It could be worse, and I think that's
their point...
ProjectWestWind:
TeamGhostShell hacks and dumps 120,000 records from 100 U.S. and
non-U.S. universities
October 1, 2012 by admin
Over on Softpedia,
Eduard Kovacs alerts us all to a paste from a group of hackers who
call themselves TeamGhostShell. In a paste
today on Pastebin, they introduce “ProjectWestWind,” exposing the
hacks and vulnerabilities in universities around the world. I’m
deleting their rationale and links to data dumps, but here’s a bit
of their project description:
Our targets for
this release have been the top 100 universities around the world.
After carefully filtering the ones that we’ve already leaked before
and the ones where Anonymous has in major operations, we have
eventually got together a new fresh list. The majority of them
should be here. Also, some of us decided to go ahead
and add vulnerable links to the other ones anyway, which you can find
at the bottom, at “Other Universities”.
side note* We
tried to keep the leaked information to a minimum, so just around
120.000+ accounts and records are here, leaving in their servers
hundreds of thousands more. (When we got there, we found out that a
lot of them have malware injected. No surprise there since some have
credit card information stored.)
The following is a list of universities
for which data were dumped. The number in parentheses indicates the
number of servers the hackers accessed and downloaded data from):
[Removed all but the local Univ. Bob]
- University of Colorado (three servers)
The preceding list does not include
their link of vulnerable sites.
So…. what will the U.S. Education
Department think about the security of universities that amass
tremendous amounts of personally identifiable information on
students? What will it do, if anything? I have contacted them and
left a message asking for a statement about these breaches and will
update this blog entry if/when I get a response.
“Gosh, we had no clue! Do you think
we should inplement some security?”
Ca:
Criminals hack into high school computer system to access FBI, CIA
October 1, 2012 by admin
Hackers have been
using a Bay Area school district’s computer system to try hack into
top secret government agencies.
Like all school
districts, the San Mateo Union High School District
is heavily computerized with general public access and password only
access to many of its files, but the district
discovered a security breach [Clearly, the district did not discover
a breach. The Navy told them they had one... Bob] after
receiving a strange communication.
“It seems like a
very strange communication because the United States Naval
Intelligence contacted us and said that one of our servers had been
compromised,” said Kirk Back, the district’s superintendent.
Read more on KTVU.com
I'm concerned that no bank managers
caught this... What does that say about their control over
operations?
October 01, 2012
CFPB
orders American Express to pay $85 million refund to consumers harmed
by illegal credit card practices
News
release: "The Consumer Financial Protection Bureau (CFPB)
today announced an enforcement action with orders requiring three
American Express subsidiaries to refund an estimated $85 million to
approximately 250,000 customers for illegal card practices. This
action is the result of a multi-part federal investigation which
found that at every stage of the consumer experience,
from marketing to enrollment to payment to debt collection, American
Express violated consumer protection laws... The Federal
Deposit Insurance Corporation (FDIC) together with the Utah
Department of Financial Institutions discovered the
illegal activities during a routine examination [and so should any
competent manager! Bob] of an American Express
subsidiary, the American Express Centurion Bank. The FDIC
transferred portions of the investigation to the CFPB when the Bureau
opened its doors last year and together the agencies pursued the
matter. The CFPB later concluded that many of the same violations
that occurred at American Express Centurion Bank also took place at
American Express Travel Related Services Company, Inc. and American
Express Bank, FSB."
“At least, that's how it looks to
us...”
Not
From the Onion: Army Says ‘Social Network’ Use Is a Sign of
Radicalism
These are some warning signs that that
you have turned into a terrorist who will soon kill your co-workers,
according to the U.S. military. You’ve recently changed your
“choices in entertainment.” You have “peculiar discussions.”
You “complain about bias,” you’re “socially withdrawn” and
you’re frustrated with “mainstream ideologies.” Your “Risk
Factors for Radicalization” include “Social Networks” and
“Youth.”
These are some other signs
that one of your co-workers has become a terrorist, according to the
U.S. military. He “shows a sudden shift from radical to ‘normal’
behavior to conceal radical behavior.” He “inquires about
weapons of mass effects.” He “stores or collects mass weapons or
hazardous materials.”
That was the assessment of a terrorism
advisory organization inside the U.S. Army called the Asymmetric
Warfare Group in 2011, acquired
by Danger Room. Its concern about the warning signs of internal
radicalization reflects how urgent the Army considers that threat
after Maj. Nidal Malik Hasan shot and killed 13 people at Ford
Hood in 2009. But its “indicators” of
radicalization are vague enough to include both benign behaviors that
lots of people safely exhibit and, on the other
end of the spectrum, signs that someone is so obviously a terrorist
they shouldn’t need to be pointed out. It’s hard
to tell if the group is being politically correct or euphemistic.
[Interesting chart here
Bob]
Article:
The Curious History of Fourth Amendment Searches – Orin Kerr
October 1, 2012 by Dissent
More food for thought from Orin Kerr.
Here’s the abstract of his new paper, The
Curious History of Fourth Amendment Searches:
In United States
v. Jones, 132 S.Ct. 945 (2012), the Supreme Court restored the
trespass test of Fourth Amendment law: Any government conduct that
is a trespass onto persons, houses, papers, or effects is a Fourth
Amendment ‘search.’ According to the Court, the trespass test
had controlled the search inquiry before the reasonable expectation
of privacy test was introduced in Katz v. United States, 389 U.S. 347
(1967). Although Katz had rejected the trespass test, Jones restored
it. This essay examines the history of the Fourth Amendment search
doctrine and reaches the surprising conclusion that
the trespass test never existed. Pre-Katz decisions did
not adopt a trespass test, and instead grappled with many of the same
questions that the Court has focused on when applying the reasonable
expectation of privacy test. The idea that trespass controlled
before Katz turns out to be a myth of the Katz Court: Katz
mischaracterized Fourth Amendment history to justify a break from
prior precedent. Jones thus restores a test that
never actually existed. The essay concludes by
considering both the doctrinal and theoretical implications of the
surprising history of the Fourth Amendment search doctrine.
Not so much a problem with IP
protections, but with the mechanics of administering the law?
Ars Technica reports on Judge
Posner's weblog, and in particular a recent post on the excessive
strength of U.S. copyright and patent law:
"The
problem of excessive patent protection is at present best illustrated
by the software industry. This is a progressive, dynamic industry
rife with invention. But the conditions that make patent protection
essential in the pharmaceutical industry are absent. Nowadays most
software innovation is incremental, created by teams of software
engineers at modest cost, and also ephemeral—most software
inventions are quickly superseded. ... The
most serious problem with copyright law is the length of copyright
protection, which for most works is now from the creation of the work
to 70 years after the author’s death. Apart from
the fact that the present value of income received so far in the
future is negligible, obtaining copyright licenses on very old works
is difficult because not only is the author in all likelihood dead,
but his heirs or other owners of the copyright may be difficult or
even impossible to identify or find. The copyright term should be
shorter."
Reader jedirock
pointed to a related article on
how the patent situation got so out of hand in the first place.
(Related)
"PersonalWeb's software
patent suit against Github and others threatens the freedom of
the Web. In order to make sure that the Web can remain a free and
accessible space for everyone, we need to rid ourselves of all the
patents that threaten its viability. We
need to end software patents."
This should start the Second Amendment
crowd buzzing, but isn't it a First Amendment question? (This is
old news in Science Fiction circles) Possible the every law school
with have a Gun Printing club?
3-D
Printer Company Seizes Machine From Desktop Gunsmith
Cody Wilson planned in the coming weeks
to make and test a 3-D printed pistol. Now those plans have been put
on hold as desktop-manufacturing company Stratasys pulled
the lease [He should have purchased it outright. Bob] on
a printer rented out for Wiki Weapon, the internet project lead by
Wilson and dedicated to sharing open-source blueprints for 3-D
printed guns. Stratasys even sent a team to seize
the printer from Wilson’s home.
“They came for it straight up,”
Cody Wilson, director of Defense Distributed, the online
collective that oversees the Wiki project, tells Danger Room. “I
didn’t even have it out of the box.” Wilson, who is a
second-year law student at the University of Texas at Austin, had
leased the printer earlier in September after his group raised
$20,000 online. As well as using the funds to build a pistol, the
Wiki Weapon project aimed to eventually provide a platform for anyone
to share 3-D weapons schematics online. Eventually,
the group hoped, anyone could download the open source blueprints and
build weapons at home.
Until Stratasys pulled the lease, the
Wiki Weapon project intended to make a fully 3-D printed pistol for
the first time, though it would likely be capable of
only firing a single shot until the barrel melted. Still,
that would go further than the partly
plastic AR-15 rifle produced by blogger and gunsmith Michael
Guslick. Also known as “Have Blue,” Guslick became an online
sensation after he made a working rifle by printing a lower receiver
and combining it with off-the-shelf metal parts.
Perspective
A new survey
has been published by Pew looking at the adult US population who owns
a smartphone or tablet. According to the survey, half of all adults
in the US currently have a mobile web connection through a smartphone
or tablet. That number is up significantly from a similar study
conducted by the Pew Research Center last year.
(Related)
October 01, 2012
UVic
Law Student Technology Survey 2012
Rich
McCue: "In addition to the technology questions we’ve been
asking UVic Law students over the past ten years, we decided for the
first year to ask more detailed questions about student use of
tablets and e-readers for academic use, along with questions about
their usage of “cloud” services for file storage and
collaboration. This survey was completed by 126 incoming and
transferring law students, which is a strong 90% plus response rate."
Some of the survey results summarized as follows:
- "89% of incoming law students own “Smart Phones” that can browse the internet (up from 84% last year and 50% two years ago), with 48% of the total being iPhones, 29% Android and 11% Blackberry (Blackberry usage down from 27% last year).
- 31% of students own tablet devices or ebook readers, up from 19% last year.
- When it comes to reading school related documents, students report reading those documents in bound books 46% of the time, on laptops 35% of the time, on laser printed pages 16% of the time, and on tablet devices 3% of the time.
- 99% of students own laptops. 49% of laptops are Mac’s, and 48% Windows.
- The students’ average typing speed is 49 wpm.
- 68% of all students bring their laptops to school most days.
- 75% of students use laptops to take class notes, 63% use pen and paper, 6% use tablets and 3% use their cell phones.
- 53% of students use Gmail as their primary email account, 7% use UVic email and 20% Hotmail..."
For my students?
Do you know how the online services you
choose use your data? Do they claim a broad copyright to it, remove
your rights to a class-action lawsuit in the USA, or share your
information with other companies? Or are they a well-behaved service
that respects your rights? The answer to this is in each website’s
terms of service – unfortunately, no one has the time to read
those. A new service reads websites’ terms of
service for you, summarizing what you need to know in a quick,
bullet-point list.
… We’ve covered some of the more
ridiculous
things that can be found in EULAs and terms of services before –
one company even offered $1,000 in the middle of their EULA to the
first person that contacted them about the offer. It took four
months for someone to notice – that’s how few people read EULAs.
… Terms
of Service; Didn’t Read is an innovative, smart
solution to this problem. They read the terms of service for popular
websites for you, condensing the terms into an easily understood
bullet-point list. If that isn’t enough, they rate websites
according to their terms of service, so you can see at a glance if
the website respects your rights or tramples on them.
Terms of Service; Didn’t Read also
offers browser extensions for Firefox,
Chrome,
and Safari.
You can see information about a website’s terms of service right
from your browser, without navigating to any other pages.
… You may also be interested in
EULAlyzer,
a free Windows program that automatically scans end-user license
agreements for programs you install and alerts you to certain phrases
in them.
A topic I'm interested in too...
Announcing
EDBP.com, a New Website of Best Practices For Attorneys
Handy tools. I use this to demonstrate
software the school doen't have (and blocks me from installing)
Portable applications are no secret –
they have grown in popularity as their benefits continually become
more well known. PortableApps.com
should be given a lot of credit for this. Sure there
are several portable application suites available, but
PortableApps.com has contributed a great amount to how portable
applications are being used.
… Now if you are still sitting on
the fence wondering whether you should use portable applications, let
alone PortableApps.com, I highly encourage you to check out 3
Ways The Portable Apps Platform Will Make Your Life Easier by
Jessica. I can almost guarantee that you’ll be eager to use it
after reading her article.
I'm teaching Statistics again this
Quarter, so this will likely be a handout...
"A recent paper published in
PNAS describes statistical
techniques for clearly displaying the presence of two types of
electoral fraud (PDF) — 'incremental fraud' (stuffing of ballot
boxes containing genuine votes with ballots for the winning party)
and 'extreme fraud' (reporting completely contrived numbers,
typically 100% turnout for a vote-counting region, with 100% voting
for the winning party). While the techniques would require skill
with statistical software to apply in real time, the graphs produced
in the paper provide tools for the interested non-statistician to
monitor an election 'live.' Examples are discussed with both
'normal' elections, fraud by the techniques mentioned, and cases of
genuine voter inhomogeneity. Other types of fraud, such as
gerrymandering and inhibiting the registration of minority voters,
are not considered."
For my Math students
A 20 minute TED video worth watching...
Body language
affects how others see us, but it may also change how we see
ourselves. Social psychologist Amy Cuddy shows how “power posing”
-- standing in a posture of confidence, even when we don’t feel
confident -- can affect testosterone and cortisol levels in the
brain, and might even have an impact on our chances for success.
Amy Cuddy’s research on body language
reveals that we can change other people’s perceptions — and even
our own body chemistry — simply by changing body positions.
No comments:
Post a Comment