Thursday, September 06, 2012

So now the question becomes, are the UDIDs real? If so, where did they come from?
Apple: We Didn’t Give FBI Any Device IDs
September 5, 2012 by admin
John Paczkowski got a statement from Apple, denying that they provided the FBI with the database of device IDs:
“The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID,” Apple spokeswoman Natalie Kerris told AllThingsD.
Read more on AllThingsD.
So now the FBI has denied the data were in their possession, and Apple has denied providing it to the FBI. Absent any proof from AntiSec that they obtained it from an FBI notebook, it seems that they did obtain a database of real data, but I remain unconvinced as to where/how they obtained it. Some people are encouraging users who find their device IDs in the data dump to compile a list of apps they’ve used so that perhaps, a common culprit can be identified. Or perhaps the individuals who acquired the data will provide more evidence as to where they obtained it. Yes, the FBI could be lying. Yes, Apple could be lying. Hell, everyone could be lying, but we appear to have a real database and we don’t know who was in possession of it – or even how many business, agencies, or individuals may be in possession of it. Not a comforting situation.


Another fake or are we in for some election year amusement?
A federal investigation has been launched after hackers claimed to have stolen Mitt Romney’s tax returns. The hackers have given Romney until September 28th to pay $1 million in bitcoins or they say they will release the returns. From the article: "The claim was made in a post on the Pastebin site on Sunday that alleged that Romney's federal tax returns were taken from the offices of PriceWaterhouse Coopers in Frankin, Tenn., on August 25 by someone who snuck into the building and made copies of the document. [Unlikely? Bob] The message author threatened to release the files publicly on September 28 and said copies of the files had been given to Democratic and Republican leaders in that county. Democrats have made Romney's refusal to release his tax returns a key point in their criticism that he is not in touch with working class voters."


All I ask is 10%...
Cybercrime costs U.S. consumers $20.7 billion
U.S. consumers lost $20.7 billion to cybercrime over the past 12 months, with 71 million Americans falling victim to online perps, according to new research.
Meanwhile, worldwide losses resulting from cybercrime including malware attacks and phishing hit $110 billion between July 2011 and the end of July 2012, a report by security company Symantec (PDF) has found.


At what point must we apply the rules of war? If the CIA can do this can the DHS? Would they use one to intercept another 9/11 plane?
29 Dead in 8 Days as U.S. Puts Yemen Drone War in Overdrive
29 dead in a little over a week. Nearly 200 gone this year. The White House is stepping up its campaign of drone attacks in Yemen, with four strikes in eight days. And not even the slaying of 10 civilians over the weekend seems to have slowed the pace in the United States’ secretive, undeclared war.
At this week’s Democratic National Convention in Charlotte, you’ll hear lots of talk about the Obama administration’s pursuit of al-Qaida and its allies — including, of course, the raid that ultimately took out Osama bin Laden. But the hottest battlefield in this worldwide conflict isn’t likely to receive much attention. It’s a shame, because the fight in Yemen is one that demands discussion. Not only does the White House consider al-Qaida in the Arabian Peninsula to be the extremist group most likely to strike in the United States. But the American response to that threat was been widely questioned by regional experts, who wonder whether U.S. drones and commandos aren’t being duped into fighting on one side of a civil war.


For my Ethical Hackers. Your task: do the same thing remotely
Widely used fingerprint reader exposes Windows passwords in seconds
September 5, 2012 by admin
Dan Goodin reports:
Fingerprint-reading software preinstalled on laptops sold by Dell, Sony, and at least 14 other PC makers contains a serious weakness that makes it trivial for hackers with physical control of the machine to quickly recover account passwords, security researchers said.
The UPEK Protector Suite, which was acquired by Melbourne, Florida-based Authentec two years ago, is marketed as a secure means for logging into Windows computers using an owner’s unique fingerprint, rather than a user-memorized password. In reality, using the software makes users lesssecure than they otherwise would be. When activated, the software writes Windows account passwords to the registry and encrypts them with a key that is easy for hackers to retrieve. Once the key has been acquired, it takes seconds to decrypt the password.
Read more on Ars Technica.

(Related) A fingerprint replacement and another collection of biometric data?
"CNet reports that Google was awarded a patent yesterday for logging into a computing device using face recognition (8,261,090). 'In order for the technology to work, Google's patent requires a camera that can identify a person's face. If that face matches a "predetermined identity," then the person is logged into the respective device. If multiple people want to access a computer, the next person would get in front of the camera, and the device's software would automatically transition to the new user's profile. ... Interestingly, Apple last year filed for a patent related to facial recognition similar to what Google is describing in its own service. That technology would recognize a person's face and use that as the authentication needed to access user profiles or other important information.'"


TSA invents another “screening technique?” Do they check the vendors too? (Is this sanitary? Apparently not)
TSA Moves On From Your Underwear to Your Starbucks
Not content with fondling your privates and banning liquids from entering the concourse, the Transportation Security Administration is apparently now also screening liquids bought by passengers after they’ve already gone through regular security screening.
A passenger flying from Columbus, Ohio, to Oakland, California, over the holiday weekend captured the practice on video while he was sitting with other passengers in the airport’s embarkment lounge waiting to board their flight.
As the unidentified passenger points out in commentary posted with his video to YouTube, the liquid testing is being done “well beyond the security check” and on liquids that passengers have purchased inside the security perimeter after they already passed through security screening and threw out any drinks they might have brought with them to the airport.
… He concludes his post by asking, “Whats next…perhaps the TSA will come to your home prior to your drive to the airport? The police state of the US is OUT OF CONTROL!”
But the TSA says the practice isn’t new — it’s been going on since 2007 — and is part of random screening techniques designed to catch liquid explosives that might slip through initial screening.


Changing the rules...
U.S. Consumer Groups Endorse Proposed European Privacy Law
September 5, 2012 by Dissent
From EPIC.org:
In a letter to members of the European Parliament, over twenty U.S. consumer organizations expressed support for the new European data protection law. The coalition, including Consumers Union, Consumer Federation of America, and Public Citizen, said that the proposed regulation “provides important new protections for the privacy and security of consumers.” The groups also explained that the European effort will raise privacy standards for consumers in other parts of the world. The European Union privacy regulation is a comprehensive update of the 1995 EU Data Protection Directive and adopts innovative new approaches to privacy protection, such as “Privacy by Design.” BEUC, the association of European consumer groups, has also expressed support for the new law. For more information, see EPIC: EU Data Protection Directive


Plain sight? Digital sight?
Police seizure of text messages violated 4th Amendment, judge rules
September 5, 2012 by Dissent
Jon Brodkin reports:
At 6:08am, on October 4, 2009, Trisha Oliver frantically called 911 from her apartment in Cranston, Rhode Island when her six-year-old son, Marco Nieves, stopped breathing. The Fire Department took Marco to Hasbro Children’s Hospital, where he was found to be in full cardiac arrest. He died 11 hours later.
By 6:20am, Sgt. Michael Kite of the Cranston Police Department had arrived at the apartment, where he found Oliver, her boyfriend Michael Patino, and their 14-month-old daughter, Jazlyn Oliver. Kite observed a couple of stripped beds and linens on the floor, a trash can with vomit inside it, dark brown vomit in a toilet, and, crucially, a cell phone on the kitchen counter. Kite picked up the cell phone, and it was at that point—in the just-released opinion of a Rhode Island state court—that police proceeded to mangle a murder case and violate Patino’s Fourth Amendment rights by viewing text messages without a warrant.
Read more on Ars Technica.


Data Mining for teaching evaluation? Probably a few privacy questions here too.
September 04, 2012
Big Data for Education: Data Mining, Data Analytics, and Web Dashboards
  • "In this report, I examine the potential for improved research, evaluation, and accountability through data mining, data analytics, and web dashboards. So-called “big data” make it possible to mine learning information for insights regarding student performance and learning approaches. 1 Rather than rely on periodic test performance, instructors can analyze what students know and what techniques are most effective for each pupil. By focusing on data analytics, teachers can study learning in far more nuanced ways. 2 Online tools enable evaluation of a much wider range of student actions, such as how long they devote to readings, where they get electronic resources, and how quickly they master key concepts."


Does Social Media document emotional distress?
Plaintiff has to turn over emotional social media content in employment lawsuit
September 5, 2012 by Dissent
Evan Brown writes:
Plaintiff sued her former employer for discrimination and emotional distress. In discovery, defendant employer sought from plaintiff all of her social media content that revealed her “emotion, feeling, or mental state,” or related to “events that could be reasonably expected to produce a significant emotion, feeling, or mental state.”
The case is Robinson v. Jones Lang LaSalle Americas, Inc., 2012 WL 3763545 (D.Or. August 29, 2012), and the outcome is no surprise at this point. If you make a claim in court, expect the defendant’s lawyers to seek your social media content in discovery.
Read more on InternetCases.


This is difficult to program.
The Algorithmic Copyright Cops: Streaming Video’s Robotic Overlords
As live streaming video surges in popularity, so are copyright “bots” — automated systems that match content against a database of reference files of copyrighted material. These systems can block streaming video in real time, while it is still being broadcast, leading to potentially worrying implications for freedom of speech.
On Tuesday, some visitors trying to get to the livestream of Michelle Obama’s widely lauded speech at the Democratic National Convention on Tuesday were met with a bizarre notice on YouTube, which said that the speech had been blocked on copyright grounds.
On Sunday, a livestream of the Hugo Awards — the sci-fi and fantasy version of the Oscars — was blocked on Ustream, moments before Neil Gaiman’s highly anticipated acceptance speech. Apparently, Ustream’s service detected that the awards were showing copyrighted film clips, and had no way to know that the awards ceremony had gotten permission to use them.
Last month, footage from NASA’s triumphant Curiosity rover landing was blocked numerous times on YouTube, despite being in the public domain, because several companies — such as Scripps Local News — claimed copyright on the material.


For my programming students
FTC Releases Mobile App Guidance
September 5, 2012 by Dissent
Andy Serwin writes:
The FTC has been focused on mobile apps and the legal issues they raise, and that focus continues to be shown by the most recent guidance from the FTC. Marketing Your Mobile App: Get it Right From the Start, offers guidance to app developers regarding what the FTC believes should be done to protect consumers in the mobile world.
The FTC clearly is speaking to smaller, as well as larger companies that use the mobile platforms to create apps, as the FTC clearly states up front its view that the guidance, and the relevant laws, are equally applicable to small and large companies.
Read more on The Lares Institute.


A way to bug my students 24/7? I could record phrases like “Get to work!” “Do your homework!” and the ever popular “Stop that!” and program them to repeat a various times...
… Zello Walkie Talkie is a free to use smartphone app for Android, BlackBerry, iOS devices, and Windows computers. Being a cross-platform app, Zello will enable group conversation between different mobile and computer users.
Similar tools: LoudTalks and Heytell.


For my students
Tuesday, September 4, 2012
Evernote is currently my favorite service for note-taking and bookmarking. I have Evernote installed on my iPad, my Android Tablets, my phone, my computers, and I have the Evernote web clipper installed in all of my browsers. Because of Evernote's versatility I highly recommend it to anyone looking for a good note-taking and bookmarking tool. One question that I often hear from first-time Evernote users is, there's so many options, where do I start? Make Use Of has just released a new guide that will answer that question and many more.
How To Use Evernote, The Missing Manual is a free 34 page guide to using Evernote. The guide will help you use Evernote in your web browser, on your iPad, on your Android tablet, on your phone, and on your desktop. The guide is available to download as a PDF or EPub.

No comments: