How to phrase your “Get
out of jail Free!” card?
Judge
Dismisses Much of PlayStation Hacking Suit
October 19, 2012 by admin
Lucille Scott reports that a federal
judge has thrown out much of the potential class action lawsuit by
PlayStation users who say that the Sony
security breach exposed more than 69 million personal and credit
card accounts to theft. Scott reports:
The 36-page order
dismisses several claims such as negligence, unjust enrichment,
bailment and violations of California consumer protection statutes.
Sony did not
violate consumer-protection laws “because none of the named
plaintiffs subscribed to premium PSN services, and thus received the
PSN services free of cost,” Battaglia wrote.
Read more on Courthouse
News.
Somewhat disturbingly, the judge held
that Sony’s Privacy Policy included “clear
admonitory language that Sony’s security was not ‘perfect,’”
therefore “no reasonable consumer could have been deceived.”
So as long as a site puts in some
disclaimer like “we’re not perfect in our security,” there is
no recourse for what might be really sloppy security? Wow. How
would that play out in other cases that have been litigated already
or in the hopper to be litigated?
Venkat
Balasubramani also blogged about this dismissal last week, but I
missed it somehow. Do check his blog entry for more on the various
issues raised in the case.
Attention Ethical Hackers.
Technique #406 is out of the bag.
St.
Scholastica hack sheds light on Macalester IT security
October 19, 2012 by admin
Emma WestRasmus reports:
“What was the
name of your first pet? What’s your favorite color? What’s your
mother’s maiden name?”
We all know the
drill. Whenever we start a new account we are prompted for answers
to challenge questions that will surely be easy to remember. But for
more than two dozen students at the College of St. Scholastica in
Duluth the answers to questions needed to reset their student account
passwords might have been just a little too easy to figure out.
Earlier this month 28 students’ email accounts at St. Scholastica
were hacked when hackers were able to answer the
student’s challenge questions on their Self-Service Password Reset
service simply through information obtained through the students’
social media pages.
Read more on The
Mac Weekly. Once the hackers were able to access the e-mail
accounts, they reportedly used information found in the accounts for
fraudulent purposes.
Attention my fellow vets! Is
encryption required on all Consultant computers (since that's where
the data resided last time.)
VA
Computers Remain Unencrypted, Years After Breach
October 19, 2012 by admin
Patience Wait reports:
Following a
high-profile data breach six years ago, the U.S. Department of
Veterans Affairs spent almost $6 million on encryption software for
its PCs and laptops. But an investigation by the department’s
inspector general determined that the encryption
software has been installed on only 16% of its computers.
Read more on InformationWeek.
Related: Department of
Veterans Affairs Review of Alleged Incomplete
Installation of Encryption Software Licenses. OIG
report, October 11, 2012.
“We have lots of room left in
Gaantanamo and we're trying to fill it.”
"The New Matilda reports how
the U.S.
is now able to extradite people for minor offences, and asks why
foreign governments so willingly give up their nationals to the U.S.
to 'face justice' over minor crimes committed outside US borders?
Lawyer Kellie Tranter writes 'the long arm of the
Government is using criminal enforcement powers to enforce commercial
interests at the behest of corporations and their
lobbyists.' A Former NSW Chief Judge said it was bizarre 'that
people are being extradited to the US to face criminal charges when
they have never been to the U.S. and the alleged act occurred wholly
outside the U.S.' He said although copyright violations are a great
problem, a country 'must protect its nationals from being removed
from their homeland to a foreign country merely because the
commercial interests of that foreign country.' Australia recently
'streamlined'
its laws to make
extradition to the U.S. even easier."
Ah, English! Such a confusing
language, espically when spoken by bureaucrats... “They didn't
withhold anything, but we need to determine if the didn't disclose
something...”
SEC
finds Facebook didn't hold back info from investors -- report
The Securities and Exchange Commission
didn't find any evidence that Facebook withheld
pertinent information from investors prior to its initial public
offering, Bloomberg
reported today.
… While the investigation isn't
over, the commission has determined that Facebook did not act
wrongly, an unnamed source told Bloomberg. The SEC is still looking
at whether or not retail investors lost money because the
company didn't disclose certain information about mobile's
impact on Facebook's business.
It's a simple technique (operative
word: “simple”) that anyone including my students can use. Since
it allow you to plant or remove evidence, you do need to use it only
with adult supervision. Why would the cops want to remove evidence?
(Perhaps the RIAA wants them to?)
Dutch
government seeks to let law enforcement hack foreign computers
October 19, 2012 by admin
Lucian Constantin reports:
The Dutch
government wants to give law enforcement authorities the power to
hack into computers, including those located in other countries, for
the purpose of discovering and gathering evidence during cybercrime
investigations.
In a letter
that was sent to the lower house of the Dutch parliament on
Monday, the Dutch Minister of Security and Justice Ivo Opstelten
outlined the government’s plan to draft a bill in upcoming months
that would provide law enforcement authorities with new
investigative powers on the Internet.
According to the
letter, the new legislation would allow cybercrime investigators to
remotely infiltrate computers in order to install
monitoring software or to search them for evidence. Investigators
would also be allowed
to destroy illegal content, like
child pornography, found during such searches.
Read more on IT
World.
Essentially, they pretend to be a cell
phone tower, but with a stronger signal that others in the
neighborhood.
FBI
Accused of Dragging Feet on Release of Info About “Stingray”
Surveillance Technology
October 19, 2012 by Dissent
Ryan Gallagher reports:
Tracking cell
phones by tricking them into operating on a bogus network is a law
enforcement tactic shrouded in secrecy. Now the FBI is under
pressure to release information about it—but the bureau doesn’t
want to let go of 25,000 pages of documents on sophisticated cell
surveillance technology.
Read more on Slate.
[From
the article:
The FBI has found 25,000 pages of
documents that relate to the request, about 6,000 of which are
classified—but says it may need up to three years
to process the files before they can be released. [We don't read so
good... Bob]
In a bid to appease EPIC’s grumbles
about timescale, earlier this month the bureau released a 0.3 percent
slither of the 25,000. The meager 67
pages were heavily redacted—containing only a glossary of
jargon that related to cell networks along with blanked out copies of
an internal manual called "GSM cell phone
tracking for dummies.”
… But this isn’t just a
federal-level issue. According to a
report by LA Weekly last month, state cops in
California, Florida, Texas, and Arizona have also used Stingray
technology. Farther afield, in
the Czech Republic, there are concerns that similar devices may
be in the hands of criminals. And DIY Stingrays can
be built by anyone with $1,500
to burn and a bit of hacker savvy. One
way to help protect yourself is to use
encryption.
Another shot at protecting
data. Can the US be far behind? (unfortunately, yes)
Colombia
Enacts Data Protection Law
October 19, 2012 by Dissent
Colombia enacted an omnibus data
protection law this week. Read about it on Privacy
and Information Security Law Blog.
(Related) There must be
something we can learn from this...
National
Comprehensive Data Protection/Privacy Laws and Bills 2012 Map
October 19, 2012 by Dissent
A great resource by David Banisar,
Senior Legal Counsel of Article19.org, has been updated and uploaded
to SSRN. Here’s the abstract:
Over 90
countries and jurisdictions around the world have adopted
comprehensive data protection/privacy laws to protect personal data
held by both governments and private companies. This map shows which
countries have adopted laws or have pending initiatives to adopt one.
The new version now includes small jurisdictions and island states.
You can download the map here.
“You were right to think your
computer was private, unfortunately for you we're not going to let
that get in the way of sending you to jail.”
Supreme
Court of Canada finds reasonable expectation of privacy in
work-issued laptop
October 19, 2012 by Dissent
David T. Fraser writes:
The Supreme Court
of Canada just released its decision in R
v Cole, 2012 SCC 53, in which a majority of justices of the Court
held that a teacher at a school had a reasonable expectation of
privacy in the contents of his work-issued laptop. Nevertheless,
evidence of child pornography found on it by the school, which was
then given to the police, was found to be admissible evidence.
Read more on Canadian
Privacy Law Blog.
Interesting.
Google’s
Knowledge Graph Now Explains Connections Between Your Query And Items
In “People Also Search For” Section
Google just announced
a small but interesting update to its Knowledge Graph panels.
Instead of just showing you a list of related items that other people
also searched for, hovering over these icons now shows you how they
are related to your search query.
Currently, Google says, this works for
actors, movies and TV shows, as well as “family connections amongst
famous people in the Knowledge Graph.”
… Just recently, for example,
Google used this information to power its
Bacon Number calculator and started highlighting the Knowledge
Graph boxes even more prominently by moving the results to the top
of the screen for some searches.
Just for me...
… British
Columbia announced its support for open textbooks
at the Open Education 2012 conference this week, becoming the first
Canadian province to do so. BC will create openly
licensed textbooks for the 40 most popular first- and second-year
courses in its university system.
… Random
House says that libraries
own their e-books. That’s the headline of a
LibraryJournal article, and it’s a pretty big deal considering that
many of the other Big 6 Publishers have been acting as though
libraries license rather than own e-books when they
purchase them.
… The University of Phoenix
will be closing
115 locations, its parent company the Apollo Group announced,
following a fall by 60% in its fourth quarter net
income. Some 13,000 students will be affected.
[From
the article:
University of
Phoenix currently has about 328,000 students, down from a peak of
more than 400,000. Following the closures, it will be left
with 112 locations in 36 states, the District of Columbia
and Puerto Rico.
… Udacity
announced several
new classes this week that point to a possible business model and
curriculum trajectory for the startup. The new classes are a
collaboration with corporations — Google, NVIDIA, Microsoft,
Autodesk, Cadence, and Wolfram to start — and teach
skills and systems pertaining to those companies’ products.
If you go to the same sites each day,
this might make your life simpler...
If you’re a big fan of RSS feeds for
getting your daily dose of news and fun, then you’ll love Feedly.
It’s one of the most stylish, intuitive ways to read
RSS feeds and Twitter content. So, Firefox users will
also be pleased to note that it’s available as a Firefox extension
and works beautifully in the browser.
… Now, to make Feedly amazing you
really need to start an account and customise your feeds and social
networks. Feedly works closely with Google Reader RSS feeds, so it
should come as no surprise that you need to log in to Feedly using
your Google account. Feedly will then regenerate your Feedly page
using your RSS feeds from Google Reader.
… Feedly is not just available in
Firefox. It’s also available as a Chrome extension and for various
mobile devices, so you can keep using Feedly as your main RSS reader
and social network catch-up anywhere you go.
Similar Tools
There are plenty of great RSS readers,
and many recently have taken to the magazine style format. If you
want to see some similar alternatives, check out Pulse
and iPad
RSS readers such as Flipboard.
I'll be posting this for my students
Resources
for Data Literacy
The single most important tool I’ve
found for improving Digital Literacy is Wolfram Alpha. At your
fingertips, whether on your phone, tablet, or laptop, you have access
to all the world’s readily available data. All you have to do is
ask. The best thing I can do to improve data literacy is to teach
students (and other adults I know) to question the facts they are
being quoted as gospel. Here are a bunch of searches I’ve done
recently to verify or refute data someone has told me in
conversation.
- Facebook Report (to generate a report of all your Facebook data)
While my top choice for digital
literacy is Wolfram Alpha, there are some other resources that are
great for understanding, interpreting, and visualizing data. Here
are a few:
- Gapminder (the software used by Hans Rosling in his many, many TED Talks)
- Worldmapper (territories are scaled/resized according to the subject of interest)
- Measure of America (look at interactive maps and data about Social Science in the U.S.)
- Human Development Reports (explore public data from the United Nations using a variety of visualizations)
- Visual.ly (create your own infographic around a set of data)
- Many Eyes (from IBM, create a visualization around your data)
- Google Trends (explore how a search term has fared over time)
- Google Correlate (find searches that correlate with real world data)
- Google Fusion Tables (fuse two sets of data together and visualize)
There are also a few sites that do a
fantastic job of creating and sharing data visualizations:
You should really really
watch this! A really short video that promises a lot!
Ryan
Merkley: Online video -- annotated, remixed and popped
Talks: In less than 6
minutes
Videos on the web should
work like the web itself: Dynamic, full of links, maps and
information that can be edited and updated live, says Mozilla
Foundation COO Ryan Merkley. On the TED stage he demos Popcorn
Maker, a new web-based tool for easy video remixing. (Watch
a remixed TEDTalk using Popcorn Maker -- and remix it yourself.)