Thursday, September 25, 2014

The university has used Jimmy John's to feed us at faculty meetings. I wonder if someone used their personal credit card? I'll ask my Computer Security students to figure out who is liable.
Restaurant chain Jimmy John’s reports data breach at 216 stores
Sandwich restaurant chain Jimmy John’s said there was a potential security breach involving customers' credit and debit card data at 216 of its stores and franchised locations on July 30.
An intruder stole log-in credentials from the company's vendor and used the credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16 and Sept. 5, the company said.

(Related)
DATA SECURITY INCIDENT
… he locations and dates of exposure for each affected Jimmy John’s location are listed on AFFECTED STORES & DATES.
Longmont , CO 210 Ken Pratt Blvd. Suite 200 --- 6/16/2014 - 7/25/2014
Denver , CO 622 16th St. --- 6/27/2014 - 8/1/2014
Golden , CO 1299 Washington Ave. --- 6/27/2014 - 8/1/2014
Broomfield , CO 625 Flatiron Marketplace Dr. --- 7/1/2014 - 8/1/2014
Denver , CO 2325 East Colfax Ave. --- 7/1/2014 - 8/1/2014
Colorado Springs , CO 5885 Stetson Hills Blvd. --- 7/1/2014 - 8/2/2014
Lone Tree , CO 9234 Park Meadows Dr. Suite 500 --- 7/1/2014 - 8/3/2014
Greeley , CO 2644 11th Ave. Suite B --- 7/7/2014 - 8/1/2014


An attack on us geeks?
jQuery Confirms Website Hacked Again


Someone has to secure those self-driving, auto-updating cars.
GM Appoints Chief Product Cybersecurity Officer
The fact that GM has appointed a cybersecurity leader is not surprising considering that security researchers and even lawmakers have been putting pressure on car makers to ensure that the software systems installed on vehicles can't be hacked.
In June, Target Corp. announced that it had hired away GM's CISO and information technology risk officer Brad Maiorino who took the role as senior vice president and chief information security officer at Target.
Last year at the Def Con security conference, researchers Charlie Miller and Chris Valasek demonstrated that they could hack modern cars and manipulate steering, acceleration, safety sensors and other components.
In August, a group of security researchers launched an initiative called "I am the Cavalry" in an effort to convince automakers to implement security programs aimed at making cars more resilient to cyberattacks.


Update.
Criminals Using Data Stolen in Home Depot Breach to Drain Accounts
The Home Depot data breach – which compromised some 56 million credit and debit card accounts – is to blame for a recent outbreak of fraudulent bank transactions, according to a report from the Wall Street Journal.
Sources familiar with the incident tell the Journal that criminals are using data stolen in the hack attack to buy prepaid cards, electronics, and groceries, with numerous cases popping up across the U.S. According to the report, some of the illegal transactions have been traced back to batches of cardholder accounts tied to specific zip codes.


A start on a “Best Practices” guide? (Because you know this is coming.)
Collect Your Employees’ Data Without Invading Their Privacy
Research shows that businesses using data-driven decision-making, predictive analytics, and big data are more competitive and have higher returns than businesses that don’t. Because of this, the most ambitious companies are engaged in an arms race of sorts to obtain more data, from both customers and their own employees. But gathering information from the latter group in particular can be tricky. So how should companies collect valuable data about time use, activities, and relationships at work, while also respecting their employees’ boundaries and personal information?
… Have a hypothesis. Before you start collecting data, decide why it’s needed in the first place. For one, legal departments can’t often approve a project without an objective. But in addition, the team proposing the project needs to be clear and transparent about what they’re trying to accomplish. This includes having a tangible plan for what data is being sought, what changes will be made based on the findings, how the results of these changes will be measured, and the return on investment that justifies the time and energy put into the project.
… Default to anonymity and aggregation.
… If you can’t let employees be anonymous, let them choose how you use their data.

(Related) This is a tool for self-surveillance. No need to search yourself, this site will help you reenforce whatever bias tilts your world view. (No Democrat will ever need to see anything positive about Republicans!)
– the Internet is a big place, and it can often be difficult to find the content that most appeals to you. StumbleUpon started the trend of finding personalized content, and Fligoo is a similar concept. Sign in with your Facebook account and it uses your social media to figure out what you want to see.


“We can, therefore we must!” Consider this the start of a “Worst Practices” guide?
Ali Winston of the Center for Investigative Reporting reports:
Without notice to the public, Los Angeles County law enforcement officials are preparing to widen what personal information they collect from people they encounter in the field and in jail – by building a massive database of iris scans, fingerprints, mug shots, palm prints and, potentially, voice recordings.
The new database of personal information – dubbed a multimodal biometric identification system – would augment the county’s existing database of fingerprint records and create the largest law enforcement repository outside of the FBI of so-called next-generation biometric identification, according to county sheriff’s department documents.
Read more on SCPR.org


Perhaps a “high school social engineer” pretending to be the NSA?
Challen Stephens reports:
A secret program to monitor students’ online activities began quietly in Huntsville schools, following a phone call from the NSA, school officials say.
Huntsville schools Superintendent Casey Wardynski says the system began monitoring social media sites 18 months ago, after the National Security Agency tipped the school district to a student making violent threats on Facebook.
The NSA, a U.S. agency responsible for foreign intelligence, this week said it has no record of a call to Huntsville and does not make calls to school systems.
Read more on AL.com


Universities want to retain students. Knowing what makes students successful and indications that they need help, are part of the Big Data picture.
Pointer:
The New York Times‘ Room for Debate focuses on big data in education. You can access the debaters’ opinions here.


Always an interesting topic.
Drone Wars: How UAV Tech Is Transforming the Future of War


Will these highly trained inspectors base their 10% estimate on weight or volume? Will the evidence be available if anyone wants to challenge the massive fine?
Throwing too much food away is about to be against the law in Seattle
Making public inspectors out of garbage men, the Seattle City Council has approved a new trash ordinance that authorizes sanitation workers to peruse residents’ waste bins for signs that people are throwing too much food away.
Go over the limit – ten percent of all your trash – and you could face a whopping $1 fine for each occurrence. The ordinance allows trash collectors to document the offenses as they’re out running their daily routes, according to The Seattle Times:
Under the new rules, collectors can take a cursory look each time they dump trash into a garbage truck.
If they see compostable items make up 10 percent or more of the trash, they’ll enter the violation into a computer system their trucks already carry, and will leave a ticket on the garbage bin that says to expect a $1 fine on the next garbage bill.
[From the article:
Under current Seattle Public Utilities (SPU) rules, people living in single-family homes are encouraged but not required to dispose of food waste and compostable paper products in compost bins.
Apartment buildings must have compost bins available, but residents of apartment buildings aren’t required to use them.
And businesses aren’t subject to any composting requirements.


For my Disaster Recovery students.
Kansas Zombie Preparedness Month is more than just a tourist attention grabber
Kansas City skyline with Union StationThe State of Kansas will use Zombies to capture the attention of the public about disaster preparedness. Kansas Governor Sam Brownback will sign a law this week proclaiming the month of October as Kansas Zombie Preparedness Month.
… In fairness to Kansas, at least they’re creative. Source: Kansas Division of Emergency.


Another reason for my students to use our 3D printers!
Combine your iPhone or tablet with 3D-printed clip and glass sphere to create microscope
by Sabrina I. Pacifici on Sep 24, 2014
Mark Rockwell – FCW: “A national research laboratory has combined the capabilities of a 3-D printer, mobile phones and simple glass beads to produce an inexpensive handheld microscope that can be used in a wide range of research and practical applications. Developers of the technology at the Department of Energy’s Pacific Northwest National Laboratory (PNNL) have made the 3-D printing specifications for producing the devices available to the public for free. The lab initially developed the microscope using internal discretionary funds aimed at enhancing its core scientific and technical capabilities.”


My Intro to Computer Security students will need tools like these every week!
Frequently Overlooked Google Search Tools and Strategies


Tools for my i-students. (I highlight a few)
Back To School? iOS Tips & Apps To Ease You Into Student Life
Loud Alarm (Free, in-app purchases)
Naturally, there are plenty more alarm clocks available, including ones to stimulate your mind as you wake – but if you’re a deep sleeper, Loud Alarm is specifically designed for you.
Doc Scan HD (Free; Pro: $3.99)
Doc Scan HD accesses your camera and takes a photo of any document. You can then crop, tamper with lighting and contrast then email it as either a .jpeg image or PDF (and can now collaborate with Dropbox). [My Math students take pictures of the whiteboard. Bob]
… You can utilise all sorts of services for educational purpose, including note-takers like INKredible and the ubiquitous note taking app Evernote. There are further apps for your iPad that will help you when citing sources, taking dictation or wondering how to spell onomatopoeia.

(Related) So my Android students don't feel slighted.
Android
Must-have Android apps for your mobile phone and tablet that will help you be more efficient and improve productivity.


Congratulations India! No doubt congress will want to outsource all space exploration to India, since we see no value in it.
India's $74 million Mars mission cost less than 'Gravity' movie
When the Mangalyaan spacecraft slipped into orbit around Mars on Wednesday after a 10-month voyage, India became the first country to successfully reach the Red Planet on its first attempt.
But the mission's shoestring budget was perhaps its most notable distinction: At a cost of just $74 million, India's space agency put the satellite into orbit for a fraction of what other nations have spent.
The U.S. Maven satellite, for example, arrived in orbit on Sunday in a mission that cost taxpayers $671 million. The European Space Agency's 2003 mission to Mars had an initial budget of nearly $200 million.
Prime Minister Narendra Modi has noted that even the Hollywood thriller "Gravity" had a larger budget at $100 million.

No comments: