Sharing on Facebook... “Those who do
not study 'really stupid things to do online' are doomed to repeat
'really stupid things to do online.'” Bob, with apologies to
Santayana.
Twitter
feed reveals nirvana of human doltishness
… this is a Twitter feed called
NeedADebitCard.
It serves a vast social purpose.
Yes, it reveals all those who happen to
share pictures of their brand new debit cards. Full frontal. Numbers
exposed. Names attached.
… Naturally, some speculate that
the vast majority of those tweeting these pictures are teenagers, who
have so little money that their identity is scarcely worth stealing.
Updates as massive
security/privacy/operational issues.
Do it our way (which is none of your
business) or else!
“We are not amused.” “Queen”
Victoria, my network gal...
Cisco’s
cloud vision: Mandatory, monetized, and killed at their discretion
… When
owners of the E2700, E3500, or E4500 attempted to log in to their
devices, they were asked to login/register using their “Cisco
Connect Cloud” account information. The story that’s emerged
from this unexpected “upgrade” is a perfect example of how
buzzword fixation can lead to extremely poor decisions.
… The
E2700, E3500, and E4500 all shipped with the
“Automatic Firmware Update” option selected, [Best Practice is
to change all “default settings” which in your best interest.
Bob] which is why so many users found themselves asked to
authenticate using a different account with no prior warning.
… The
second major problem with Cisco’s Cloud Connect is its
“supplemental privacy policy.” This policy is an addition to
Cisco’s Privacy Statement. As of
June 27, the fifth paragraph read as follows:
When you use
the Service, we may keep track of certain information related to your
use of the Service, including but not limited to the status and
health of your network and networked products; which apps relating to
the Service you are using; which features you are using within the
Service infrastructure; network traffic (e.g., megabytes per hour);
Internet history; how frequently you encounter
errors on the Service system and other related information (“Other
Information”).
This
paragraph has been excised entirely from the current version of the
Supplemental
Privacy Policy, but that proves nothing — Cisco has the right
to update its privacy policy at any time, without legal penalty.
Both versions of the document contain a further statement that may
raise a few eyebrows. The next-to-last sentence reads: “In some
cases, in order to provide an optimal experience on your home
network, some updates may still be automatically
applied, regardless of the auto-update setting.”
(Related) “Why should we fix it?
It's working exactly as we intended.”
Facebook's
e-mail debacle: One 'bug' fix, but rollback impossible
Facebook changed its 900+ million
users' primary e-mail address a week ago, setting in motion a
continually cascading series of failures.
Users have lost
unknown amounts of e-mail, and address books were unknowingly
overwritten. Facebook's first official response yesterday was that
everyone was just confused about how to look in their Facebook
inboxes.
Now they've changed their tune. But
their admission of intercepted and lost e-mail, questions about
privacy ethics, and new issues around Apple iOS 6 show that
Facebook's Apple app is also adding secondary,
undeletable contacts into users' address books.
(Related)
Auto-Sunk.
Check Your Hidden Facebook “Other” Inbox For Your Missing Emails
Perhaps they learned from the team that
created Stuxnet? At least I now know who to call if my sprinklers
come on by themselves. The pie charts are interesting...
July 02, 2012
Industrial
Control Systems Cyber Emergency Response Team Report
"The Department of Homeland
Security (DHS) Control Systems Security Program manages and operates
the Industrial Control Systems Cyber Emergency Response Team
(ICS-CERT) to provide focused operational capabilities for defense of
control system environments against emerging cyber threats... This
report provides a summary of cyber incidents, onsite
deployments, and associated findings from the time ICS-CERT was
established in 2009 through the end of 2011. The most common
infection vector for network intrusion was spear-phishing emails with
malicious links or attachments. Spear-phishing accounted for 7 out
of 17 incidents. At least one incident involved an infection from a
removable USB device."
(Related) Looks like we need another
“Team.” Seriously! This is biological warfare and lots of US
hating countries with no nuclear weapons have plenty of bugs.
"Timothy Paine, an entomologist
at the University of California-Riverside, recently 'committed to the
scientific record the idea that California's eucalyptus
trees may have been biologically sabotaged,
publishing an article [in the Journal of Economic Entomology] raising
the possibility of bioterrorism.' Specifically, Paine argues that
foreign insect pests have been deliberately introduced in the Golden
State, in hopes of decimating the state's population of eucalyptus
(especially the two species regarded as invasive, which 'are
particularly susceptible to the pests.') In California's
Bioterror Mystery, Paine (and scientists who are skeptical) make
their arguments. What isn't in dispute is that the insect pests have
already inflicted hundreds of millions of dollars in damage, making
the story a cautionary tale about what might happen if a food or crop
were intentionally targeted."
How do you plan to counter this,
Computer Security students?
How
Anonymous Picks Targets, Launches Attacks, and Takes Powerful
Organizations Down
… In fact, the success of Anonymous
without leaders is pretty easy to understand—if you forget
everything you think you know about how organizations work.
Anonymous is a classic “do-ocracy,” to use a phrase that’s
popular in the open source movement. As the term implies, that means
rule by sheer doing: Individuals propose actions, others
join in (or not), and then the Anonymous flag is flown over the
result.
1) Wait, wait... You haven't been
doing this all along?
2) Someone better tell Congress before
they start passing laws based on this stuff...
Feds
Look to Fight Leaks With ‘Fog of Disinformation’
Pentagon-funded researchers have come
up with a new plan for busting leakers: Spot them by how they
search, and then entice the secret-spillers with decoy documents that
will give them away.
Computer scientists call it “Fog
Computing” — a play on today’s cloud computing craze. And in a
recent
paper for Darpa, the Pentagon’s premiere research arm,
researchers say they’ve built “a prototype for
automatically generating and distributing believable misinformation
… and then tracking access and attempted misuse of it. We call
this ‘disinformation technology.’”
I was dreading a long report at 140
characters per Tweet... It is actually fairly comprehensible.
Twitter
Transparency Report
July 2, 2012 by Dissent
Twitter has issued its first
transparency report, covering governmental requests for user account
data for the period January 1, 2012 – June 30, 2012.
Out of the 849 requests it received
during this period (a number significantly lower than what I had
imagined), 679 were from the U.S. for user account information on 948
users. Of those 679 requests, 75% resulted in Twitter providing some
or all of the requested data.
See
the report, and kudos to Twitter for disclosing these numbers.
[Also see Twitter's
Guidelines for
Law Enforcement. Bob]
(Related) So we will likely see many
more requests...
Judge
Finds No Constitutional Violation in Producing Tweets
July 2, 2012 by Dissent
Andrew Keshner reports:
Twitter must
produce tweets and user information of an Occupy Wall Street
protester, a judge has ruled, discounting objections from the social
media website in a case of first impression.
“The
Constitution gives you the right to post, but as numerous people have
learned, there are still consequences for your public posts. What
you give to the public belongs to the public. What you keep to
yourself belongs only to you,” Criminal Court Judge Matthew
Sciarrino Jr., sitting in Manhattan, wrote inPeople
v. Harris, 2011NY080152.
Read more on New
York Law Journal.
For my Data Mining and Data Analysis
students
July 02, 2012
Managing
Discovery of Electronic Information: A Pocket Guide for Judges
Managing
Discovery of Electronic Information: A Pocket Guide for Judges,
Second Edition. Barbara J. Rothstein, Ronald J. Hedges, and Elizabeth
C. Wiggins. Federal Judicial Center, 2012
- "ESI currently includes e-mail messages, word processing files, web pages, and databases created and stored on computers, magnetic disks (such as computer hard drives), optical disks (such as DVDs and CDs), and flash memory (such as “thumb” or “flash” drives), and increasingly on “cloud” based servers hosted by third parties that are accessed through Internet connections. The technology changes rapidly, making a complete list impossible. Federal Rules of Civil Procedure 26 and 34, which went into effect on December 1, 2006, use the broad term “electronically stored information” to identify a distinct category of information that, along with “documents” and “things,” is subject to discovery rights and obligations."
Attention Ethical Hackers: Two teams,
one builds drones the other tries to take them over. One month form
now we switch teams. Note that this was NOT a true hack of the
drone.
Research
Team Hacks Surveillance Drone With Less than $1,000 in Equipment
July 2, 2012 by Dissent
David Sydiongco reports:
Last week, a team
University of Texas researchers, led by professor Todd Humphreys,
managed to hack a surveillance drone before the eyes of the
Department of Homeland Security, successfully “spoofing”
the UAV’s GPS system with just about $1,000 is
off-the-shelf hardware.
Read more on Slate.
[From the article:
The University of Texas team
constructed a “spoofing device,” which sent
counterfeit GPS signals to the unmanned aerial vehicle,
steering it off-course.
DHS officials were pleased with his
results, says Humphreys, as they were a “fulfillment of their
prophecies.”
He explains that while the hardware of
the “spoofing” device is easily accessible, its “special sauce”
is in the software, which was developed over a four-year period by
his team. “It’s outside the capability of any
average American citizen,” said Humphreys. [Well, are you going to
allow that challenge to go unanswered? Bob]
Perspective: So far, none of my
students have asked, “What is that strapped to your wrist,
professor?”
The
Smartphone Replacement Index
… O2, the same network that
documented
the phone call's fifth-most-popular ranking among smartphone
functions, also
conducted research into the non-phone-y uses of the smartphone.
What it found was a Swiss
Army effect: people are using their smartphones not just as
phones, and not even just as portable Internet cafes, but also as
diaries and watches and cameras and alarm clocks and libraries and
personal movie theaters.
(Related)
Maybe
We Should Stop Calling Smartphones 'Phones'
Every day, the
average smartphone user spends 128 minutes actively using the
device. That's just over two hours. The average user is spending
those 128 minutes surfing the Internet (for nearly 25 minutes),
engaging in social networking (for more than 17), listening to music
(more than 15), and playing games (more than 14).
What the average user is doing
relatively little of, however, is talking -- using the smartphone as,
you know, a phone.
Hope for the future. This increases
the odds that someone will actually figure it out!
Tyler
Cowen: 'Everywhere Will Be Like the Music Industry'
The music industry, as we all know, has
been turned upside down by the new behaviors enabled by the Internet.
If you look at recorded
music sales alone, the industry has nosedived since the late 90s.
But if you take a
broader view, we see that people continue to listen to tons of
music, go to concerts, and that all kinds of startups are desperately
trying to become the new model for the industry.
If George Mason economist and Marginal
Revolution blogger Tyler Cowen is right, higher education is
about to go the way of the record company. Speaking at the Aspen
Ideas Festival, he offered up college as the next in a long line of
industries that Internet-enabled innovation is going to scramble.
Years ago, I thought of this exact form
of funding, but as a “charity” replacement. Let the donors pick
new projects to fund.
The
Power and the Peril of Our Crowdfunded Future
Since Kickstarter launched in April of
2009, we, the crowd, have funded a quarter of a billion dollars worth
of art projects, small businesses, tech gear, etc.
I'm shocked! My blog isn't on the
list!
The
1000 most-visited sites on the web
No comments:
Post a Comment