Heads-up
Ethical hackers, they're talking about another of our tools.
Oh
great: Is this new OpenSSL flaw worse than Heartbleed?
The
Heartbleed
flaw discovered in OpenSSL was one of the worst web vulnerabilities
in history, but believe it or not it may have already been dethroned.
Even
more incredible is the fact that once again, OpenSSL may be to blame.
The
"CCS Injection Vulnerability" was discovered by Tatsuya
Hayashi, who said it "may be more dangerous than Heartbleed,"
according to The
Guardian.
Attackers
can reportedly use this weakness to intercept
and even alter data
passing between computer and websites in a classic man-in-the-middle
maneuver as long as they're on the same network, like a public Wi-Fi
hub.
Isn't
that what I've been saying?
Snowden
Damage Apparently Less Than Feared: Report
Edward
Snowden does not appear to have taken as much as originally thought
from NSA files, The Washington Post reported
late Thursday.
…
"We're
still investigating, [I doubt that. They should have finished an
investigation like this in hours. Bob]
but we think that a
lot of what he looked at, he couldn't pull down," [Bologna!
CNTL-A, CNTL-C, CNTL-V Any questions? Bob]
Clapper said. "Some things we thought he got he apparently
didn't," the director was quoted as saying.
Privacy
in Canada.
Daniel
Tencer reports:
Rogers Communications and internet service sartup TekSavvy have
released the first-ever transparency reports from Canadian telecom
companies, and what they have to say won’t lessen the concerns of
privacy activists.
Rogers
reported that it got 174,917 government requests for information
about subscribers last year, or about
480 requests per day. That’s nearly one request for
government data per 11 Rogers internet subscribers.
Read
more on Huffington
Post (Canada). In another post this morning, I note that
Vodafone and Deutsche Telekom are also being more transparent now.
These
are all great developments, and it’s appropriate that they are
happening on or around the one-year anniversary of Edward Snowden’s
revelations.
Privacy
in the USA. This is strange.
Joe
Wolverton, II writes:
Federal law enforcement officers recently seized the records of a
local police force’s use of a controversial surveillance system
known as “Stingray” just before the information was scheduled to
be released to the public.
The U.S. Marshals Service “stunned” the American Civil Liberties
Union (ACLU), which was waiting on the imminent release of the
documents pursuant to a public records request the group filed
earlier this year with the Sarasota, Florida, police department. The
petition sought to shed light on the scope of the department’s use
of the Stingray device.
According to the ACLU, its representatives were scheduled to be given
access to the documents last Tuesday, but federal marshals showed up
first and took possession of the entire cache, claiming
they were the property of the U.S. Marshals Service. The feds
forbade the local police from releasing the documents as planned.
Read
more on New
Amerian.
Some
things are classified Top Secret when disclosure would cause
"exceptionally grave damage." Other things are classified
Top Secret when people think those things are very important. Yet
others when the people choosing the classification think they are
important.
EPIC
v. NSA: EPIC Obtains Presidential Directive for Cybersecurity
by
Sabrina I.
Pacifici on June 6, 2014
EPIC
- After almost five years, EPIC has
obtained National
Security Presidential Directive 54.
The previously classified Presidential Directive contains the full
text of the Comprehensive National Cybersecurity Initiative and
“establishes United States policy, strategy, guidelines, and
implementation actions to secure cyberspace.” This Directive,
which is the
foundational legal document for all cybersecurity policies
in the United States, evidences government efforts to enlist private
sector companies, more broadly monitor Internet activity, and develop
offensive cybersecurity capability. EPIC first sought public release
of NSPD-54 with a
Freedom of Information Act request,
submitted to NSA in June 2009. After the agency failed to disclose
the document, EPIC filed suit. When a federal district court ruled
in 2013 that the Presidential Directive was not subject to the
Freedom of Information Act, EPIC then filed an appeal with the DC
Circuit Court of Appeals. The document has now been disclosed to
EPIC. The case is EPIC
v. NSA, a Freedom of Information Act
lawsuit in D.C. Circuit Court. EPIC has several related FOIA cases
with the NSA pending in federal court. For more information see EPIC
– EPIC v. NSA (Cybersecurity Authority).
This
has potential, but I haven't found a link to check it out, yet.
Sam
Evans-Brown reports:
There’s a database in New Hampshire, nestled in hard-drives in the
Department of Education, with all sorts of information about student
test scores, graduation rates, and achievement. It shows how poor
kids do on tests compared to rich kids, and how minorities do
compared to whites, and whether schools are improving on those tests.
Whenever the data in it is accessed, it’s totally anonymous; only a
handful of employees at the DOE can match these test-scores with
student names.
That makes New Hampshire already ahead of the curve, and that was the
case before lawmakers passed a new student data privacy law.
National Privacy advocates are praising New Hampshire’s new
measure, which Governor Maggie Hassan signed into law last week to
basically no fanfare. They are saying it provides clarity in an area
that in many states is largely unregulated.
Read
more on NHPR
One
part of the Net Neutrality debate?
Verizon
tells Netflix to stop blaming it for streaming issues
…
In a cease-and-desist
letter sent to Netflix, Verizon said Netflix is making
"false accusations" that have the "potential to harm
the Verizon brand" and is engaging in "deceptive behavior."
At
issue is a notice Netflix started running in Verizon homes earlier
this week when buffering issues arose that said, "the
Verizon Network is crowded right now."
"There
is no basis for Netflix to assert that issues with respect to
playback of any particular video session are attributable solely to
the Verizon Network," Verizon General Counsel Randal Milch said
in his Thursday letter to Netflix General Counsel David Hyman.
He
went on to say that much of the problems consumers may be having are
the fault of Netflix and the companies it uses to get its content to
Verizon's pipes.
"Netflix
has been aware for some time that a few Internet middlemen have
congestion issues with some IP Networks and nonetheless, Netflix has
chosen to continue sending its traffic over those congested routes,"
Milch said.
When
does “tough business negotiations” tip over to monopolistic
practices?
Amazon
spat with publishers set to escalate
…
The world's largest online retailer is already feuding with Hachette
Book Group and Bonnier Media. Simon & Schuster and News Corp's
HarperCollins will soon come up for renegotiation, say sources
familiar with the matter, which means best-selling authors such as
HarperCollins' Veronica Roth, writer of the Divergent trilogy, and
Simon & Schuster's Michael Lewis could be entangled in the
controversy.
Hachette's
tussle will determine whether publishers can gain leverage against
Amazon, the biggest seller of e-books, at a time when demand for
digital tomes is surging and physical books are losing ground.
Amazon is seeking a bigger cut of the retail price of a title so it
can continue discounting e-books and boost margins, the sources said.
To ratchet up the pressure on Hachette, Amazon started blocking some
book pre-orders and delaying shipments - affecting titles such as The
Silkworm, J.K. Rowling's new novel written under a pseudonym.
…
Amazon commands 60 per cent of the e-books market, according to
Forrester Research.
…
''Negotiating for acceptable terms is an essential business practice
that is critical to keeping service and value high for customers in
the medium and long term,'' Amazon said in an online post last week.
The
tactics have hurt Hachette, the publisher of mass-market powerhouses
like James Patterson and literary heavyweights like Donna Tartt. A
few weeks into Amazon's campaign, Hachette relinquished its No.1 spot
on the Digital Book World bestseller list, a sign of Amazon's
dominance in the publishing industry.
Would
“a personal representative of a deceased person’s estate”
include a spouse or other heirs?
Access
to Digital Accounts After Death Varies State to State
by
Sabrina I.
Pacifici on June 6, 2014
“The
Uniform Law Commission, a body of lawyers who produce uniform
legislation for states to adopt, recently drafted the “Fiduciary
Access to Digital Assets Act (FADA).” It would grant
fiduciaries (a catch-all term for the various types of people who can
be legally appointed to hold assets) broad authority to access and
control digital assets and accounts. FADA is considered by many
attorneys to be an improvement over existing law because it would
clarify and expand who can access a deceased person’s online
accounts. The proposal
would create four categories of fiduciaries who would be
able to take over these accounts in the event of a death:
a personal representative of a deceased person’s estate;
someone carrying out a power-of-attorney;
a trustee of a trust; or
someone appointed by a court to act on behalf of a protected person.
Existing
laws typically only apply to personal representatives. The
Commission will vote on the proposed law in July. But two issues
still remain. The first revolves around “media neutrality,” the
idea that the treatment of assets should be the same regardless of
whether they are digital or physical. The proposal would require
certain fiduciaries to obtain access to digital assets, while it
would be automatic for others.”
For
my students.
More
new jobs went to the college educated
US
employers loaded up on college-educated workers in May.
A
hefty 332,000 new jobs last month went to those who finished college,
the Labor Department said Friday. That caused the jobless rate for
college graduates to dip to 3.2 percent from 3.3 percent in April.
It
was further evidence that businesses increasingly value educated
workers, even when an advertised job doesn’t call for such a
degree. The most recent estimate from the Federal Reserve Bank of
New York found that, on average, one-third of college graduates work
jobs for which their degrees aren’t necessary.
Does
this signal an opportunity for Professional Employee Organizations?
Security contractors.
Two-thirds
of IT Employees Are Ready to Walk Out the Door: Survey
IT
professionals are noticing a significant change in how they are
regarded within their organizations, according to the latest research
report from Wisegate, a private practitioner-based IT research
services group. Instead of being treated as a nuisance or necessary
evil, IT is increasingly
being integrated into and respected by the business,
according to the respondents—senior IT practitioners across a
variety of industry sectors—who participated in the Wisegate
survey.
But
there is a gap somewhere, as many of the 362 IT professionals
surveyed were looking for opportunities outside their organizations.
Almost half of the
respondents felt their organizations did not offer the opportunities
they needed to advance in their careers. Two-thirds of
the respondents said they expected to move on to another organization
within the next two years. Respondents weren't just anticipating
events beyond their control, as nearly half said they wanted to move
within the year.
The
full report is available
online (PDF) from Wisegate.
I'll
share this with my Statistics students, but I doubt they are old
enough to appreciate it.
–
Do you think time is catching up with you? Perhaps it’s already
overtaken you and left you in the dust. Do the years seem to be
going ridiculously quickly now? There’s a reason for it. You’re
getting old. The site will provide you a report full of interesting
stuff. Find out just how bad it’s got. Enter your date of birth.
For
my students and fellow professors. Looks like we will get into Big
Data (Data Mining and Data Analysis) in a much bigger way. Getting
SAS for free is huge!
SAS®
University Edition
By
2018, demand for workers skilled in analytics could outpace supply by
60 percent – or 1.5 million jobs – according to a McKinsey Global
Institute study. Translation? Anyone with analytic prowess will be
in high demand from employers around the world. What's more, a
recent Monster.com article, "Job Skills That Lead to Bigger
Paychecks," named SAS as the skill that nets the biggest
paycheck. Bottom line, if you’re a student, learning SAS is a
great way to prepare for – and secure – your future. If you’re
a teacher or professor, teaching SAS is a great way to attract top
students and to equip tomorrow's workers with the skills they'll need
to succeed.
(Related)
The “Why” of Big Data education.
What
Big Data Needs to Do to Grow Up
We
are in an Information Revolution — and have
been for a while now. But it is entering a new stage. The
arrival of the Internet of Things or the Industrial Internet is
generating previously unimaginable quantities of data to measure,
analyze and act on. These new data sources promise to transform our
lives as much in the 21st century as the early stages of
the Information Revolution reshaped the latter part of the 20th
century. But for that to happen, we need to get much better at
handling all that data we’re producing and collecting.
Consider
the more than $44 billion projected
by Gartner to be spent on big data in 2014. The vast majority of
it — $37.4 billion — is going to IT services. Enterprise
software only accounts for about a tenth.
Because
it amuses me.
…
Connecticut
governor Dannel Malloy (D) signed
a bill “to create and maintain a state platform for the
distribution of electronic books (e-books)
to public library
patrons.”
…
Onarbor
is a new site, “intended as a publishing and funding platform for
academics, kind of like a Kickstarter for scholarly work.” More
via
The Chronicle of Higher Education.
…
Politico
reports that Facebook
has applied for a
patent for “letting children create accounts with parental
supervision”
No comments:
Post a Comment