Saturday, March 23, 2013

I suppose we needed a few examples of how poor information sharing has been without President Obama's new mandates, but two years? Where else could we lay the blame?
From the college’s press release today:
Tallahassee Community College, on Friday, announced that an unauthorized acquisition of computerized data that may materially compromise the security, confidentiality, or integrity of personal information occurred in March 2011.
College officials were recently notified of the breach of security by federal officials. The federal investigation resulted in the conviction of a Miami, Fla., man on one count of conspiracy to submit false claims to the Internal Revenue Service, one count of access device fraud, and two counts of aggravated identity theft.
“TCC values the protection of private information, so we take this matter very seriously,” said TCC Chief of Police David Hendry. “We have identified the group of individuals whose information may have been compromised, and we will immediately begin the process of contacting each one.”
According to Hendry, the College believes the breach occurred internally and impacts approximately 3,300 individuals. An investigation into the breach is ongoing.
Beginning Monday, TCC will mail personalized letters to the persons potentially impacted by the data breach. The letters will detail what steps individuals can take to check the security of their identities; TCC will also provide additional resources, including a TCC hotline to provide further information.
If the federal investigation led to a conviction, then the feds clearly knew about this for a while. Why didn’t they inform the college before now? And why didn’t the college discover this breach on their own two years ago? What does the police chief mean that it occurred “internally?” Is he suggesting an employee was implicated in wrongdoing or something else?


Practically everyone is contributing to the “Hacking for fun and profit” guidebook...
"Twitter, Linkedin, Yahoo! and Hotmail accounts are open to hijacking thanks to a flaw that allows cookies to be stolen and reused. Attackers need to intercept cookies while the user is logged into the service because the cookies expire on log-out (except LinkedIn, which keeps cookies for three months). The server will still consider them valid. For the Twitter attack, you need to grab the auth_token string and insert it into your local Twitter cookies. Reload Twitter, and you'll be logged in as your target (video here). Not even password changes will kick you out."


I've been screaming for better security, so I should support a bank that offered it. But was it so much more costly or time consuming (same thing) that they could not make it the default option? In this case, it looks like “Dual Control” was turned down because one of the two authorizers might be out of the office. Saving a few bucks on a couple of Smartphones cost them $440,000 (plus court fees)
More on the lawsuit and countersuit between Choice Escrow and Land Title and BancorpSouth, mentioned previously on this blog. Tracy Kitten reports:
A federal court has sided with a Mississippi bank in a lingering dispute with a customer over financial losses linked to an account takeover incident dating back to March 2010. That means the bank will not have to cover the cost of the loss or pay damages.
On March 18, in a summary judgment filed in a U.S. District Court in Missouri, a magistrate judge favored BancorpSouth in its legal dispute with Choice Escrow Land Title LLC over a $440,000 loss that resulted from fraudulent wire transfers.
Read more on BankInfoSecurity.com.

(Related)
"In an effort to increase security for user accounts, Apple on Thursday introduced a two-step verification option for Apple IDs. As the 'epic hacking' of Wired journalist Mat Honan proved, an Apple ID often carries much more power than the ability to buy songs and apps through Apple's App store. An Apple ID can essentially be the keys to the Kingdom when it comes to Apple devices and user maintained data, and as Apple explains, is the key to many important things you do with Apple, such as purchasing from the iTunes and App Stores, keeping personal information up-to-date across your devices with iCloud, and locating, locking, or wiping your devices.' 'After you turn [Two-step verification] on, there will be no way for anyone to access and manage your account at My Apple ID other than by using your password, verification codes sent your trusted devices, or your Recovery Key, a support entry announcing the new service explained."

(Related) Perhaps you should take Apple up on the improved security...
Apple ID password reset exploit reportedly in the wild
A new exploit lets anyone who knows your birthday and e-mail address reset your Apple ID password, according to a new report.
The exploit, described by The Verge though not posted publicly, makes use of a special URL that gets around the need for a security question, a security measure Apple put in place on all Apple ID accounts last April.
The reported exploit does not work on accounts with two-step verification enabled, which Apple introduced yesterday, and does away with the security question in favor of sending a four-digit PIN code to a cell phone that needs to be entered along with the typical password.
"Apple takes customer privacy very seriously," an Apple spokesperson told CNET. "We are aware of this issue and working on a fix."


I never even considered that there might be an 'honest to God” Red-Light camera advocacy group...
Red-Light Cameras Can Stop Crime, Says Red-Light Camera Advocacy Group
One way to catch criminals is by giving police departments access to red-light camera footage even when a traffic violation isn’t involved, according to a nonprofit that argues in favor of the law-enforcement devices.
The National Coalition for Safer Roads, whose stated mission is to “save lives and protect communities by demonstrating how red light safety cameras can improve driver behavior,” announced the findings in a new study that contends the cameras can catch criminals guilty of infractions far greater than rolling through a red light. The coalition is funded by American Traffic Solutions, a manufacturer of traffic-control devices such as red-light cameras, so let’s just say the researchers’ motives might not be entirely altruistic.


On the road to “Do Not Track?”
itwbennett writes
"Do you know what data the 1300+ tracking companies have on you? Privacy blogger Dan Tynan didn't until he had had enough of being stalked by grandpa-friendly Jitterbug phone ads. Tracking company BlueKai and its partners had compiled 471 separate pieces of data on him. Some surprisingly accurate, some not (hence the Jitterbug ad). But what's worse is that opting out of tracking is surprisingly hard. On the Network Advertising Initiative Opt Out Page you can ask the 98 member companies listed there to stop tracking you and on Evidon's Global Opt Out page you can give some 200 more the boot — but that's only about 300 companies out of 1300. And even if they all comply with your opt-out request, it doesn't mean that they'll stop collecting data on you, only that they'll stop serving you targeted ads."

(Related) Tracking data is valuable...
"PayPal, Google Wallet and other online payment systems face higher transaction fees from MasterCard in retaliation for their refusal to share data on what people are spending. Visa is likely to follow suit. The amount that PayPal has to pay MasterCard for every transaction will go up as the latter introduces new charges for intermediated payment processors. This change is on the grounds that such processors don't share transaction details, which the card giants would love to get hold of as it can be used to research buying patterns and the like. Companies such as PayPal allow payments between users, so the party (perhaps a merchant) receiving the money doesn't need to be registered with the credit-card company. PayPal collects the dosh from the payer's card, and deducts a processing fee before passing the cash on to the receiving party. MasterCard would prefer the receiver to be registered directly so will apply the new fee from June to any payment that is staged in this way."


Inevitable I suppose, but don't the sex offender laws strip offenders of any and all rights? (Colorado also has a sex offender site: http://sor.state.co.us/)
Luke Duecy reports:
A group of convicted sex offenders is suing three websites for posting their photos and personal information and then allegedly charging them to take the information down.
In their federal lawsuit, the sex offenders claim that is extortion.
Read more on Komo News.
Update: Courthouse News has more on the RICO complaint, here. The plaintiffs also allege violations of California’s right of publicity law and intentional infliction of emotional distress.


What would Walter Cronkite say?
"Jack Mirkinson reports that Pew Research Center's annual "State of the Media" study found that, since 2007, CNN, Fox News and MSNBC have all cut back sharply on the amount of actual reporting found on their airwaves. Cheaper, more provocative debate or interview segments have largely filled the void. Pew found that Fox News spent 55 percent of the time on opinion and 45 percent of the time on reporting. Critics of that figure would likely contend that the network's straight news reporting tilts conservative, but it is true that Fox News has more shows that feature reporting packages than MSNBC does. According to Pew MSNBC made the key decision to reprogram itself in prime time as a liberal counterweight to the Fox News Channel's conservative nighttime lineup. The new MSNBC strategy and lineup were accompanied by a substantial cut in interview time and sharply increased airtime devoted to edited packages. The Pew Research examination of programming in December 2012 found MSNBC by far the most opinionated of the three networks, with nearly 90% of MSNBC's primetime coverage coming in the form of opinion or commentary."


So they must have a simple way to identify what are essentially “electronic gambling devices” but for some reason they can't close the operator down?
"Concerned about their use as fronts for gambling operations, the Florida legislature passed a law banning Internet cafes. The law appears to be a reaction in part to the recent stepping down of Lt. Gov. Jennifer Carroll, embroiled in a scandal involving a company that operates Internet Cafes. More ordinary cafes with Wi-fi, where you supply your own computer (such as Starbucks), are not affected by the ban."
The nomenclature here is confusing; the bill (PDF) (summary) is clearly aimed only at "cafes" that are essentially gambling venues; an Internet cafe wouldn't violate the proposed rule merely by providing computers. Whatever you think of prohibitions on gambling among consenting adults, the bill itself is sort of amusing for its very specific loopholes for bingo and "reverse vending machines."


Does this have potential?
Twitter Needs to Deal With Misinformation. Here's How
… Zeynep Tufekci is a fellow at Princeton University's Center for Information Technology Policy. Earlier this month, Tufekci tweeted what she thought was the new Pope's Twitter handle. It turned out that the username was a fake. Although Tufekci corrected herself immediately after discovering the mistake, it didn't stop people from seeing her older, incorrect tweet.
In a blog post later, Tufekci called on Twitter to create a feature that would alert innocent users to misinformation. Her suggestion? Allow the creator of the original, mistaken tweet to issue the offending tweet again, but this time with a big "REDACTED" or "ERROR" sign on it.*
As a way to promote transparency and accountability among users, this isn't a bad idea. But as Tufekci points out, there's also no guarantee that everyone will see the second tweet with the correction appended. Nor would the system do anything to modify her original, mistaken tweet, which is still living in cyberspace (she didn't delete it so that there would be a record both of the error and the correction).
Given that some people almost certainly saw just the wrong information and not the correction, I'd suggest an addition to Tufekci's idea—a feature that:
  • Lets users mark their own tweets as incorrect after the fact, much in the way that users are able to mark their tweets as "favorites" now; that then
  • Flags the content publicly with a colored tab; and
  • Alerts anyone who clicks "retweet" that the tweet has been marked as incorrect by the original user.


Now this looks interesting...
Friday, March 22, 2013
Monosnap - A Screen Capture Tool for Mac, Windows, iOS and Chrome
… Monosnap is now available for Windows, iOS, and Chrome.
To get started using Monosnap download the version that is appropriate for your device. Once installed you can use Monosnap to capture a portion or all of your screen. Like other screen capture tools you can write on your captured images, draw arrows, and obscure parts of the image. One neat option in Monosnap is capturing your screen after a ten second delay. The delayed capture option gives you time to get everything into place for the image. That's particularly handy when you're trying to capture a pop-up box or drop-down menu that otherwise would disappear when you click away from it. You can save your screen captures on your computer or upload them to a free Monosnap account.
Applications for Education
Monosnap, like other screen capture tools, could be used for creating directions on how to use a new program or application. The option to obscure parts of an image is useful if you want to hide contact information that was accidentally captured in your screen capture.


All hail the Google! (Because most students just think they know how to use it)
… We are vocabulary challenged because we are lazy about looking up new words. Don’t be; you can use a single dictionary like the excellent Dictionary.com to learn new words…get their pronunciations right…use synonym dictionaries to find similar words…use a few slang dictionaries to learn urban speak…have some fun with video dictionaries…or just use Google.


For my rock 'n roll niece...
Thanks to guitar tabs being shared online, playing songs on the guitar has become easier than before. But sometimes, you need to see somebody play the song and visually check out their chord progressions and other techniques.
… Soundslice is a free to use web service that offers you guitar tabs of songs along with videos. You can search the website for songs and find their guitar tabs. As the tabs are shown, you will find a video of somebody performing the song. The speed of the video can be slowed down so you can better observe the things being played. You can create your own videos on the site as well and share it with your friends and students to instruct them.

No comments: