Saturday, July 27, 2013

A pawn sacrifice or Czar takes pawn?



U.S. tells Russia that Snowden won't face death penalty
   In a letter sent to Russia and obtained by CBS News, Holder wrote that Snowden, who faces charges of espionage by the U.S. government, would not be put up for the death penalty or be tortured if he were extradited to the U.S.


For my Computer Security students. 
From Verizon:
… Verizon is addressing this need by launching a new initiative to collect, organize and publish all publicly disclosed data breaches.  The data is coded into VERIS format and available in an interactive dashboard via Tableau Public as well as in individual files in JSON format in a GitHub repository.  Both can be reached from the VERIS Community site as well.
The VERIS Community Database goes live this week with more than 1,200 reported incidents from the last few years.  This initial batch of data comes from the Department of Health and Human Services (HHS) incidents, the sites of the various Attorneys General that provide breach notification source documents, media reports and press releases.  The goal is to continue to augment this dataset to capture as many incidents as possible so that others can benefit.
This data is provided as a resource to benefit the industry at large, as the ability to access and query data breach information improves everyone’s ability to protect their organizations and data.
Read more on Verizon.


New Jersey again.  The “Lower  Merion” incident was a while ago (2010), but at least New Jersey noticed.
John Mooney reports:
The provocatively named Anti-Big Brother Act arose out of a situation in Pennsylvania in which a school district was accused of spying on students through their school-issued laptops, including taking literally thousands of pictures.
New Jersey legislators seeking to prevent such incidents here passed the new law this past spring. It requires districts to notify students and their families that computers issued to them may be equipped to record their locations and use.  It also says that such information will not be used “in a manner that would violate the privacy rights of the student or any individual residing with the student.”
But that’s where things can get murky, so the state Department of Education this week released additional guidelines about what the law covers and what other policies should also be in place to cover extenuating circumstances.
Read more on NJ Spotlight.


One of those interesting “thought experiments.” 
Could the Government Get a Search Warrant for Your Thoughts?


Privacy is subjective.  Is that a new thought? 
What We Talk About When We Talk About Privacy
The past, present, and future of a public anxiety
In the video above, three prominent thinkers discuss the past and future of privacy in the United States.  Privacy, they point out, has always been contingent on the culture and the technology of the people who aim to preserve it -- and to violate it.   "Government intrusion was not a factor, I would say, until the turn of the 20th century," the law professor Robert Ellis Smith notes.


I would not have predicted this outcome. 
Derek Scally reports:
Ireland’s Data Protection Commissioner (DPC) has dismissed a complaint that the Irish subsidiaries of Facebook and Apple breached EU law by sharing data with US intelligence service via the Prism programme.
The DPC ruled there was “nothing to investigate” in a complaint filed by Austrian privacy campaigner Max Schrems, as Apple and Facebook had, in their view, acted within the terms of the EU-US data-sharing agreement, dubbed the “Safe Harbour” .
Read more on Irish Times.  TechCrunch has additional details.


Didn’t this used to be the other way round? 
Jacob Sullum of Reason writes:
The lead story in today’sNew York Times suggests that Chief Justice John Roberts has been stacking the Foreign Intelligence Surveillance Court (FISC) with government-friendly conservatives. [Didn’t that used to be an oxymoron?  Bob]  Charlie Savage reports that “86 percent of his choices have been Republican appointees, and 50 percent have been former executive branch officials.”  The corresponding figures for Roberts’ two predecessors, William Rehnquist and Warren Burger, are 66 percent and 39 percent, respectively.  “While the positions taken by individual judges on the court are classified,” Savage writes, “academic studies have shown that judges appointed by Republicans since Reagan have been more likely than their colleagues to rule in favor of the government in non-FISA cases over people claiming civil liberties violations.”  He notes that critics troubled by the chief justice’s FISCal power have proposed changing the way the judges are appointed.
Although it is plausible that the shift Savage identifies has produced a court somewhat more deferential to the Justice Department’s requests, the effect may not be apparent in the day-to-day work of the court, where the government’s nearly perfect record probably is due to the weak standards created by Congress.
Read more of his opinion piece on Reason.


This sounds useful.
Casetext – freely available, annotated database of legal resources
Casetext is a freely available, annotated database of legal resources.  Researchers find relevant documents and immediately see analysis by other attorneys and paths for further research.  Contributors mark up documents in a simple, digital format and make their expertise widely known, all while helping to build a comprehensive public research tool.  Who are we?  Co-founders Jake Heller and Joanna Huey met in 2009, when Jake was president of the Stanford Law Review and Joanna was president of the Harvard Law Review.  After clerking together for the Honorable Michael Boudin, we both worked as associates at law firms before we joined forces to build Casetext.
Research - What is in your database?
Our database currently includes the following cases:
  • all U.S. Supreme Court cases,
  • federal circuit court cases from Volume 1 of F.2d,
  • federal district court cases published in F.Supp. and F.Supp.2d from 1980, and
  • Delaware cases published in A., A.2d, and A.3d from Volume 30 of A.
The database was last updated on June 14, 2013.”


Sometimes it’s good to have an “edu” email address…
The Best Educator Discounts Of The Summer
Most companies will offer some form of educational discount. Just ask and they will likely come up with at least some sort of offer to try and entice a sale.  Less common however is when products are offered for no cost at all.
Free Server Space:
Amazon currently offers grants for educational use of its extensive server network (one of the worlds largest). Teachers may apply to receive credits good towards server space rentals. As of this writing, the offer is for up to $100 credit for each student.
Free Project Management Software:
Teachers of more advanced classes (particularly those with a business or career focus) may be interested in LiquidPlanner’s offer for free educational use of their project management software for up to 15 ‘seats’.  Beyond being used by teachers to manage class workloads, students can also get this offer themselves to use in their own collaborative efforts (such as a senior project).
Free Mapping Software:
Direct from Google, the king of online mapping (and the rest of the Internet too…), comes this offer for free access to Google Earth Pro, as well as the Google Maps Engine.  Ideal for social studies, Google Earth can be a great interactive tool for lessons and projects, while fiddling around with the Google Maps Engine can provide good insights into the world of software development.
Free Engineering Software:
This offer is a great value for aspiring architecture and engineering students and is ideal for schools that are looking to improve their access to STEM education.  AutoDesk has made their leading engineering software available for free to secondary and post-secondary classrooms.  A standard in the engineering industry, early access to this software can be a great head start for students.
Miscellaneous Discounts:
While not pretty, or always relevant, the Freaky Freddy website is a good repository of random discounts for teachers and is updated quite regularly.

Friday, July 26, 2013

Someone in New Jersey “gets it.” I have no idea how that happened. (Do you suppose they only targeted New Jersey Internet users?)
Alexi Friedman reports:
The state Division of Consumer Affairs today announced a settlement with an online advertising company that agreed to pay $1 million for having circumvented consumers’ privacy settings by allowing millions of targeted ads to reach unsuspecting New Jersey web users.
State officials said the ads imbedded “cookies” into computer hard drives, essentially creating tracking devices that collected data of page views and search patterns. The unauthorized activity, which involved 215 million targeted ads and untold number of people, lasted from June 2009 to February 2012, when a Wall Street Journal article detailed similar placement of cookies by other companies.
In the case of today’s settlement with New York City-based PulsePoint, the company only targeted consumers using Apple’s Safari web browser, officials said.
Read more on NJ.com.

(Related) Clearly, someone here “gets it” too, they just use “it” for evil.
Clare Mellor reports:
Service Nova Scotia is breaching the privacy rights of licensed drivers by not letting them know they can opt out of a program in which their personal information is shared with a registered charitable organization, says the province’s freedom of information and protection of privacy review officer.
Dulcie McCallum says government needs to give people the choice to opt out of a program in which it shares registered drivers’ names and addresses with the War Amps key tag program
Read more on Herald News.


This is not a new breach. We do not have a new record. My Ethical Hackers will enjoy the details of the Hacking Process spelled out in the indictment.
David Voreacos reports:
Four Russians and a Ukrainian were charged for their role in the largest hacking and data breach scheme in U.S. history, according to Paul Fishman, the U.S. attorney in New Jersey.
The five conspired in a “worldwide scheme that targeted major corporate networks, stole more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses,” Fishman said today in a statement. The men worked with Albert Gonzalez, a hacker serving 20 years in prison, according to the indictment unsealed in federal court in New Jersey.
Read more on Bloomberg Law.
Update: here’s a redacted copy of the indictment (pdf). It lists corporate victims: NASDAQ, 7-Eleven, Carrefour S.A., Hannaford Bros., Heartland Payment Systems, Wet Seal, Commidea Ltd., Dexia Bank Belgium, Jet Blue, Dow Jones, “Bank A” in the UAE, Euronet, Visa Jordan (part of Visa Inc.), Global Payment Systems, Diners Singapore (part of the Diners Club owned by Discover Financial Services), and Ingenicard U.S. This is the first I’m hearing about some of these, even though some were quite large breaches.

(Related)
Economic Impact of Cybercrime and Cyber Espionage
Center for Strategic and International Studies July 2013: “The wide range of existing estimates of the annual loss—from a few billion dollars to hundreds of billions—reflects several difficulties. Companies conceal their losses and some are not aware of what has been taken. Intellectual property is hard to value. Some estimates relied on surveys, which provide very imprecise results unless carefully constructed. One common problem with cybersecurity surveys is that those who answer the questions “self-select,” introducing a possible source of distortion into the results. Given the data collection problems, loss estimates are based on assumptions about scale and effect—change the assumption and you get very different results. These problems leave many estimates open to question.”

(Related)
Majority of Public Companies Indicate Cyber Attack Would Cause “Serious Harm”
News release: “A majority of the U.S. listed Fortune 500 firms are following the U.S. Securities and Exchange Guidelines by providing some level of disclosure regarding cyber exposures, with more than half indicating their firms would face “serious harm” or be “adversely impacted” due to a cyber-attack, according to a recent report by Willis North America, a unit of Willis Group Holdings, a leading global risk advisor, insurance and reinsurance broker. The Willis Fortune 500 Cyber Disclosure Report … are the results of an effort launched last year to track organizations’ response to SEC Guidance issued in October 2011, asking U.S. listed companies to provide extensive disclosure on their cyber exposures. The report found that 88% of the Fortune 500 are following SEC Guidelines as of April 2013 and providing “some level” of disclosure regarding cyber exposures. However, some companies within particular industries that would seem to have exposures, were silent, Willis said. Among those silent were: an insurance company, a pharmaceutical company, a restaurant chain and a health care firm – “all of which would seem to have some level of cyber risk when compared to the disclosures of their peers,” the report said.”


It appears that this is based on “Best Practices” (as one would expect from Stanford). Notify early, even if you are not yet done with your investigation. User feedback may help you scope the problem.
Billy Gallagher reports:
Stanford University urged network users to change their passwords late Wednesday evening, explaining that it “is investigating an apparent breach of its information technology infrastructure.”
Randall Livingston, Stanford’s chief financial officer, emailed the entire Stanford community, noting that Stanford does “not yet know the scope of the intrusion.
Read more on TechCrunch.
Alerts linked from the university’s home page


If not a “Best Practice” at least amusing...
Telecompaper reports:
French internet host OVH informed its customers on 22 July that the private data of a few hundreds of thousands of European private and business customers had been compromised by a hacker. Founder and CEO Octave Klaba wrote to subscribers that the internal network of its headquarters in Roubaix was breached when a hacker gained access to one of the system administrators’ e-mail accounts. Using this e-mail access, the perpetrator was able to break into to another employee’s internal VPN and then to the account of a system administrator who handles back-office functions. [Not sure how that chain of hacks would work... Bob]
Read more on Telecompaper.
The Register provides additional details, here. I love the line in OVH’s advisory:
“In short, we were not paranoid enough so now we’re switching to a higher level of paranoia. The aim is to guarantee and protect your data in the case of industrial espionage that would target people working at OVH.”
Sometimes, yes, they are out to get you(r) data.


Even the government is starting to gather (and use?) Best Practices...
Privacy Best Practices for Social Media
“One of the Federal Government’s most important missions is to provide citizens, customers, and partners with easy access to government information and services. As society increasingly relies on social media as a primary source for information, it is clear that these platforms have an important role to play in the Federal Government’s communication strategy, including its move toward a digital, open government. Social media allows an agency to post messages in places where people regularly interact, and ensures it reaches interested audiences–including audiences known to the agency a s well as those that are unknown. In addition, social media enhances the Federal Government’s situational awareness by enabling agencies to learn about problems and issues being discussed by different audiences, and allowing agencies to react, respond, and assist the public more efficiently and effectively. Government agencies also may use social media to fulfill their operational missions, for example, detecting and preventing benefit fraud and abuse.”


For my students considering a run for office?
New Tool Puts Congressional District Statistics at Your Fingertips
“The U.S. Census Bureau has released My Congressional District, the first interactive tool geared exclusively toward finding basic demographic and economic statistics for every congressional district in the U.S. This Web app uses the latest annual statistics from the American Community Survey, providing the most detailed portrait of America’s towns and neighborhoods. Users can sort through statistics in five key categories upon selection of a specific district in the application. Summary level statistics covering education, finance, jobs and housing, as well as basic demographic information, can quickly be displayed, downloaded and shared with others. A major feature of the My Congressional District app is the ability to embed a selected 113th congressional district on a user’s own webpage. The embedded district will display the latest statistics from the American Community Survey, allowing visitors to quickly view statistics for any of the 435 congressional districts and the District of Columbia.”


Develop Apps for a phone that isn't available yet.
Install Earth’s latest smartphone OS on your desktop computer – if you’re a Firefox user it’s just a couple of clicks away.
Curious about FirefoxOS, which is for sale now? That makes sense: this open source, royalty-free operating system is bound to pop up on phones all over the planet eventually, but odds are a phone running it is not yet available in your country right now. Don’t worry: you can still give it a spin on your computer – all you need is a single Firefox extension. With it you can run a virtual version of FirefoxOS, and find out whether Mozilla’s smartphone operating system is right for you, this is your chance to find out.


Google is helping the shift from cable to Internet...
… The Chromecast connects wirelessly to the user’s smartphone, tablet, or laptop, and can play video and music from these devices right on their television. With support for both iOS and Android, such devices double as a media source and a remote control for playback.


Interesting App?
Understand and uncover the identity of your location with a tap
Sitegeist is a mobile application that helps you to learn more about your surroundings in seconds. Drawing on publicly available information, the app presents solid data in a simple at-a-glance format to help you tap into the pulse of your location. From demographics about people and housing to the latest popular spots or weather, Sitegeist presents localized information visually so you can get back to enjoying the neighborhood. The application draws on free APIs such as the U.S. Census, Yelp! and others to showcase what’s possible with access to data. Sitegeist was created by the Sunlight Foundation in consultation with design firm IDEO and with support from the John S. and James L. Knight Foundation. It is the third in a series of National Data Apps.”


For my Vets...
VA EDUCATION BENEFITS
Student Characteristics and Outcomes Vary across Schools
Highly VA-funded schools generally had more positive outcomes than other VA-funded schools. Compared to other schools, highly VA-funded schools generally had higher retention rates (percentage of students returning to the same school from 1 year to the next) and graduation rates.

Thursday, July 25, 2013

You don't need encryption keys for metadata. They are required to read your email.
Declan McCullagh reports:
The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users’ private Web communications from eavesdropping.
These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.
Read more on CNET.


Think of this as another “I bet I can get my face on TV!” bill.
Today Rep. Rush Holt introduced legislation to repeal federal surveillance laws that the government abused by collecting personal information on millions of Americans in violation of the Constitution, as revealed by a federal whistleblower and multiple media outlets last month.
… My legislation would put a stop to that right now.” [Probably not really Bob]
Holt’s bill, the “Surveillance State Repeal Act”, would repeal the PATRIOT Act and the FISA Amendments Act, each of which contains provisions that allowed the dragnet surveillance.
Rep. Holt had previously indicated his intent to introduce this legislation.


Minor, but you need to stay curent.
NIST Releases Updates to Digital Signature Standard
“The National Institute of Standards and Technology (NIST) has released a revision to the digital standard used to ensure the integrity of electronic documents, as well as the identity of the signer. The new document, Federal Information Processing Standard (FIPS) 186-4, concerns what is commonly known as the digital signature standard. First published in 1994 and revised several times since then, the standard provides a means of guaranteeing authenticity in the digital world. It uses complex math operations to encrypt and unscramble “signatures” that are all but impossible to forge. Updates to the standard are still necessary as technology changes. According to NIST computer scientist Elaine Barker, FIPS 186-4 contains no major revisions, but rather focuses on keeping the standard consistent with other NIST cryptographic guidelines. Other than clarifying a number of terms and correcting typographical errors, most of the changes aim to align the standard with other publications, such as NIST Special Publication 131A, so that all NIST documents offer consistent guidance regarding the use of random number generators. Another change concerns the use of prime number generators, which requires random initial values for searching for prime numbers. FIPS 186-3 specifically allowed saving these “seeds” only for use as evidence that the generated values were determined in an arbitrary manner; FIPS 186-4 permits saving them for additional purposes, such as the regeneration of the values.”


For my students...
Online Survival Kit from Reporters Without Borders
“Reporters Without Borders has published an Online Survival Kit on its WefightCensorship.org website that has tools and practical advice that will allow you to protect your communications and data. You don’t need to be an IT engineer to learn how to protect the content of your emails and remain anonymous online. The tools and techniques presented in this kit do not require advanced knowledge of computers and programming.”


For my Computer Security students who claim they can't find anything relevant.
CRS – Cybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources, Rita Tehan, Information Research Specialist. July 18, 2013
There is no shortage of data on this topic: government agencies, academic institutions, think tanks, security consultants, and trade associations have issued hundreds of reports, studies, analyses, and statistics.”

Wednesday, July 24, 2013

They can identify a new and “sophisticated” attack vector, but they don't bother to log (therefore can't determine) what happens on their own computers?
Graham Cluley reports:
Kitchenware store Lakeland has emailed customers telling them that hackers managed to gain unauthorised access to its web systems and databases late last week.
Although the company has confirmed that hackers accessed “two encrypted databases”, it has been unable to ascertain whether information was stolen.
Read more on his blog.
[From the blog:
Lakeland had been subjected to a sophisticated cyber-attack using a very recently identified flaw in the Java software used by the servers running our website


How would you like be perceived? Voracious consumer of all things digital or typical incompetent government bureaucracy?
NSA Says It Can’t Search Its Own Emails
The NSA is a "supercomputing powerhouse" with machines so powerful their speed is measured in thousands of trillions of operations per second. The agency turns its giant machine brains to the task of sifting through unimaginably large troves of data its surveillance programs capture.
But ask the NSA, as part of a freedom of information request, to do a seemingly simple search of its own employees' email? The agency says it doesn’t have the technology.
"There's no central method to search an email at this time with the way our records are set up, unfortunately," NSA Freedom of Information Act officer Cindy Blacker told me last week.
The system is “a little antiquated and archaic," she added.
… It’s actually common for large corporations to do bulk searches of their employees email as part of internal investigations or legal discovery.

(Related) I already had a low opinion of State.
New Report: The State Department's Anti-Hacking Office Is a Complete Disaster
The State Department has plenty of important secrets—classified cables, foreign policy directives, embassy plans, and more. It also has a department (with a nine-word name) responsible for protecting those secrets from hackers: the Bureau of Information Resource Management's Office of Information Assurance. Yet according to an unusually scathing new report from the State Department's inspector general, this "lead office" for cybersecurity is so dysfunctional and technologically out-of-date that Foggy Bottom may be open to cyberattack.


Are most lawyers ready to defend a Computer Security instructor who was merely trying to demonstrate Privacy “Best Practices?”
How Protecting Your Privacy Could Make You the Bad Guy
There’s a funny catch-22 when it comes to privacy best practices. The very techniques that experts recommend to protect your privacy from government and commercial tracking could be at odds with the antiquated, vague Computer Fraud and Abuse Act (CFAA).
A number of researchers (including me) recently joined an amicus brief (filed by Stanford’s Center for Internet and Society in the “Weev” case), arguing how security and privacy researchers are put at risk by this law.
… The crux of a CFAA violation hinges on whether or not an action allows a user to gain “access without authorization” or “exceed authorized access” to a computer. The scary part, therefore, is when these actions involve everyday behaviors like clearing cookies, changing browser reporting, using VPNs, and even protecting one’s mobile phone from being identified.
… Clearing cookies limits the profiles advertisers can compile, essentially rendering us as a new user to web services. In fact, the FTC recommends that users clear cookies to protect their private information, and the Treasury Department advises the same — though in that case it’s to make sure their website is loading correctly for users.
However, many websites rely on cookies to enforce paywalls. These companies do this so their freemium business models can work transparently, without initially requiring the user to be aware (i.e., log in) until they hit the limit.
The New York Times, for example, imposes a 10 articles-a-month limit for non-subscribers, allowing users to browse 10 articles for free but then requiring payment for subsequent use. But the method the New York Times and other publications use to identify users is unreliable and easy to circumvent, even inadvertently. Clearing one’s cookies periodically — or even using a browser’s private browsing mode — bypasses the flimsy paywalls and allows users to continue reading stories. [Whose “Oops?” The Times or me? Bob]


Curious.
American Customer Satisfaction Index e-business report
“The annual ForeSee American Customer Satisfaction Index (ACSI) e-business report 2013 includes an analysis of individual companies within three measured e-business categories.
  • Social Media: Google+, Pinterest.com, Twitter.com, LinkedIn.com, Facebook.com, Wikipedia.com, and YouTube.com
  • Portals and Search Engines: AOL.com, Bing.com, Google.com, MSN.com, and Yahoo.com
  • News & Information Websites: ABCNews.com, CNN.com, FoxNews.com, HuffingtonPost.com, NBCNews.com, NYTimes.com, and USAToday.com”
[From the report:
lowest score in a decade.
social media continues to provide one of the least satisfying experiences
FOXNews.com ... registered the highest score in this e-business report.


As my friends at the Law School will say, “Let the litigation begin!” (and you thought I coudn't spell 游戏)
Chrysler’s .Ram might just offend a billion people
The internet is changing. Last week, the Internet Corporation for Assigned Names and Numbers, a non-profit entity that runs the web’s naming system, approved four new top-level domain names (TLDs) (the bit after the final dot, such as .com): онлайн and сайт (Russia for “online” and “site”), شبكة (Arabic for “web”) and 游戏 (Chinese for “game”).
So far, uncontroversial. But among the 1,410 TLDs for which nearly 2,000 companies applied are generic names such as .tickets, .app and .wtf as well as more specific ones, like .catholic and .amazon. Things are about to get messy.
Critics say that hundreds of new TLDs will confuse internet users, force companies to pre-emptively sign up across dozens of registers to prevent copyright theft, and confer a monopoly to whomever gains the rights to highly-sought after names. Mindful of the controversial nature of some applications, ICANN included a lengthy objection period.
… Well, the objections poured in. Australia was offended by the idea of .wtf (and plenty else besides), the Saudis couldn’t fathom why Vatican should be given .catholic, Brazil argued against granting .amazon to Amazon, and India took issue with Chrysler’s application for .ram. Of these, India has perhaps the strongest case.
At the most recent meeting of the GAC in Durban last week, India again made clear (pdf) its discomfort with the idea of a .ram domain name. To many outside India, this is baffling. Why does India care about a line of pick-up trucks named for a male sheep?
The objection arises from an unfortunate homonym: Ram, pronounced with a long “a,” is also the name of one of Hinduism’s chief gods.


The Internet is a plethora of niches. Thai monks are (roughly) 12/1000ths of the 3 billion plus Internet users.
Megastore for Thai Monks Brings One-Stop Retail to Buddhism
… Thailand had nearly 300,000 monks and more than 60,000 novice monks at the end of 2012.


For my Ethical Hackers, who need to know about unethical things.
You read that headline right: If  you and I were on the same WiFi network, I could probably log in to some of your sensitive accounts — and I’m not even a hacker. This is thanks to an app for rooted Android devices called dSploit.


For my students, because RSS readers are useful!
Try an online-only replacement for Google Reader. Feedspot isn’t well known now, but that may soon change. Google Reader’s decline means any RSS reader has a chance to step up and convince its readers to try out their service. Feedspot makes a compelling argument. Its interface is clean and likely familiar. Feeds can migrate from Google Reader, or any other RSS reader by use of an OPML file.

Tuesday, July 23, 2013

This has to be scary. You might expect more than a strongly worded rebuttal.
John Leyden reports:
Hacktivists loyal to Syria’s president Bashar al-Assad claim to have extracted 1.5TB of sensitive data from chat app Tango.
[...]
eHackingnews, which broke the story, reported that Tango was hit thanks to a vulnerable WordPress installation, based on screenshots of the hack supplied by the SEA.
Tango confirmed it had suffered an intrusion via updates to its official Twitter feed on Saturday.
Read more on The Register.
[From the article:
The Syrian Electronic Army [SEA] hacked the Tango app (video/text messages service) website and database. The databases content a of millions of the app users phone numbers and contacts and their emails More than 1,5 TB of the daily-backups of the servers network has been downloaded successfully.


I like it! This will work well in my Computer Security classes, and others...
Interesting visualization of world’s largest data breaches. This blog was one of the sources used to produce the visualization.


Target selection.
Defense Security Services: 2013 Targeting U.S. Technologies
“This report looks at the continuing rise in “attempts by foreign collectors to obtain illegal or unauthorized access to sensitive or classified information and technology resident in the U.S. cleared industrial base.” The report looks at collector affiliations, methods of operation and the top targeted technologies and includes review by regional trends.” [via Greta E. Marlatt]

(Related)
Cybercrime costs U.S. economy up to $140 billion annually, report says
… “That’s our best guess,” [Honest. I like that Bob] said James Andrew Lewis, the director of the technology and public policy program at the Center for Strategic and International Studies.
The center completed the study with the help from cybersecurity giant McAfee and came up with the new figures by relying on models, such as those used to estimate the economic effects of car crashes and ocean piracy, instead of surveys of companies.


I thought they only kept this data for 18 months (or have they held onto it since the case started in 1993?)
Missed this one last week… thanks to @PrivacyCamp for making me aware of it.
Dana Liebelson reports:
Thanks to disclosures made by Edward Snowden, Americans have learned that their email records are not necessarily safe from the National Security Agency—but a new ruling shows that they’re not safe from big oil companies, either.
Last month, a federal court granted Chevron access to nine years of email metadata—which includes names, time stamps, and detailed location data and login info, but not content—belonging to activists, lawyers, and journalists who criticized the company for drilling in Ecuador and leaving behind a trail of toxic sludge and leaky pipelines.
Read more on Mother Jones.
[From the article:
… Chevron alleges that it is the victim of a mass extortion conspiracy, which is why the company is asking Google, Yahoo, and Microsoft, which owns Hotmail, to cough up the email data. When Lewis Kaplan, a federal judge in New York, granted the Microsoft subpoena last month, he ruled it didn't violate the First Amendment because Americans weren't among the people targeted.


Soon getting stopped for a traffic infraction will require, “Papers, Citizen!”
Jim Harper writes:
In June 2011, I noted here how a new cardless national ID system was forming up using state driver license data. It hasn’t gone very far. Passage of an immigration reform bill containing a national E-Verify requirement would slam down the gas pedal.
But a few days ago, Idaho became the third state in the union to sign up for the Department of Homeland Security’s RIDE (Records and Information from DMVs for E-Verify) program, which is administered by the ID-friendly American Association of Motor Vehicle Administrators. Idaho joins Mississippi and Florida in volunteering state driver information to the DHS.
Read more on Cato.


First the RFID cards were to help with attendance (a task too difficult for teachers?) but now they had “safety and security benefits” which TV cameras (in place before the cards) will cover adequately? Do these people ever listen to their own words?
Texas School District Drops Embattled RFID Student IDs; Opts For Tons Of Cameras Instead
The Northside Independent School District (NISD) of Texas, best known for being sued by a student over its mandatory RFID card policy, is dropping the technology that originally landed it in the courtroom.
… Despite the court deciding in its favor, declaring the cards didn't violate the students' privacy or "right of religion," the district has decided to abandon the RFID tracking system. Apparently, the technology wasn't quite the attendance silver bullet administration thought it would be,
… The most disappointing aspect is that the district has decided to swap one form of surveillance for another.
Meanwhile, Gonzalez told me Northside plans to capture the safety and security benefits of RFID chips through other technological means. "We're very confident we can still maintain a safe and secure school because of the 200 cameras that are installed at John Jay High School and the 100 that are installed at Jones Middle School.


They have a point.
An Inquiry into the Dynamics of Government Secrecy
An Inquiry into the Dynamics of Government Secrecy, Harvard Civil Rights-Civil Liberties Law Review, Vol. 48, No. 2, Summer 2013.
“This Article reviews selected aspects of secrecy policy in the Obama Administration to better comprehend the dynamics of official secrecy, particularly in the national security realm. An understanding emerges: secrecy policy is founded on a set of principles so broadly conceived that they do not provide unequivocal guidance to government officials who are responsible for deciding whether or not to classify particular topics. In the absence of such guidance, individual classification decisions are apt to be shaped by extraneous factors, including bureaucratic self-interest and public controversy. The lack of clear guidance has unwholesome implications for the scope and operation of the classification system, leading it to stray from its legitimate national security foundations. But an insight into the various drivers of classification policy also suggests new remedial approaches to curtail inappropriate secrecy.”


I agree, but with several “howevers”
LinkedIn has growing value for lawyers
Nicole L. Black’s commentary on LinkedIn provides perspective on how it is billed as the “professional” social network, which is why lawyers dipping their toes into social media for the first time often start with LinkedIn. She states that the problem is that as far as social networks go, LinkedIn hasn’t always been very, well … social. However, lately her take on LinkedIn has changed a bit – she still does not think it is the most vibrant or useful social network, but that its value proposition for lawyers has changed over the past year or so.

(Related)
The Last Days of Big Law
… “Stable” is not the way anyone would describe a legal career today. In the past decade, twelve major firms with more than 1,000 partners between them have collapsed entirely. The surviving lawyers live in fear of suffering a similar fate, driving them to ever-more humiliating lengths to edge out rivals for business. “They were cold-calling,” says the lawyer whose firm once turned down no-name clients.


Perspective
Google Serves 25 Percent of North American Internet Traffic
… That’s a far larger slice of than previously thought, and it means that with so many consumer devices connecting to Google each day, it’s bigger than Facebook, Netflix, and Instagram combined. It also explains why Google is building data centers as fast as it possibly can. Three years ago, the company’s services accounted for about 6 percent of the internet’s traffic.
“What’s really interesting is, over just the past year, how pervasive Google has become, not just in Google data centers, but throughout the North American internet,” says Craig Labovitz, founder of Deepfield, the internet monitoring company that crunched the data. His probes show that more than 62 percent of the smartphones, laptops, video streamers, and other devices that tap into the internet from throughout North America connect to Google at least once a day.


For my Excel students (I make them create a budget to plan for retirement) Simple. But a starting point.
What Families Need to Get By
“The income level necessary for families to secure an adequate but modest living standard is an important economic yardstick. While poverty thresholds, generally set at the national level, help to evaluate what it takes for families to live free of serious economic deprivation, the Economic Policy Institute’s (EPI) Family Budget Calculator—recently updated for 2013—offers a broader measure of economic welfare and provides an additional metric for academics and policy experts looking for comprehensive measures of economic security. The basic family budgets presented in this report, as well as those presented via the Family Budget Calculator itself, measure the income families need in order to attain a secure yet modest living standard where they live by estimating community-specific costs of housing, food, child care, transportation, health care, other necessities, and taxes.”


Dilbert proposes a new name for those not-so-innocent Phishermen...