Thursday, October 04, 2012

If your procedure for detecting a breach is inadequate, your procedure for detecting a test is also inadequate. Hiring multiple security firms is only a way to pass the buck, it will never ensure that you have adequate security management.
The City of Tulsa’s costly screw-up
October 2, 2012 by admin
The saga of the City of Tulsa hack-that-wasn’t-a-hack fascinates me and would be funny if it wasn’t such a costly foul-up. While the city’s IT manager is on paid administrative leave, Ian Silver of Fox23 provides some additional details , most notably:
  • To their credit, the city had hired SecurityMetrics 18 months ago to periodically check their security for holes. The “hack” was a result of SecurityMetrics doing their job and finding a hole in the process.
  • The city checked the IP address for the intruder but thought it might be a spammer. It appears they never checked with SecurityMetrics. I contacted SecurityMetrics, who provided the following statement:
    SecurityMetrics conducts regular vulnerability scans for tens of thousands of clients each month and uses an identical process to notify all account managers of scan results following each scan completion. In addition, each client has 24/7 online access to their SecurityMetrics account which includes times of past and future scans, and individual scan vulnerabilities. Although there was no breach, we applaud the City of Tulsa for implementing a punctual and accurate response process.
    So it seems the city could have easily checked its account online to see if there had been a scan at the time of the “intrusion,” but didn’t. Had they done that, it could have spared them a lot of time, money, and grief.
  • In addition to paying SecurityMetrics, the city wound up paying $20,000 in mailings to 90,000 people whom they thought had been victims of a hack. They also paid $25,000 to True Digital Security to investigate what they thought was a hack. Why they didn’t ask SecurityMetrics to investigate the hack is not explained. Had they done that, they might have also averted the costly mailing and other fees.
  • The city is hiring yet another firm to help them restructure their IT department so this type of thing doesn’t happen again.
It’s good that they detected a breach, and I don’t want to dismiss the importance of that. But the rest of this was a bit of a fiasco and re-structuring and improving communications may help avert a similar situation in the future. But what are other lessons to be learned here?


This has all the earmarks of a potential, make that probable, disaster. For years, my King Soopers loyalty card has had the name and address of a certain Law School professor I know...
"The UK Government will announce details this month of a controversial national identity scheme which will allow people to use their mobile phones and social media profiles as official identification documents for accessing public services. People wishing to apply for services ranging from tax credits to fishing licences and passports will be asked to choose from a list of familiar online log-ins, including those they already use on social media sites, banks, and large retailers such as supermarkets, to prove their identity."
I can't wait until carrying a telephone is mandatory. In the U.S. at least, how else will the government send you important messages?


A real concern. If their “private Internet” is controled by people who can't spell 'gMail' and is disrupted by data volumes equal to a single movie, no wonder they think they're under constant attack.
Officials in Iran have been busy over the last few months setting up the country’s new national information network. Once that information network was set up, Iran moved to block certain Internet services such as YouTube and Google search. Iran later said that it accidentally blocked access to Google Gmail at the same time.
New reports are coming out of Iran that claim cyber attackers targeted the country’s infrastructure and communications companies. According to the officials, the attacks disrupted the Internet across the entire country. Report of the disrupted Internet access was announced by Mehdi Akhavan Behabadi, secretary of the High Council of Cyberspace yesterday.
The official said the attack that occurred yesterday included “traffic of several gigabytes” that hit the Internet infrastructure and slowed down access across the country.


An update the fans have been waiting for...

...then again, perhaps not. Can you say: Class Action?
FIFA Fake-Out: EA Sells Last Year’s Soccer Game as New
… Yes, the uniforms and players have been updated to match this year’s rosters, the website Nintendo Gamer reported. But otherwise, it’s a re-release of the same game with a new number on the box: The same gameplay modes, character models, graphics, menu screens, dialogue. And the same $50 price tag.
It doesn’t stop there: Other fans of the sport say that FIFA 13 on PlayStation Vita is essentially identical to FIFA Football, the game that Electronic Arts released six months prior, at the launch of the new Sony gaming handheld.
EA is selling old products to unsuspecting consumers at a premium price, and fans are confused and angry.


Ignorance is bliss?
By Dissent, October 4, 2012
Over on Simple Justice, criminal defense attorney Scott Greenfield discusses a news story that is an eye-opener of sorts. It has do with how the Sarasota County Sheriff’s Office has tried to capitalize on our tendency to not really read HIPAA release authorizations we are asked to sign at a doctor’s office. Read the following carefully:
It’s been years since I’ve blogged about “tin stars on doctors,” but I was glad to read that no doctors seem to have actually used the forms or submitted such releases to the county.
As an attorney, Scott’s focus is understandably on the Fourth Amendment end-run that such forms attempt to accomplish. As a privacy advocate, I share his concerns, but as a healthcare professional, I am even more appalled when law enforcement tries to erode patient confidentiality and privacy. Kudos to the Herald Tribune for bringing this matter to the public’s attention and to Scott for amplifying the message.


Scams-du-jour: “It's what you don't know that hurts you...” FTC fine is $163 million – anyone think they'll actually collect?
October 03, 2012
FTC Halts Massive Tech Support Scams
News release: "The Federal Trade Commission has launched a major international crackdown on tech support scams in which telemarketers masquerade as major computer companies, con consumers into believing that their computers are riddled with viruses, spyware and other malware, and then charge hundreds of dollars to remotely access and “fix” the consumers’ computers. At the request of the FTC, a U.S. District Court Judge has ordered a halt to six alleged tech support scams pending further hearings, and has frozen their assets."

(Related) ...and they are 100% successful!
"A company is putting horrible reviews of small business online, and then offering to improve the company's reputation and take the reviews off for a fraction of the cost that a real reputation improvement company would charge. Sierra West received a call from a 'reputation improvement company' telling them they had a negative review online and that the company would take the review offline if Sierra West paid $500. 'Of course when someone is offering $500 the day (the bad review) goes up seemed not legitimate.'"


Is RFID cheaper than all those Traffic Cam with license plate recognition software? Probably... Note that the first “service” listed is traffic tickets.
"As of January, Brazil intends to put into action a new system that will track vehicles of all kinds via radio frequency chips. It will take a few years to accomplish, but authorities will eventually require all vehicles to have an electronic chip installed, which will match every car to its rightful owner. The chip will send the car's identification to antennas on highways and streets, soon to be spread all over the country. Eventually, it will be illegal to own a car without one. Besides real time monitoring of traffic conditions, authorities will be able to integrate all kinds of services, such as traffic tickets, licensing and annual taxes, automatic toll charge, and much more. Benefits also include more security, since the system will make it harder for thieves to run far away with stolen vehicles, much less leave the country with one." [At least, a car with a working RFID chip... Bob]


A lot of articles before and during, I can't wait to see what happens after the court reaches a decision.
Thoughts on the Oral Argument in the Fifth Circuit Cell-Site Case
October 3, 2012 by Dissent
Orin Kerr commented on yesterday’s oral argument:
The Fifth Circuit held its oral argument in its Fourth Amendment cell-site case today; the audio is here. On the whole, I thought the argument was pretty unilluminating. The judges spent a lot of time trying to figure out the statute and the facts, but they had surprisingly few questions about the Fourth Amendment questions DOJ and the amici argued. Here’s a quick run-down of the argument, followed by my thoughts….
Read his summary and comments on The Volokh Conspiracy.
Overall, I remain concerned that this was not the Circuit in which I’d have liked these arguments to be heard. But we’ll see….


Aside from inserting the word “legally” in a few places, this doesn't seem to change my life much...
AAP Publishers Get More Control Over Google As They Settle 7-Year Copyright Infringement Suit Over Google Library Project
Google has finally made some headway on the litigation over copyright infringement for the Google Library Project; and the deal puts in place another key piece of the puzzle for Google Books. Google has reached a settlement with the Association of American Publishers, ending a seven-year legal dispute over the use of books and journals by Google in its Library Project. The suit was first filed in 2005 by five publishers.
Under the new agreement, publishers will have more control over how works that they own appear in Google catalogs, and get more routes for potentially making money from books that appear in the Library Project, which is free to use and brings together content libraries and other sources online.


(Related) Perhaps computers can't do it all... Or, too many people see an easy way to use the automatic take-down to mess with competitors or anyone. Well, there goes my idea to get rich by copyrighting the phrase “I approve this message” during an election year...
YouTube Alters Copyright Algorithms, Will ‘Manually’ Review Some Claims
Google-owned YouTube said Wednesday it is altering its algorithms to reduce invalid copyright infringement claims on its video-sharing site and will begin manually reviewing some claims instead of the system automatically blocking disputed footage.
The development comes a month after First Lady Michelle Obama’s speech at the Democratic National Convention was wrongly flagged by algorithms just after it aired. YouTube, the official streaming partner of the Democratic National Convention, automatically put a copyright blocking message on the livestream video of the event shortly after it ended.
Thabet Alfishawi, rights management product manager for YouTube, said “mistakes can and do happen” due to the volume of uploaded videos and the sheer number of copyrighted clips uploaded into its automated Content ID service. We at Wired have labeled the algorithm “streaming video’s robotic overlord.”


For my Data Mining and Data Analysis students.
October 03, 2012
Demystifying Big Data: A Practical Guide to Transforming the Business of Government
  • "Big Data has the potential to transform government and society itself. Hidden in the immense volume, variety and velocity of data that is produced today is new information, facts, relationships, indicators and pointers, that either could not be practically discovered in the past, or simply did not exist before. [Big Data does not create new information. It may make it easier to find. Bob] This new information, effectively captured, managed, and analyzed, has the power to enhance profoundly the effectiveness of government. Imagine a world with an expanding population but a reduced strain on services and infrastructure; dramatically improved healthcare outcomes with greater efficiency and less investment; intensified threats to public safety and national borders, but greater levels of security; more frequent and intense weather events, but greater accuracy in prediction and management... Success in capturing the transformation lies in leveraging the skills and experiences of our business and mission leaders, rather than creating a universal Big Data architecture. It lies in understanding a specific agency’s critical business imperatives and requirements, developing the right questions to ask, understanding the art of the possible, and taking initial steps focused on serving a set of clearly defined use cases. The experiences and value gained in these initial steps lead to more questions, more value, and an evolutionary expansion of Big Data capability that continually leverages prior investments."


Perspective
Facebook has passed one billion active users, social network founder Mark Zuckerberg has confirmed, of which 600m are mobile users. The new milestone again sees Facebook’s average age of users fall, now down to 22 versus 23 when Facebook hit 500m users in July 2010; according to the site, it has seen over 1.13 trillion “Likes” since the February 2009 launch.


Sort of like a Gold Star... I will award “I stayed awake through the entire class” badges (probably once or twice per quarter...) Note: the site is still in Beta
Class Badges
Class Badges is an awesome new site that allows educators to award badges for student accomplishments. These badges are completely customizable for specific subjects, projects, and even for an individual school or classroom. Class Badges is simple to use tool that allows teachers to motivate and reward students for mastery with just a few clicks of their mouse. This is a fantastic new site that allows you to engage your students, reward their learning. Be sure to sign up and request a free account.


There are times when I want this power...
The built-in Remote Desktop application within Windows is a highly useful utility that lets you control a remote computer easily. But what if you need to remotely control multiple computers through a user-friendly interface? In this case, you will find an app called LiteManager to be very helpful.


This could be useful. Handouts my students might actually keep (and dare I hope, read?)
Publish Your Own Crafty Books and Manifestos With Scout Books
Pinball Publishing was founded 10 years ago with a focus on traditional fare like haute couture business cards and gig posters. Having monitored an ongoing explosion of digital media, founder Laura Whipple decided to blend both worlds in a diminutive way. She explains, “We combined our ink and paper expertise with the changing nature of online communications to develop the perfect pocket-sized publishing format called the Scout Book.”
Scout Books are 3.5-by-5-inch black-ink booklets covered with a semi-rigid cardstock that can be printed in one or two colors. Creators specify content for each page and publish a book, or slap a custom cover on a template to create a limited-edition journal.
… The company posts some of the best creations on their site as case studies — showing the potential of the simple paper setup.


Clever marketing? If not the little Trick-or-Treat zombies, then perhaps my Classroom zombies...
Give trick-or-treaters a free copy of Plants vs. Zombies (PC/Mac)
Let's face it: Zombies have the worst oral hygiene. I mean, have you ever seen one floss?
Alas, kids run them a close second, especially around Halloween, when the candy piles up like zombies on a cheerleader pyramid.
To help thwart the totally made-up condition known as "Zombie Mouth," PopCap Games has teamed up with the American Dental Association for a seriously cool promotion: Halloween-night coupons for a free copy of Plants vs. Zombies (PC/Mac).
Just print as many copies of the coupon page (PDF) as you like, then cut each one into eight individual coupons you can hand out to trick-or-treaters.
The code can be redeemed (at www.stopzombiemouth.com) starting Oct. 30, but no later than Nov. 10. It's good for the PC or Mac version of the mega-popular game, which normally sells for $19.95. You read that right: This is a $20 freebie for every kid in your neighborhood.

No comments: