Saturday, October 20, 2012

How to phrase your “Get out of jail Free!” card?
Judge Dismisses Much of PlayStation Hacking Suit
October 19, 2012 by admin
Lucille Scott reports that a federal judge has thrown out much of the potential class action lawsuit by PlayStation users who say that the Sony security breach exposed more than 69 million personal and credit card accounts to theft. Scott reports:
The 36-page order dismisses several claims such as negligence, unjust enrichment, bailment and violations of California consumer protection statutes.
Sony did not violate consumer-protection laws “because none of the named plaintiffs subscribed to premium PSN services, and thus received the PSN services free of cost,” Battaglia wrote.
Read more on Courthouse News.
Somewhat disturbingly, the judge held that Sony’s Privacy Policy included “clear admonitory language that Sony’s security was not ‘perfect,’” therefore “no reasonable consumer could have been deceived.”
So as long as a site puts in some disclaimer like “we’re not perfect in our security,” there is no recourse for what might be really sloppy security? Wow. How would that play out in other cases that have been litigated already or in the hopper to be litigated?
Venkat Balasubramani also blogged about this dismissal last week, but I missed it somehow. Do check his blog entry for more on the various issues raised in the case.


Attention Ethical Hackers. Technique #406 is out of the bag.
St. Scholastica hack sheds light on Macalester IT security
October 19, 2012 by admin
Emma WestRasmus reports:
“What was the name of your first pet? What’s your favorite color? What’s your mother’s maiden name?”
We all know the drill. Whenever we start a new account we are prompted for answers to challenge questions that will surely be easy to remember. But for more than two dozen students at the College of St. Scholastica in Duluth the answers to questions needed to reset their student account passwords might have been just a little too easy to figure out. Earlier this month 28 students’ email accounts at St. Scholastica were hacked when hackers were able to answer the student’s challenge questions on their Self-Service Password Reset service simply through information obtained through the students’ social media pages.
Read more on The Mac Weekly. Once the hackers were able to access the e-mail accounts, they reportedly used information found in the accounts for fraudulent purposes.


Attention my fellow vets! Is encryption required on all Consultant computers (since that's where the data resided last time.)
VA Computers Remain Unencrypted, Years After Breach
October 19, 2012 by admin
Patience Wait reports:
Following a high-profile data breach six years ago, the U.S. Department of Veterans Affairs spent almost $6 million on encryption software for its PCs and laptops. But an investigation by the department’s inspector general determined that the encryption software has been installed on only 16% of its computers.
Read more on InformationWeek.
Related: Department of Veterans Affairs Review of Alleged Incomplete Installation of Encryption Software Licenses. OIG report, October 11, 2012.


“We have lots of room left in Gaantanamo and we're trying to fill it.”
"The New Matilda reports how the U.S. is now able to extradite people for minor offences, and asks why foreign governments so willingly give up their nationals to the U.S. to 'face justice' over minor crimes committed outside US borders? Lawyer Kellie Tranter writes 'the long arm of the Government is using criminal enforcement powers to enforce commercial interests at the behest of corporations and their lobbyists.' A Former NSW Chief Judge said it was bizarre 'that people are being extradited to the US to face criminal charges when they have never been to the U.S. and the alleged act occurred wholly outside the U.S.' He said although copyright violations are a great problem, a country 'must protect its nationals from being removed from their homeland to a foreign country merely because the commercial interests of that foreign country.' Australia recently 'streamlined' its laws to make extradition to the U.S. even easier."


Ah, English! Such a confusing language, espically when spoken by bureaucrats... “They didn't withhold anything, but we need to determine if the didn't disclose something...”
SEC finds Facebook didn't hold back info from investors -- report
The Securities and Exchange Commission didn't find any evidence that Facebook withheld pertinent information from investors prior to its initial public offering, Bloomberg reported today.
… While the investigation isn't over, the commission has determined that Facebook did not act wrongly, an unnamed source told Bloomberg. The SEC is still looking at whether or not retail investors lost money because the company didn't disclose certain information about mobile's impact on Facebook's business.


It's a simple technique (operative word: “simple”) that anyone including my students can use. Since it allow you to plant or remove evidence, you do need to use it only with adult supervision. Why would the cops want to remove evidence? (Perhaps the RIAA wants them to?)
Dutch government seeks to let law enforcement hack foreign computers
October 19, 2012 by admin
Lucian Constantin reports:
The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations.
In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the government’s plan to draft a bill in upcoming months that would provide law enforcement authorities with new investigative powers on the Internet.
According to the letter, the new legislation would allow cybercrime investigators to remotely infiltrate computers in order to install monitoring software or to search them for evidence. Investigators would also be allowed to destroy illegal content, like child pornography, found during such searches.
Read more on IT World.


Essentially, they pretend to be a cell phone tower, but with a stronger signal that others in the neighborhood.
FBI Accused of Dragging Feet on Release of Info About “Stingray” Surveillance Technology
October 19, 2012 by Dissent
Ryan Gallagher reports:
Tracking cell phones by tricking them into operating on a bogus network is a law enforcement tactic shrouded in secrecy. Now the FBI is under pressure to release information about it—but the bureau doesn’t want to let go of 25,000 pages of documents on sophisticated cell surveillance technology.
Read more on Slate.
[From the article:
The FBI has found 25,000 pages of documents that relate to the request, about 6,000 of which are classified—but says it may need up to three years to process the files before they can be released. [We don't read so good... Bob]
In a bid to appease EPIC’s grumbles about timescale, earlier this month the bureau released a 0.3 percent slither of the 25,000. The meager 67 pages were heavily redacted—containing only a glossary of jargon that related to cell networks along with blanked out copies of an internal manual called "GSM cell phone tracking for dummies.”
… But this isn’t just a federal-level issue. According to a report by LA Weekly last month, state cops in California, Florida, Texas, and Arizona have also used Stingray technology. Farther afield, in the Czech Republic, there are concerns that similar devices may be in the hands of criminals. And DIY Stingrays can be built by anyone with $1,500 to burn and a bit of hacker savvy. One way to help protect yourself is to use encryption.


Another shot at protecting data. Can the US be far behind? (unfortunately, yes)
Colombia Enacts Data Protection Law
October 19, 2012 by Dissent
Colombia enacted an omnibus data protection law this week. Read about it on Privacy and Information Security Law Blog.

(Related) There must be something we can learn from this...
National Comprehensive Data Protection/Privacy Laws and Bills 2012 Map
October 19, 2012 by Dissent
A great resource by David Banisar, Senior Legal Counsel of Article19.org, has been updated and uploaded to SSRN. Here’s the abstract:
Over 90 countries and jurisdictions around the world have adopted comprehensive data protection/privacy laws to protect personal data held by both governments and private companies. This map shows which countries have adopted laws or have pending initiatives to adopt one. The new version now includes small jurisdictions and island states.
You can download the map here.


“You were right to think your computer was private, unfortunately for you we're not going to let that get in the way of sending you to jail.”
Supreme Court of Canada finds reasonable expectation of privacy in work-issued laptop
October 19, 2012 by Dissent
David T. Fraser writes:
The Supreme Court of Canada just released its decision in R v Cole, 2012 SCC 53, in which a majority of justices of the Court held that a teacher at a school had a reasonable expectation of privacy in the contents of his work-issued laptop. Nevertheless, evidence of child pornography found on it by the school, which was then given to the police, was found to be admissible evidence.


Interesting.
Google’s Knowledge Graph Now Explains Connections Between Your Query And Items In “People Also Search For” Section
Google just announced a small but interesting update to its Knowledge Graph panels. Instead of just showing you a list of related items that other people also searched for, hovering over these icons now shows you how they are related to your search query.
Currently, Google says, this works for actors, movies and TV shows, as well as “family connections amongst famous people in the Knowledge Graph.”
… Just recently, for example, Google used this information to power its Bacon Number calculator and started highlighting the Knowledge Graph boxes even more prominently by moving the results to the top of the screen for some searches.


Just for me...
British Columbia announced its support for open textbooks at the Open Education 2012 conference this week, becoming the first Canadian province to do so. BC will create openly licensed textbooks for the 40 most popular first- and second-year courses in its university system.
Random House says that libraries own their e-books. That’s the headline of a LibraryJournal article, and it’s a pretty big deal considering that many of the other Big 6 Publishers have been acting as though libraries license rather than own e-books when they purchase them.
… The University of Phoenix will be closing 115 locations, its parent company the Apollo Group announced, following a fall by 60% in its fourth quarter net income. Some 13,000 students will be affected.
[From the article:
University of Phoenix currently has about 328,000 students, down from a peak of more than 400,000. Following the closures, it will be left with 112 locations in 36 states, the District of Columbia and Puerto Rico.
Udacity announced several new classes this week that point to a possible business model and curriculum trajectory for the startup. The new classes are a collaboration with corporations — Google, NVIDIA, Microsoft, Autodesk, Cadence, and Wolfram to start — and teach skills and systems pertaining to those companies’ products.


If you go to the same sites each day, this might make your life simpler...
If you’re a big fan of RSS feeds for getting your daily dose of news and fun, then you’ll love Feedly. It’s one of the most stylish, intuitive ways to read RSS feeds and Twitter content. So, Firefox users will also be pleased to note that it’s available as a Firefox extension and works beautifully in the browser.
… Now, to make Feedly amazing you really need to start an account and customise your feeds and social networks. Feedly works closely with Google Reader RSS feeds, so it should come as no surprise that you need to log in to Feedly using your Google account. Feedly will then regenerate your Feedly page using your RSS feeds from Google Reader.
… Feedly is not just available in Firefox. It’s also available as a Chrome extension and for various mobile devices, so you can keep using Feedly as your main RSS reader and social network catch-up anywhere you go.
Similar Tools
There are plenty of great RSS readers, and many recently have taken to the magazine style format. If you want to see some similar alternatives, check out Pulse and iPad RSS readers such as Flipboard.


I'll be posting this for my students
Resources for Data Literacy
The single most important tool I’ve found for improving Digital Literacy is Wolfram Alpha. At your fingertips, whether on your phone, tablet, or laptop, you have access to all the world’s readily available data. All you have to do is ask. The best thing I can do to improve data literacy is to teach students (and other adults I know) to question the facts they are being quoted as gospel. Here are a bunch of searches I’ve done recently to verify or refute data someone has told me in conversation.
While my top choice for digital literacy is Wolfram Alpha, there are some other resources that are great for understanding, interpreting, and visualizing data. Here are a few:
  • Gapminder (the software used by Hans Rosling in his many, many TED Talks)
  • Worldmapper (territories are scaled/resized according to the subject of interest)
  • Measure of America (look at interactive maps and data about Social Science in the U.S.)
  • Human Development Reports (explore public data from the United Nations using a variety of visualizations)
  • Visual.ly (create your own infographic around a set of data)
  • Many Eyes (from IBM, create a visualization around your data)
  • Google Trends (explore how a search term has fared over time)
  • Google Correlate (find searches that correlate with real world data)
  • Google Fusion Tables (fuse two sets of data together and visualize)
There are also a few sites that do a fantastic job of creating and sharing data visualizations:


You should really really watch this! A really short video that promises a lot!
Ryan Merkley: Online video -- annotated, remixed and popped
Talks: In less than 6 minutes
Videos on the web should work like the web itself: Dynamic, full of links, maps and information that can be edited and updated live, says Mozilla Foundation COO Ryan Merkley. On the TED stage he demos Popcorn Maker, a new web-based tool for easy video remixing. (Watch a remixed TEDTalk using Popcorn Maker -- and remix it yourself.)

No comments: