My
Computer Security students need to understand this common follow-on
to security breaches.
David
Allison provides a litigation update here.
The
next question is how many of them will be dismissed because of lack
of standing.
(Related)
Another reality of security breaches – they just keep on giving
you headaches. In this case it seems to have triggered other
investigations...
Wow.
I suspected Aaron’s problems over spyware in rent-to-own computers
weren’t over, but they just agreed to pay $28.4 million to settle
California’s charges against them that included privacy violations:
…
The complaint alleges that Aaron’s violated California’s
Karnette Rental-Purchase Act, which is the strongest rent-to-own law
in the country, by charging improper late fees, overcharging
customers who paid off contracts early, and omitting important
contract disclosures.
In
addition, the complaint
alleges that Aaron’s violated California state privacy laws by
permitting its franchised stores to install spyware on laptop
computers rented to its customers. A feature in the
spyware program called ‘Detective Mode’, which was installed
without consumers’ consent or knowledge, allowed the Aaron’s
franchisees to remotely monitor keystrokes, capture screenshots,
track the physical location of consumers and even activate the rented
computer’s webcam.
…
Copies of the complaint and stipulated judgment are attached to the
online version of this release at www.oag.ca.gov/news.
Surely
Buffy, Muffin, and Chaz would not stoop to such things?
Well,
this is tacky, at best. It appears some members of the Sausalito
Yacht Club gained access to the membership roster. From
the notification
letter of October 4:
We are writing to you because of an incident at the Sausalito Yacht
Club on or about October 1, 2014,wherein several members gained
unauthorized access to our member roster, which includes information
linking your name to your private Sausalito Yacht Club member number,
the combination of which allows you to charge beverages, goods,
services and meals at the club, such amounts being charged at the
time and accumulated for inclusion on your next bill.
The data to which unauthorized access occurred also included your
personal contact information, and in certain cases, sensitive
financial account information, including accounts receivable that
were overdue by sixty days or more. As
best we can tell, no bank account information or credit card
information was involved in this breach.
… We are also undertaking steps
to strengthen access [Strange
wording Bob] to sensitive financial and membership sites
with new passwords required for access by authorized users.
So,
will they throw the intrusive and thoughtless privacy invaders out of
the Yacht Club or will money triumph?
That
was rhetorical.
This
seems a bit too generic for me. “Oh look, someone is hacking.”
Russian
Hackers Used Bug in Microsoft Windows for Spying, Report Says
Russian hackers used a bug in Microsoft Windows to spy on several
Western governments, NATO and the Ukrainian government, according to
a report released Tuesday by iSight Partners, a computer security
firm in Dallas.
The
targets also included European energy and telecommunications
companies and an undisclosed academic organization in the United
States, the cybersecurity
report said.
…
While the vulnerability affected many versions of Windows, iSight
said the Russian hackers
appeared to be the only group to use the bug. The company
added, however, that other companies and organizations may also have
been affected by the attacks.
Sometimes
you get much more than you expected.
Snapchat
Hackers Could Be Prosecuted for Child Porn Offenses
Private
videos and pictures shared between tens of thousands of Snapchat
users -- possibly as many as 200,000 -- were posted online by hackers
over the weekend in an episode dubbed the "Snappening."
Much of the content is sexual, including many nude photos -- some
possibly of minors.
The
hackers appear to have gone for maximum embarrassment and humiliation
with this particular breach: A document also published online
reportedly links many of the hacked images to user names.
One
of the most well known downsides of any large database. They become
large targets for hackers.
AP
reports:
After an avalanche of data breaches, South Korea’s national
identity card system has been raided so thoroughly by thieves that
the government says it might have to issue new ID numbers to every
citizen over 17 at a possible cost of billions of dollars.
The admission is an embarrassment for a society that prides itself on
its high-tech skills and has some of the fastest Internet access.
Read
more on CBC.
Do
you ever talk about company strategy?
Who’s
Watching Your WebEx?
KrebsOnSecurity
spent a good part of the past week working with Cisco
to alert more than four dozen companies — many of them household
names — about regular corporate WebEx
conference meetings that lack
passwords and are thus open to anyone who wants to listen in.
…
Many of the meetings that can be found by a cursory search within an
organization’s “Events Center” listing on Webex.com seem to be
intended for public viewing, such as product demonstrations and
presentations for prospective customers and clients. However, from
there it is often easy to discover a host of other, more proprietary
WebEx meetings simply by clicking through the daily and weekly
meetings listed in each organization’s “Meeting Center” section
on the Webex.com site.
…
Cisco began reaching out to each of these companies about a week
ago, and today released an all-customer
alert (PDF) pointing customers to a consolidated
best-practices document written for Cisco WebEx site
administrators and users.
No
military, no economists, not even a politician – I think their
perspective might be a bit skewed.
Electronic
mass surveillance – including the mass trawling of both metadata
and content by the US National Security Agency – fails drastically
in striking the correct balance between security and privacy that
American officials and other proponents of surveillance insist
they are maintaining.
We
arrived at this conclusion by subjecting a wide-range of surveillance
technologies to three separate assessments by three parallel
expert teams representing engineers, ethicists, and lawyers.
Each team conducted assessments of surveillance technologies,
looking at ethical issues they raise; the legal constraints on their
use – or those that should exist – on the basis of privacy and
other fundamental rights; and, finally, their technical usability and
cost-efficiency.
“Comprehensive”
is the word. Eventually, every “Thing” will bring its own
resources – then we'll never find anything.
New
on LLRX – Internet-of-Things
(IOT) Resources
Via
LLRX
- Internet-of-Things
(IOT) Resources – This is a comprehensive listing of
Internet-of-Things (IOT) research
resources and sites available on the Internet. Marcus
P. Zillman developed this guide with the goal of
highlighting the most current and actionable research resources
available on this topic.
For
all my students.
New
on LLRX – Student Research Resources Library
Via
LLRX.com
– Student
Research Resources Library – Marcus
P. Zillman developed this Student Research Resources
Library to provide researchers with a comprehensive listing of
reliable topical resources and sites available on the Internet.
(Related)
Here's how to get started.
Wiki
Summarizer Can Help Students Start Their Research Projects
Wiki
Summarizer is a site that allows you to search Wikipedia, have
articles summarized by key points, and provides lists of articles
that are related to your original search. Wiki
Summarizer also offers expandable webs of related articles. For
example, I searched for "Maine" and a web of related terms
was created. Clicking on the "+" symbol next to each term
opens a new element of the web. The final summary aspect of the Wiki
Summarizer is the hyperlinked word clouds for every Wikipedia
article. You can click on any word in the word clouds to jump to the
corresponding Wikipedia article.
Wiki
Summarizer could be a good tool for students who are just
starting a research assignment and are not quite sure what terms to
use or what topics to explore. By using the Wiki Summarizer web view
or word cloud view students will be able to find some terms and
topics that could help them alter and or direct their searches. In
other words, Wiki Summarizer could help students who have a very
broad research topic narrow down their searches.
Intended
for Press Releases, but might apply to research, publications and
resumes.
…
So, how should you approach a major publisher? The first
thing you need to understand is a writer’s capacity. On average,
45% of writers only publish one story per day. In fact, 60% of
writers publish two or fewer stories per day, and 40% said they
publish only one story per week. Meanwhile, 40% of these writers get
pitched a minimum of 20 times per day, while 11% get 50
pitches per day and 8.4% get more than 100 pitches per day. That’s
100, 250, or 500 pitches a week for only five story spots. When you
take into account that only 11% of these writers “often” write a
story based on content that was sent through a pitch, 45% “sometimes”
do, and 39% “rarely” do, you see the pile of email waste rising
well above a person’s threshold to tolerate it.
Here’s
the good news: our survey found that 70% of publishers are open to
getting pitched a set of ideas that fit their beat, and they prefer
collaboration over getting pitched a finished asset without prior
contact.
What
story angles are these writers interested in collaborating on? 39%
of writers said the perfect piece of content possesses exclusive
research, 27% said breaking news, and 15% said emotional stories.
19% filled in “other” and stated that content relevant to their
audience was most important. Other popular terms included:
interesting data, actionable advice, trending/timely angles, and high
arousal emotions.
...and
100% believe they are the 15%.
Teen
Researchers Defend Media Multitasking – WSJ
“Some
teens doing homework while listening to music and juggling tweets and
texts may actually work better that way, according to an intriguing
new study performed by two high-school seniors. The Portland, Ore.,
students were invited to the annual conference of the American
Academy of Pediatrics in San Diego this past weekend to present a
summary of their research, which analyzed more than 400 adolescents.
The findings: Though most teens perform better when focusing on a
single task, those who are “high media multitaskers”—about
15% of the study participants—performed better when
working with the distractions of email and music than when focusing
on a single activity. The results are a surprise. Previous
research generally has found that people who think they are competent
multitaskers actually perform worse than others who try to
focus on one thing at a time. But the latest study looked only at
teens and is one of the few multitasking-research projects focused on
this age group. The student researchers suggest this may explain the
different outcomes.”
We
have an underutilized 3D printer. Perhaps we could work something
out?
123D
Catch Turns Pictures Into 3D Models
123D
Catch is a free iPad and Android app. The app makes it possible
to turn your pictures into a 3D model that you can manipulate on your
iPad or on your Android tablet.
To
create a model with 123D
Catch select a physical object that you can photograph with your
tablet or phone. Then take a series of pictures of that object as
you either walk around it or rotate it slowly as you take pictures of
it. Then select the best images from those that you took (20+ images
works best) to let Autodesk process and turn into a 3D model for you.
Your completed 3D models can be shared to the Autodesk community
where others can view and use them.
123D
Catch could be a great app for creating virtual manipulatives to
use in a math or science lesson. The app could also be used to
create 3D models of interesting landmarks that you visit during a
vacation, but that your students would otherwise only see in 2D
pictures. Finally, all of
the models that you create with 123D Catch can be edited in Meshmixer
and printed with a 3D printer.
No comments:
Post a Comment