Saturday, July 21, 2012


What do you suppose prompted this?
Utah health officials take Data Breach Security Tour on the road
July 20, 2012 by admin
In the wake of its massive data breach, Utah health officials are doing something I don’t recall ever seeing before – they’re taking breach support on the road to reach out to those affected. Kirsten Stewart reports:
Health officials are touring the state, looking to provide one-on-one help to the nearly 800,000 Utahns swept up in a state data breach.
The Data Breach Security Tour, a series of workshops, kicks off July 26 at the Salt Lake County Government Center in Salt Lake City. The statewide tour will conclude Aug. 22 in St. George.
Read more on The Salt Lake Tribune where you can also find out when the tour will be in your area.


Well, it's a start...
U.S. Admits Surveillance Violated Constitution At Least Once
The head of the U.S. government’s vast spying apparatus has conceded that recent surveillance efforts on at least one occasion violated the Constitutional prohibitions on unlawful search and seizure.
The admission comes in a letter from the Office of the Director of National Intelligence declassifying statements that a top U.S. Senator wished to make public in order to call attention to the government’s 2008 expansion of its key surveillance law.
“On at least one occasion,” the intelligence shop has approved Sen. Ron Wyden (D-Ore.) to say, the Foreign Intelligence Surveillance Court found that “minimization procedures” used by the government while it was collecting intelligence were “unreasonable under the Fourth Amendment.” Minimization refers to how long the government may retain the surveillance data it collects. The Fourth Amendment to the Constitution is supposed to guarantee our rights against unreasonable searches.
Wyden does not specify how extensive this “unreasonable” surveillance was; when it occurred; or how many Americans were affected by it.
In the letter, acquired by Danger Room (.pdf), Wyden asserts a serious federal sidestep of a major section of the Foreign Intelligence Surveillance Act.


It's bad enough when politicians claim to have 'known all along it wouldn't work' but when people who work in the field have been raising red flags for months (years) with no action from the politicians or bureaucrats you know the story is going to keep getting bigger... This isn't a model for the US Health System, is it?
B.C. software woes worse than predicted: privacy group
July 21, 2012 by Dissent
Rob Shaw reports:
A privacy watchdog group that has been sounding alarm bells for years about the B.C. government’s new computer system says revelations of its serious failures are far worse than predicted.
Numerous privacy breaches in the new $182-million Integrated Case Management System, revealed Thursday, are “far beyond” the worst-case scenario predicted by the Freedom of Information and Privacy Association, said executive director Vincent Gogolek.
“There seems to be so much wrong with the system,” Gogolek said. “We didn’t see this coming at all.”
Read more on the Times Colonist.
[From the article:
B.C.'s child watchdog Mary Ellen Turpel-Lafond said Thursday she was overwhelmed with complaints of technical problems in the "deeply flawed" computer software that has led to "several instances" of privacy breaches.
That computer system went live April 1, linking information on thousands of social assistance and child welfare clients, including sensitive details on child abuse, foster care and welfare payments.


Why Congress doesn't Tweet?
"Researchers presenting at Defcon next week have developed a psychopathy prediction model for Twitter. It analyzes linguistic tells to rate users' levels of narcissism, machiavellianism and other similarities to Patrick Bateman. 'The FBI could use this to flag potential wrongdoers, but I think it's much more compelling for psychologists to use to understand large communities of people,' says Chris Sumner of the Online Privacy Foundation. Some of the Twitter clues: Curse words. Angry responses to other people, including swearing and use of the word "hate." Using the word "we." Using periods. Using filler words such as 'blah' and 'I mean' and 'um.' So, um, yeah."


Yet another tool for the “Swiss Army Folder”
Snappy is yet another program in the world of applications that allows users to take screenshots of their desktop, but unlike thousands of other software that allow such a thing, Snappy allows users to edit the image and make adjustments such as editing the brightness, contrast, RGB settings and more.


For my Ethical Hackers: Add this to your Hacking Tools Guide
Darpa Funds Hack Machine You’d Never Notice
It may look like a surge protector, but it’s really a remote access machine that corporations can use to test security and log into branch offices. Called the Power Pwn, it’s a stealthier version of the little box that can hack your network we wrote about last March.
Hidden inside are Bluetooth and Wi-Fi adapters, along with a number of hacking and remote access tools that let security experts prod and poke the network, and even call home to be remotely controlled via the cellular network.


Is this the right question? Why not ask, “What would be better than Khan Academy?”
"Even as name-brand universities like MIT and Harvard rush to put more courses on the Web, they're vying with an explosion of new online learning resources like Coursera, Udacity, Udemy, Dabble, Skillshare, and, of course, Khan Academy. With 3,200 videos on YouTube and 4 million unique visitors a month, Sal Khan's increasingly entertaining creation is the competitor that traditional universities need to beat if they want to have a role in inspiring the next generation of leaders and thinkers. Lately Khan's organization has been snapping up some of YouTube's most creative educational-video producers, including 'Doodling in Math Class' creator Vi Hart and Smarthistory founders Beth Harris and Steven Zucker. Universities are investing millions in software for 'massive online open courses' or MOOCs, but unless they can figure out how to make their material fun as well as instructive, Khan may have an insurmountable lead." [Sort of the “Animal House” view of college? “I had Seven years of fun...” Bob]
The Chronicle of Higher Education has a related article about the above-mentioned Coursera, and how they plan to make money off of free courses. A contract the company signed with the University of Michigan suggests they aren't quite sure yet.

(Related) The videos and tutorials are out there, it's a matter of finding and organizing them.
Friday, July 20, 2012
Last night I stumbled upon this video of David Breashears presenting at the Cambridge Science Festival. The video is hosted by MIT Video which I either had never seen before or had completely forgotten about (a real possibility after 6500+ blog posts).
MIT Video is a giant collection of more than 10,000 educational videos organized into more than 150 channels. The largest channel is the Open Courseware channel that contains more than 2,300 lectures from MIT's open courses.
All of the videos are either MIT productions or videos approved by editors at MIT Video. Only people with MIT email addresses are allowed to contribute to the collection. Some videos are hosted by MIT Video while others are from YouTube.

Friday, July 20, 2012


Small but interesting. Being vulnerable to undocumented threats is one thing. Randomly distributing personal information is another (and takes some non-trivial programming, so I doubt that's what actually happened)
By Dissent, July 19, 2012
Leslie Bridgers reports:
A glitch in the Department of Health and Human Services’ computer system exposed the personal information of public assistance applicants, including Social Security and bank account numbers.
Information from 31 applications submitted online was sent out between December and June to 39 random addresses in the department’s system, said Dale Denno, director of the department’s Office for Family Independence, which reviews public assistance applications.
He said the information came from 24 new applications for public assistance and seven recertification forms, which recipients are required to submit annually to continue getting benefits.
The personal information of 79 people was exposed, as some applications included multiple members of a household, Denno said. In some cases, he said, the same information was sent to multiple addresses.
Read more on The Morning Sentinel.


Consequences? What a concept!
NZ: Winz staff fired over privacy breaches
July 19, 2012 by admin
Jared Savage reports:
Ten Work and Income staff members have been sacked after two inquiries into breaches of privacy for beneficiaries.
The national review of the Ministry of Social Development was launched last December after an investigation into staff at the Manukau branch office.
Seven were dismissed for “appalling” breaches of the code of conduct which included improper use of private files belonging to family and friends, as well as inappropriate email use. An allegation that a staff member sold personal details of a client to a debt collection agency was not proven.
Read more on The New Zealand Herald.


Oh! I want one!
California Starts Up a Privacy Enforcement Unit
California Attorney General Kamala Harris announced Thursday she’s created a unit intended to actually enforce federal and state privacy laws.
“The Privacy Unit will police the privacy practices of individuals and organizations to hold accountable those who misuse technology to invade the privacy of others,” California’s top attorney said in a statement.


So maybe your DNA is like your fingerprints. The argument should be about why you were a suspect, right?
Chief Justice allows DNA samples from Maryland suspects
July 20, 2012 by Dissent
Sung Un Kim reports:
US Supreme Court Chief Justice John Roberts on Wednesday temporarily stayed a Maryland Court of Appeals ruling that police could not collect DNA from individuals arrested for violent crimes and burglaries. The appeals court struck down the DNA collection law in April, finding a violation of the arrestee’s Fourth Amendment right to privacy. Roberts’ one-sentence decision will remain in effect at least until July 25 when a response is due from the defendant, Alonzo Jay King. The court may agree to hear the case when it reconvenes in October.
Read more on JURIST.


Another “reality check” for those not concerned with “all that Privacy stuff.”
"People are not going to, nor should they have to, start walking around outside with a bag over their head to avoid security cameras capturing images of them. Yet 'face recognition allows for covert, remote and mass capture and identification of images — and the photos that may end up in a database include not just a person's face but also how she is dressed and possibly whom she is with. This creates threats to free association and free expression not evident in other biometrics,' testified EFF Staff Attorney Jennifer Lynch. There are 32 states that use some form of facial recognition for DMV photos. Every day, Facebook happily slurps up and automatically scans with facial recognition software about 300 million photos that users upload to the social networking giant. 'Face recognition is here to stay, and, though many Americans may not realize it, they are already in a face recognition database,' Lynch said. In fact, when you stop to consider Facebook "at least 54% of the United States population already has a face print." Now it purchased Face.com which had 31 billion face images profiled."


Fight the good fight?
"Twitter plans to appeal a ruling to turn over the once-public tweets of an Occupy Wall Street protester charged with disorderly conduct, a case the company says threatens the First Amendment rights of its users. A New York Criminal Court judge ruled last month that Twitter should turn over the tweets of Malcolm Harris, since his messages were public and are not the same as an email or a private chat, which would require a search warrant."


“We have determined that you do not need to call 911 at this time.”
Device Jams Drivers’ Phone Signals, Alerts Police, Public and Passengers
There’s no shortage of devices that supposedly prevent drivers from talking or texting by blocking mobile phone signals or that alert parents and employers about the behavior. But the Cellphone Accident Preventer (CAP) from a trio of researchers at an Indian university takes preventing behind-the-wheel mobile phone use to a new Orwellian level by making distracted-driving indiscretions public – and automatically ratting them out to the police.
Abdul Shabeer and two of his colleagues at India’s Anna University of Technology primarily developed CAP to combat the 20 percent of fatal road accidents involving trucks and other heavy vehicles caused by driver mobile phone use. [Interesting statistic Was there a massive increase in accidents when cellphones were introduced? Bob] Like other systems, CAP jams phone signals, using a small antenna above the driver seat, which the researchers claim only disables the driver’s phone, while passengers are free to call, text, tweet and Facebook at will.
But by using RFID technology, CAP can also alert the police, the general public or other passengers in the car if a driver is trying to discreetly check his phone when his hands should be on the wheel. If CAP detects that driver is using a cellphone, “The vehicle license plate information, which is already stored in the system, will be transmitted to a receiver placed on the traffic signal post, which in turn displays the license number in an LCD display so that police can take legislative action against the driver,” Shabeer told Wired. “At the same time, a warning message or sound will be given to passengers sitting inside the vehicle indicating that the driver is using a cellphone.”


Is this technology for those who text but can't read? (Is this their “save the company” idea?)
RIM Wants Your Friends to Know When You’re Rage Texting
… A just-surfaced patent application from Research in Motion (RIM) details a smartphone feature that determines a sender’s emotional state while texting. The smartphone would be able to determine the sender’s state of mind using internal sensors, and the tapped-out text would be presented differently to indicate a particularly emotional moment.


Fly Nude! (I proposed that back at the inception of TSA) I'll need to check with my lawyer friends, but there seems to be no clear ruling that allows me to stand around a TSA checkpoint and laugh...
Judge OKs Nudity at TSA Checkpoint
An Oregon man was cleared of indecent exposure charges Wednesday when a local judge said his protest of Transportation Security Administration screening procedures was constitutionally protected speech under state law.


OH MY GAWD! It's the end of the world! Or at least the end of the PC Era.
Microsoft’s First-Ever Loss Doesn’t Faze Wall Street

(Related) Maybe it is time for PC Era investors to panic.
AMD has scary things to say about the PC market
… "For the first time since 2001, client PC shipments have declined sequentially for three consecutive quarters-and have been below historical averages for the last seven quarters," AMD CEO Rory Read said during the chip supplier's second quarter earnings conference call.


A new form of business for the Education Age?
Singularity University Converging Into Capitalist Machine
Singularity University was established in 2008 to “prepare humanity for accelerating technological change.” At the time, this seemed like a charitable mission, but today university overseers see room to make money too. The University’s leaders are drawing up plans to convert the non-profit university into a for-profit corporation under a new category of socially responsible business. Some believe it will happen by the end of the year.
The corporation has already been formed, according to state records, under the name Singularity Education Group. Key trustees say what remains is a delicate legal process to transfer the university’s assets from a 501(c)3 non-profit into a brand new type of California entity, the benefit corporation, a socially-conscious business framework only available since the start of this year. The benefit corporation framework was designed to allow corporate executives more freedom to pursue objectives beyond maximizing investor returns.
… The argument in favor of a for-profit conversion, according to Simpson and other trustees, is to make it easier for Singularity University to share some of the money some students and faculty trace back to projects they create for classes, as well as to reward longtime faculty and staff with equity or options in the university and its spinoffs. [I like it! Bob]


Global Warming! Global Warming! These are facts (interesting facts) but they really prove nothing going forward.
Does New Tree Ring Study Put the Chill on Global Warming?
… The tree rings "prove [the] climate was WARMER in Roman and Medieval times than it is now," the British newspaper the Daily Mail reported last week, "and [the] world has been cooling for 2,000 years."


For my Students
Thursday, July 19, 2012
Readcube is a desktop tool (available for Mac and Windows) that aims to help students and teachers search and organize their research more effectively. I wrote this review of Readcube last month. This week Readcube launched Readcube Boot Camp to help users use Readcube better. Right now the Boot Camp has four video tutorials offering tips for searching, annotating, and organizing.


For my earphone wearing students...
Thursday, July 19, 2012
Sound Gecko is a free service that turns text articles into MP3 files. Using Sound Gecko you can take an article from a website, paste its URL into Sound Gecko, and then listen to a reading of that article. The conversion isn't instantaneous, but it is relatively quick. You do have to enter an email address in order to get the MP3 file. To remove the copy and paste part of the process you can install the Sound Gecko Chrome extension.
Sound Gecko does offer an iPhone app that you can use to organize and listen to playlists of the articles you've converted into MP3 recordings.

 

Thursday, July 19, 2012


Did these guys learn nothing from the movie Clueless?
The Consumerist resets passwords following breach
July 18, 2012 by admin
The Consumerist seems to have had a security breach. Their blog posts are light on details, though:
On July 15, they wrote:
As some Consumerist readers have noted, the site has been down twice in the past week and we promised an explanation, which follows.
We first took the site down late Wednesday afternoon, when we were alerted to a security concern. [Translation: “Our system didn't detect it.” Bob] The site was then cleaned and cleared by our security experts, and put back online within about two hours.
Last night, we detected a new problem and took the site down for another five hours in order to address that issue.
To limit security concerns, the Consumerist is now operating in a mode that does not permit commenting. We apologize for the inconvenience this may cause.
As both a precaution and as a best practice, we strongly advise that you change your password at any site where you use the same password as Consumerist. You cannot change your password at Consumerist yet due to the no-comment mode, but we will alert you when that changes.
On July 16, they provided an update:
Because of the nature of the investigation, we cannot – at this time – share further details of the specific changes. But we do want you to know of two actions we will be taking in the next few days that may affect your experience on the site:
***First, we plan to reset all existing passwords. This means that those of you who use log-in access at the Consumerist will need to choose a new password when you log into the site. We will be sending you an email summarizing the same actions described in this post.
***Second, we plan to re-open the Consumerist to comments. As noted yesterday, we turned off commenting as part of our initial response to the latest security incident.
It could take a day or two for these actions to take place but we will post another update when they do occur. In the meantime, here are some answers to questions you may have about the situation:
Q: You said in your post yesterday that I should change my password. Does this mean that my user name or password has been compromised?
A: We don’t yet know for sure, and are investigating that carefully. The password files were encrypted, but as a matter of prudence and good practice we are recommending that you change your password at any site where you use the same password as the one you use at Consumerist. We also plan to reset all existing Consumerist passwords, which will require you to choose a new password when you try to log into the site.
[,,,]
Q: Does this mean that if I visited Consumerist, my computer might have been infected?
A: We don’t know for sure, but if you are worried about a possible infection, you should use your anti-virus software to run a complete scan of your machine. If you don’t already have anti-virus protection on your computer, we strongly suggest you get some. And for additional suggestions on how to cleanse your machine, you can consult the StopBadware.org site.


Did it or didn't it? You credibility is at risk.
Hacker claims breach of 50,000 accounts from Wall Street IT recruiting firm
July 18, 2012 by admin
Jaikumar Vijayan reports:
A hacker today claimed to have broken into ITWallStreet.com, a website for IT professionals seeking jobs or working with Wall Street firms, and exposed highly detailed data belonging to tens of thousands of job applicants.
As many as 12 data files containing detailed information on job applicants were publicly posted today after apparently being accessed from an ITWallStreet database by a hacker belonging to a group called TeamGhostShell.
A Computerworld inspection of the published data showed the first and last names, mailing addresses, email addresses, usernames, hashed passwords and phone numbers of what appear to be thousands of people who have applied for IT jobs with Wall Street firms. Many of the thousands of hashed passwords appear to have already been decrypted into their clear text form.
Read more on Computerworld. As of the time of his article, Andiamo Partners, the firm that operates the web site, had neither confirmed nor denied the breach. At the time of this blog post, there is no notice or alert on their web site, either. [At least an “It has been claimed...” statement might be useful Bob]


In a world that has evolved from “He said, She said” to one where everyone can video Rodney King, it may be best to investigate before making an absolute denial...
Wearable Computer Pioneer, Dr. Steve Mann, Releases New Photo Supporting His Assault Claim Against McDonald’s


Isn't it a felony to fail to report a felony?
Legal, regulatory risks keep firms from sharing cyber threat data
A U.S. policy report to be released today says Congress should preempt certain state and federal regulations in order to allow companies the freedom to share with the government information about cyber security threats and attacks without fear of breaking data breach and other laws.
More information sharing is needed between companies and government agencies in order to help fend off attacks from hacktivists, criminals, and nation-states that target computer networks in the United States, according to the Cyber Security Task Force: Public-Private Information Sharing report written by the Homeland Security Project at the non-profit Bipartisan Policy Center.
… "From October 2011 through February 2012, over 50,000 cyber attacks on private and government networks were reported to the Department of Homeland Security (DHS), with 86 of those attacks taking place on critical infrastructure networks," the report says, citing a New York Times article. Only a small number of the incidents are reported to the Department of Homeland Security, mostly because companies are concerned about legal consequences, the report says
Read the full report (6.56MB PDF)


This should be interesting...
Justice Department Sues Telecom for Challenging National Security Letter
Last year, when a telecommunications company received an ultra-secret demand letter from the FBI seeking information about a customer or customers, the telecom took an extraordinary step — it challenged the underlying authority of the FBI’s National Security Letter, as well as the legitimacy of the gag order that came with it.
Both challenges are allowed under a federal law that governs NSLs, a power greatly expanded under the Patriot Act that allows the government to get detailed information on Americans’ finances and communications without oversight from a judge. The FBI has issued hundreds of thousands of NSLs and been reprimanded for abusing them — though almost none of the requests have been challenged by the recipients.
After the telecom challenged its NSL last year, the Justice Department took its own extraordinary measure: It sued the company, arguing in court documents that the company was violating the law by challenging its authority.
… It’s only the second time that such a serious and fundamental challenge to NSLs has arisen. The first occurred in 2004 in the case of a small ISP owner named Nicholas Merrill, who challenged an NSL seeking info on an organization that was using his network. He asserted that customer records were constitutionally protected information.
But that issue never got a chance to play out in court before the government dropped its demand for documents.


This could be handy for me, since I have a hard time remembering names.
July 18, 2012
FTC Testifies on Commercial Uses of Facial Recognition Technologies
News release: "The Federal Trade Commission today told a Senate Judiciary subcommittee that the FTC is examining the benefits to consumers, as well as privacy and security concerns regarding current and possible future commercial uses of facial recognition technologies and will make recommendations later this year on best practices for companies that use these new technologies. The recommendations will build on comments from a recent FTC workshop on facial recognition technology, and on the three core principles from the agency's March 2012 Privacy Report – privacy by design, simplified consumer choice, and transparency."


A new form of 'news by search?” Watch stories on your topics of interest no matter where they are reported? Watch the story from the closest news source? Watch the news as reported by sock puppets?
July 17, 2012
Pew - YouTube & News: A New Kind of Visual News
"News is becoming a major part of what Americans watch on YouTube. In the last 15 months, a third of the most searched terms on the video sharing site were news related. A new study by the Project for Excellence in Journalism explores the character of news on YouTube—what kinds of stories people access, who produced them, who posted them and what it means for the future of visual journalism. See a visual discussion of the findings."


Perspective
July 18, 2012
Information and Communications for Development 2012: Maximizing Mobile
"Around three-quarters of the world’s inhabitants now have access to a mobile phone and the mobile communications story is moving to a new level, which is not so much about the phone but how it is used, says a new report by the World Bank and infoDev, its technology entrepreneurship and innovation program. The number of mobile subscriptions in use worldwide, both pre-paid and post-paid, has grown from fewer than 1 billion in 2000 to over 6 billion now, of which nearly 5 billion are in developing countries. Ownership of multiple subscriptions is becoming increasingly common, suggesting that their number will soon exceed that of the human population.
"The report, Information and Communications for Development 2012: Maximizing Mobile, says more than 30 billion mobile applications, or “apps,” were downloaded in 2011 – software that extends the capabilities of phones, for instance to become mobile wallets, navigational aids or price comparison tools. This trend is also benefiting developing countries where people are increasingly using mobile phones to create new livelihoods and enhance their lifestyles, while governments are using them to improve service delivery and citizen feedback mechanisms."


My geeks are happy!
"Hardly a day goes by without a top-level research group announcing some kind of graphene-related breakthrough, but this one's a biggy: Researchers at the University of Erlangen-Nuremberg, Germany have created high-performance monolithic graphene transistors using a simple lithographic etching process. This could be the missing step that finally paves the way to post-silicon electronics. In theory, according to early demos from the likes of IBM and UCLA, graphene transistors should be capable of switching at speeds between 100GHz and a few terahertz. The problem is, graphene doesn't have a bandgap — it isn't a natural semiconductor, like silicon — and so it is proving very hard to build transistors out of the stuff. Until now! The researchers say that current performance "corresponds well with textbook predictions for the cutoff frequency of a metal-semiconductor field-effect transistor," but they also point out that very simple changes could increase performance 'by a factor of ~30.'"


Here's a challenge: try to think of a more expensive way to do this... Hint: Don't ask students.
"The White House has unveiled a proposal to create a national elite teachers corps to reward the nation's best educators in science, technology, engineering and math. In the first year, as many as 2,500 teachers in those subjects would get $20,000 stipends on top of their base salaries in exchange for a multiyear commitment to the STEM Master Teacher Corps. The Obama administration plans to expand the corps to 10,000 nationwide over the next four years, with the ultimate goal that the elite group of teachers will pass their knowledge and skills on to their colleagues to help bolster the quality of teaching nationwide."


The future or just another bandwagon? Still, the qustion of “certification”
The online education platform Coursera announced today that 12 more universities had signed on as partners, joining the 4 that were part of the startup’s launch in April. Joining the University of Pennsylvania, Princeton, University of Michigan and Stanford are Georgia Tech, Duke University, University of Washington, Caltech, Rice University, University of Edinburgh, University of Toronto, EPFL - Lausanne (Switzerland), Johns Hopkins University (School of Public Health), UCSF, University of Illinois Urbana-Champaign, and the University of Virginia.

(Related)
What It’s Like to Teach a MOOC

Wednesday, July 18, 2012


Apparently it takes time to beat the truth out of employees...
Elections Ontario breach update
July 17, 2012 by admin
Two memory sticks with some information on voters registered with Elections Ontario are missing because personnel did not follow protocol.
Earliest reports on the breach involving Elections Ontario said that the data were encrypted.
Later reports are now saying that the data were NOT encrypted (see official press statement) and that up to 2.4 million may be affected.
Elections Ontario has set up a web page on the breach with additional information.


Mis-targeted retaliation?
Madi’ malware acts like Flame virus, targets Middle East
A new piece of malware called Madi is spreading in the Middle East, and it has a number of the same characteristics as the Flame virus — known to be a major step in cyber-espionage.
The year-old malware comes in the form of a phishing email, which social engineers, or dupes, unsuspecting recipients into opening an attachment. Once open, the malware installs on your system and a real Word document or PowerPoint presentation pops up to make the viewer believe the attachment was legitimate. In one of these cases, the Word document showed an article titled, “Israel’s Secret Iran Attack Plan: Electronic Warfare” by The Daily Beast. Another attachment opened a PowerPoint file (see image above) with “serene images.” The malware in this case was executed on the victim’s system as they paged through the presentation.
Seculert observed the malware’s transmissions to the command and control servers, which occasionally communicated using Farsi. The command and control servers were based in Canada, though Seculert traced early transmissions from the virus back to an original server in Iran.


Register early and often, so you can “Like” your candidate.
"The Associated Press reports that the state of Washington will soon have an application available on its Facebook page that will let residents register to vote. Washington and other states already allow online registration, but this is the first time it will be allowed over Facebook. The state's co-director of elections, Shane Hamlin, said, 'In this age of social media and more people going online for services, this is a natural way to introduce people to online registration and leverage the power of friends on Facebook to get more people registered.' Facebook won't have access to the State's database, and Hamlin says Facebook won't collect any of the personal information with which it interacts." [Want to bet your job? Bob]


I suppose it can't hurt? (This from a longer article)
Internet privacy is focus of Gansler as head of U.S. attorneys general
July 18, 2012 by Dissent
Len Lazarick reports:
You’re walking down the street and you get a text message on your smartphone about the Chipotle restaurant around the corner. That’s interesting. How did they know you liked Chipotle?
And wait a minute. How did they know where you were?
That’s an example Attorney General Doug Gansler gave in an interview last week about the far reach of Internet data collection into our daily lives, from dining choices to GPS connections.
As the new president of the National Association of Attorneys General – NAAG for short – Gansler has targeted Internet privacy as the focus of his year at the top.
Invasion of privacy
“Clearly, what the Internet companies are doing is an invasion of privacy,” Gansler said. “It certainly could very well be an acceptable and appropriate invasion of privacy,” much as airport security has become an accepted invasion of privacy [Huh? Bob] – up to a point.
“Most of the things we look up on the Internet are free, but there’s a legitimate interest for those companies to make money,” Gansler said. “Where to draw that line is the dialogue we’ll be having in NAAG.”


Even if all their lawyers are named Don Quixote, they might someday bag a real dragon...
EFF Challenges National Security Letter Statute in Landmark Lawsuit
July 18, 2012 by Dissent
Matt Zimmerman writes:
Since the first national security letter statute was passed in 1986, the FBI has issued hundreds of thousands of such letters seeking private telecommunications and financial records of Americans without any prior approval from courts. Indeed, for the period between 2003 and 2006 alone, almost 200,000 requests for private customer information were sought pursuant to various NSL statutes. Prior to 2011, the constitutionality of this legal authority to investigate the records of Americans without court oversight had been challenged in court — as far as we know — exactly one time. EFF is today releasing FBI-redacted briefing from a major new ongoing case in which it is challenging one of the NSL statutes on behalf of a telecommunications company that received an NSL in 2011.
Read more about the case and issue on EFF.


Did them furriners get it right?
"Last week, a Canadian Supreme Court decision attracted attention for reduced copyright fees for music and video. Michael Geist has a detailed analysis that concludes there are two bigger, long term effects. First, Canada has effectively now adopted fair use. Second, the Supreme Court has made technological neutrality a foundational principle of Canadian copyright. The technological neutrality principle could have an enormous long-term impact on Canadian copyright, posing a threat to some copyright collective tariff proposals and to the newly enacted digital lock rules."


Who owns your computer system?
"Despite weaknesses in the Linux-hostile 'secure boot' mechanism, both Fedora and Ubuntu decided to facilitate it, by essentially adopting two different approaches. Richard Stallman has finally spoken out on this subject. He notes that 'if the user doesn't control the keys, then it's a kind of shackle, and that would be true no matter what system it is.' He says, 'Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys; in other words, turn it into restricted boot.' Stallman adds that 'this is not a security feature. This is abuse of the users. I think it ought to be illegal.'"


College Algebra, How to use Excel, and Field stripping your AK47... The future of education?
Syrian Rebels Use YouTube, Facebook for Weapons Training
Rebels fighting against Bashar Assad in Syria’s civil war are outgunned, outmanned and largely aren’t professional soldiers. So they’re turning to social media for tutorials in how to use their weapons.
In the video above, a faceless individual offers a 15-minute crash course in Arabic on the basics of assault rifles. It’s posted to the YouTube channel FSAHelp, for “Free Syrian Army,” as the resistance calls itself. Additional videos on the channel demonstrate how to shoot from a prone position, how to creep up on an enemy from a hidden position, and hand-to-hand combat. The hi-def videos are fairly high quality, with actors wearing ski masks and toting guns in wooden fields demonstrating combat maneuvers.


For my Data Mining and Data Analytics classes.
Study: WikiLeaked Data Can Predict Insurgent Attacks
Insurgencies are amongst the hardest conflicts to predict. Insurgents can be loosely organized, split into factions, and strike from out of nowhere. But now researchers have demonstrated that with enough data, you might actually predict where insurgent violence will strike next. The results, though, don’t look good for the U.S.-led war.
And they’re also laden with irony. The data the researchers used was purloined by WikiLeaks, which the Pentagon has tried to suppress. And the Pentagon has struggled for years to develop its own prediction tools.


I like the concept of KickStarter – I just haven't decided which of my brilliant ideas need to be kicked...
4 Keys to a Winning Kickstarter Campaign
Mention Kickstarter these days and blockbuster campaigns come to mind. There’s Ouya’s blistering $2 million in one day for a new Android gaming console (it’s raised more than $5 million to date), and the Nifty MiniDrive, external memory for Apple MacBooks. The tiny storage company is more than 2,000% above its $11,000 goal with 15 days left in the campaign.
But for all the success stories on Kickstarter, there are many, many failures. So what’s the secret to ending a campaign with tall boys rather than tears? Wharton Business School professor Ethan Mollick and social entrepreneur Jeanne Pi examined data from almost 50,000 Kickstarter campaigns. They found four keys to a successful Kickstarter campaign: Realistic goals, timing, a bit of marketing, and strong social media ties.


Data Analysis Students Don't tell anyone, you'll change the odds!
Can an algorithm win your fantasy football league?


Perspective Aer we finally easing out that old (1876) technology?
Texting overtakes calling in U.K., says research
According to research published by the U.K.'s communications regulator, Ofcom, on Monday, text messaging is outstripping actually making a call. Last year 58 percent of people communicated via text messaging on a daily basis, while only 47 percent made a mobile call at least once a day, the watchdog found.


Tools

Tuesday, July 17, 2012


There is more than one way to target voters...
Elections Ontario reveals privacy breach of voter data
July 17, 2012 by admin
From CBC News:
Elections Ontario has discovered a privacy breach that involves the personal information of voters in up to 24 provincial ridings.
CBC News has learned that memory sticks containing personal information about voters have gone missing from the office of the chief electoral officer for Ontario.
The information on the missing memory sticks includes the full name, address, gender and birth date of voters and may also include information on whether or not these same individuals voted.
Read more on CBC News. The story says the data were encrypted, which means this may not be a breach at all, by most definitions. An investigation is under way.


What a surprise!
Drone Records Gush from FAA Spigot, But Privacy Issues Not a Priority
July 16, 2012 by Dissent
Scott Shackford writes:
The Electronic Frontier Foundation’s (EFF) Freedom of Information Act lawsuit against the Federal Aviation Administration over drone records bore fruit Friday and lots of it. The EFF reports receiving thousands of documents connected to 125 certificates to authorize the use of drones by agencies big and small across the United States. EFF has posted .zip files containing documents from some of the agencies for public review (some of the files would not open, though). [Never blame intransigence for what can be attributed to incompetence Bob]
EFF Staff Attorney Jennifer Lynch blogged Friday that the foundation hadn’t had the chance yet to really delve into the records documents but said there are still a lot of privacy questions about the use of drones. Indeed, after looking over documents by several agencies requesting certification for drone use, I’m not seeing any sort of documented discussion about privacy issues at all. There are maps documenting the flight areas for each drone, but that information is provided for safety and logistics purposes, not as a disclosure indicating limits of surveillance intentions. The documents show a lot of planning on training, safe use, and dealing with emergencies, but very little discussion of privacy.
Read more on Reason Online.


Maybe the Supremes weren't “serious about dat?”
ACLU Files Brief Opposing Warrantless GPS Searches
July 17, 2012 by Dissent
Andrew Crocker writes:
In 2010, the FBI attached a GPS device to the car of a man named Fred Robinson and continuously monitored his whereabouts for nearly two months—all without getting a warrant. Now Robinson is on trial, and on Friday, the ACLU and its affiliate, the ACLU of Eastern Missouri, filed an amicus brief in his case, United States v. Robinson, which raises important Fourth Amendment issues about police use of GPS trackers for surveillance.
Although the Supreme Court addressed this subject in its landmark decision in United States v. Jones earlier this year, the government still maintains that GPS tracking without a warrant is constitutional.
The problem (as we discussed here) is that Jones did not fully settle the warrant issue. Interpreting the Fourth Amendment’s prohibition against “unreasonable searches and seizures,” the Supreme Court has developed a two-part inquiry to determine the constitutionality of surveillance practices. First, a court must determine whether the practice constitutes a “search” at all. This is answered byJones; all nine justices unanimously held that the GPS tracking at issue was a search covered by the Fourth Amendment.
However, Jones did not reach the second half of the question: whether GPS tracking is an unreasonable search when conducted without a judicial warrant. In our Robinson brief, we argue that especially for invasive searches like GPS tracking, the lack of a warrant should be fatal.
Read more on ACLU.

(Related)
Article: The Fourth Amendment in a World Without Privacy
July 17, 2012 by Dissent
Omer Tene points us to an article he wrote, “The Fourth Amendment in a World Without Privacy.” The article was published in Mississippi Law Journal, Vol. 81, No. 5, p. 1309, 2012.
Here’s the Abstract:
This Article explores the relationship between private and public surveillance. Every year, companies spend millions of dollars developing new services that track, store, and share the words, movements, and even the thoughts of their customers. Millions now own sophisticated tracking devices (smart phones) studded with sensors and always connected to the Internet. They have been coaxed to use these devices to access fun and valuable services to share more information, more of the time. Our country is rapidly becoming a surveillance society. [“Becoming?” Bob]
Meanwhile, the police can access the records that the surveillance society produces and stores with few impediments. Current Fourth Amendment doctrine — premised on the reasonable expectation of privacy test and elaborated through principles such as assumption of risk, knowing exposure, and general public use — places far fewer hurdles in front of the police when they use the fruits of somebody else’s surveillance than when they do the surveillance themselves. As the surveillance society expands, the police will learn to rely more on the products of private surveillance, and will shift their time, energy, and money away from traditional self-help policing, becoming passive consumers rather than active producers of surveillance. Private industry is destined to become the unwitting research and development arm of the FBI. If we continue to interpret the Fourth Amendment as we always have, we will find ourselves not only in a surveillance society, but also in a surveillance state.
If we believe that the Fourth Amendment can and should survive the coming reach of private surveillance, it is not enough to prescribe mild tweaks to the third-party doctrine. A more thorough reinvention of the Fourth Amendment is in order. We should rebuild the Fourth Amendment atop a foundation of something other than privacy, and this Article extends the work of other scholars who have convincingly suggested that the Fourth Amendment was originally intended and is better interpreted to ensure not privacy but liberty from undue government power.
You can download the full article from SSRN.


So, what am I worth?
As Andrew Lewis once said “If you’re not paying for something, you’re not the customer; you’re the product being sold”.
… More accurately, the product is our personal data, which is being sold to advertisers, collected in massive databases, and used to target advertising and built up detailed profiles on us.


I'm beginning to think my Statistics class should learn to make pretty pictures to explain all that Math.
July 16, 2012
Census Bureau Launches Infographic on U.S. Veteran Population
"This month as we celebrate our nation's Independence, we reflect on the original veterans who helped found this country. How do we know about today's heroes? This new infographic provides a statistical snapshot of our veterans from the American Community Survey (conducted annually) and the Survey of Business Owners (from the five-year economic census). This summer, the Census Bureau will provide more infographics and interactive features that will answer the question, “How Do We Know?” Visit to learn more about “How Do We Know?” and follow @uscensusbureau on Facebook, Twitter, Flickr, YouTube and Pinterest (#HowDoWeKnow) for updates."

(Related) Statistics for my CS geeks, but without the pretty pictures. (All in spreadsheets for easy number crunching)
July 16, 2012
Census - Computer and Internet Use at Home: 2010 These tables provide information about computer and Internet use
  • "These tables provide information about computer and Internet use from the Current Population Survey (CPS) School Enrollment and Internet Use Supplement. The tables display national and state level data and examine householder and individual characteristics by school enrollment, age, race, sex and Hispanic origin. Additional tables use data from the Survey of Income and Program Participation (SIPP) to examine how and why people connect to the Internet. The CPS has been collecting data on computers and Internet use periodically since 1984. SIPP data on this subject have been collected since 1998."

(Related) I have enough trouble explaining that half the world is below average...
2 percent of Americans trust everything on the Web
A survey performed on behalf of Mancx, a community for business answers, says that 98 percent of people distrust information they find online. Should we care about the 2 percent?
… Indeed, many, many Americans are skeptical about whether information they find online is outdated (56 percent), or whether the presence of too many ads suggests bias (59 percent). They worry that, in seeking answers, the results they are given are being promoted by interested parties (53 percent).
The startling headline Mancx offers from this work is: 98 percent of Americans distrust the information they find on the Internet.


Students: All your skills (and all your MS Textbooks) are once again obsolete!
July 16, 2012
Microsoft Launches the new Office
News release: "Today, Microsoft Corp. CEO Steve Ballmer unveiled the customer preview of the new Microsoft Office, available at office.com/preview. The next release features an intuitive design that works beautifully with touch, stylus, mouse or keyboard across new Windows devices, including tablets. The new Office is social and unlocks modern scenarios in reading, note-taking, meetings and communications and will be delivered to subscribers through a cloud service that is always up to date."


For my students
July 16, 2012
UK Government to open up publicly funded research
"The government has announced that it will make publicly funded scientific research available for anyone to read for free, accepting recommendations in a report on open access by Dame Janet Finch. This will likely see a major increase in the number of taxpayer-funded research papers freely available to the public...Science Minister David Willetts said: “Removing paywalls that surround taxpayer funded research will have real economic and social benefits. It will allow academics and businesses to develop and commercialise their research more easily and herald a new era of academic discovery."


For my students: Watch the video.
Tech Minute: Learn a new language via Google
These days, we turn to Google for help with just about everything. So why not use it to help learn a foreign language? Google is in the middle of experimenting with a new, free program that immerses you into your foreign language of choice while you surf the Web.


A simple summarizing tool? I see a research project coming soon...
Monday, July 16, 2012
MindMaple is a desktop mind mapping application that recently released a free product for Windows users. MindMaple Lite is a free download for Windows users who want to create mind maps on their desktops.
Like any good mind mapping tool Mind maps created with MindMaple Lite can include images, links, and text. One of the handy features of MindMaple is the ability to draw loose elements into a group. In other words, you don't have to construct elements in a connected sequence. You can move elements of your mind map into groups after you've put them on the canvas. Completed mind maps can be exported to Microsoft Office.
I don't think that MindMaple is superior to any of these web-based mind map creation tools, but if you're looking for a mind mapping tool that runs on a desktop, give MindMaple a try.


Whatever you do, make sure our secretaries don't see today's Dilbert.