Saturday, December 14, 2013

It is possible to secure this type of service. For example, turning it off until needed works rather well.
Hacked Via RDP: Really Dumb Passwords
Businesses spend billions of dollars annually on software and hardware to block external cyberattacks, but a shocking number of these same organizations shoot themselves in the foot by poking gaping holes in their digital defenses and then advertising those vulnerabilities to attackers. Today’s post examines an underground service that rents access to hacked PCs at organizations that make this all-too-common mistake.
Makost[dot]net is a service advertised on cybercrime forums which sells access to “RDPs”, mainly Microsoft Windows systems that have been configured (poorly) to accept “Remote Desktop Protocol” connections from the Internet. Windows ships with its own RDP interface built-in; to connect to another Windows desktop or server remotely, simply fire up the Remote Desktop Connection utility in Windows, type in the Internet address of the remote system, and enter the correct username and password for a valid user account on that remote system. Once the connection is made, you’ll see the remote computer’s desktop as if you were sitting right in front of it, and have access to all its programs and files.
… How did these companies end up for sale on makost[dot]net? That is explained deftly in a report produced earlier this year by Trustwave, a company which frequently gets called in when companies experience a data breach that exposes credit card information. Trustwave looked at all of the breaches it responded to in 2012 and found — just as in years past — “IP remote access remained the most widely used method of infiltration in 2012. Unfortunately for victim organizations, the front door is still open.”
The report continues:
“Organizations that use third-party support typically use remote access applications like Terminal Services (termserv) or Remote Desktop Protocol (RDP), pcAnywhere, Virtual Network Client (VNC), LogMeIn or Remote Administrator to access their customers’ systems. If these utilities are left enabled, attackers can access them as though they are legitimate system administrators.”
… In case the point wasn’t clear enough yet, I’ve gathered all of the username and password pairs picked by all 430 RDP-enabled systems that were sold to this miscreant. As evidenced by the list below, the attackers simply needed to scan the Internet for hosts listening on port 3389 (Microsoft RDP), identify valid usernames, and then try the same username as the password. In each of the following cases, the username and password are the same.
… Unfortunately, far too many organizations that end up for sale on services like this one are there because they outsourced their tech support to some third-party company that engages in this sort of sloppy security. Fortunately, a quick external port scan of your organization’s Internet address ranges should tell you if any RDP-equipped systems are enabled. Here are a few more tips on locking down RDP installations.
Readers who liked this story may also enjoy this piece — Service Sells Access to Fortune 500 Firms — which examined a similar service for selling hacked RDP systems.


How do I mislead thee?
Let me count the ways:
I mislead thee to the depth and breadth and height
My vocabulary can distort...
Did someone lie to the Committee, or are they lying to us? (OR: does, “Never attribute to malice that which is adequately explained by stupidity.” apply?) Surely there have been more than 32 attempts. I heard about several at last night's faculty meeting and we're not the only school with an Ethical Hacking class.
Ranking Members Waxman and DeGette Release Memo on Healthcare.gov Security
by Sabrina I. Pacifici on December 13, 2013
“Today Energy and Commerce Committee Ranking Member Henry A. Waxman and Oversight and Investigations Subcommittee Ranking Member Diana DeGette released a memo to Democratic Committee members regarding the security of Healthcare.gov. In a classified briefing two days ago, HHS officials revealed that there have been no successful security attacks on Healthcare.gov and that no person or group has maliciously accessed personally identifiable information from the site. The memo summarizes the non-classified portion of the briefing. HHS officials told members and staff that there have been a total of 32 Healthcare.gov Information Security Incidents.
Eleven incidents are under investigation. [So we don't know if they have been successful or not Bob]
Of the remaining events, three were classified as non-incidents; ['cause we can't identify a breach when we see it... Bob]
one was an attempted (but unsuccessful) scan of the system; [What were they scanning for? Bob]
two were classified as “inappropriate usage” in violation of acceptable computing use policies; [Most organizations would classify this as a breach. e.g. Looking at Britany Spears psych records Bob]
and fifteen were classified as “unauthorized access” where an individual accidentally gained access to unauthorized information. [An accidental breach is still a breach Bob]
None of these events involved a significant breach of personal information. HHS officials indicated that they were conducting ongoing 24-7 system monitoring and ongoing assessments in order to ensure and strengthen system security. The memorandum is available online here.”


Are “cop cams” a good idea or not? Would you be suspicious if police turned off their cameras and later had to take an arrestee for medical treatment?
Andrew Staub reports:
The American Civil Liberties Union of Pennsylvania had hoped lawmakers would craft a statewide policy addressing many of the organization’s privacy concerns should an expanded wiretapping law allow police to use wearable cameras.
It doesn’t look like it will happen, even after the state House this week tweaked proposed legislation that would allow police to use recording devices attached to their uniforms, bike helmets or sunglasses.
Read more on PA Independent.
[From the article:
The amendment, put forward by state Rep. Dom Costa, D-Allegheny, made it abundantly clear that officers are not allowed to record while inside a person’s home — a point that some thought was somewhat ambiguous before. But the proposal still does not address when officers can turn the cameras on or off or how long police can keep footage on file.
Now, it looks like police surely will have broad discretion over the cameras should the legislation pass, said Andy Hoover, the ACLU’s legislative director.
… “It’s not a total lost cause,” Hoover said. “We can still get strong policies at the local level, and I have a feeling that activists at the local level will push hard to get good policies in place for the use of these cameras. [Activists? Because legislatures don't know what to do? Bob]
… the push to amend the state’s wiretapping laws surfaced after the Pittsburgh Bureau of Police spent more than $100,000 on cameras. [I'll bet the money came from a DHS grant. “We can, therefore we must!” Bob]


What are the odds that cable boxes in the bedroom make the news sometime in the next year?
Rather than you watching television, it is they who are watching you! Verizon has recently patented a cable DVR box that will use audio and video to record and analyze what’s going on in your living room so that they can provide targeted ads in real time on the TV to suit what’s going on. Now, one reason may be advertising and marketing, but since they can listen and watch, just think, smile you may be on candid camera!
Read more on Before It’s News.


Cameras, cameras, cameras. And now one of my favorite “You ain't got no privacy” groups, teachers! If students have encrypted their phones or photos, or even if they have just password protected them, would they be comfortable refusing to give up their passwords? If they felt intimidated, would that taint any evidence gathered? I see the possibility for too many bad scenarios here.
Drew Smith reports:
Avon authorities are investigating after they received reports of several Avon High School students who may have been exchanging nude pictures through cellphones and mobile devices.
Some students have been suspended and police said they are working with the school to determine what happened and if any laws were broken. Officials said the situation could result in criminal charges being filed against some students.
School officials seized more than a dozen mobile devices after a parent informed the administration that some of those devices could contain naked photos of female students. By law, the school had to turn over those electronic devices to law enforcement.
Read more on The Indy Channel.
Talk about blurring the line between home and school, though! Does it matter at all that the pictures may have been taken – or exchanged – while the students were not on school premises? I suspect some of the sharing went on during school hours or on school premises, but suppose it had all been off-campus? The schools says that they are required by law to turn over the cellphones. I haven’t read the law, but does Indiana law really require schools to turn over devices that may have evidence of a crime if the crime did not occur at school or on school premises? Just wondering….


Would there be a market for this device? Probably not, who would want to be constantly twitching?
The New Armor That Lets You Sense Surveillance Cameras
We pass under surveillance cameras every day, appearing on perhaps hundreds of minutes of film. We rarely notice them. London-based artist James Bridle would like to remind us.
Bridle has created a wearable device he calls the “surveillance spaulder.” Inspired by the original spaulder—a piece of medieval plate armor that protected “the wearer from unexpected and unseen blows from above”—the surveillance spaulder alerts the wearer to similarly unseen, if electronic, attacks. Whenever its sensor detects the the type of infrared lighting commonly used with surveillance cameras, it sends an electric signal to two “transcutaneous electrical nerve stimulation” pads, which causes the wearer to twitch.
That is: Whenever the spaulder detects a security camera, it makes your shoulder jump a little. You can see the spaulder in action in the video above.


So would a Privacy Policy that said, “You have no privacy on our system, and we don't bother securing your data” make FTC enforcement impossible?
Jaikumar Vijayan
Despite growing pushback from companies and powerful industry groups, the Federal Trade Commission continues to insist that it wants to be the nation’s enforcer of data security standards.
The FTC, over the past years, has gone after companies that have suffered data breaches, citing the authority granted to it under a section of the FTC Act that prohibits “unfair” and “deceptive” trade practices. The FTC extracted stiff penalties from some companies by arguing that their failure to properly protect customer data represented an unfair and deceptive trade practice.
On Thursday, FTC Chairwoman Edith Ramirez called for legislation that would bestow the agency with more formal authority to go after breached entities.
Read more on Computerworld.


For my students who don't want to listen to me...
Spotify Launches Free Mobile Service For All Tablets And Smartphones
Spotify just announced that anyone using iOS or Android tablets and smartphones can use their music streaming app for free. Earlier, only desktop and laptop users had access to an ad-supported but free version of Spotify. Tablet users can now also avail the same listening pleasure as desktop users…but again with ads.


Trust me, this won't confuse the NSA for a second.
– one of the oldest forms of communication in the world is Morse Code, but it is being slowly edged out of existence by the advent of more advanced forms of communication such as the telephone and the Internet. If you are a Morse Code enthusiast, then Morse Node is a site where you can invite someone to your page, and then play Morse Code back to one another.


Timely amusement.
According to Code.org, the organization that’s spearheaded this week’s push to teach more students computer science, over 13.7 million students have “learned an hour of code” this week.
Chicago Public Schools says it will add computer science as a core subject, instead of an elective, in the city’s high schools.
… Timed with this week’s “Hour of Code,” Codecademy has launched an iOS app: Codecademy: Hour of Code.
… The Chronicle of Higher Education’s Jennifer Howard examines takedown notices that academics have been receiving from publisher Elsevier for articles – articles they’ve written – that they’ve uploaded to the research-sharing site Academia.edu. (Some scholars are getting takedown notices for posting their articles to their own blogs too.)
… Whose works will enter the public domain in 2014 (in those countries with a “life plus 70 years” copyright term)? Beatrix Potter, Sergei Rachmaninoff, and Fats Waller, among others. (Whose work will enter the public domain in the US? No one’s.)
Fordham University has released a study on Privacy and Cloud Computing in Public Schools.” Among the findings: “Districts surrender control of student information when using cloud services: fewer than 25% of the agreements specify the purpose for disclosures of student information, fewer than 7% of the contracts restrict the sale or marketing of student information by vendors, and many agreements allow vendors to change the terms without notice.” The study, it’s probably worth noting, was sponsored by Microsoft.
… “Smartphone Use Linked to Lower Grades,” reads the Inside Higher Ed headline of a study by Kent State University researchers published in the Computers in Human Behavior journal.

Friday, December 13, 2013

So it WAS more than a family spat. Uncle Song Thaek must have pushed the “advising” a bit too far.
'A very worrisome sign': North Korea executes uncle of leader Kim Jong Un
Young North Korean leader Kim Jong Un's previously powerful uncle has been executed as a traitor, the country's state-run news service said Thursday.
According to KCNA, the uncle, Jang Song Thaek, was guilty of "attempting to overthrow the state by all sorts of intrigues and despicable methods with a wild ambition to grab the supreme power of our party and state."
… The official said it is tough to read the rationale behind the execution but called it more likely a "power play" or "family dispute" rather than an ideological move where one side or the other represented reformist elements.
… Alexandre Monsourav, a specialist in North Korea at the U.S.–Korea Institute at Johns Hopkins’ School of Advanced International Studies, said Kim is sending a alarming message to the U.S.:
"Kim Jong Un is willing to kill his own blood. He’s showing that really he has no mercy or pity. To me it’s a very worrisome sign. You see these extremist actions, you really have to take it very seriously."
Monsourav added, "Whether it’s his young age or personal insecurity making him do this, we need to be very careful around him."


This is backwards. What are they thinking?
Change to Twitter's blocking policy has users up in arms
If you thought that blocking someone on Twitter meant that they could no longer see your tweets, think again.
While that was formerly the case, an update to the Twitter service appears to have changed the way blocking works. Now, blocking someone means that you will not see any of their activity, but they can still see everything you do. Essentially, you're just muting them.
"If your account is public," Twitter wrote in its new blocking policy, "blocking a user does not prevent that user from following you, interacting with your Tweets, or receiving your updates in their timeline."


Poor communications? Much more expensive than no insurance.
"The Washington Examiner reports, 'Oregon ... signed up just 44 people for insurance through November, despite spending more than $300 million on its state-based exchange. The state's exchange had the fewest sign-ups in the nation, according to a new report today by the Department of Health and Human Services. The weak number of sign-ups undercuts two major defenses of Obamacare from its supporters. One defense was that state-based exchanges were performing a lot better than the federal healthcare.gov website servicing 36 states. But Oregon's website problems have forced the state to rely on paper applications to sign up participants. Another defense of the Obama administration has attributed the troubled rollout of Obamacare to the obstruction of Republican governors who wanted to see the law fail as well as a lack of funding. But Oregon is a Democratic state that embraced Obamacare early and enthusiastically.'"


What pending law made them suddenly willing to allow unlocks?
All five major US carriers agree to let you unlock your phone anytime you want
… CTIA, the trade group that represents these companies, announced Thursday that all five major carriers—that includes AT&T, Verizon Wireless, T-Mobile, Sprint, and U.S. Cellular—have voluntarily agreed to make unlocking phones a guaranteed and more transparent process. The announcement of six principles that outline how the carriers will handle unlocking devices means consumers looking to unlock their phones and tablets should have a simpler time doing so. The only time a carrier won't unlock your phone is if it feels that the unlock request is fraudulent or that the phone has been stolen.
… Last month, FCC chairman Tom Wheeler told carriers to ease up on unlocking restrictions or face the possibility of increased regulations. Apparently, the five carriers decided that volunteering to change was a better option than being ordered to do so.


Man is mortal, Internet is immortal?
Pew – What happens to your digital life after death?
by Sabrina I. Pacifici on December 12, 2013
What happens to your digital life after you die? By Maeve Duggan - ”It’s a question not many consider given how embedded the internet is in their lives. The typical web user has 25 online accounts, ranging from email to social media profiles and bank accounts, according to a 2007 study from Microsoft. But families, companies and legislators are just starting to sort out who owns and has access to these accounts after someone has died. The issue came up recently in Virginia, when a couple, seeking answers after their son’s suicide, realized they couldn’t access his Facebook account. Now Virginia is one of a growing number of states that have passed laws governing the digital accounts of the deceased. Meanwhile, technology companies are forming their own policies regarding deceased users. While still in the early stages, the laws and policies taking shape so far indicate that designating one’s “digital assets” may soon become a critical part of estate planning. The implications are widespread, considering that today nearly all American adults are online and 72% of them, along with 81% of teenagers, use social media sites. In the digital world, posting photos, drafting emails or making purchases are activities that don’t solely belong to users. They belong, in part, to companies like Facebook and Google that store information on their servers. In order to access these convenient online tools, users enter into agreements when they click on — but often don’t read — terms-of-service agreements…”


Germany bought files from a Swiss banker to prosecute tax evaders. Does cash change the “whistle blower” equation?
A DNA match has unraveled the mystery of the stolen steroid files that Major League Baseball used to torpedo the career of New York Yankees third baseman Alex Rodriguez.
Baseball investigators purchased the stolen files from Gary Jones, a convicted bank robber, for $25,000 last March, in a secret meeting in South Florida that Jones had videotaped.
Jones, in an interview with The Miami Herald in October, admitted he worked at the Boca tanning salon where the files were stolen, but denied he had anything to do with the crime.
On Wednesday, Boca police arrested another tanning salon employee, Reginald St. Fleur, 20, on charges of armed burglary. St. Fleur said he didn’t know anything about the burglary, but couldn’t explain why his DNA matched blood found at the scene, police said.
The files were allegedly taken from a car that belonged to Porter Fischer, former marketing director of Biogenesis, the Coral Gables wellness clinic that allegedly supplied steroids to Rodriguez and a dozen other major league players.
Read more in the Miami Herald.


Perspective.
Victims Of Identity Theft, 2012
by Sabrina I. Pacifici on December 12, 2013
“An estimated 16.6 million people, representing 7 percent of all persons age 16 or older in the United States, experienced at least one incident of identity theft in 2012, the Justice Department’s Bureau of Justice Statistics (BJS) announced today – in Victims of Identity Theft, 2012 (NCJ 243779), written by BJS statisticians Erika Harrell and Lynn Langton. Financial losses due to personal identity theft totaled $24.7 billion, over $10 billion more than the losses attributed to all other property crimes measured in the National Crime Victimization Survey. About 14 percent of victims suffered an out-of-pocket financial loss due to the most recent incident of identity theft. Of the victims who experienced an out-of-pocket loss, about half lost $99 or less. Identity theft is the attempted or successful misuse of an existing account, such as a debit or credit card account, the misuse of personal information to open a new account, or the misuse of personal information for other fraudulent purposes, such as obtaining government benefits or providing false information to police during a crime or traffic stop. In 2012, the misuse or attempted misuse of an existing account was the most common type of identity theft — experienced by 15.3 million people. An estimated 7.7 million people reported the fraudulent use of a credit card and 7.5 million reported the fraudulent use of a bank account such as a debit, checking or savings account. Another 1.1 million persons had their information misused to open a new account, and about 833,600 persons had their information misused for other fraudulent purposes. The most common way victims discovered the identity theft in 2012 was when a financial institution contacted them about suspicious activity on an account. About 2 out of 3 victims did not know how the offender obtained their information, and 9 out of 10 did not know anything about the identity of the offender. In general, victims who had personal information, such as a social security number misused, were more likely to experience financial, legal or other problems as a result of the incident than other types of identity theft victims. In addition, about 6 percent of victims who experienced the fraudulent use of personal information to create a new account reported significant problems at work or school, compared to about 1 percent of victims of credit card fraud and bank account fraud. The majority of identity theft victims spent one day or less clearing up associated problems, while about 10 percent spent more than a month. Victims who spent more time resolving associated problems were more likely to experience problems with work or personal relationships and severe emotional distress than victims who resolved the problems relatively quickly. Among identity theft victims who spent 6 months or more resolving financial and credit problems due to the theft, 47 percent experienced severe emotional distress, compared to 4 percent who spent a day or less. In 2012, about 9 percent of identity theft victims reported the incident to police. Nearly 90 percent of identity theft victims contacted a credit card company or bank to report misuse or attempted misuse of an account or personal information, 9 percent contacted a credit bureau and 6 percent contacted a credit monitoring service.”


Perspective. HAL uses the Internet more than I do...
Welcome to the Internet of Thingies: 61.5% of Web Traffic Is Not Human
It happened last year for the first time: bot traffic eclipsed human traffic, according to the bot-trackers at Incapsula.
This year, Incapsula says 61.5 percent of traffic on the web is non-human.
Now, you might think this portends the arrival of "The Internet of Things"—that ever-promised network that will connect your fridge and car to your smartphone. But it does not.
This non-human traffic is search bots, scrapers, hacking tools, and other human impersonators, little pieces of code skittering across the web. You might describe this phenomenon as The Internet of Thingies.


Another tool for my programmers.
MIT App Inventor 2 - Design Android Apps in Your Browser
This morning I went to use the MIT App Inventor for the first time in a couple of weeks and discovered that MIT App Inventor 2 is now available to anyone who has a Google Account. MIT App Inventor 2 works just like the first version except version 2 runs entirely in your browser (Chrome or Firefox, IE is not supported). I immediately went to my Chromebook just to confirm that MIT App Inventor would run correctly on it, and it does.
The only download that is required for App Inventor 2 is the optional emulator. The emulator allows people who don't have Android devices to text their apps on their desktops. If you have an Android device then the emulator is not required and you don't need to worry about installing it.
… If you would like to introduce your students to programming real-world applications, the MIT App Inventor is a fantastic tool. App Inventor does not require you to have any prior coding or app development skill in order to create a working Android app. MIT provides excellent support documentation and curriculum for classroom use for new users of App Inventor.

Thursday, December 12, 2013

You can find a good laugh everywhere. (Who would you nominate?)
Stewart Baker writes:
It’s time to recognize just how stupid privacy law is getting. And what better way than by acknowledging the most dubious achievements of the year in privacy law?
First I should explain why I think privacy law so often produces results that make no sense. After all, most of us think privacy is a good thing. We teach our kids to respect the privacy of others, just as we teach them good manners and restraint in drinking alcohol. At the same time, no one wants courts and legislators to punish us for rudeness or prohibit us from buying a drink. We’ve already tried mandating abstinence from alcohol once. It didn’t work out so well. And it’s unlikely that Prohibition would have worked better if we’d made it illegal to drink to excess.
The problem is, some rules just don’t translate well into law. We know rude behavior when we see it, but no one wants a Good Manners Protection Agency writing rudeness regulations – or setting broad principles of good manners and then punishing a few really rude people every year. The detailed regulations would never capture the evolving nuances of manners, [interesting phrase Bob] while selective prosecution of really rude people would soon become a tool for punishing the unpopular for their unpopularity. All that seems obvious in the case of drinking and rudeness, but when it comes to privacy, proposals for new legal rules seem endless. In fact, though, privacy is every bit as malleable and context-sensitive as good manners, and efforts to protect it in law are inevitably either so general that anyone can be prosecuted or so ham-handedly specific that they rapidly fall out of date. Either way, instead of serving the public interest, privacy laws often end up encouraging official hypocrisy and protecting the privileges of the powerful.
Read more on The Volokh Conspiracy.


No problem reading between the redacted lines.
Secrecy News – Redacted Budget Book Provides a Window on NRO
by Sabrina I. Pacifici on December 11, 2013
“The National Reconnaissance Office, which builds and operates U.S. intelligence satellites, has just released the unclassified portions of its FY 2014 Congressional Budget Justification, a detailed account of its budget request for the current year. Although more than 90% of the 534-page document (dated April 2013) was withheld from public release under the Freedom of Information Act, some substantive material was approved for public disclosure, providing a rare glimpse of agency operations, future plans and self-perceptions. Some examples:
  • NRO says it recently achieved an “88 percent reduction in collection-to-analyst dissemination timelines,” facilitating the rapid dissemination of time-sensitive data.
  • The 2014 budget request “represents the biggest restructure of the NRO portfolio in a decade.”
  • The NRO research agenda includes “patterns of life.” [Automatically flags me when I DON'T stop for donuts in the morning. Bob] This refers to the “ability to take advantage of massive data sets, multiple data sources, and high-speed machine processing to identify patterns without a priori knowledge or pattern definition… to detect, characterize, and identify elusive targets.”
  • Other research objectives include development of technologies for “collecting previously unknown or unobservable phenomena [X-ray sensors? Bob] and improving collection of known phenomena; providing persistent surveillance; reducing satellite vulnerability; … innovative adaptation of video game and IT technologies…” and more.
  • “A primary responsibility of the NRO is ensuring that the entire NRO [satellite] constellation is replenished efficiently and in time to guarantee mission success.”
  • The NRO’s implementation of the Intelligence Community Information Technology Enterprise (IC ITE), an effort to establish a common IC-wide IT architecture, is discussed at some length. “The DNI’s IC ITE architecture paves the way for a fundamental shift toward operating as an IC Enterprise that uses common, secure, shared capabilities and services.”
  • With respect to security, NRO employs “automated insider threat detection tools, analyzes collected data in conjunction with disparate data sources to produce investigative leads, [and] performs assessments to rule out malicious activity occurring on NRO networks.” NRO counterintelligence activities “concentrate on insider threat, traditional, and asymmetric methodologies.”
  • The National Reconnaissance Office has an annual budget of approximately $10 billion ($10.4 billion in FY 2012), according to classified budget documents obtained by the Washington Post. It employs around 975 people.” [Covering 200,000,000 square miles. That's over 205,000 square miles per employee (assuming no managers) Bob] [Secrecy News Blog]


Another interesting infographic (The NSA v. Total eMails statistic might be a bit off)
How Safe Are Your Email Attachments?


For the day when my students create their textbook as they go...
Three Good Tools for Creating Multimedia Books Online
Twice this week I've been asked for alternatives to iBooks Author that students can use to create multimedia books. This is probably a good time to share the three options that I usually recommend. These are listed in the order in which I typically recommend them.
Simple Booklet is a service offering free online booklet creation and publishing. To create a book using Simple Booklet just sign-up for a free account and click create. Select the layout template that suits your needs. To add content click anywhere on the blank canvas and a menu of options will appear. You can add text, images, audio files, videos, and links to each page of your booklet. In the field for adding text there is an option to copy from Word documents.
Each page of your Simple Booklet can have multiple elements on it. To include videos you can upload your own files or select from a variety of provides including SchoolTube, TeacherTube, YouTube, and others. To add audio to your pages you can upload your own files or again select from the online hosts Last.fm, Sound Cloud, or Mix Cloud. When you're done building pages in your Simple Booklet you can share it online by embedding it into a webpage or you can share the unique link generated for your booklet.
Widbook is a platform designed to help people collaboratively create multimedia books. The service is part multimedia book authoring tool and part social network. Mashable called it "the YouTube of books." On Widbook you can create a digital book that contains text, images, and videos. Widbook is collaborative because you can invite others to make contributions to your books. To use Widbook you have to create a profile on the service. The books that you create become a part of your profile. If you allow it, other Widbook users can add content and or comments to your books. Likewise, you can search for others' books and make contributions to their books.
Glossi is a service for creating digital magazines. Glossi magazines can include images, videos, audio files, and links to external sources of information. The magazines that you create are displayed with page-turning effects. Your magazines can be embedded into your blog. Learn more about Glossi in the video below.


The nominations are done, so this is a very current list of useful blogs!


Dark, very dark. (an excerpt)
Once upon a database query, while I pondered weak security,
And many avenues of access via backdoor,
While I nodded, nearly napping, suddenly there came a wiretapping,
As of some one gently sniffing, sniffing at our server's door.
“‘Tis some hacker,” I muttered, “tapping at our server door
Or just a virus, nothing more.”

(Related)


I have to admit, most of my students already get this, OR they wouldn't be MY students.
Why Every Student Should Learn Computer Science
According to the Bureau of Labor Statistics, two of the fastest-growing occupations are in computer science and related fields – expected to grow 53.4% by 2018. Nearly 90 percent of high school graduates say they’re not interested in a career or a college major involving science, technology, engineering or math, according to a survey of over one million students who take the ACT test. The number of students who want to pursue engineering or computer science jobs is actually falling, precipitously, at just the moment when the need for those workers is soaring. (Within five years, there will be 2.4 million STEM job openings.)

Wednesday, December 11, 2013

Interesting in what it does not reveal. Lots of “we don't track that information” Also, no indication that a request was made to multiple carriers. Or similar requests by multiple agencies. Or if one request was for multiple types of information. I'd say this “report” is confusing at best.
Investigation Reveals More Than One Million Requests By Law Enforcement for Americans’ Mobile Phone Data
by Sabrina I. Pacifici on December 9, 2013
“As part of his ongoing investigation into wireless surveillance of Americans by law enforcement, Senator Edward J. Markey (D-Mass.) today released responses from eight major wireless carriers that reveals expanded use of wireless surveillance of Americans, including more than one million requests for the personal mobile phone data of Americans in 2012 by law enforcement. This total may well represent tens or hundreds of thousands more actual individuals due to the law enforcement practice of requesting so-called “cell phone tower dumps” in which carriers provide all the phone numbers of mobile phone users that connect with a tower during a specific period of time. Senator Markey began his investigation last year, revealing 1.3 million requests in 2011 for wireless data by federal, state, and local law enforcement. In this year’s request for information, Senator Markey expanded his inquiry to include information about emergency requests for information, data retention policies, what legal standard –whether a warrant or a lower standard — is used for each type of information request, and the costs for fulfilling requests. The responses received by Senator Markey reveal surveillance startling in both volume and scope. “


This seems to protect the school administrators far more than the students. Another case of “We know what's best for your children, so we can make this decision.” I wonder how common this is?
Bill Bush reports:
When schools discipline students for taking guns to school, the districts must report it to the state. It happened almost 250 times in Ohio last year.
But parents who look on the state Board of Education’s website won’t see most of those reports.
That’s because a department rule designed to protect the privacy of students — including those who take guns to school — keeps parents in the dark about where those hundreds of incidents happened.
Read more on The Columbus Dispatch.
[From the article:
… Whenever a district’s reportable incidents total fewer than 10 in a year, the department “masks” the data, blanking out the number. So a district that expelled nine students for shooting guns in a school would show up on the website as having no gun-related expulsions, with nothing to indicate that any information was redacted.
… The state Department of Education masks the disciplinary numbers under the theory that if the public knew the number was nine or fewer, someone could use that to figure out the students’ identities. The rule doesn’t take into account the size of the district — assuming, for example, that reporting that five students in Columbus City Schools were expelled for taking guns to school would somehow identify them among the district’s nearly 51,000 students.
… Among the state’s eight largest urban districts, only Cleveland had enough gun incidents last school year to allow the reporting: 13 expulsions and 63 out-of-school suspensions.
The same rule applies to other categories of disciplinary data, including use of other weapons, fighting, serious bodily injury, unwelcome sexual contact, bomb threats and intimidation.


Somehow, this does not make me feel safer. If they confiscate weapons, are there no charges? What's next with “zero tolerance?” Confiscation of pictures of guns?
TSA confiscates sock monkey's toy gun
… A woman at a checkpoint at Lambert-St. Louis International Airport said she was “appalled and shocked” after a Transportation Security Administration agent confiscated a tiny toy gun belonging to her sock monkey.
Phyllis May of Redmond, Wash., was travelling from St. Louis on Dec. 3 when she noticed a TSA agent inspecting one of her carry-on bags, according to NBC affiliate King 5.
May sells the dolls and had several sock monkeys and sewing supplies in the bag. One of the monkeys, named “Rooster Monkburn,” after John Wayne’s character “Rooster Cogburn” in the movie “True Grit,” is a cowboy with a two-inch long pistol.
“She said ‘This is a gun,’” May told King 5. “I said 'No, it’s not a gun, it’s a prop for my monkey.'”
“She said ‘If I held it up to your neck, you wouldn’t know if it was real or not,’ and I said ‘Really?’” May said.
May told King 5 the TSA agent took the monkey’s gun and informed May she was supposed to call the police.
King 5 reported that the agent did not call police and May was able to keep her sewing supplies and other dolls and board the plane.


How far can an incumbent go before tripping over the line?
Nest Labs CEO advice: Startup? More like lawyer up
Startups whose products challenge the incumbents need to prepare not just for competition but for dirty tricks.
That was the advice at the LeWeb conference from Tony Fadell, chief executive and founder of Nest Labs, whose Net-connected, app-enabled thermostat triggered patent-infringement suits from Honeywell and Allure Energy. The company now has expanded into smoke detectors, too.


How rude!
6 bottles of Chateau Petrus wine stolen from Brown Palace cellar
Six bottles of an extremely rare French wine that could fetch thousands of dollars on the black market were swiped from the wine cellar at The Brown Palace Hotel in Denver.
McMillan valued the six bottles at $4,600 in the police report. However, the Palace Arms' wine list offers the 2000 Château Petrus at $6,000 a bottle.


Very new? Not clear how this will work, but I will follow it.
– provides documents, papers and essays for university and school research. A growing community means more documents available for you. Find papers,essays, and university related documents. Download and read free available eBooks from the Internet. Get ideas for your school or university projects.


Useful ideas
Become A Boss At Email: Don’t Let It Take All Day
182,900,000,000 emails.
182.9 billion.
That’s more than 25 emails per every human mind on the planet.
And that’s just what we send in one day (PDF).
Given the crazy amount of emails that are sent and received every day, it’s no wonder that this electronic communication has become too hard to handle for so many of us. But don’t worry, here are some productivity secrets that can help you tame the beast.


For my students with i-Stuff...
Apple gifting 12 days of digital goodies — and it didn’t forget the U.S. this year
… the American tech giant is handing out some digital goodies to folks in the U.S. and abroad. The company just launched its annual “12 Days of Gifts” campaign (formerly known as “12 Days of Christmas”), which promises to dole out a free gift from the iTunes, iBooks, and App Stores every day between Dec. 26 and Jan. 6.
… Here’s the official 12 Days of Gifts description:
From December 26 – January 6, you can download a gift each day — songs, apps, books, films, and more — with the 12 Days of Gifts app. Each day’s gift will only be available for 24 hours, so download the free app to make sure you don’t miss out. Please note: Not all content is available in all countries.

Tuesday, December 10, 2013

Oh darn! That email was from Snowden? I could have been infamous!
Rolling Stone – Snowden and Greenwald: The Men Who Leaked the Secrets
by Sabrina I. Pacifici on December 8, 2013
Snowden and Greenwald: The Men Who Leaked the Secrets by Janet Reitman, December 4, 2013. This story is from the December 19th, 2013 – January 2nd, 2014 issue of Rolling Stone.
“Early one morning last December, Glenn Greenwald opened his laptop, scanned through his e-mail, and made a decision that almost cost him the story of his life. A columnist and blogger with a large and devoted following, Greenwald receives hundreds of e-mails every day, many from readers who claim to have “great stuff.” Occasionally these claims turn out to be credible; most of the time they’re cranks. There are some that seem promising but also require serious vetting. This takes time, and Greenwald, who starts each morning deluged with messages, has almost none. “My inbox is the enemy,” he told me recently… It would take until May, six months after the anonymous stranger reached out, before Greenwald would hear from him again, through a friend, the documentarian Laura Poitras, whom the source had contacted, suggesting she and Greenwald form a partnership. In June, the three would meet face to face, in a Hong Kong hotel room, where Edward Snowden, the mysterious source, would hand over many thousands of top-secret documents: a mother lode laying bare the architecture of the national-security state. It was the “most serious compromise of classified information in the history of the U.S. intelligence community,” as former CIA deputy director Michael Morell said, exposing the seemingly limitless reach of the National Security Agency, and sparking a global debate on the use of surveillance – ostensibly to fight terrorism – versus the individual right to privacy. And its disclosure was also a triumph for Greenwald’s unique brand of journalism.”


Not new, but something for my Ethical Hackers t build their “targeted surveillance” folder.
Password Filters [0] are a way for organizations and governments to enforce stricter password requirements on Windows Accounts than those available by default in Active Directory Group Policy. It is also fairly documented on how to Install and Register Password Filters [1].
… For National CCDC earlier this year (2013), I created an installer and "evil pass filter" that basically installed itself as a password filter and any time any passwords changed it would store the change to a log file locally to the victim (in clear text) as well as issue an HTTP basic auth POST to a server I own with the username and password.


So I can take my James Bond Commemorative Model Walther PPK, break it down , scan it, and print a dozen new ones! “Q” couldn't do it better!
Holiday Shopping List: For Those Who Live At The Bleeding Edge Of Tech
MakerBot Digitizer ($1400)
3D printers are so last week. Doesn’t everyone have one now? What the avant-garde 3D modeller is using this week is the MakerBot Digitizer. Put your hand-sculpted creation, or hard-to-find part on the turntable and generate a 3D model of it that you can feed to your dusty 3D printer. Now we’re duplicating!
The resulting file is ready-to-go for the MakerBot 3D printers, but can also be used in most 3D modelling software as well. This gives you the opportunity to improve upon the original and create something no one else has. Perfect for the DIY enthusiast, engineer, prototyper, industrial designer; anyone who wants to make cool 3D stuff. Want to learn more about 3D printing? Joel Lee’s, “What Is 3D Printing And How Exactly Does It Work?” article is for you!


For my students... Many Firefox (and Chrome) tools. I'll list a couple.
Turn Your Browser Into A Supercharged Workspace With These Simple Steps
… Writing & Editing
MarkDown Editor presents a clean and easy-to-use plain-text writing environment with Markdown support. You can display the Markdown content and the corresponding HTML output in adjacent vertical or horizontal panes. The plugin also has features to hide the HTML panel, apply external CSS, and export content to HTML.
For Chrome users: Write Space, Writer
… Reading Feeds
Bamboo Feed Reader and NewsFox are a couple of good extensions for reading and subscribing to RSS feeds. If you’re a Feedly user, you can install Feedly’s Firefox extension instead. There is also a Chrome extension for Feedly.
For Chrome users: Read Saikat’s post on excellent RSS extensions for Chrome


...and for my programming students.
10 Web Resources For Learning How To Code


Global Warming! Global Warming! (Because I haven't tweaked Al Gore in a while.)
Antarctica Sets Cold Record of -135.8 Degrees
… Feeling chilly? Here's cold comfort: You could be in East Antarctica which new data says set a record for soul-crushing cold.
Try 135.8 degrees Fahrenheit below zero; that's 93.2 degrees below zero Celsius, which sounds only slightly toastier. Better yet, don't try it. That's so cold scientists say it hurts to breathe.
A new look at NASA satellite data revealed that Earth set a new record for coldest temperature recorded. It happened in August 2010 when it hit -135.8 degrees. Then on July 31 of this year, it came close again: -135.3 degrees.


I had a huge collection of these maps as a kid.
National Geographic Maps Now Online
National Geographic has put 500 of its 800 maps online thanks to a partnership with Google. The maps vary in nature, with some featuring historic data, others being for travelers and adventurers. All are available on Google’s Maps Engine platform and can be found through the directory.


Might be something for my website students...
– is an easy tool for web designers. With the help of the site, you can present your projects in a browser for free. It’s all very easy – all you have to do is to drag and drop your project to the window, then the Webprojector will do the rest for you. The system will automatically upload the project onto the server and prepare a link under which you and your clients will be able to view and comment it.


This is more impressive than anything my congressmen are doing. Good on ya, Connor!
6-year-old tries to save NASA
… Connor Johnson has wanted to be an astronaut since he was three. When he learned that congress was threatening his future prospects to be a scientist or astronaut with NASA by cutting NASA's funding, he decided to do something about it.
… His family helped him start a petition. Although he did have some guidance, Johnson constructed the petition ideas on his own.
… If you would like to help out our little astronaut friend by signing his petition please visit: http://1.usa.gov/1hFmpNA

Monday, December 09, 2013

Short, but useful.
The Semantics of Cyber Warfare
by Sabrina I. Pacifici on December 8, 2013
The Semantics of Cyber Warfare, Jason Fritz, Bond University. East Asia Security Symposium and Conference. Beijing. Nov. 2013
“The study of cyber warfare in China suffers from the same excess of overlapping terminology as in English documents. This paper will analyze key cyber warfare terms from authoritative sources and show that all of them can be broken down into three fundamental branches that are common to both the People’s Republic of China and the United States of America. The three branches are: Information Operations, Computer Network Operations, and Net Centric Warfare. Streamlined categorizing can aid the efficiency of research and improve inter-agency structure. Additional benefits include more accurate threat assessment, limiting media and public misunderstanding, and increasing transparency to forward cooperation, understanding, and trust.”


Non-profits have no legal protection? Or, corporations have no ethics?
Paper – Corporate Espionage Against Nonprofit Organizations
by Sabrina I. Pacifici on December 8, 2013
“Many different types of nonprofits have been targeted with espionage, including environmental, anti-war, public interest, consumer, food safety, pesticide reform, nursing home reform, gun control, social justice, animal rights and arms control groups. Corporations have been linked to a wide variety of espionage tactics. The most prevalent tactic appears to be infiltration by posing a volunteer or journalist, to obtain information from a nonprofit. But corporations have been linked to many other human, physical and electronic espionage tactics against nonprofits. Many of these tactics are either highly unethical or illegal. Corporations engage in espionage against nonprofits with near impunity. Typically, they suffer nothing more than minor adverse media coverage if their espionage is exposed. The lack of accountability may encourage other corporations to conduct espionage. Corporate espionage against nonprofit organizations presents a threat to democracy and to individual privacy. Democracy cannot function without an effective civil society. But civil society and its nonprofit organizations depend crucially on their ability to keep some ideas, information, and conversations private. Individual citizens and groups do not lose their right to privacy merely because they disagree with the activities or ideas of a corporation. The right to privacy dovetails with our First Amendment rights to speech, public debate, and full participation in the “marketplace of ideas.” It is especially unjust that corporations sabotage Americans’ fundamental rights through actions that are unethical or illegal. Many things can be done to protect nonprofits from corporate espionage. Congress should investigate and hold hearings on corporate espionage against nonprofits. Congress and state legislatures should enact legislation to criminalize the theft of confidential, noneconomic information held by their critics. Law enforcement – especially the U.S. Department of Justice – should prioritize investigating and prosecuting corporate espionage against nonprofits.”


How do you say “Google” in Norwegian?
Commentary – Norway Decided to Digitize All the Norwegian Books
by Sabrina I. Pacifici on December 8, 2013
Alexis Madrigal – The Atlantic: ”The National Library of Norway is planning to digitize all the books by the mid 2020s. Yes. All. The. Books. In Norwegian, at least. Hundreds of thousands of them. Every book in the library’s holdings. By law, “all published content, in all media, [must] be deposited with the National Library of Norway,” so when the library is finished scanning, the entire record of a people’s language and literature will be machine-readable and sitting in whatever we call the cloud in 15 years. If you happen to be in Norway, as measured by your IP address, you will be able to access all 20th-century works, even those still under copyright. Non-copyrighted works from all time periods will be available for download. Here in the States, we are struggling to make even a small percentage of English-language works accessible to the citizens of our fine country, despite the efforts of groups like the Digital Public Library of AmericaHathi Trust, and (I dare say) Google. Which means that we are not ready for the apocalypse. But the Norwegians, that’s a people preparing for the deep future. Now they are home to the Svalbard Seed Vault and they will have all the books stored away.”


For my Criminal Justice statistics students. (told ya!)
New on LLRX – Calculating Justice: Mathematics and Criminal Law
by Sabrina I. Pacifici on December 8, 2013
Via LLRX.com - Calculating Justice: Mathematics and Criminal Law - Ken Strutin’s new guide on criminal justice illuminates the growing importance of math in the administration of justice, with an emphasis on the areas of proof and judgment. Ken raises the examples of how statistics (evidence) and probability (analytics) have been used and challenged in many criminal cases to match people to events through such means as: DNA, soil samples, eyewitness descriptions, firearm purchase records, typewritten documents, clothes fibers, footprints, hair follicles, blood types, sperm, teeth marks, and conviction rates. Indeed, everything from traffic tickets to predictive policing draws on math in some way. Ken’s analysis and through documentation of case law adds a critical perspective on the manner in which “numbers are used, and abused” in court.


For my fellow teachers, and not just the technologically challenged.
The Analog Teacher’s Guide To Bloom’s Digital Taxonomy
Are you an analog teacher trying to function in a digital world? Is the professional chatter of your colleagues littered with terms like Smore, Voki, Today’s Meet, Prezi, Popplet, Thinglink, and others? If so, then you are a casualty of a digital divide that exists among the ever-growing number of educators as they attempt to keep up with the flow of resources and information. The demand is on for educators to provide more digital content that allows for the integration of technology, but where does the professional start? A great place to start would be a website aligned to Bloom’s Digital Taxonomy.
Created by a Media Coordinator and an Instructional Technology Coordinator this website offers resources from the beginner to the advanced user of digital resources.


Sometimes Saturday, sometimes Sunday, sometimes very late on Sunday. But amusement every week.
… The school board in Huntsville, Alabama will offer students cash incentives to do well on their ACT tests – up to $300. [Teaching students to be politicians? Bob]
… The College Board, edX, and Davidson College are teaming up to offer special Advanced Placement courses in calculus, physics and macroeconomics. More details in The New York Times.
… “Argosy University’s Denver campus has agreed to pay $3.3-million in a settlement with the Colorado attorney general’s office, which found that the for-profit institution, a division of the Education Management Corporation, had intentionally misled students about one of its degree programs.” So says The Chronicle of Higher Education.
… Boundless, the “textbook alternative” startup, has launched its Boundless Teaching Platform, an effort to get more teachers using and remixing Boundless content.
According to a survey conducted by the Los Angeles Board of Education, just 36% of teachers strongly favor continuation of the district’s troubled iPad initiative. 90% of administrators said the same.


Music to study by?
Enjoy Curated Music Mixes And Discover Great Artists On 8tracks
Unlimited streaming music, for free, legally available all over the world, and with no audio ads. Have I got your attention yet? That’s just what 8tracks offers. One of the oldest and best music websites in existence, we mentioned 8tracks way back in 2008, and far more recently as one of several great tools for creating digital mixtapes. Most recently, I’ve shown you how to enjoy 8track on the go with the amazing third-party client InifiTracks.