Saturday, February 16, 2013

Any reason why they trusted this site? Perhaps they should have taken some simple (and reasonable) precautions.
Facebook says it was hacked, claims member data safe
Facebook today admitted that its systems were hacked last month when staffers unknowingly installed malware to laptops. The social network called the attack sophisticated, but claimed that no user data was compromised.
"This attack occurred when a handful of employees visited a mobile developer website that was compromised," Facebook said in a statement posted today on its security blog. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops."


If you look up the role of Mangement, you will find that managers: plan, organize, staff, direct, and control. If you find a government boodogle like this, you will also find that they failed to plan, organize, staff, direct, or control.
"According to the LA Times, 'California's computer problems, which have already cost taxpayers hundreds of millions of dollars, have mounted as state officials cut short work on a $208-million DMV technology overhaul that is only half done. The state has spent $135 million total on the overhaul so far. The state's contractor, HP Enterprise Services, has received nearly $50 million of the money spent on the project. Botello said the company will not receive the remaining $26 million in its contract. ... Last week, the controller's office fired the contractor responsible for a $371-million upgrade to the state's payroll system, citing a trial run filled with mishaps. More than $254 million has already been spent.' It's hard not to feel like the Tokyo man in the street watching the latest round of Godzilla the state vs. Rodan the big contractor."


The Feds may see this as a proper interpretation of the law, but I wonder what a jury would think? Nothing new, but a brief recap for my students.
Feds Say Megaupload Entrapment Claim Is ‘Sensationalist Rhetoric’
Calling it “sensationalist rhetoric,” federal authorities took the offensive late Thursday for the second time in as many months to blast Megaupload for its contention that the authorities entrapped the now-shuttered file-sharing service.
… Megaupload essentially contends that, at a minimum, federal authorities punished Megaupload for cooperating with the prosecution of rival file-sharing site NinjaVideo. At a maximum, Megaupload contends federal officials set up Megaupload for its downfall.
The controversy centers on Megaupload complying with a then-secret U.S. search warrant targeting five of its users, who were running their own file-sharing service using Megaupload’s infrastructure. Eighteen months before Megaupload was indicted in January 2012, Megaupload complied with the warrant and turned over a database on the 39 pirated movies detailed in the warrant that linked the files to the file-sharing service NinjaVideo, which was later indicted.
Though the feds had already begun quietly investigating Megaupload months before, in this case the government treated Megaupload as NinjaVideo’s internet service provider, and asked it to keep the NinjaVideo warrant quiet.
Despite Megaupload’s cooperation, the 39 infringing NinjaVideo files were later used against the popular file-sharing service (.pdf) as evidence to seize Megaupload.com domains and prosecute Dotcom and others connected to the site. That’s because Megaupload did not delete the 39 movies from its servers. The government used that fact to demonstrate that the company knew full well that its service was being used for piracy.


Dang! I've been scooped. Now I have to start my study of porn over from the beginning...
Deep Inside: A Study of 10,000 Porn Stars and Their Careers
For the first time, a massive data set of 10,000 porn stars has been extracted from the world’s largest database of adult films and performers. I’ve spent the last six months analyzing it to discover the truth about what the average performer looks like, what they do on film, and how their role has evolved over the last forty years.


For my Website students. Always steal from the best!
Bootsnipp is a free to use web service that provides code snippets for design elements on webpages. You can search for a particular webpage design element or simply browse them through the homepage. Clicking on an element opens its page where you can preview it and copy its code snippet. The code can be edited on the page and the preview is updated in real time.
Similar tool: Bootswatch,

Friday, February 15, 2013

Perhaps you could start with Grover's Mill, NJ?
Hackers can easily breach Emergency Alert Systems
Hackers broke into several television stations' Emergency Alert Systems this week and broadcast that zombies were "rising from their graves" and "attacking the living."
While a comical hoax, security consultancy firm IOActive warns that this type of behavior is dangerous and not that hard for hackers to do, according to Computerworld. This week it's zombies, but next time it could be something that might make people really panic, such as an anthrax or terrorist attack.


For my Ethical Hackers...
Some sleight of hand will allow iOS 6.1 hackers to access your phone application, listen to your voice mails, and place calls.
A YouTube video showing users how to “bypass iPhone 5 passcode” on Apple’s latest iOS releases, including iOS 6.1, has been published. The person who uploaded the video shows how anyone can access the phone application on a passcode-protected iPhone.
Read more on CNET.


What are the odds in Vegas?
California County Inching Toward Drone Deployment?
Will Alameda County become California’s first local government to deploy a drone?
If the decision were up to dozens of angry residents and several civil rights groups, the answer would be a resounding “No.” They urged the Bay Area county’s leaders, in a public hearing sometimes filled with acrimony Thursday, to squash a plan by the Alameda County Sheriff’s Department to deploy up to two small, lightweight drones.
“We oppose the use of public resources to buy machines to surveil its citizens,” Michael Seigel, a member of Alameda County Against Drones, said to rousing applause by many of the 150 people in attendance before the Alameda County Board of Supervisors’ Public Protection Committee.
Moments later, Sheriff Gregory Ahern said: “We object to the term surveil. We have no intention of doing that.”
Outbursts from the audience suggested they did not believe that the drones would be used for more than the stated goals of search-and-rescue, firefighting, bomb-detection and, among other things, crime-scene preservation.
At one point during the hours-long hearing, an Alameda County sheriff’s official said the drones, which the department labeled ”small unmanned aircraft systems,” would only focus on nothing smaller than felony investigations.
Later on, however, Sheriff Ahern said: “I don’t want to lock myself into just felonies.”


For my f.. f.. forensics students.
"Researchers at the University of Erlangen demonstrate how to recover an Android phone's confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag."
[From the paper:
We present FROST, a tool set that supports the forensic recovery of scrambled telephones. To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM.


Something for professors who don't want to be in the same room as lawyers?
February 14, 2013
Distance Learning in Legal Education: A Summary of Delivery Models, Regulatory Issues, and Recommended Practices
"The Working Group for Distance Learning in Legal Education is pleased to have the opportunity to present this Blue Paper - Distance Learning in Legal Education: A Summary of Delivery Models, Regulatory Issues, and Recommended Practices - A Summary of Delivery Models, Regulatory Issues, and Recommended Practices. This Blue Paper is intended to provide law schools and interested parties a summation of distance learning opportunities, tools, and considerations. Unlike other sectors in higher education, law schools have little experience with distance learning or online education. Recent technological advances, as well as economic exigencies, have lead several law schools to contemplate launching one or more online programs. To date, a handful of schools have distance learning LLM programs and a few offer non-JD masters programs. As the American Bar Association considers loosening distance learning restrictions, and traditional law schools consider diversifying beyond their JD program, distance learning becomes one intriguing option. This Blue Paper attempts to guide those schools beginning to explore distance learning opportunities. We recognize three fundamental questions, and attempt to provide a discussion—if not answers—to each." [April M. Barton]


Sometimes you are handed the straight line and the punch line and all you need to do is shut up!
Chubby Checker sues Hewlett-Packard over app to measure penis size
Rock'n'roll pioneer Chubby Checker is suing two computer companies for allowing his name to be used as the title of an app that guesses the size of a man's penis.
Checker's lawyers are seeking half a billion dollars for the "irreparable damage and harm" caused by the Chubby Checker, an app for Hewlett-Packard's Palm OS platform. "This lawsuit is about preserving the integrity and legacy of a man who has spent years working hard at his musical craft and has earned the position of one of the greatest musical entertainers of all time," explained lawyer Willie Gary.


Perhaps my students would find it amusing? Or antiquated.
Adobe releases source code for 1990 version of Photoshop
… All the code is here with the exception of the MacApp applications library that was licensed from Apple. There are 179 files in the zipped folder, comprising about 128,000 lines of mostly uncommented but well-structured code. By line count, about 75% of the code is in Pascal, about 15% is in 68000 assembler language, and the rest is data of various sorts.


There might be something here for textbooks or professional journals.
Concept Video Shows The Book Of The Future
We are seeing a big push into interactive publishing. From iPads to Chromebooks to mobile devices … the future of books is a hot topic right now. There are places like Boundless offering free customized open source textbooks and even textbook publishers building entire iTunes U for classes. The book of the future is being written right now, it seems.
In the above video, design consultancy IDEO shares their vision for the future of the book. It’s an interesting take on what the new experience of reading might entail.
Read more about the book over at IDEO’s official website.


I often ask my students what Apps they use...
The 16 Apps And Tools Worth Trying This Year
With classrooms growing increasingly more technology-oriented, it makes sense that developers latch onto the education sector when creating inspired new applications. The past year (roughly speaking) saw many different launches aiming to keep students (and, in some cases, teachers) better prepared and informed for whatever academia hurls their way.


For my amusement...
… A proposed bill in Oregon would require that high school students take college credits in order to graduate.
… Textbook app-maker Kno unveiled “Advance,” its new publishing platform that promises to turn any PDF into “an interactive e-book in minutes at no cost.”
… “The Most Thorough Description (to date) of University Experience with MOOC.” The report (PDF) addresses Duke’s creation of a course on the Coursera platform. Among the findings: “Over 600 hours of effort were required to build and deliver the course, including more than 420 hours of effort by the instructor.” “At the time of enrollment, one-third of enrolled students held less than a four year degree, one third held a Bachelors or equivalent, and one-third held an advanced degree.” Read the whole thing.

Thursday, February 14, 2013

Isn't the definition of insanity “Doing the same thing over and over and expecting a different result?” Or is that the definition of bad politics? “The voters have spoken and we have pretended to listen.”
Two U.S. lawmakers have reintroduced a controversial cyberthreat information-sharing bill over the objections of some privacy advocates and digital rights groups.
As promised, Representatives Mike Rogers, a Michigan Republican, and C.A. “Dutch” Ruppersberger, a Maryland Democrat, have reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA), a bill that would allow private companies to share a wide range of cyberthreat information with U.S. government agencies.
Read more on Computerworld. EFF has this to say about it all.


Looks like he thinks it's 'no big deal.'
February 13, 2013
New on LLRX - When judges, jurors and the Internet collide
Via LLRX.com - When judges, jurors and the Internet collide: In the past, attorney Nicole L. Black has described misguided attempts by judges to excessively penalize jurors for using social media or the Internet during the pendency of trials. In fact, over the last year, judges have gone so far as to fine or jail jurors who have used social media during trial, and legislators have proposed laws that would criminalize such conduct. This despite the fact that jurors have been violating judges' orders not to research or discuss pending cases since the dawn of jury trials.


“We love our customers, but we don't trust them.”
"With the launch of Office 2013 Microsoft has seen fit to upgrade the terms of the license agreement, and it's not in favor of the end user. It seems installing a copy of the latest version of Microsoft's Office suite of apps ties it to a single machine. For life. On previous versions of Office it was a different story. The suite was associated with a 'Licensed Device' and could only be used on a single device. But there was nothing to stop you uninstalling Office and installing it on another machine perfectly legally. With that option removed, Office 2013 effectively becomes a much more expensive proposition for many."


Perhaps a great movie, but is it the best educational tool possible?
Steven Spielberg to send 'Lincoln' DVDs to schools
Steven Spielberg is sending free copies of his historical drama "Lincoln" to schools across the country so students can learn about President Abraham Lincoln.
DVDs will be distributed to every public and private middle and high school in the country as part of an educational outreach campaign called "Stand Tall: Live Like Lincoln," which urges youngsters to follow in the 16th president's example. A statement from Spielberg reads, "As more and more people began to see the film, we received letters from teachers asking if it could be available in their classrooms. We realized that the educational value that 'Lincoln' could have was not only for the adult audiences -- who have studied his life in history books -- but for the young students in the classroom as well."


Interesting...
February 14, 2013
Obama Administration Launches College Scorecard
Department of Education Blog: "Too often, students and their families don’t have the right tools to help them sort through the information they need to decide which college or university is right for them. The search can be overwhelming, and the information from different colleges can be hard to compare. That’s why, today, our Administration released a “College Scorecard” that empowers families to make smart investments in higher education. As the President said last night, we want to help families get the most bang for their educational buck. The College Scorecard – as part of President Obama’s continued efforts to hold colleges accountable for cost, value and quality – highlights key indicators about the cost and value of institutions across the country to help students choose a school that is well-suited to meet their needs, priced affordably, and is consistent with their educational and career goals."


Your computer can help you proofread...
… WordTalk is a fantastic example of how a text-to-speech plug-in can be done for Word, and best of all, it’s completely free.
WordTalk has all the features you need from a text-to-speech program. You can also change the voice of the computer to one that suits your personal tastes. As it reads the text, it highlights it, which makes it easier to follow along with the voice. You can change the color of the highlight to match your preferences. You can also change the speed at which the program reads the text to you.
Another cool thing that this program does that I have not seen from others is the ability to save the speech for listening later. It can save as a WAV or MP3 so you can take the files on a portable media player for listening when it is convenient for you.

Wednesday, February 13, 2013

8 pages to say, “let people know before they become victims?”
Executive Order Aims to Facilitate Sharing of Information on Threats
President Barack Obama signed an executive order on Tuesday designed to make it easier to disseminate classified information on threats against critical infrastructure systems and to lay the groundwork for obtaining information from the private sector that would help the government protect critical infrastructures in the U.S.
The order, which runs eight pages (.pdf), directs the Attorney General’s office, the office of Homeland Security Secretary Janet Napolitano and the Director of National Intelligence to issue instructions to their agencies that would “ensure the timely production of unclassified reports of cyberthreats to the U.S. homeland that identify a specific targeted entity” [Perhaps they will stop with the “Pearl Harbor” nonsense Bob] to Congress and also develop a program for providing “classified cyber threat and technical information from the Government to eligible critical infrastructure companies or commercial service providers that offer security services to critical infrastructure,” according to the document.


...becoming obvious?
By now many lawyers and business managers have heard of the term “Big Data,” but many may not understand exactly what it refers to, and still more likely do not know how it will impact their clients and business (or perhaps it already is). Big Data is everywhere (quite literally). We see it drive the creative processes used by entertainment companies to construct the perfect television series based on their customer’s specific preferences. We see Big Data in action when data brokers collect detailed employment information concerning 190 million persons (including salary information) and sell it to debt collectors, financial institutions and other entities. Big Data is in play when retailers can determine when its customers are pregnant without being told, and send them marketing materials early on in order to win business. Big Data may also eventually help find the cure to cancer and other diseases
The potential uses and benefits of Big Data are endless. Unfortunately, Big Data also poses some risk to both the companies seeking to unlock its potential, and the individuals whose information is now continuously being collected, combined, mined, analyzed, disclosed and acted upon. This post explores the concept of Big Data and some of the privacy-related legal issues and risks associated with it.
Read more on InformationLawGroup.


“Welcome to Texas, where cattle are cattle no matter how many legs they have.”
The State of Texas made millions of dollars selling your private information last year. We’re talking about your name, address, and even what kind of car you drive.
The Texas Department of Motor Vehicles (DMV) claims protecting your information is a top priority for them. A federal law guides them on just who can buy your private information and how they use it. But we found out the Texas DMV might not be monitoring this as closely as they claim.
[...]
CBS 11’s I-Team Investigator Mireya Villarreal discovered nearly 2,500 agencies or businesses purchased the DMV’s data in some form last year. On this list there are towing companies, collection agencies, insurance companies, hospitals, banks, schools, city governments, and even private investigators. How much they pay depends on the kind of information or quantity they’re looking for.
Read more on CBS. And if you make it deeper into the article, you’ll find this interesting statement:
The Driver Privacy Protection Act is a federal law. And the fine print actually says businesses can use your information for marketing or solicitations if the state has obtained your consent. That means, some drivers can opt in or out of these databases.
Problem is – Texas didn’t adopt that portion of the law. So, drivers in the Lone Star State are stuck. But Elliston says if you feel like your information is being abused you can report the company.
CBS also provides a spreadsheet that lists all the companies that purchased personal information in 2012. If you’re a Texan, you may want to take a look at that. The schools listed seem to be universities, and it’s often their campus police or parking departments that have purchased information.


Stranger and stranger...
February 12, 2013
EPIC Obtains New Documents About FBI Cellphone Tracking Technology
EPIC - "In the fifth interim release of documents in EPIC v. FBI, a Freedom of Information Act lawsuit, the agency has turned over nearly 300 pages about the surveillance technique directed toward users of mobile phones. The documents obtained by EPIC reveal that agents have been using "cell site simulator" technologies, also known as "StingRay," "Triggerfish," or "Digital Analyzers" to monitor cell phones since 1995. Internal FBI e-mails, also obtained by EPIC, reveal that agents went through extensive training on these devices in 2007. [12 years after first use? Bob] In addition, a presentation from the agency's Wireless Intercept and Tracking Team argues that cell site simulators qualify for a low legal standard as a "pen register device," an interpretation that was recently rejected by a federal court in Texas. For more information, see EPIC v. FBI (StingRay)."


“We're going to give every soldier a smartphone!”
“Okay, we're not going to give everyone a smartphone, we're going to allow them to BYOD to the war.”
“Okay, we're not really going to allow them to bring their own insecure phones...”
“We are designing this for three years out because we know what the smartphones will be able to do in three years.”
Okay, we don't really know, but we kinda know...”
Okay, we're hoping you forget all about this in three years...”
Pentagon Inks Deal for Smartphone Tool That Scans Your Face, Eyes, Thumbs
In a few years, the soldier, marine or special operator out on patrol might be able to record the facial features or iris signature of a suspicious person all from his or her smartphone — and at a distance, too.
The Defense Department has awarded a $3 million research contract to California-based AOptix to examine its “Smart Mobile Identity” biometrics identification package, Danger Room has learned. At the end of two years of research to validate the concepts of what the company built, AOptix will provide the Defense Department with a hardware peripheral and software suite that turns a commercially available smartphone into a device that scans and transmits data from someone’s eyes, face, thumbs and voice.


This is a joke, right?
Crisis: Teens have started sleep-texting
… As Elizabeth Dowdell, a nursing professor at Pennsylvania's Villanova University, told CBS Philadelphia: "The phone will beep, they'll answer the text. They'll either respond in words or gibberish."
So far, then, it's no different from when they're awake.
However, the professor warned portentously that these texts "can even be inappropriate."
So far, then, it still no different from when they're awake. Though one imagines that it's slightly harder to sext when you're not exactly conscious. Or perhaps not.
The professor says that when the teens wake up they have no memory of these texts.


This could be useful...
Mobile devices are merely the product of convergence: telegraphs, telephones, letters, newspapers, magazines, and books are now all in one paper-thin package (not to mention video games, maps, and other virtual tools).
… This is where RSS feeds come in: they send the content – and only the content – to your RSS reader of choice.
Byline is what I would consider to be a meta-reader. It takes your feeds from Google Reader (as well as Instapaper and Pocket), and converts each title to be readable on your iPhone.
… Avoiding data rate charges can be a hassle, but with Byline, all your reading material is regularly saved all at once via WiFi for offline browsing. This means there is no need to sync with your data plan while on the go. Everything is stored (even the images) to the RSS browser for you to check out later. In fact, you can store up to 2000 items!


The death of an academic “tradition?”
"Academic researchers want to make their papers open access for the world to read. If they use traditional publishers like Elsevier, Springer or Taylor & Francis, they'll be charged $3000 to bring their work out from behind the paywall. But PeerJ, a new megajournal launched today and funded by Tim O'Reilly, publishes open access articles for $99. That's not done by cutting corners: the editorial process is thorough, and they use rigorous peer-review. The cost savings come from running lean and mean on a born-digital system. The initial batch of 30 papers includes one on a Penn and Teller trick and one on the long necks of dinosaurs."
$99 entitles you to publish an article a year, for life. $300 nets you unlimited articles published per year.

Tuesday, February 12, 2013

LOCAL “On the Internet, everybody knows you're a victim.” Privacy of victims is apparently not on the DA's checklist.
Survivors of the Colorado movie theater massacre have been harassed by conspiracy theorists who posted victims’ addresses and phone numbers online, prosecutors said in a motion to have the victims’ names redacted.
James Holmes is charged with murder and attempted murder in the midnight shooting that killed 12 people and wounded 58 others during the premiere of a Batman movie, “Dark Knight Rises.”
Arapahoe County Judge William Sylvester in November ordered names released of those injured and killed.
The media had claimed there would not be “any danger to the physical safety of any witnesses, or the substantial probability of attempted witness tampering.”
But Arapahoe County District Attorney George Brauchler said in his new motion last week that the victims’ personal information has made the rounds on the Internet, at the hands of skeptics who doubt that the July 20, 2012 shootings happened as reported.
“Since the time this case was filed, unforeseen events continue to adversely affect the lives of the victims and witnesses in this case,” Brauchler wrote in a Motion for Reconsideration.
Read more on Courthouse News.
Should the court shield survivors’ names because of conspiracy theorists or those who might use the disclosure to contact victims’ friends and family or survivors in ways that may be experienced as harassing? The prosecutors cite Colorado’s Victims’ Rights Act as their justification for the request.
It’s balancing act time, it seems. Which way do you think the balance should tip in this case?
[Don't blame the judge for releasing the names:
The original criminal complaint filed against Holmes contained a list of the names and addresses of dozens of witnesses and victims of the shootings.


I can't let this go unanswered. This can only happen if you have no control over your operating environment. It requires that you have no way to identify who is doing what in your system. Us MBA-types call this “really bad management!”
Dan Raywood has a piece in SC Magazine about how long it takes to detect breaches:
Companies are still failing to detect data breaches and hacking incidents, with outsiders getting access and sitting on the corporate network for up to two years in some cases.
According to the Trustwave 2013 global security report, organisations fail to detect attacks and breaches and EMEA Trustwave Spiderlabs director John Yeo said that this ‘exacerbates the data breach’. He said: “This is the point where an intrusion leads to a data breach, our investigation found that sometimes, attackers spent two years living in the environment and exposing data records.”
Read more on SC Magazine.
I wonder how/whether the Trustwave and Verizon DBIR findings might be used in the lawsuit naming Trustwave for their role in the South Carolina Department of Revenue breach. The court is currently considering dismissing them as a defendant. Their findings might also be relevant should they be sued for their role in the more recent Jetro/Restaurant Depot breach.
As always, I guess we’ll have to wait to see.


How bad was it?
Risk Based Security and the Open Security Foundation released a report this morning, Data Breach QuickView: An Executive’s Guide to Data Breach Trends in 2012. The report summarizes some of the major statistics for 2012, based on analysis of the incidents compiled in OSF’s DataLossDB. As most readers know by now, I am involved in DataLossDB project, and I contributed to the writing of this report.
From the 2012 at a Glance:
  • The 2,644 incidents represent a 117.3% increase over the previous high mark recorded in 2011.
  • Over 267 million records were exposed. Over 150 million records were exposed in a single incident (Shanghai Roadway), setting a new record for number of records exposed in a breach or data loss incident.
  • The Business sector accounted for 60.6% of reported incidents, followed by Government (17.9%), Education (12.0%), and Medical (9.5%).
  • The Business sector accounted for 84.7% of the number of records exposed, followed by Government (12.6%), Education (1.6%), and Medical (1.1%).
  • The Data Services industry accounted for just 0.3% of incidents, but 56.2% of exposed records.
  • 76.8% of reported incidents were the result of external agents or activity outside the organization:
    • Hacking accounted for 68.2% of incidents and remained the #1 breach type for the second consecutive year. Hacking accounted for 22.8% of exposed records in 2012.
    • 7.3% of reported incidents involved a third party. These incidents accounted for 6.2% of the exposed records.
  • Insiders accounted for 19.5% of incidents and 66.7% of exposed records:
    • Insider wrong-doing accounted for 7.1% of reported incidents and 56.8% of exposed records.
    • Insider errors accounted for 8.9% of incidents and 5.1% of exposed records.
  • Breaches involving U.S. entities accounted for 40.7% of the incidents reported and 25.0% of the records exposed.
  • Individuals’ names, passwords, email addresses, and other miscellaneous data were exposed in nearly 45% of reported incidents. In combination, this data is more than enough information to commit identity fraud on a large scale.
  • 14.4% of breaches included a Social Security Number or Non-US Equivalent.
  • After removing the single incident of 150 million and any incidents for which we do not have the number of records exposed, on average, 55,863 records were exposed per incident in 2012.
You can download the report here. A more detailed analysis of the 2012 incidents will be available in a fuller report to be released next month.
Some of the statistics may appear to conflict with others’ reports or findings. As always, differences in methodology are important to appreciate, as is the impact of state laws on breach disclosures. As one example, the majority of state breach notification laws often only apply to electronic records, not paper. The 2012 statistics, then, may be a significant underestimate for breaches involving paper records and for sectors such as the Education sector where FERPA does not require breach notification and where state laws may or may not require notification under a “harm” threshold.


They keep saying this. It is clearly a rather amateurish attempt to “justify” new and intrusive “spying on Americans” laws.
U.S. said to be target of massive cyber-espionage campaign
A new intelligence assessment has concluded that the United States is the target of a massive, sustained cyber-espionage campaign that is threatening the country’s economic competitiveness, according to individuals familiar with the report.
The National Intelligence Estimate identifies China as the country most aggressively seeking to penetrate the computer systems of American businesses and institutions to gain access to data that could be used for economic gain.


Would Google extend this courtesy to me?
Google warns journalists in Myanmar of state-sponsored email hacks
The New York Times reports that several journalists who cover Myanmar may have had their email accounts hacked by "state-sponsored attackers." Journalists in the country say that warnings from Google began appearing last week, and the Times says some journalists speculate that the attack could be linked to a conflict in the northern region of the country, where government troops have fought rebels for control of territory. Myanmar has only recently opened up restrictions on news media, which was tightly controlled during decades of military rule; the Times notes that the country now has successful weekly publications that have begun to report on topics that could make the government uncomfortable.


Amazingly hard to get students to plug numbers into the formulas in their textbooks. “It can't be that simple!”
"Children in the Baltic state will learn statistics based less on computation and doing math by hand and more on framing and interpreting problems, and thinking about validation and strategy. From the article: 'Jon McLoone is Content Director for computerbasedmath.org, a project to redefine school math education assuming the use of computers. The company announced a deal Monday with the Estonian Education ministry to trial a self-contained statistics program replacing the more traditional curriculum. “We are re-thinking computer education with the assumption that computers are the tools for computation.,” said Mr. McLoone. “Schools are still focused on teaching hand calculating. Computation used to be the bottleneck. The hard part was solving the equations, so that was the skill you had to teach. These days that is the bit that computers can do. What computers can’t do is set up the problem, interpret the problem, think about validation and strategy. That is what we should be teaching and spending less time teaching children to be poor computers rather than good mathematicians.”'"

(Related)
"The January edition of Science, Technology & Human Values published an article titled, Technological Change and Professional Control in the Professoriate, that details interviews with 42 faculty members at three research-intensive universities. The research concludes that faculty have little interest in the latest IT solutions. 'I went to [a course management software workshop] and came away with the idea that the greatest thing you could do with that is put your syllabus on the Web and that's an awful lot of technology to hand the students a piece of paper at the start of the semester and say keep track of it,' said one. 'What are the gains for students by bringing IT into the class? There isn't any. You could teach all of chemistry with a whiteboard. I really don't think you need IT or anything beyond a pencil and a paper,' said another."


Another research resource?
FindPDF is a free to use website that gives you access to many publicly available PDF files. You simply enter the name of the document that you are looking for. If you do not have the exact name, then you can type in a few words and a keywords search is executed. Results are shown and you can click on them to view the documents online. Original documents can be downloaded as well from the website.
Similar sites: PDFSb, LocPDF, PDF Search Engine, Data-Sheet, and LivePDF.

Monday, February 11, 2013

“Allow me to obfuscate...”
I came across a media report on what appears to be a breach involving card numbers of guests and employees of Island Resort & Casino in Michigan. But was it their breach or not?
Read the casino’s statement:
We would like to address the many rumors that are in circulation regarding the harvesting of credit/debit card information for use in unauthorized transactions.
Unfortunately, we have received reports that guests and employees of the Island Resort & Casino have had their debit/credit card information compromised while on property. As soon as we started receiving these reports, we immediately began working with those affected to not only determine the source of the compromise but also to ensure that no other guests or employees would be affected by these unscrupulous acts of fraud.
While in the process of working with the financial institutions of those affected by these acts of fraud, we have verified that all systems and processes of the Island Resort & Casino/Island Oasis are secure/uncompromised and that these incidents were NOT just isolated to the Island Resort & Casino/Island Oasis, but were also occurring on a local and national level as well.
As a result, we are encouraging everyone who has used their credit/debit card for ANY transactions to please check their credit/bank statements for any signs of fraudulent activity.
They repeat some of that in this media report.
So what are they saying? Guests who experienced fraud following use of their cards at the casino posted some frustrated comments on Facebook. In their shoes, I might feel frustrated, too. Was there a payment processor breach? Suggesting that the breach is regional or national would seem to rule out an ATM compromise, wouldn’t it? Did the casino bring in an expert firm to check their systems thoroughly to confirm that their system is secure or is their statement that their system is secure/uncompromised based on their own IT department’s investigation?
What really happened here? And why is there no notice on the casino’s web site? Posting signs on the premises or a Facebook page doesn’t reach everyone who may have experienced fraud and may be wondering whether the casino is aware of a problem.
I’ve emailed the casino to ask them to clarify their statement. If I get a response, I’ll update this post.


A little more detail please.
Katie Haas writes:
Aiming to determine the impact of border searches on Americans’ civil liberties, the Department of Homeland Security has produced a report on its policy of combing through and sometimes confiscating travelers’ laptops, cell phones, and other electronic devices—even when there is no suspicion of wrongdoing. [Surely that can't be true... Bob] The report was completed sometime between October 2011 and September 2012, and last week DHS quietly posted only the executive summary on its website, without many people noticing.
The report draws the highly questionable conclusion that the border search policy does not violate our Fourth Amendment right to privacy, chill our First Amendment rights to freedom of speech and association, or even result in discriminatory search practices.
Read more on ACLU


That's a pretty strange bug...
Some Flickr users have been receiving emails regarding a privacy-setting bug affecting their photos. Whether you’ve received this email or not, this bug may affect you if you have any photos on Flickr. According to the email, a site-wide bug was discovered that caused private photos to be switched to public. The bug was limited to photos uploaded between April and December of 2012.
Once the bug was discovered, Flickr decided to take an extra precaution and set every photo that may have been impacted to private.


One assumes the workers in the building will not go through the machines, only visiting citizens.
"The Federal Times, a weekly print newspaper published by Gamnett Government Media Corp, is reporting that the Rapiscan Systems 'backscatter' passenger screening machines used by the U.S. Transportation Security Administration will likely be redeployed to federal buildings. Rapiscan System's backscatter machines have exposed passengers to radiation since they were first installed. As previously reported on Slashdot, TSA decided last month to stop using the machines because the manufacturer was unable to make changes to the machines that were mandated by Congress. Now TSA is attempting to sucker another federal agency into taking the nude-o-scopes."


Allow me to point out the obvious. Serious terrorists do not spend a lot of time Tweeting their location and intent.
From Information Age:
A system from US defence contractor Raytheon that analyses social media data to profile individuals has been described as “the greatest challenge to civil liberties and digital freedom of our age”.
An article by The Guardian yesterday profiled the Rapid Information Overlay Technology (RIOT) system. It includes a demonstration video in which a Raytheon spokesman claims that by analysing social media data, it can provide geographical location of an individual and even “predict” criminal or terrorist activity based on social connections.
The RIOT system is not being used by any customers, the Guardian reported, but the underlying technology was developed in partnership with the US government and other commercial providers.
Read more on Information Age.


Another “First” but I doubt drones will have anything to do with finding this guy...
US To Use Drones In Chris Dorner Manhunt
… it was revealed that Dorner has become the first human target for remotely-controlled airborne drones on US soil.
A senior police source said: “The thermal imaging cameras the drones use may be our only hope of finding him.


Oh, the horror, the horror...
A Call for Drastic Changes in Educating New Lawyers
Faced with profound and seemingly irreversible shifts, the legal profession is contemplating radical changes to its educational system, including cutting the curriculum, requiring far more on-the-ground training and licensing technicians who are not full lawyers.
The proposals are a result of numerous factors, including a sharp drop in law school applications, [My God! We might run out of lawyers! Bob] the outsourcing of research over the Internet, a glut of underemployed and indebted law school graduates and a high percentage of the legal needs of Americans going unmet.

Sunday, February 10, 2013

Your Computer Security Manager should already have a plan to deal with this. If not, fire him and hire a real manager.
"Slate provides the first-person account of a CEO who received an e-mail with several business documents attached threatening to distribute them to competitors and business partners unless the CEO paid $150,000. 'Experts I consulted told me that the hacking probably came from government monitors who wanted extra cash,' writes the CEO, who successfully ended the extortion with an e-mail from the law firm from the bank of his financial partner, refusing payment and adding that the authorities had been notified. According to the article, IT providers routinely receive phone calls from their service providers if they detect any downtime on the monitors of network traffic installed by the Chinese government, similar to the alerts provided to telecom providers about VoIP fraud on their IP-PBX switches. 'Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move...' writes the CEO. 'With China's world and ours intersecting online, I expect we'll eventually wonder how we could have been so naive to have assumed that privacy was normal- or that breaches of it were news.'" [Over my your dead body! Bob]


I'm not sure the article matches the headline. For example, I don't recall UAV's in any of the Terminator or Toy Story movies. But some interesting ideas are tossed up for review.
From Terminator to Toy Story: drones for a better tomorrow
… Drone technology is highly dependent on the kind of future imagined by those that develop it. And the way it is governed will depend on which stories regulators pick up on.
… Liam Young from think tank Tomorrows Thoughts Today has developed an alternative story about drones in the future. He argues that the physical environment is dissolving, leaving a mainly mobile, nomadic infrastructure. Personal drones will become like cheap, flying smart phones.
… Today's legislation requires a contract for every drone flight. [In the UK Bob] Keeping this framework makes the pigeon-drone future impossible.
… The European Commission will produce a roadmap for integration of unmanned aerial vehicles into national aviation policy in the spring. I worry that the consultation for this has not reached all the corners of the community, who are mostly joined together by online forums and unused to engaging with Brussels. Websites like DIYDrones.org have blogs and online shops. Perhaps they could become centres of governance as well. This worked well for the DIY biology community, who created their own codes of practice.


Repeating Security tips is never redundant...
… Privacyfix is a free to use web service that analyzes privacy settings of your Facebook and Google accounts. The application installs an add-on onto your browser which scans your privacy settings. After a scan has been conducted, you are displayed the vulnerable areas and what their settings are. Issues that need fixing can be fixed by the use of a helpful Fix button. The website also reveals how much Facebook is making off internet ads from your level of activity on the social network.


Brilliant marketing move. (Get 'em while they're snowed in and bored!)
February 09, 2013
WSJ opens entire website to readers - no fee, until Sunday night
WSJ - Blizzard Sweeps Through Northeast - this site is free to all readers until midnight on Sunday, February 10, 2013.

(Related) Really anti-brilliant marketing move... (My MBA professors would have said this is the time to raise prices as become a true luxury good...)
… The bourbon brand, known for its bottles sealed with red wax, told customers today that it’s reducing the amount of alcohol in the beverage in order to meet rising global demand.


Something for my Intro to Computers course...
Teaching Tree - Video Explanations of Computer Science Concepts
Teaching Tree is a free resource for anyone who is interested in learning about computer science on his or her own. Teaching Tree offers videos organized into five categories with dozens of topics inside each category. The videos that you will find in Teaching Tree are a mix of short tutorials and longer lectures from university professors. The longer lectures are tagged with the key concepts that they contain. Clicking on a tag jumps you to the spot in the lecture that addresses the concept you want to learn about.
Registered Teaching Tree users can add videos and tag videos.
… You may also consider having your students search for or create videos to share on Teaching Tree and then tag them to help other people learn from their work. [Might be a good way for my students to demonstrate what they know... Bob]

(Related) The more effort I put into stealing someone else's work, the less work I have to do. Right?
… Teachem is a free to use web service that lets you hold online classes. Your classes can comprise of YouTube videos which you specify. You can select which parts of the video are included in the lectures and flashcards can be tied to specific parts of the video that display comments and ask questions. The built-in SmartNote system lets student store notes as they view the videos.
Your classes can be set as private or public, depending on the type of class you want, and it can be of any subject.