“Yes,
we're vulnerable. No, we don't know how to fix it yet.”
Oracle
Shellshocked by Bash bug – but Exalogic folk will have to wait
Oracle
has confirmed that at least 32 of its products are affected by the
vuln recently discovered in the Bash command-line interpreter – aka
the "Shellshock"
bug – including some of the company's pricey integrated hardware
systems.
The
database giant issued a security
alert regarding the issue on Friday, warning that many Oracle
customers will have to wait awhile longer to receive patches.
"Oracle
is still investigating this issue and will provide fixes for affected
products as soon as they have been fully tested and determined to
provide effective mitigation against the vulnerability," the
company said.
Like
many (most?) security breaches, initial estimates significantly
understate the scope of the problem. It's not just Jimmy John's!
So, who is at fault?
Signature
Systems Breach Expands
…
In a statement issued in the last 24 hours, Signature Systems
released
more information about the break-in, as well as a list of nearly
100 other stores — mostly small mom-and-pop eateries and pizza
shops — that were compromised in the same attack.
“We
have determined that an unauthorized person gained access to a user
name and password that Signature Systems used to remotely access POS
systems,” the company wrote. “The unauthorized person used that
access to install malware designed to capture payment card data from
cards that were swiped through terminals in certain restaurants. The
malware was capable of capturing the cardholder’s name, card
number, expiration date, and verification code from the magnetic
stripe of the card.”
Meanwhile,
there are questions about whether Signature’s core product — PDQ
POS — met even
the most basic security requirements set forth by the PCI
Security Standards Council
for point-of-sale payment systems. According to the council’s
records, PDQ POS was not
approved for new installations after Oct. 28, 2013. As a
result, any Jimmy John’s stores and other affected restaurants that
installed PDQ’s product after the Oct. 28, 2013 sunset date could
be facing fines and other penalties.
[Local
victim: Garlicknot - Littleton, CO
Does
this mean that electrical records can not be used to justify a search
warrant? Perhaps they can't be used as evidence in any form?
(Because it tells us nothing about individuals?)
As
reported by John Wesley Hall of FourthAmendment.com:
A smart electric meter that transmits information about electric
usage every 15 minutes is not a search and seizure. Naperville Smart
Meter Awareness v. City of Naperville, 2014 U.S. Dist. LEXIS 134861
(N.D. Ill. September 25, 2014)*
Read
an excerpt from the opinion on FourthAmendment.com.
Maybe
you should only use that “Fit” App if you are already fit? This
article states a hypothetical, but in the future if you don't share
this information you could be placed in the “doesn't care about his
health” category.
How
iPhone apps could impact your insurance
As
part of Apple's new mobile operating system, developers can build
apps that measure things like heart rate, sleep, weight and blood
pressure. If users choose to do so, they can then send that
information to doctors for medical advice.
Health
insurers, which are barred by Obamacare from denying coverage based
on pre-existing conditions, can't base their decisions on this kind
of information. But the situation is different for life insurers,
who use medical records to make decisions about the relative risks of
prospective customers.
Something
for my Data Analytics students to try their hand at?
Karen
Gullo reports:
Data from two hard drives locked up in the San Francisco federal
courthouse may make or break an effort to hold Google Inc. (GOOG) to
account for what privacy advocates call an unprecedented corporate
wiretapping case.
If 22 people who sued the company can pinpoint their personal data in
a massive cache of communications that Google’s Street View cars
captured from private Wi-Fi networks, their lawyers may be able to
seek billions of dollars of damages from the the world’s largest
search engine owner.
If they come up empty-handed, an outcome the company that pioneered
search optimization is betting on, the case will join a stack of
failed privacy lawsuits accusing Google, Apple Inc. (AAPL), Facebook
Inc. (FB) and other technology companies of tracking, capturing or
sharing personal information.
Read
more on Bloomberg
News.
[From
the article:
“You
have to show that you were the victim,” said Susan Freiwald, a law
professor at University of San Francisco School of Law. “If they
don’t, then why should they get money?”
The
battle for damages against Google gets simpler if the plaintiffs find
their communications on the drives, she said. Victims
of wiretapping don’t have to show they suffered any harm
or that the perpetrator profited from the data collection, said
Freiwald, who isn’t involved in the case.
…
Google fought unsuccessfully all the way to the U.S. Supreme Court
to block the lawsuit, arguing that the federal Wiretap Act barring
unauthorized interception of electronic communications didn’t apply
to its Street View data gathering.
Last
week, a federal judge ruled that the Mountain View, California-based
company has to work with opposing lawyers to determine what’s on
the hard drives.
A
coming kerfuffle? If these allegations are true, the banks already
own the press too and we'll hear very little of this until they are
cleared of all charges.
Here's
A Quick Guide To The Startling New Scandal Involving Goldman And The
New York Fed
ProPublica
and This American Life published a massive report alleging severe
conflicts of interest between
the New York Federal Reserve and Goldman Sachs.
"The
Ray Rice video for the financial sector has arrived," Michael
Lewis said.
This
actually matters. Is there anyone to ready to succeed? (Or it maybe
it's just gout.)
North
Korean TV acknowledges leader Kim Jong Un's health problems
Kim,
31, who is frequently the centrepiece of the isolated country's
propaganda, has not been photographed by state media since appearing
at a concert alongside his wife on Sept. 3, fuelling speculation he
is suffering from bad health.
He
had been seen walking with a limp since an event with key officials
in July and in a pre-recorded documentary broadcast by state media on
Thursday appeared to have difficulty walking.
How
to know more about congress than your congressman.
Congress.gov:
Removing the Beta Label and New Enhancements
by
Sabrina I.
Pacifici on Sep 26, 2014
Via
Emily Carr - Andrew
Weber‘s news: The Library of Congress launched
Congress.gov in beta two years ago. Today, I’m happy to announce
we officially removed the beta label. That’s roughly three years
quicker than Gmail took to remove its beta label, but we won’t give
you the option of putting it back on Congress.gov. URLs that include
beta.Congress.gov
will be redirected to Congress.gov. There are a range of new
enhancements in this release. One of the exciting additions is a new
Resources section. This section provides an A-to-Z list of hundreds
of links related to Congress. If you are not sure where something is
located, try looking through this list. I quickly jump through the
list using Ctrl+F and searching. You can find the new Resources page
in the navigation on the top right or in the footer on every page.
Check it out and leave a comment below…” To read more
of Andrew’s blog highlighting enhancements, with handy screen
shots, visit
http://blogs.loc.gov/law/2014/09/congress-gov-removing-the-beta-label-and-new-enhancements/.
Free
(and cheap?) stuff for my i-students.
Cheap
Music Apps, Warhammer Quest & 2K DRIVE Free [iOS Sales]
For
the children of my students. (because I can't figure it out.)
Kids
Can Play the Roles of NASA Engineers on the NASA HIAD Game
HIAD
is the name for NASA's Hypersonic Inflatable Aerodynamic Decelerator
technology. In the NASA
HIAD game (available online and as mobile apps) students learn to
control HIADs to land them safely back on Earth. In the game
students have to navigate the HIAD while accounting for velocity of
the HIAD, wind speeds, timing of inflation, and shape of the HIAD.
Make a mistake and the HIAD could burn up on re-entry or crash when
it misses the landing zone. The game has four progressively more
difficult levels. The first level teaches students the basics
concepts and skills needed to complete the game.
I
must ensure that my students know not to do this!
Pirate
Bay Goes To College: Free Textbook Torrent Downloads Soar Amid Rising
Costs
American
college students struggling to afford textbooks are sharing copies of
their books illegally on TextbookNova, the Pirate Bay and some of the
same torrent sites that crippled the music industry. Many of the
most popular
books are available for free, with a correlation between the
number of downloaders and the price of the book.
The
College
Board estimated in January that the average student spends $1,200
annually on textbooks. The price of books skyrocketed by 82 percent
in the years between 2002 and 2013, a number high enough to convince
65 percent of students to decide against buying a book, according to
a Government
Accountability Office survey. Ninety-four percent of the GAO
respondents who didn’t buy a book out of financial concerns
admitted they did so even with the expectation that it would hurt
them academically.
A
MOOC by any other name...
The
White House Promotes Open Education
The
United States is committed to open education and will:
Launch
an online skills academy. The Department of Labor (DOL), with
cooperation from the Department of Education, will award $25 million
through competitive grants to launch an online skills academy in 2015
that will offer open online courses of study, using technology to
create high-quality, free, or low-cost pathways to degrees,
certificates, and other employer-recognized credentials. This
academy will help students prepare for in-demand careers. Courses
will be free for all to access on an open learning
platform, although limited costs may be incurred for students seeking
college credit that can be counted toward a degree. Leveraging
emerging public and private models, the investments will help
students earn credentials online through participating accredited
institutions, and expand the open access to curriculum designed to
speed the time to credit and completion. The online skills academy
will also leverage the burgeoning marketplace of free and
open-licensed learning resources, including content developed through
DOL’s community college grant program, to ensure that workers can
get the education and training they need to advance their careers,
particularly in key areas of the economy.
Weekly
giggles...
…
“The U.S. Education Department has opened an investigation into
charges that the Recovery School District’s policy of closing and
chartering New Orleans
public schools violated
the civil rights of African-American students.”
More via The
Times-Picayune.
…
Not to be left out of the news cycle: “Why
Free Online Classes Are Still the Future of Education,”
featuring edX’s
Anant Agarwal.
…
Clemson University
has suspended
its mandatory online course that required
students fill out a detailed set of questions about their sex
lives.
…
A $15 million XPRIZE for Global Learning to build
software so that children can teach themselves basic
literacy and numeracy. NPR’s
Anya Kamenetz has the most thoughtful reporting in a sea of what
was otherwise uncritical churnalism about the project. For $10,000
you can support the effort via the initiative’s IndieGogo
campaign and “sponsor a village” to help with testing. Or
for $10,000 you can support the effort and get access to some Tony
Robbins life-coaching thing.
…
Edcast has
raised $6 million in funding from SoftBank, Mitch Kapor, Menlo
Ventures, Novel TMT Ventures, Cervin Ventures, Aarin Capital,
NewSchools Venture Fund/ CoLab, and the Stanford StartX Fund to
“build
knowledge clouds.” [Lot's
of money being tossed at cloudy ideas Bob]
…
Tiggly has
raised
$4 million in Series A funding. The startup, which has raised
$5 million total, makes wooden
block iPad apps for toddlers. (Seriously: who would give
their kid an app instead of wooden blocks?!)
No comments:
Post a Comment