Tuesday, October 09, 2012

Eventually” is a major failure in a highly regulated environment. No one logged the changes? (Or noticed that logging had been turned off?)
Anatomy Of A Brokerage IT Meltdown
October 8, 2012 by admin
Regulators last year issued the SEC’s first-ever privacy fine against broker-dealer GunnAllen for failing to protect customer data. But former IT staffers say regulators didn’t seem to know half of this cautionary tale of outsourcing and oversight gone wrong.
Mathew J. Schwartz adds some mind-boggling details to the case:
Dan Saccavino, a former Revere Group employee who at the time served at GunnAllen as the IT manager in charge of the help desk, laptops, and desktops, says he and another network engineer eventually pinpointed the cause of the slowdown: A senior network engineer had disabled the company’s WatchGuard firewalls and routed all of the broker-dealer’s IP traffic–including trades and VoIP calls–through his home cable modem. As a result, none of the company’s trades, emails, or phone calls were being archived, in violation of Securities and Exchange Commission regulations.
Despite the fact that at least five people at The Revere Group knew about the engineer’s action, it’s unclear whether it was reported at the time to GunnAllen or regulators. The SEC didn’t reference the incident in a subsequent announcement about a settlement with GunnAllen for unrelated privacy and data security violations, and interviews with former Revere Group employees reveal that regulators may have known about only a fraction of the data security failures at the firm.
Read more on InformationWeek. There was just so much wrong, and it’s not clear whether government regulators did a thorough enough job in a timely fashion that might have better protected consumers.


It's easy when everyone wants this game...
If you happened to get in on the Bad Piggies action recently, let’s hope you didn’t accidentally download and install the fake version in the Google Chrome Web Store. It turns out over 80,000 Chrome users are now being affected by the adware, which installs a plug-in that displays advertisements when you visit popular websites.
Not only does the plug-in introduce you to a handful of pesky advertisements, but once you give the app permission to “access your data on all websites”, the plug-in can be used to steal personal information like email addresses and credit card information.


...or you will never talk online again! Bwaa ha ha
Skype has warned users to update to the latest version of the VoIP and video calling app, as well as to check their computer security settings, after a fast-spreading worm was spotted targeting the software. The worm, “Dorkbot,” is being distributed via masked links sent out via Skype’s instant messaging system, Trend Micro reports, co-opting the PC into a botnet and eventually demanding $200 from users in order to unlock their files else see them permanently deleted.


For my Ethical Hackers...
"New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victim's outgoing traffic to different networks."


Making ubiquitous surveillance a fad or a fashon statement...
New Lark Bracelet Wants to Track Your Whole Life
If you’ve been to an Apple Store lately, you’ve likely seen the Lark, a sleep-tracking bracelet with a vibrating alarm. On Monday, the company announced a new bracelet, the Larklife, designed to track your entire day. The larklife will clock how long you sleep, what you eat, and when and how much you exercise, then use that data to help you make better decisions about your health.
The Ammunition Group-designed bracelet has a center core with a three-axis accelerometer to track movement and flashing lights that provide instant feedback, and an associated app to give you a deeper dive into your data. Swappable wristbands — a sweat-proof one for daytime use and another softer band for the night — provide power to the core, and charge when not in use. While the accelerometer tracks movement and sleep, you can add in meals either via the smartphone app, or simply by tapping the bracelet’s core. It communicates all that to an iOS app via Bluetooth. Lark CEO Julia Hu told Wired that the bracelet is designed to make tracking easy and attainable for people who aren’t elite athletes or quantified-selfers.


Well yeah, it was private, but I changed my mind.”
Internet privacy group takes on former delegate’s case
October 8, 2012 by Dissent
Frank Green reports:
Former state Del. Phillip A. Hamilton has an ally in his appeal of bribery and extortion convictions that were in part the result of emails sent to his wife on his employer’s computer.
The Electronic Privacy Information Center has filed a brief arguing that U.S. District Judge Henry E. Hudson erred last year in allowing the incriminating – but personal – emails to be used against Hamilton.
Alan Butler, a lawyer with the center, says Hudson’s ruling is unprecedented and means a reasonable expectation that an email on a workplace computer is private can be lost if a contrary policy is later enacted, as happened in Hamilton’s case.


A possible future seminar topic?
Big Brother invades our classrooms
October 8, 2012 by Dissent
Over on Salon, David Rosen has a lengthy article detailing the expansion of student surveillance in the U.S. A lot of it is what I’ve been blogging about for the past few years, but if you’re new to this blog, he provides a good recap of what’s going on in various states and why.
Disappointingly – and despite one assertion he makes – parents are generally NOT up in arms over these privacy-invasive techniques. Why not? And why is there no research on the psychological and health impacts of the constant surveillance?

(Related)
Continuous computerized surveillance has negative effects
October 8, 2012 by Dissent
To understand the effects of continuous computerized surveillance on individuals, a Finnish research group instrumented ten Finnish households with video cameras, microphones, and logging software for personal computers, wireless networks, smartphones, TVs, and DVDs. The twelve participants filled monthly questionnaires to report on stress levels and were interviewed at six and twelve months. The study was carried out by Helsinki Institute for Information Technology HIIT, a joint research institute of Aalto University and the University of Helsinki, Finland.
The results expose a range of negative changes in experience and behavior. To all except one participant, the surveillance system proved to be a cause of annoyance, concern, anxiety, and even anger. However, surveillance did not cause mental health issues comparable in severity to depression or alcoholism, when measured with a standardized scale. Nevertheless, one household dropped out of the study at six months, citing that the breach of privacy and anonymity had grown unbearable.
Read more on news-medical.net
And where is the research on the effects of constant surveillance of students via CCTVs in schools and RFID tags? What impact will such surveillance have on them?


It's not about education. It's about getting a larger share of taxpayer dollars!”
Ohio Auditor: State Needs Access To Student IDs
October 8, 2012 by Dissent
Associated Press reports:
Auditor Dave Yost told state education leaders Monday that an Ohio law blocking the state from accessing students’ personal information is hampering district tracking efforts and wasting money.
Under a state law aimed at protecting children’s privacy, the Ohio Department of Education must keep track of nearly 1.9 million public school students across the state without names, addresses or Social Security numbers.
Yost’s office is in the midst of a statewide investigation into potential attendance tampering by Ohio school districts, and he said auditors are finding the arrangement unwieldy. [I can't tell you how many times I heard the phrase: “We're not in business to make the auditors job easy!” Bob]
Read more on NBC.
So if protecting students’ privacy is time-consuming and costly, let’s just do away with that, huh? What about the increased risks of privacy and security breaches if the data are so easily identifiable?
And so it begins… massive databases that states have access to and that can be linked to other databases.
Protecting privacy can be costly. Not protecting it can be even more costly.


Hard to justify, but would less sensitive topics (beating his dog?) have resulted in disciplinary action?
Nursing Prof Says His Kiddie Sex Fantasies Were Private
October 9, 2012 by Dissent
David Lee reports:
A former nursing professor claims in court that the Texas Board of Nursing unfairly disciplined him for accidentally posting on the Internet a long web chat about “fantasies of sexual contact with minors.”
Rodney Wayne Hicks, of Rancho Cucamonga, Calif., sued the Texas Board of Nursing, its Executive Director Katherine Thomas and President Kristen Benton in Travis County Court.
Read more on Courthouse News.
So…. can a board discipline a professional for thoughts? What if those thoughts are accidentally publicly revealed? This will be an interesting case to follow.
[From the article:
Hicks claims he slipped up because of unfamiliarity with the WebEx video-capture software that he used to create the tutorial for eLOGS.
"As a result, unbeknownst to Dr. Hicks, WebEx continued recording his computer screen activity for over six hours," the complaint states. "During that time, Dr. Hicks engaged in a sexually oriented fantasy chat in a private Internet chat room that encompassed various explicit and taboo topics. These topics include fantasies of sexual contact with minors, of sexual activity in the presence of minors, and other unorthodox sexual activity."


“Do not track” means “Do not tell them we track?”
IAB: default “do not track” limits consumer choice, will not penalize companies that ignore it
October 9, 2012 by Dissent
A press release from IAB:
The Interactive Advertising Bureau (IAB) is issuing its full support for the Digital Advertising Alliance’s (DAA) position against machine-driven “do-not-track” (DNT) browser standards, because they restrict consumer control and freedom of choice. The announcement comes on the heels of a just-released DAA statement opposing the DNT settings automatically imposed on consumers by the Microsoft Internet Explorer version 10 (IE10) browser.
The DAA’s statement addresses publishers’ concerns about what will happen if they do not honor IE10-imposed DNT flags. DAA, the digital advertising industry’s self-regulatory body, does not require companies to honor DNT signals fixed by browser manufacturers and set by them in browsers.
Specifically, it is not a DAA principle or in any way a requirement under the DAA standards to honor a DNT signal that is automatically set in IE10 or any other browser. The Council of Better Business Bureaus (CBBB) will not sanction or penalize companies that ignore the default settings on IE10 or other browsers and intermediaries. In contrast, the DAA and CBBB will continue to impose disciplinary measures on companies that violate legitimate consumer choices under the “AdChoices” self-regulation program.
In a report issued last week, researchers from the Harvard Business School determined that the ad-supported internet ecosystem was responsible for 5.1 million jobs and contributed $530 billion to the U.S. economy in 2011 alone.
So they’re saying that they’ll only self-regulate if the default isn’t to protect against tracking. I see. Why is it “freedom of choice” to have the default be tracking, but not to be no tracking?
Again, this is why we need federal regulations protecting consumers.

(Related)
Article: Privacy and Modern Advertising: Most US Internet Users Want ‘Do Not Track’ to Stop Collection of Data about their Online Activities
October 9, 2012 by Dissent
Chris Hoofnagle, Jennifer Urban, and Su Li presented a paper at the Amsterdam Privacy Conference this week and have made it available on SSRN.
Here’s the abstract:
Most Americans have not heard of ‘Do Not Track,’ a proposal to allow Internet users to exercise more control over online advertising. However, when probed, most prefer that Do Not Track block advertisers from collecting data about their online activities. This is a much more privacy-protective approach for Do Not Track than what has been proposed by the advertising industry.
In previous studies, we have found that Americans think they are protected by strong online privacy laws. Here, we probed beliefs about tracking on medical websites and ‘free’ websites, with most not able to answer true/false questions correctly about tracking. This result brings into question notice-and-choice models that depend on consumer understanding of the terms for their legitimacy.
We also probed Internet users’ attitudes towards advertising. Most Internet users say that they do not find utility in online advertising, with half claiming that they never click on ads.
Advertisers and consumers are at an impasse on privacy. Advertisers seem to be seeking a kind of total information awareness for behavioral advertising, and have proposed self-regulatory guidelines with little bite. At the same time, both our survey evidence and media reports show consumer opposition to tracking.
Do Not Track has emerged from the current skirmish between consumers and advertisers, but it is a relatively modest intervention that does little to shift the underlying incentives that have driven increasing tracking and aggregation of information about consumers. It is foreseeable that regardless of the form Do Not Track takes, websites will simply require consumers to disable it in order to access content. A fundamental change in incentives may be necessary to relieve this impasse and find an approach for advertising that is not so dependent upon third-party tracking and aggregation of information, both online and off.
You can download the full article from SSRN.


I wonder if they counted cutting off Michelle Obama's speech as a “strike?”
Copyright Scofflaws Beware: ISPs to Begin Monitoring Illicit File Sharing
The nation’s major internet service providers by year’s end will institute a so-called six-strikes plan, the “Copyright Alert System” initiative backed by the Obama administration and pushed by Hollywood and the major record labels to disrupt and possibly terminate internet access for online copyright scofflaws.
The plan, now four years in the making, includes participation by AT&T, Cablevision Systems, Comcast, Time Warner Cable and Verizon. After four offenses, the historic plan calls for these residential internet providers to initiate so-called “mitigation measures” (.pdf) that might include reducing internet speeds and redirecting a subscriber’s service to an “educational” landing page about infringement.
The internet companies may eliminate service altogether for repeat file-sharing offenders, although the plan does not directly call for such drastic action.


What controls the sale of Apps?
October 07, 2012
App Law within: Rights and Regulation in the Smartphone Age
Mac Sithigh, Daithi, App Law within: Rights and Regulation in the Smartphone Age (September 2012). Edinburgh School of Law Research Paper No. 2012/22. Available at SSRN.
  • "This paper assesses the regulation of smartphone 'app stores.' At the outset, the adoption of smartphones and apps is noted, alongside the ways in which scholars and journalists have used these markets as the basis for the discussion of legal and economic issues. The importance (commercially and as a study in governance and control) of the iOS App Store (Apple) is highlighted. Part 2 deals with the relationship between Apple and app developers; three themes of Apple’s Guidelines are identified (content, development and payments), and the ways in which control can be challenged (through jailbreaking, ‘web apps’ and regulatory intervention) are scrutinised. Part 3 considers three ways in which apps are already regulated by law: the protection of consumers (particularly through the UK system for 'premium rate services'), user privacy, and (in brief) the regulation of video games and video-on-demand services in Europe. Finally, in part 4, the tension between comparatively 'open and 'closed' app stores is highlighted; the problems of applying general provisions to emerging formats are emphasised. It is concluded that the emerging status of non-carrier app stores as neither retailer nor platform means that it is not yet possible to identify the form of regulation that is in operation, but that some steps are available to legislators that could shift the balance between closed and open models."


Does this have implications for other “sharing” like Copyrighted data?
Child Porn in P2P Share Folder Is Smut Distribution, Appeals Court Says
A federal appeals court ruled that peer-to-peer file sharers can be prosecuted for distributing child pornography by having the illicit files in their open share folders.
That was the ruling by the nation’s largest federal appeals court, the 9th U.S. Circuit Court of Appeals. “Following the First, Eighth, and Tenth Circuits, we hold that the evidence is sufficient to support a conviction for distribution,” a unanimous three-judge panel of the San Francisco-based appeals court ruled for the first time Friday. (.pdf)
California defendant Max Budziak maintained that he believed he disabled the share folder in 2007, before the FBI detected child porn on his computer and downloaded it using the bureau’s “EP2P” program. Budziak was also prosecuted for possession, which he did not challenge on appeal.
The defendant, who had used the now-defunct program LimeWire, claimed that the federal judge presiding over the trial erred when the court failed to instruct the jury that distribution required a jury to find that Budziak took “affirmative steps” to send child pornography to another person. It was an assertion the appeals court did not buy.
Because of the open nature of peer-to-peer file sharing, IP addresses of users are exposed, and easily traced to their owners if they are not using a virtual private network, on an open public Wi-Fi connection or TOR.


This should be enough for my Statistics students...
October 08, 2012
New on LLRX.com - Statistics Resources and Big Data on the Internet
Via LLRX.com: Statistics Resources and Big Data on the Internet - Marcus P. Zillman has compiled a best practices bibliography of sites and reliable sources focused on the hot topic of statistics and big data. These sources are representative of multiple publishers, national and global - government, academia, NGOs, and industry, many of which leverage open source and collaborative applications.


For my Website class...
"Apple, Adobe, Google, HP, Microsoft and many others have joined forces and launched a new resource – the Web Platform in a bid to create a 'definitive resource' for all open Web technologies. The companies have come together to provide developers with a single source of all the latest information about HTML5, CSS3, WebGL, SVG and other Web standards. The platform will also offer tips and best practices on web development as well as web technologies. 'We are an open community of developers building resources for a better web, regardless of brand, browser or platform,' notes the WebPlatform site."


Handy for students and teachers...
Text 2 Mind Map - Type to Create a Mind Map
Text 2 Mind Map offers a great way to turn your typed outlines into mind maps. To create a mind map on Text 2 Mind Map type out an outline in the text box. After typing your outline click "draw mind map" to have your mind map created for you. If after creating your mind map you need to add more elements to just add them into your outline and click "draw mind map" again. Your mind map can be downloaded as a PDF or PNG file. The mind maps that you create on Text 2 Mind Map can also be shared via email, Facebook, or Twitter.


For my Computer Security class. Did you make any of these mistakes?
Infographic: How Safe is Your Pin?

No comments: