Tuesday, November 20, 2012

Someone has probably thought through the Security implications. I don't think there is a concensus on “Best Practices” yet, but it had better come soon!
November 19, 2012
Study identifies different perceptions of bring your own device to work
InternetNews.com: "While BYOD is a known trend, its actual impact and adoption varies, depending on who you ask. According to a recent study from security vendor Blue Coat, IT staff and employees tend to view BYOD in different ways. While 71 percent of employees reported that they used their own devices to access corporate IT, IT staff in the same survey said they believed 37 percent of employees were accessing the network with non-corporate devices. A study from security vendor Webroot seems to confirm there are a large number of employee-owned devices. It reports that 73 percent of companies now have a mix of company- and employee-owned mobile devices."

(Related) There is already large area where organizations interface with client devices...
"While many mobile payments startups are using both traditional and nontraditional authentication methods, regulatory uncertainty still exists around liability for fraud attacks on customers using mobile payments. Although there haven't been any public attacks from fraudsters on alternative mobile payments providers such as Square, LevelUp or Dwolla, anecdotal stories are already circulating among security experts and regulators of such attacks. One thing that still has to be worked out in this area is regulatory oversight. 'The regulators are not yet clear who owns the regulatory oversight for these environments. These technologies tend to fall through the cracks even in terms of card-present or card-not-present.'"


Who speaks for the citizens, Mr. Brother sir?
Senate bill rewrite lets feds read your e-mail without warrants
A Senate proposal touted as protecting Americans' e-mail privacy has been quietly rewritten, giving government agencies more surveillance power than they possess under current law.
CNET has learned that Patrick Leahy, the influential Democratic chairman of the Senate Judiciary committee, has dramatically reshaped his legislation in response to law enforcement concerns. A vote on his bill, which now authorizes warrantless access to Americans' e-mail, is scheduled for next week.
Leahy's rewritten bill would allow more than 22 agencies -- including the Securities and Exchange Commission and the Federal Communications Commission -- to access Americans' e-mail, Google Docs files, Facebook wall posts, and Twitter direct messages without a search warrant. It also would give the FBI and Homeland Security more authority, in some circumstances, to gain full access to Internet accounts without notifying either the owner or a judge.


Drones in “private” hands. “If they fly within range, they are trespassing!” Interesting legal question?
"Photos provided by the animal rights group show the multicopter smoking on the ground, with its lithium polymer battery supply smoldering. Another photo shows the drone's video camera smashed. The drone, dubbed 'Angel,' was a Cinestar 8 octocopter estimated at $4,000. This wasn't the first time SHARK has been shot out of the sky. This is the fourth drone that the group has lost while investigating pigeon shootings. One drone landed on club property, and is the subject of an ongoing lawsuit.
[From the comments:
… What I find interesting about that figure is that the old tradition of defining 'national waters' was historically been the max range of the shore cannons of the day.
Thus, defining 'personal air space' as the max range of common arms* that a homeowner might have seems pretty traditional.
… Of course if the drone is camera equipped (almost guaranteed) you may be able to skip tresspassing rules and use peeping tom type laws against it at almost any altitude if it's filming parts of your property that would otherwise be private...

(Related) Drones for Swabbies. You don't have to fly to control remotely. Add a motor and you have a really smart torpedo.
Drone Boats Chase Targets, Titles in SailBot Regatta
… Why would we want sailing robots? Aside from the beneficial learning experience for everyone involved, there are applications for real-world use. The oceans are vast and it takes a lot of fuel to motor around them, plus life at sea is incredibly harsh. An autonomous vehicle could allow scientists — or spies — to monitor much larger swaths of the seascape, and a sail-powered drone could operate for much longer than a vehicle that needs to carry fuel. On top of that, all the benefits of sending machines instead of people into dangerous environments apply.


So, what can they do about it?
Parents, Teens, and Online Privacy
Most parents of teenagers are concerned about what their teenage children do online and how their behavior could be monitored by others. Some parents are taking steps to observe, discuss, and check up on their children’s digital footprints, according to a new survey by the Pew Research Center’s Internet & American Life Project.
  • 81% of parents of online teens say they are concerned about how much information advertisers can learn about their child’s online behavior, with some 46% being “very” concerned.
  • 72% of parents of online teens are concerned about how their child interacts online with people they do not know, with some 53% of parents being “very” concerned.
  • 69% of parents of online teens are concerned about how their child’s online activity might affect their future academic or employment opportunities, with some 44% being “very” concerned about that.


I think she makes several points...
FISA Amendments Act Is Way Worse for Privacy Than Title III
Advocates for renewal of the FISA Amendments Act (FAA) often argue that the statute poses no more harm to the privacy of innocent Americans than does the Wiretap Act, also known as Title III. After all, when FBI agents are tapping a suspected drug courier’s phones, his friends or mother may also call. How is the FAA any different?
Actually, there are many important differences between Title III, the FAA and even traditional FISA intercept orders. These differences mean that FAA is far more intrusive than Title III and poses a categorically different threat to the privacy of innocent Americans.


Might be better if they gave these folks a bit of time to think about their answers, but some useful points do come out...
Why privacy matters
November 19, 2012 by Dissent
Privacy International interviewed Cory Doctorow, Kade Crockford, Jameel Jaffer, Dan Kaminsky, Chris Soghoian, Marcia Hoffman, Moxie Marlinspike, Phil Zimmerman, Hanni Fakhoury and Eli O at Defcon 2012. They’ve uploaded the video:


As often as I point out Facebook's failures (a lot!) I suppose I should point to a good decision too. Since many simple hacks are avoided, their costs may go down...
"Facebook this week will begin turning on secure browsing be default for its millions of users in North America. The change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users have had to opt-in and manually make the change in order to get the better protection of HTTPS."
[From the article:
HTTPS encrypts the connection between the user's machine and the server on the other end, obscuring it from attackers, even if they are able to sniff the traffic on the wire or on a wireless connection. The technology is by no means a cure-all for Web-based attacks, however, as there have been demonstrations of attacks that enable third parties to snoop on encrypted traffic and grab valuable data, such as usernames and passwords or financial information.


Because we don't really know what caused the DoJ to pick MegaUpload from the field of hundreds of potential targets, is everyone making changes? Would “Customer Controlled Encryption” change the game?
"On November 27, RapidShare will start putting a tight cap on outbound downloads for its free users. Paid members will still have 30 gigabytes in outbound downloads per day, but everybody else will be capped at one gigabyte. The change is expected to further deter pirates from using RapidShare to distribute copyright material on a large scale."


When “There's no App for that” there is a Business Opportunity. I find it surprising that the music sites don't know what their customers like and are paying for. Maybe they just don't want to give the artists a barganing chip?
"Most Slashdotters have been following the debate among the various players in the music industry about how much money artists (and their labels) get from traditional music outlets like radio and newer services like Pandora or Spotify. But Zoë Keating, a professional cellist who has a professional interest in the outcome of this argument, thinks there's one thing missing from all the proposals: more data on who her audience is. Even digital services can't tell her how many people heard her songs or where they're most popular. 'How can I grow my business on this information?' she asks. 'How do I reach them? Do they know I'm performing nearby next month? How can I tell them I have a new album coming out?'"
She proposes mandatory reporting of information on listeners as part of royalties.


For my Disaster Recovery students
"At the end of October, Hurricane Sandy struck the eastern seaboard of the United States, leaving massive amounts of property damage in its wake. Data center operators in Sandy's path were forced to take extreme measures to keep their systems up and running. While flooding and winds knocked some of them out of commission, others managed to keep their infrastructure online until the crisis passed. In our previous interview, we spoke with CoreSite, a Manhattan-based data center that endured even as much of New York City went without power. For this installment, Slashdot Datacenter sat down with executives from IPR, which operates two data centers—in Wilmington, Delaware and Reading, Pennsylvania—close to Sandy's track as it made landfall over New Jersey and pushed northwest."

(Related) Because too late come quickly!


Perspective It should be interesting to see if this is a true cost for monthly unlimited service or a short time promo...
… Of course, one of the big draws of Republic is its mobile plan. Republic charges a flat rate of $19 per month for unlimited talk, text, and data, which gained a lot of attention back when the service first launched. Today, however, is the day that Republic service becomes available for everyone, so you’re free to sign up whenever you like.
The Motorola DEFY XT will set you back $249 if you’re going through Republic, so the initial payment isn’t exactly going to be cheap. There’s also an extra $10 service fee on top of that, which includes shipping and handling for your phone. Your first $19 monthly fee will be charged once your phone ships next month, so by the time you get your phone in the mail, you’ll be out $278 – and that’s if you only order one phone.
Still, that hefty initial payment might be worth it when you consider that you’ll only be paying $19 per month from there on out. For unlimited talk, text, and data, that’s a pretty significant discount over the major carriers (most of which aren’t offering actual unlimited plans anymore), so Republic might be worth checking out.


Having a massive ego, I never had this problem.
"The recent anti-bullying survey conducted by ABA brings up some interesting findings. According to it, more than 90% of the 1,000 11-16 year-olds surveyed said they had been bullied or seen someone bullied for being too intelligent or talented. Almost half of children and young people (49.5%) have played down a talent for fear of being bullied, rising to 53% among girls. One in 10 (12%) said they had played down their ability in science and almost one in five girls (18.8%) and more than one in 10 boys (11.4%) are deliberately underachieving in maths – to evade bullying. Worryingly, this means our children and young people are shying away from academic achievement for fear of victimization."


I'm bad at computer games. I can't understand a word that Cricket lovers say (I swear it's no longer English) So I will definitely not be downloading this one!
… You may not understand cricket in all its nuances, but if you love hitting a ball out of the park with a bat, you just might love Stick Cricket. Stick Cricket is perhaps the most popular cricket game in the Google Play Store.
… It is a free game with lots of play options. If you want to go beyond that, there are in-app purchases available which extend the play. The free game comes with ads which really aren’t a bother at all.

No comments: