Friday, August 17, 2012

Catching up to the 9 year old script kiddies...
"The DHS and ICS-CERT are warning users of some popular Tridium Niagara AX industrial control system software about a series of major vulnerabilities in the applications that are remotely exploitable and could be used to take over vulnerable systems. The bugs, discovered by researchers Billy Rios and Terry McCorkle, are just the latest in a series of vulnerabilities found in the esoteric ICS software packages that control utilities and other critical systems. The string of bugs reported by Rios and McCorkle include a directory traversal issue that gives an attacker the ability to access files that should be restricted. The researchers also discovered that the Niagara software stores user credentials in an insecure manner. There are publicly available exploits for some of the vulnerabilities."


“Download our 'surveil yourself' App!”
"Motorists are being invited to help develop a new driving app that could earn them a discount of 'up to 20%' on their motor insurance. British insurer Aviva is using smartphone technology to create individual driver profiles that will be used to calculate tailored pay-how-you-drive premiums. The driver behavioral app, Aviva RateMyDrive, will monitor motorists taking part in the test for 200 miles, including acceleration, braking and cornering. This data is then turned into an individual score which helps determine the motorist's premium, with 'safer' drivers earning up to 20% off their deal."


Don't worry, it's just that DHS worker bees don't know what policy DHS executive leadership has implemented.
EPIC FOIA – Documents Shed Further Light on Homeland Security Pursuit of Crowd Surveillance
August 17, 2012 by Dissent
From EPIC.org:
New documents obtained by EPIC under the Freedom of Information Act provide further details on a DHS plan to use an multiples surveillance technologies to search people in public spaces. Previous EPIC FOIA work produced records about a similar DHS program, which the government agency subsequently claimed it had cancelled. However, the new documents obtained by EPIC show that the DHS was still pursuing mobile crowd surveillance as recently as 2011. The technologies include “intelligent video,” backscatter x-ray, Millimeter Wave Radar, and Terahertz Wave, and could be deployed at subway platforms, sidewalks, sports arenas, and shopping malls. For more information, see EPIC: EPIC v. DHS (Mobile Body Scanners FOIA Lawsuit) and EPIC: Electronic Frisking


So if you ask to see an image, that's okay but we don't store the image so you can't see it unless we think it's related to a crime in which case you can't see it because it's evidence...” So what actually changes?
Nation’s police chiefs adopt drone code of conduct (updated)
August 16, 2012 by Dissent
Stephen Dinan reports:
The nation’s police chiefs have adopted a code of conduct for their use of drones, including letting any images captured by unmanned aerial vehicles, or UAVs, be open to inspection by the public, and that the images not be stored unless they are evidence of a crime or part of an ongoing investigation.
The chiefs also said that if they plan to fly drones over an area where they are likely to spot criminal activity and where they would be intruding on someone’s “reasonable expectations of privacy,” they should seek to get a search warrant first.
Read more on Washington Times.
Update: Thanks to Ryan Calo, who pointed me to the full code of conduct. The full code contains a statement on image retention that was omitted in the media report:
IMAGE RETENTION:
1. Unless required as evidence of a crime, as part of an on-going investigation, for training, or required by law, images captured by a UA should not be retained by the agency.
2. Unless exempt by law, retained images should be open for public inspection.
The “for training” in (1) seems like a pretty permissive standard, and it would be better if that were limited.


That does it. I'm creating “None of the above” to accept donations.
Text Message Donations Good for Democracy, Risky for Privacy
In June, the Federal Election Commission announced that political campaigns will soon be able to accept donations via text message. This new option will empower thousands of citizens, especially young and low-income people who have less money to give but tend to use cellphones at a greater rate, to participate more actively in the political process.
… But this proposal also has a potential downside: a loss of privacy.
An outdated patchwork of statutes has created a complex web of standards governing law enforcement’s access to communications handled by third-party providers. This includes differential treatment for the content of communications and for the “metadata” about those communications.


Actually, this would explain a lot about the RIAA and MPAA.


Tools to torture students? “Dude! No electric guitars? No window shattering bass? No cursing? You call this music?”
"Just under two years ago Musopen launched a Kickstarter campaign covered here on Slashdot. Today that project is complete with the release of a large amount of classical recordings into the public domain. This brings an extensive collection of high quality classical music into the public domain. The project music is hosted on the Musopen site, and on archive.org."


'cause you never know when you might need a “∑” or a “μ” or a “∛”
… what if you want to type something that is not readily available on the keyboard? If that’s the case you need to check out PiliApp Symbol. It has hundreds of symbols available for you to use however you wish.


Of course this come out right at the end of my Statistics class. I would like my students to give this a try.
How Statwing Makes It Easier To Ask Questions About Data So You Don’t Have To Hire a Statistical Wizard
Statwing is a Y-Combinator startup that translates the arcane technical terminology into plain english so you can do data analysis on your own.


So many students don't know how to do this...

No comments: