Monday, November 03, 2014

Attention Ethical Hackers! Now everyone can have your hotel room key!
Smartphones Replace Room Keys At Starwood Hotels
… Starwood Hotels and Resorts realized the importance of smartphones and extended its use further. In an official press release, the chain of luxury hotels and resorts announced the new SPG Keyless to replace the traditional keys to unlock rooms. Guests can simply use their smartphones to unlock their rooms and can skip the stop by at the front desk.


This has implications for Computer Security as well as Management (and schools.)
The Boundaries Around Your Industry Are About to Change
Most obviously, the Internet of Things has the power to profoundly change operations — that’s where much of the coverage of this burgeoning network has focused. But companies should also be preparing for profound shifts in their competitive strategies as the IoT takes off. It will change the category you compete in, the products and services you sell, and how you market them, and even the talent you acquire. These three mini case studies will show you just how profound those shifts will be.


In any(?) government, each department, agency, office or branch wants to be “all powerful.” As scope increases, effectiveness decreases.
Daniel Solove and Woodrow Hartzog write:
This past Tuesday the Federal Trade Commission (FTC) filed a complaint against AT&T for allegedly throttling the Internet of its customers even though they paid for unlimited data plans. This complaint was surprising for many, who thought the Federal Communications Commission (FCC) was the agency that handled such telecommunications issues. Is the FTC supposed to be involved here?
This is a question that has recently been posed in the privacy and data security arenas, where the FTC has been involved since the late 1990s. Today, the FTC is the most active federal agency enforcing privacy and data security, and it has the broadest reach. Its fingers seem to be everywhere, in all industries, even those regulated by other agencies, such as in the AT&T case. Is the FTC going too far? Is it even the FTC’s role to police privacy and data security?
Read more on LinkedIn, where Dan and Woody also discuss the significance of the Wyndham and LabMD challenges to FTC authority.
Related: The Scope and Potential of FTC Data Protection. Hartzog & Solove’s paper, available for download on SSRN.


Tools & Techniques for Data Security. Clearly, lots of organizations don't use or deliberately ignore tools like this.
Database Activity Monitoring: What it is and What it Isn’t
Database Activity Monitoring is a fairly established technology, existing over a decade. DAM monitors all activity on the database and provides alerts and reports on that activity. Every time an admin logs in to the database, every activity is recorded. In fact, if the admin does not log in, that too is reported, so you can identify people with permissions who aren’t using them. Depending on the product you use and the configuration, you’ll get different types of reports and alerts.
One of the crucial elements of DAM is that the data about database use is stored outside the database it is monitoring, so the people who are being monitored cannot tamper with the data. Another crucial element is the ability to send real-time alerts, so that as soon as a violation of policy is detected, it can be handled immediately.

(Related) Another management failure.
Everything old is new again? Warwick Ashford reports:
Businesses are at serious risk of data loss and compliance violations due to risky file-sharing practices, a study by the Ponemon Institute has revealed.
Business leaders are failing to respond to the escalating risk of ungoverned file sharing and regular breaches of security policies by staff, according to the study commissioned by Intralinks.
Almost half of the more than 1,000 information security professionals polled in the UK, Germany and US believe their company lacks clear visibility of staff-use file-sharing or file sync-and-share applications.
Read more on Computer Weekly.
But wait, there’s more
Speaking of over-shared or exposed files, DataBreaches.net heard from someone who pointed us to this blog post suggesting that a Google-HP partnership, “SMBITinaBox,” is responsible for millions of sensitive do-not-share files being indexed and exposed in Google. Inspection of the Google search results suggests that yes, the firms probably did not intend to have many of these files indexed or available. DataBreaches.net does not have the resources to properly investigate the allegation that SMBITinaBox is responsible for the problem, but hopefully, some researcher(s) will look into this and either confirm or refute the allegations.


Extend this for a moment. What “public” behavior should be reported to police?
Gareth Corfield writes:
Earlier this week suicide prevention and counselling charity the Samaritans launched an app that scans Twitter timelines and alerts users whenever anyone appears to be depressed. Yet the backlash against this creepy automated scanning is astonishing – and the Samaritans appear to be ducking their legal obligations.
Read more on The Register, where Gareth really outlines some of the concerns and attempts to convince Samaritans that their good idea is well… beyond creepy.
It’s not clear to me whether the app really does violate law, and I’ll be interested to see what the ICO says after his review. In the interim, because the Samaritans have not responded as privacy advocates hoped they would, some have taken this to the next level, as this recent tweet indicates:
It's clear @samaritans won't listen. Please sign the petition to get @twitter @safety to turn off #SamaritansRadar https://www.change.org/p/twitter-inc-shut-down-samaritans-radar

(Related) How well is the data analyzed? If I drive by the scene of a “drive by” shooting am I flagged as a possible suspect? I could see why police might want to talk to me if I drove by a few minutes before or after, but would it still make sense 20 minutes before? 2 hours before? The night before?
Steve Orr reports:
Privately owned license-plate imaging systems are popping up around Rochester and upstate New York — in parking lots, shopping malls and, soon, on at least a few parts of the New York state Thruway.
Most surprisingly, the digital cameras are mounted on cars and trucks driven by a small army of repo men, including some in Rochester and Syracuse.
Shadowing a practice of U.S. law enforcement that some find objectionable, records collected by the repo companies are added to an ever-growing database of license-plate records that is made available to government and commercial buyers.
At present that database has 2.3 billion permanent records, including hundreds of thousands gathered locally. On average, the whereabouts of every vehicle in the United States — yours, mine, your mother’s — appears in that database nine times.
Read more on Democrat & Chronicle.


Even Twits make sense?
Why IBM and Twitter did a data analytics deal
Last week, IBM and Twitter announced a data analytics partnership that in essence allows the former to incorporate the latter’s data into its products for businesses. They’re unlikely bedfellows to say the least, but there’s a method to the madness, says IBM’s Alistair Rennie, general manager of the company’s Business Analytics group, and Twitter’s Chris Moody, its vice president of data strategy.
Rennie: There are three basic elements. First, we are going to integrate Twitter data with our cloud analytics tool to make it easy for customers to reach it. The second is we’ll team up to make solutions for very specific business needs, such as marketing and customer care. Lastly, IBM will train and certify 10,000 consultants on a global basis to be experts of the Twitter platform.
Twitter is ultimately the most important archive of human thought that has ever existed. [??? Bob] It really does represent the voice of the planet. The question I would pose to business leaders is, if you were thinking of a particular business decision, would you want the world to weigh in? If I’m a retailer and my inventory system says 15 items are out of stock, my system can’t tell me which to restock and which to stop carrying. [Sure it can! Bob] If we ask customers, they could be upset or not talking about it at all. It’s an additional lens into a human decision.


A tool to help us geeks understand the law? It's not that logical, is it?
Law is Code: A Software Engineering Approach to Analyzing the United States Code
William Li, Pablo Azar, David Larochelle, Phil Hill & Andrew Lo, Law is Code: A Software Engineering Approach to Analyzing the United States Code, October 31, 2014.
“The agglomeration of rules and regulations over time has produced a body of legal code that no single individual can fully comprehend. This complexity produces inefficiencies, makes the processes of understanding and changing the law difficult, and frustrates the fundamental principle that the law should provide fair notice to the governed. In this article, we take a quantitative, unbiased, and software-engineering approach to analyze the evolution of the United States Code from 1926 to today. Software engineers frequently face the challenge of understanding and managing large, structured collections of instructions, directives, and conditional statements, and we adapt and apply their techniques to the U.S. Code over time. Our work produces insights into the structure of the U.S. Code as a whole, its strengths and vulnerabilities, and new ways of thinking about individual laws. For example, we identify the first appearance and spread of important terms in the U.S. Code like “whistleblower” and “privacy.” We also analyze and visualize the network structure of certain substantial reforms, including the Patient Protection and Affordable Care Act (PPACA) and the Dodd-Frank Wall Street Reform and Consumer Protection Act, and show how the interconnections of references can increase complexity and create the potential for unintended consequences. Our work is a timely illustration of computational approaches to law as the legal profession embraces technology for scholarship, to increase efficiency, and to improve access to justice.”


Faster obsolescence?
Microsoft Stops Selling Windows 7 And Windows 8
… From 31 October there will be no more sales to consumers of Windows 7 Home Basic, Home Premium or Ultimate. There will also be no more sales of Windows 8 retail box copies.
There will be retail box sales of Windows 8.1


Perspective. It may take a few centuries to catch up to South Korea.
Study: U.S. to have more WiFi hotspots than France by 2018
The United States will be the top provider of WiFi in the world by 2018, passing France and staying ahead of China as WiFi availability explodes across the globe, according to a new study.
France has the most WiFi hotspots right now, according to new research by iPass as reported by FierceWireless. The change at the top indicates more than a surge by the United States in providing WiFi — the world as a whole will see the number of hotspots multiply in the next four years.
By the end of 2014, iPass’ study suggests that there will be 47.7 million public WiFi hotspots worldwide, which is about one hotspot for every 150 people today. In 2018, that number could grow to 340 million, or one for every 20 people.


Potentially free. If you don't have their insurance, will they sell your carrier this information?
Track Your Mileage, Fuel Costs And More With A Free OBD2 Device
… The device is the Metronome, a device developed by Metromile that plugs into the OBD2 port of any car manufactured after 1996, and it’s accompanied by free Android and iOS apps.
Unfortunately, this venture is currently limited to the US only. Residents of Washington, Oregon, California, and Illinois can receive a Metronome for free, while residents of other states will be added to a waitlist. If you’re outside these states, don’t despair; there are some other great ways to monitor your car’s performance with Android.
… Once you find the OBD2 port in your car, usually somewhere underneath the steering wheel, you can plug it in and forget about it. It has wireless radios and GPS built-in, so it doesn’t need external power or to sync with your phone. In fact, I got an email from Metromile informing me that my device was ready to go within minutes of plugging it in, without ever even turning on my car.
… After the installation, you’ll need the app to get anything out of it.
… The Car Health section can help you determine what exactly is wrong with your car when the check engine light comes on or it’s having other issues.
Also included in this section is an “Ask Our Mechanic” button which allows you to directly email one of Metromile’s mechanics, as well as a “Find Mechanic” option which will open your chosen map application and show you nearby mechanics.
… Metromile also offers car insurance, though it is certainly not required to use the app or device. I don’t have the Metromile insurance, but it is an interesting proposition.
Using the Metronome, they track how much you’re driving and charge you on a per-mile basis. For those who don’t drive a lot, it could be a good deal.


Oh if I could get my students to do even this much textbook reading...
How To Read Non-Fiction Books In Record Time
… there is a method (other than speed reading) that will enable you to sail through that reading list at a pace you never thought possible.
This article will attempt to show how you can understand the main premise, arc and arguments of a non-fiction book without actually having to read it.


For students in the gaming club.
Internet Arcade gives you access to 900 classic games in your browser. Buh-bye, productivity
Kiss your free time goodbye because the Internet Archive, best known for preserving and backing up old websites, has added a massive project to its database.
Jason Scott, the leader of the effort, undertook a massive emulation project to port coin operated arcade games into Javascript.
The results of the dozens of programmers working on the project for months has been uploaded for posterity on the Internet Archive - a collection of 900 retro arcade games from the 1970's and 80's.
… The games are free to play online on any browser that supports Javascript, although since it is so new, bugs are to be expected. The games also do not come with instruction manuals so players will have to figure out the controls for the games.

No comments: