenpeace said the break-in aimed to show that an ongoing review of safety measures, ordered by French authorities after a tsunami ravaged Japan's Fukushima Dai-ichi nuclear plant earlier this year, was focused too narrowly on possible natural disasters, and not human factors."


Suspicions confirmed... Perhaps we are well defended against a 9/11 type attack. But are we ignoring the potential for other types of attack?
Insider: $56 Billion Later, Airport Security Is Junk
The Department of Homeland Security has spent billions since 9/11 trying to keep dangerous people and dangerous explosives off airplanes, and treating us all air travelers like potential terrorists in the process. But according to a former security adviser to a leading airline, the terrorists have changed the game — and the government hasn’t yet caught on.
… In the new issue of the CTC Sentinel, a wonky security newsletter published by West Point’s Combating Terrorism Center, Brandt all but indicts his former industry and its government protectors. “Government regulators suffer from a lack of imagination in anticipating and mitigating emergent and existing threats” to air travel, he writes.


A brief Brief...
December 05, 2011
Governmental Tracking of Cell Phones and Vehicles: The Confluence of Privacy, Technology, and Law
  • "Legislation has been introduced in the 112th Congress that proposes to update, clarify, or, in some instances, strengthen the privacy interests protected under the law and give law enforcement a clearer framework for obtaining crucial crime-fighting information. In particular, Senator Ron Wyden and Representative Jason Chaffetz introduced identical legislation, S. 1212 and H.R. 2168, entitled the Geolocational Privacy and Surveillance Act, or GPS bill, which would make it unlawful for a service provider to disclose or law enforcement to intercept or use a person’s location unless they obtained a warrant based upon probable cause or one of the limited exceptions applies. Senator Patrick J. Leahy has introduced the Electronic Communications Privacy Act Amendment Act of 2011 (S. 1011), which not only includes a warrant requirement for geolocation information, but also overhauls and updates other provisions of federal electronic surveillance law... This report will briefly survey Fourth Amendment law as it pertains to the government’s tracking programs. It will then summarize federal electronic surveillance statutes and the case law surrounding cell phone location tracking. Next, the report will describe the GPS-vehicle tracking cases and review the pending Supreme Court GPS tracking case, United States v. Jones. Finally, the report will summarize the geolocation and electronic surveillance legislation introduced in the 112th Congress."


We've been looking for an Artificial Intelligence instructor for some time. Now we are considering building one from online tools...
7 Amazing Websites To See The Latest In Artificial Intelligence Programming


For my Ethical Hackers who would like to call some people over and over and over and over and over... Also Group Calling and soon Video Calls.
Vox.io: A Simple Way To Make Voice Calls From Your Web Browser
Vox.io is a handy VoIP client which relies completely on your browser, on any flash-based device and helps you make calls to your friends and family. But before that, you must sign up for a free account and validate your phone number and email.
… The recipient will receive the call from the number you have registered with Vox.io.
… It’s free to call other Vox.io users but if you want to make any international calls, you must buy Vox.io credit. You can check out Vox.io call rates here.


For my Math students
Google adds graphing calculator to search
Students and lovers of all things math need merely to type in a function to the Google search bar, and the tool will render an interactive graph, Google explained today in a company blog announcing the new tool.
"You can zoom in and out and pan across the plane to explore the function in more detail. You can also draw multiple functions by separating them with commas," Google engineer Adi Avidor wrote.


No one will ever need this...
How To Fix Errors and Format USB Flash Drives

Monday, December 05, 2011


I'll probably (.72) send this to my Statistics students.
Facebook to host online casinos?
… reports are emerging from the United Kingdom that Facebook is considering allowing casinos to operate within its virtual friendship facility.
When I say casinos, I mean ones with real money.
The Daily Mail fulminates at the prospect. It cites the knowledgeable people at eGaming Review in insisting that Facebook is in negotiations with around 20 gambling experts, consultants, and homes of online gambling.


So maybe it will die out?
Sexting far less prevalent than previously reported
A study published in the January, 2012 issue of Pediatrics asked teens whether they had sent or received sexually suggestive, nude or nearly nude images of themselves--a practice commonly known as "sexting."
What they found is that 2.5 percent of the 10- to 17-year-olds in the survey said they had appeared in or created images that depicted themselves nude or nearly nude. But, when the researchers asked if the images "showed breasts, genitals or someone's bottom," only 1.3 percent said they had appeared in or created such images.
Why this study is important
This study shows that sexting is not the norm. The vast majority of kids are not involved in this type of behavior. And the reason this is important is because of evidence from other studies that show that people are more likely to engage in behavior that they consider to be "normal."


We should call this “e-Fine Print”
"If you used Ticketmaster's website to buy tickets between October 21, 1999 and October 19, 2011, you're in for a windfall. Well, a $1.50 per ticket order windfall. Because of a proposed class action settlement, Ticketmaster is being forced to credit $1.50 per ticket order (up to 17 orders) to customers because they profited from 'processing fees' without declaring as much. And despite the reparations, Ticketmaster can continue to profit off transactions — they just have to say they're doing so on their website."


Snail mail gets snail-er...
"The United States Postal Service will be closing half of its processing centers this spring. Currently, 42% of first-class mail is delivered the following day for nearby residential and business customers. But that overnight mail will be a thing of the past, with delivery guaranteed only for 2-3 days. About 51% will be delivered in two days. Periodicals may take up to nine days. (Additional delays beyond this may come into play when Congress also authorizes USPS to close operations for some days each week.)"


Drone maybe, they shouldn't even 'see' a stealth drone. (Of course they can fail an fall out of the sky without any help...)
Did Iran Capture a U.S. Stealth Drone Intact?
For the second time this year, the Iranian government is claiming it forced down a stealthy U.S. Air Force spy drone. Only this time, Iran says it bagged the RQ-170 “with little damage” by jamming its control signal — a potentially worrying development for American forces heavily reliant on remote-controlled aircraft.
There are good reasons to question Iran’s story — or at least parts of it. For starters, the earlier claim of a drone shoot-down proved false. Why would this announcement be any more credible? Also, for most U.S. unmanned aircraft, merely jamming the control signal won’t bring them down. Some don’t have control signals at all.


Standardizing the future?
December 04, 2011
NIST Cloud Computing Program
"Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics (On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured Service); three service models (Cloud Software as a Service (SaaS), Cloud Platform as a Service (PaaS), Cloud Infrastructure as a Service (IaaS)); and, four deployment models (Private cloud, Community cloud, Public cloud, Hybrid cloud). Key enabling technologies include: (1) fast wide-area networks, (2) powerful, inexpensive server computers, and (3) high-performance virtualization for commodity hardware." Draft Documents as follows:


Another sign that we're teaching Paleotechnics?
December 04, 2011
Harvard Law/Computer Scientist Declares PCs Dead
"The following op-ed by Harvard Law School Professor Jonathan Zittrain appeared in the Nov. 30 edition of the Technology Review - The PC is dead. Rising numbers of mobile, lightweight, cloud-centric devices don't merely represent a change in form factor. Rather, we're seeing an unprecedented shift of power from end users and software developers on the one hand, to operating system vendors on the other—and even those who keep their PCs are being swept along. This is a little for the better, and much for the worse. The transformation is one from product to service. The platforms we used to purchase every few years—like operating systems—have become ongoing relationships with vendors, both for end users and software developers. I wrote about this impending shift, driven by a desire for better security and more convenience, in my 2008 book The Future of the Internet—and How to Stop It."

(Related( Time for...
How to build your own app for free
Ever want to build an app for yourself?
It's actually not hard. There are a number of companies that offer the ability to create your own app for a minimal fee, which is great for small businesses looking to stay relevant in this increasingly mobile world. Or if you just have a lot of time on your hands.
Take Conduit. The company made its money creating branded toolbars found on your browser. But over the past few months, it has been expanding into the mobile world with a free service that allows you to build an app and mobile Web site in minutes. It's part of a planned shift by the company to build its consumer awareness after spending years serving other businesses in a white label capacity.
… I've tried the service, and it's pretty simple to use. The best part: it's completely free. Conduit has a team set up that will take you through the submission process and it will even pay your fee to get the app up in the various mobile app stores.


Another author suggesting that paper books need to be updated... (See Nature's “post Gutenberg” textbook)
Guest Post: Tablets Deliver a New Business Book Mashup
… This interactive component has been non-existent in business books because of the stand-alone, linear nature of the dead-tree publishing format.
Until now.
With the release of the new full-color Kindle Fire tablet from Amazon a few weeks ago (as well as the Apple iPad and Barnes & Noble Nook) a new kind of business book is born. As an author of seven previous books, I was excited about the opportunities for delivering content in a new way—a mashup of a book and a blog.
Business books on a tablet computer means a non-linear experience and makes the content come alive! You can instantly jump from one part of the book to another. Better yet, now you can instantly link from the book to external content too. In addition, it’s in full color allowing infographics to illustrate key points. It means a book read on an iPad or Kindle Fire is like reading a blog post with links to valuable content from other places. The new book experience means watching the video the author mentioned with one click. It means you can check out the Twitter feed of the expert cited in the text. You can see the cool picture that was once worth 1,000 words.


Speaking of eBooks...
Monday, December 5, 2011
The web is full of ebooks, you can see mine here, but finding them isn't always easy. You can search by file type on Google or visit any number of document hosting services like Issuu, but even then you might be missing something good. Search EBooks is a service dedicated to helping you find free ebooks. When you find an ebook on Search EBooks you can view a preview of it, download, or grab an embed code without ever leaving the search results page.
Applications for Education
Many useful how-to manuals are published as ebooks. If you're looking for a manual or other how-to document to share with your students or colleagues, Search EBooks could help you locate it and share it quickly.


Think this area is hot enough to get Grants or other funding for “Bob's Academy”
Bring Virtual Science Education To Campuses
Some readers may be familiar with Khan Academy, an awesome eLearning platform that offers students, self-starters and everyone in between the opportunity to learn at their own pace by watching instructive videos on subjects that range from arithmetic to physics. The non-profit startup has been growing like gangbusters of late, and now has more than 2,600 videos in its library.
… Supplemental learning resources like Khan Academy’s stand to play a significant role in the changing educational landscape. The fact of the matter is that, while we might be in a higher education bubble, colleges and universities (public institutions, especially) face a challenging economic climate, which has led to budget cutbacks across the board. This is exacerbated by the increase in student enrollment, along with dwindling resources available to students and teachers, chief among them the limit of physical space within classrooms.
… One startup, like Khan Academy, has built an online platform that can become part of the solution, allowing universities to continue providing engaging curricula even when resources may not be available. Late Night Labs, a New York City-based startup, offers an web-based educational platform for distance and hybrid learning settings that lets students take biology and chemistry labs, for example, without the real-life explosions.
… The platform comes with (150+) standardized courses that meet national science requirements, or teachers can use the platform to create their own customized classes.


Just what a teacher needs! Now, with a single click, I can insert my most common text (“Please read the damn textbook!”) into any email!
Sunday, December 4, 2011
Everyday brings a new round of Man vs. Email to my life. Some days "Man" wins and other days "Email" wins. Now I have a new weapon in this battle and its name is Insert Text.
Insert Text is a Google Chrome Extension that allows you to right-click on any field in your email or other web form and insert a chunk of text from your personal library of saved text. Insert Text allows you to build a library of sentences and paragraphs that you use frequently. Then when you need to use one of those sentences in an email just right-click and select the sentence you want to use.


If nothing else, a place to find interesting resources!