One
way to watch for subpoenas that might impact “Evil Bob” (Imagine
printing a page on Osama's printer that says, “Please step to the
window, Mr. Target”
"Blogger Adam Howard at
Port3000 has a post about Google's exposure of thousands
of publicly accessible printers. 'A
quick, well crafted Google search returns "About 86,800 results"
for publicly accessible HP printers.' He continues, 'There's
something interesting about being able to print to a random location
around the world, with no idea of the consequence.' He also warns
about these printers as a possible beachhead for deeper network
intrusion and exploitation. With many of the HP printers in question
containing
a web listener and a highly
vulnerable and unpatched JVM, I agree
that this is not an exotic idea. In the meanwhile? I have an
important memo for all Starbucks employees."
“Og
no export fire!”
"The U.S. Department of Defense
has stopped updating its main reference list of vital defense
technologies that are banned from export, according to a new report
from the Government Accountability Office (GAO), The Security Ledger
reports. The Militarily Critical Technologies List (MCTL) is used to
identify technologies that are critical to national defense and that
require extra protection — including bans on exports and the
application of anti-tamper technology. GAO warned six years ago that
the Departments of State and Commerce, which are supposed to use the
list, found it too broad and outdated to be of much use. The latest
report (GAO 13-157) finds that the situation has worsened: budget
cuts forced
the DOD to largely stop updating and grooming the list in 2011.
Sections on emerging technologies are outdated, while other
sections haven't been updated since 1999. Without the
list to rely on, the DOD has turned to a hodgepodge of other lists,
while officials in the Departments of State and Commerce who are
responsible for making decisions about whether to allow a particular
technology to be exported have turned to ad-hoc networks of subject
experts. Other agencies are looking into developing their own MCTL
equivalents, potentially wasting government resources duplicating
work that has already been done, GAO found."
Medicine
on your SmartPhone. An interesting video from one of those “news
magazine” TV shows. (yes, it surprised me too) I think this
one is actually worth watching.
The
key to better health care may already be in your pocket... and it's
not your wallet
Follow
up The case is still interesting.
Man
With 4th Amendment Written on Chest Wins Trial Over Airport Arrest
A Virginia man who wrote an abbreviated
version of the Fourth Amendment on his body and stripped to his
shorts at an airport security screening area won a trial Friday in
his lawsuit seeking $250,000 in damages for being detained on a
disorderly conduct charge.
… In sending the case to trial,
unless there’s a settlement, the 4th U.S. Circuit Court of Appeals
ruled 2-1 and reversed a lower court judge and invoked Benjamin
Franklin in the process. According to the opinion
by Judge Roger Gregory:
Here, Mr. Tobey
engaged in a silent, peaceful protest using the text of our
Constitution—he was well within the ambit of First Amendment
protections. And while it is tempting to hold that First Amendment
rights should acquiesce to national security in this instance, our
Forefather Benjamin Franklin warned against such a temptation by
opining that those ‘who can give up essential liberty to obtain a
little temporary safety, deserve neither liberty nor safety.’ We
take heed of his warning and are therefore unwilling to relinquish
our First Amendment protections—even in an airport.
… In dissent, Judge J. Harvie
Wilkinson wrote:
Had this protest
been launched somewhere other than in the security-screening area, we
would have a much different case. But Tobey’s antics diverted
defendants from their passenger-screening duties for a period, [They
acted outside of normal procedures? I doub't it. Bob] a
diversion that nefarious actors could have exploited
[What? TSA waved everyone else through while dealing with this?
Again I doubt it. Bob] to dangerous effect. Defendants
responded as any passenger would hope they would, summoning local law
enforcement to remove Tobey—and the distraction he was creating —
from the scene.
Could this become a trend? Somehow I
think it is more about marketing... (Do either of them have
“Automatic Warrant” Apps?)
Yahoo,
Like Google, Demands Warrants for User E-Mail
Yahoo demands probable-cause,
court-issued warrants to divulge the content of messages inside its
popular consumer e-mail brands — Yahoo and Ymail, the web giant
said Friday.
The Sunnyvale, California-based
internet concern’s exclusive comments came two days after Google
revealed to Wired that it demands probable-cause warrants to turn
over consumer content stored in its popular Gmail and cloud-storage
Google Drive services — despite the Electronic Communications
Privacy Act not always requiring warrants.
“We can't think of any reason why the
defenants need to know we gathered evidence from ElaborateHoax.net or
PhonyEvidence.com.” This is normal?
Court:
WikiLeaks Suspects Denied List of Companies Who Received Orders for
Records
A federal appeals court has ruled that
three suspects targeted in a WikiLeaks investigation have no right to
know from which companies, other than Twitter, the government sought
to obtain their records.
The ruling, published Friday, upholds a
magistrate’s earlier decision that “there exists no right to
public notice of all the types of documents filed in a sealed case”
and likens the 2703(d) orders in question to grand jury proceedings,
which are not subject to public access.
“In fact, they are a step removed
from grand jury proceedings, and are perhaps even more sacrosanct,”
the judges for the Fourth
Circuit Court of Appeals noted in their decision (.pdf).
“Because secrecy is necessary for the proper functioning of the
criminal investigations at this § 2703(d) phase, openness will
frustrate the government’s operations.”
I
recall lawyers drooling over the fortune they would make in Y2K
litigation.
Eric Roper reports that a lawsuit
filed last week following a breach involving an employee of the
Department of Natural Resources is not the only lawsuit in the works
involving the state’s drivers license database:
A Star Tribune
reporter received a letter in the mail from attorney Scott Kelly with
Farrish Johnson. It notes that records from the state indicate that
misuse of drivers records is “rampant.”
“We are looking
at other agencies including the DNR where abuses occured,” the
letter says. “If you are interested in pursuing a claim or would
like information about your rights, please feel free to contact me.”
In the Rock County
case, the firm found some of its 24 plaintiffs by placing an ad in
the local newspaper. Kelly said Friday that they only sent letters
to two people in relation to the DNR case.
After reviewing
state records and filing open records requests, he believes that a
minimum of 18,000 drivers records have been breached over the last
three years.
Read more on the Star
Tribune.
As much as I tend to discourage
litigation as it is usually of little benefit to consumers, in cases
where I see repeated breaches and the entity still hasn’t
adequately hardened their security, I think it’s appropriate. The
state has known for a while that they have a problem with authorized
users exceeding authorized access. So what have they done to impose
better access controls to prevent abuse?
If litigation is what it takes to get
the state off the dime to deal with repeated problems, so be it. As
I noted on DataBreaches.net, I’m not making any predictions as to
any lawsuit’s chances. But if I lived in Minnesota, I’d be
calling my state legislator to ask what the legislature is doing in
terms of oversight of the Department of Public Safety to ensure and
demand greater data protection and security for the driver’s
license database. Imposing
stiffer penalties on violators is not the same as preventing
abuse. [Amen! Bob]
In related coverage Roper reports that
the employee involved in the Department of Natural Resources incident
was a manager who oversaw training on data handling privacy:
Altogether, [John]
Hunt made about 19,000 queries of the Driver and Vehicle Services
(DVS) database over nearly five years — 11,800 of them while
off-duty.
The agency, which
had previously declined to release Hunt’s name, said Friday that it
was performing a “top-to-bottom” review of DNR employee access to
DVS data and “redoubling” employee training.
“This employee
not only violated the law, but betrayed the trust of the agency, his
supervisors, and fellow employees,” DNR Commissioner Tom Landwehr
said in a statement.
There is no
evidence Hunt sold or disclosed the information, but the massive
breach spurred lawmakers this week to call for tougher penalties and
more disclosure when public employees misuse government data. Two
lawsuits, both seeking class-action status, have been filed in
federal court by several of the 5,000 people who received data breach
letters.
The DVS database,
which contains photographs, addresses and driving records on
Minnesotans with a license, is protected by state and federal law
against illegitimate use. The agency fired Hunt on Jan. 11 and the
Duluth city attorney is reviewing the case for possible criminal
charges.
Ninety percent of
Hunt’s queries were for females, the agency said. The lookups
included local celebrities, politicians, judges, athletes, television
news people, state employees and “victims of various tragedies,”
according to Hunt’s disciplinary letter and an investigative
report. Several Star Tribune reporters were among the 5,000 lookups.
Read more on Star
Tribune.
Is it
up to my standards for teaching App creation? I'm a minor hardware
hack from starting my own phone company. Stay tuned...
"WindowsAndroid is a very cool
tool from the Beijing-based startup SocketeQ
that lets
you run Android 4.0 (Ice Cream Sandwich) as a native application
on Windows Vista, Windows 7, or Windows 8 machines. The creators
tell us they have a deep background in virtualization, operating
system, and graphics technologies, and have been working on the
project for years. Essentially, WindowsAndroid allows you not only
to execute Android apps on your Windows computer, but also use the
browser, not to mention every other component of the operating
system."
(Related)
and possibly redundant...
Remotely
controlling your phone through your computer has a number of
advantages. When the phone is lost, you can make it ring and find
it, you can use your keyboard to type and send text messages, and
more. Here to help you offer those features and a few bonus ones is
a tool called PocketDo.
Check
out PocketDo @
play.google.com/store/apps/details?id=com.unicorntoast.mrroboto.android
Similar
tools: LazyDroid,
Android
Screencast and AirDroid.
...for
my amusement.
… Georgia State University
will offer course credit to students who take MOOCs, according to The
Chronicle of Higher Education. Students will
have to work with the university and departments to demonstrate
mastery over the course material, and if they can will get credits
without having to pay additional fees.
… Another week, another new MOOC
venture: Academic Partnerships, a company that helps universities
offer online courses, unveiled MOOC2Degree, which
will allow its clients to offer MOOCs for credit.
The universities involved include the University of Arkansas system,
the University of Cincinnati, the University of Texas at Arlington
College of Nursing, the University of West Florida, and Cleveland
State, Florida International, Lamar, and Utah State Universities.
“Under the arrangement,” writes
The New York Times, “Academic Partnerships will handle
recruitment for MOOC2Degree and will receive an undisclosed share of
the tuition the universities get from students who continue into a
degree program.”
… “The
world’s most popular professor,” MIT’s Walter
Lewin, will teach
a MOOC — 8.02x Electricity and Magnetism — through edX.
Lewin’s course materials (published through MIT Opencourseware) and
his lecture videos (on YouTube) have been incredibly popular. The
latter have had over 11.4 million views. [How would
we find “The world's best teacher?” Bob]
… The International Finance
Corporation — an investment arm of the World Bank — has invested
$150 million equity investment in Laureate Education,
a or-profit education company that, according
to Inside Higher Ed, “operates 65 career-oriented colleges in
29 countries.” [Why? Bob]
I
suspect this illustrates the dream of every high school math
teacher... Or at least, the ones who taught my students.