Saturday, March 22, 2014

This may have started as a Janitor Supply Database and morphed over time.
Navy database tracks civilians' parking tickets, fender-benders, raising fears of domestic spying
A parking ticket, traffic citation or involvement in a minor fender-bender are enough to get a person's name and other personal information logged into a massive, obscure federal database run by the U.S. military.
The Law Enforcement Information Exchange, or LinX, has already amassed 506.3 million law enforcement records ranging from criminal histories and arrest reports to field information cards filled out by cops on the beat even when no crime has occurred.
LinX is a national information-sharing hub for federal, state and local law enforcement agencies. It is run by the Naval Criminal Investigative Service, raising concerns among some military law experts that putting such detailed data about ordinary citizens in the hands of military officials crosses the line that generally prohibits the armed forces from conducting civilian law enforcement operations.


What? Facebook got Privacy wrong? What a shock!
Facebook says states shouldn’t regulate online teen privacy. The FTC disagrees.
The Federal Trade Commission says that Facebook is misinterpreting a key children's privacy law, in a move that could weaken the social network's argument in a California district court suit over teen privacy on the Web site.
The FTC filed the brief Thursday night, weighing in on a key point for the case, Batman v. Facebook (also known as Fraley v. Facebook). In it, the FTC says Facebook is wrong to say that, because the Children's Online Privacy and Protection Act (COPPA) only protects the privacy of children under 12, that the law could be interpreted to keep states from enforcing their own laws on teen privacy.


Perhaps we should collect (and comment on) these guides. (registration required)
Benjamin Herold and Sean Cavanagh write:
District technology officials worried about protecting students’ sensitive information, complying with federal and state privacy laws, and avoiding legal challenges and parent uproar have a new step-by-step resource for drafting data-privacy policies and contracts with the private companies handling their information.
“We’ve had a very rapid adoption of cloud storage and online services. All of a sudden, they’re here,” said Bob Moore, the founder and chief consultant of RJM Strategies and an architect of the new report, released Friday. “Districts have much more responsibility in managing these issues than they often realize.”
As a result, Moore said in an interview with Education Week, one major goal of the new “Protecting Privacy in Connected Learning Toolkit,” issued by the Consortium for School Networking, is to get district officials asking tougher questions—and demanding better answers—of vendors.
Read more on Education Week.
Download the Protecting Privacy in Connected Learning toolkit here: http://cosn.org/protecting-student-privacy-toolkit


Clearly there is a need for a “Power Shopper” App. Something that factors in your distance from Walmart, your car's gas millage, the price of gas, etc. (and then tells you to use my online store.)
Walmart’s New Online Tool Gives Competitors Prices
The “Every Day Low Price” king is trying to shake up the world of pricing once again.
Walmart has rolled out an online tool that compares its prices on 80,000 food and household products — from canned beans to dishwashing soap — with those of its competitors. If a lower price is found elsewhere, the discounter will refund the difference to shoppers in the form of store credit.
The world’s largest retailer began offering the feature, called “Savings Catcher,” on its website late last month in seven big markets that include Dallas, San Diego and Atlanta. The tool compares advertised prices at retailers with physical stores, and not at online rivals like Amazon.com that also offer low prices on staples.


For my student geeks.
Facebook unveils Hack, a faster programming language to power the social network
At Facebook, the codebase that runs the social networking site is written in Hack.
The Menlo Park, Calif.-based social networking titan said it had streamlined PHP, made it better, and that Hack was now the official language running the site used by 1.2 billion users.
[Virtual Machine at: http://hhvm.com/


I suspect recruiting (male) researchers will be easy. Talking about porn is difficult.
Why It's Time for the Journal of Porn Studies
The first issue of Porn Studies, an academic journal exploring "pornography, and sexual representations more generally," has debuted.
The mere fact of its existence, which became public in mid-2013, was occasion for a media event. But the journal's articles are serious articulations of the intersection between the concerns of media studies and those of pornography. Porn Studies is not a joke, though it seems to provide everyone with some relief to treat it as one.
That's because so many people look at so much porn: HuffPo noted last year that porn sites get more visitors than Netflix, Amazon, and Twitter combined. And yet the majority of Americans say looking at porn is "wrong."
… In the public sphere, there are very few serious ideas about what porn is or how it works or what it means to us, beside from the obvious.
Perhaps in the past, it would have been possible to ignore this situation. But the Internet turns out to, basically, be a very efficient porn delivery machine.
… The problem, however, is that there are costs to even talking about pornography. This is true even in our supposed bastions of intellectual freedom, as several of the articles make clear. "I have been told 'You don't want to be 'the porn guy'' and 'you will have to deal with the content issue of your work,'" writes Nathaniel Burke in his essay "Positionality and Pornography."


Balloons as low level communications satellites? 23 minutes
Larry Page: Where’s Google going next?


I think I caught the two lawsuits, but Zero Tolerance means Zero Common Sense.
… A New Jersey student is suing the Sterling High School District for violating her First Amendment rights after she was disciplined for a rude tweet – made after school hours and from off-campus – about her principal.
… A Pennsylvania student is suing his school district after he was suspended for a Facebook post he made – again, after schools hours and from off-campus.
… Adrionna Harris, a sixth grader from Virginia Beach, Virginia, was suspended and recommended for expulsion after she took away a razor from a schoolmate who was cutting himself and reported the incident to school officials. Because zero tolerance.
… The US Department of Education has released revised “gainful employment” rules, which monitor for-profit and vocational programs based on their graduates’ debt levels. More via The Chronicle of Higher Education. [Neither Harvard nor Yale need to report how many graduates get to be President. Bob]
According to the BBC, “Up to 60 Shanghai maths teachers are to be brought to England to raise standards, in an exchange arranged by the Department for Education.
… At the Global Education and Skills Forum in Dubai, philanthropist Sunny Varkey announced a $1 million prize to be awarded to an outstanding teacher – a “Nobel Prize” for teaching, if you will.


Dilbert explains performance reviews in the digital age.

Friday, March 21, 2014

It's easy to intimidate the guilty and when it comes to taxes, we all think we're guilty.
IRS monitor: $1 million phone scam 'largest ever'
… The impostor claims to be an Internal Revenue Service representative and tells "intended victims they owe taxes and must pay using a pre-paid debit card or wire transfer," an IRS inspector general office said.
"The scammers threaten those who refuse to pay with arrest, deportation or loss of a business or driver's license."
The IRS has received more than 20,000 reports about the scam.
...Tax-related phone scams are among the "dirty dozen" fraud techniques the IRS warned about earlier this tax season. It also warned of phishing emails, preparer fraud and claims a preparer can offer "free money."


It had to be convincing enough that the judge agreed, didn't it?
Perhaps one of the stupidest things a prosecutor trying to defend criminal prosecution under CFAA can say is to admit that they have no understanding of what the alleged “hacker” did that made his conduct a hack or violation of CFAA.
But that’s pretty much what happened in a Philadelphia courtroom yesterday during Weev’s appeal of his conviction. Mike Masnick of TechDirt has some good coverage of it:
We’ve been covering the ridiculous DOJ case [No bias here! Bob] against Andrew “weev” Auernheimer for quite some time. If you don’t recall, Auernheimer and a partner found a really blatant security hole on AT&T’s servers that allowed them to very easily find out the email addresses of iPad owners. There was no breaking in to anything. The issue was that AT&T left this all exposed. But, with a very dangerous reading of the CFAA (Computer Fraud and Abuse Act) and a bunch of folks who don’t understand basic technology, weev was sentenced to 3.5 years in jail (and has been kept in solitary confinement for much of his stay so far). Part of the case is complicated by the fact that weev is kind of a world class jerk — who took great thrill in being an extreme online troll, getting a thrill out of making others miserable. But, that point should have no standing in whether or not exposing a security hole by basically entering a URL that AT&T failed to secure, becomes a criminal activity.
Throughout the case, it’s been clear that the DOJ was trying to make up an interpretation of the law that had no basis in the actual technology world. And it became abundantly clear at a hearing before the appeals court concerning weev’s case, that the DOJ really has no idea what weev did. They’re just sure it’s bad because it involves computers and stuff. Seriously, as reported by Vice:
He had to decrypt and decode, and do all of these things I don’t even understand,” Assistant US Attorney Glenn Moramarco argued.
Read more on TechDirt.


MSFT owns the computers, they provide the Hotmail service, they suspect a breach – is there a limit to what they can investigate?
I reported the criminal complaint about ex-Microsoft employee Alex Kibkalo over on DataBreaches.net, but one aspect of the case has raised privacy concerns – that Microsoft searched the contents of his Hotmail account for evidence that he was providing trade secrets to a blogger who had been leaking information about Windows. There was no indication that they had obtained a subpoena to do so, either. Peter Bright reports:
The blogger contacted the third party using a Hotmail account. After confirming that the source leak was, indeed, authentic, Microsoft’s Trustworthy Computer Investigations (TWCI) team investigated the Hotmail account in an attempt to identify the blogger and his source. In doing so, they discovered e-mails from Kibkalo. Further digging revealed that Kibkalo created a virtual machine on Microsoft’s corporate network which he used to upload stolen information to SkyDrive.
[...]
The Microsoft investigation raises a potentially alarming privacy issue. The complaint says that TWCI asked Microsoft’s Office of Legal Compliance prior to reviewing the contents of the Hotmail inbox and that OLC authorized the request. The terms of service that cover the company’s online services do indicate that Microsoft reserves the right to access communications to protect the company’s rights and property and to turn over content to comply with valid legal requests.
Read more on Ars Technica, where they obtained a statement from Microsoft explaining what happened and why. I doubt all privacy advocates will find their explanation satisfactory.

(Related) Fortunately, the Justice Dept isn't bothered by such things...
Matt Apuzzo reports:
A federal judge has admonished the Justice Department for repeatedly requesting overly broad searches of people’s email accounts, a practice that he called “repugnant” to the Constitution.
The unusually sharp rebuke by Magistrate Judge John M. Facciola came last week in a kickback investigation involving a defense contractor. The case highlights the broad authority the government believes it has in searching email accounts, a power that gives the Justice Department potential access to a trove of personal information about anyone it investigates, even in routine criminal cases.
“The government continues to submit overly broad warrants and makes no effort to balance the law enforcement interest against the obvious expectation of privacy email account holders have in their communications,” Judge Facciola wrote. employee is suing the pharmacy chain over its controversial health-screening program.
Read more on New York Times.


Can we look forward to similar “concern” for those with government health insurance? “It's for your own good!”
Hunter Stuart reports:
A CVS employee is suing the pharmacy chain over its controversial health-screening program.
CVS cashier Roberta Watterson claims the company made her disclose personal information, including her weight and level of sexual activity, threatening to charge her $600 a year if she refused.
CVS’ so-called “wellness review,” first reported last year, is a fairly extreme example of a trend of companies looking to cut health-care costs by pushing employees into wellness programs.
Critics claim such programs let employers meddle in workers’ lives, unfairly penalize those who have difficulty meeting certain health targets and may put employee privacy at risk.
Read more on Huffington Post.


Well, this is what happens when you threaten to comment on the Emperor's New Clothes in the digital age.
Turkey bans Twitter — and Twitter explodes
… “We now have a court order,” declared Erdogan, who’s ensnared in a scandal inflamed by social media over recordings that purportedly reveal corruption in his administration. “We’ll eradicate Twitter. I don’t care what the international community says. Everyone will witness the power of the Turkish Republic.”
There’s no arguing: it has been witnessed.
After Turkey’s Twitter was apparently disabled, the hashtag #TwitterisblockedinTurkey went supernova, though Twitter is still accessible via the site’s SMS service, which allows Turks to text in a tweet.

(Related)
Pew – Emerging and Developing Nations Want Freedom on the Internet
by Sabrina I. Pacifici on March 20, 2014
“There is widespread opposition to internet censorship in emerging and developing nations. Majorities in 22 of 24 countries surveyed say it is important that people have access to the internet without government censorship. In 12 nations, at least seven-in-ten hold this view. Support for internet freedom is especially strong in countries where a large percentage of the population is online. And, in most of the countries polled, young people are particularly likely to consider internet freedom a priority. These are among the main findings of a Pew Research Center survey conducted among 21,847 people in 24 emerging and developing economies from March 3, 2013 to May 1, 2013. All interviews were conducted face-to-face.”


Gee, a monopoly acting like a monopoly. What a surprise! Haven't I been ranting against “natural monopolies” in cable and Internet? (Yes, you have Bob)
Netflix blasts Internet providers: 'Consumers deserve better'
… "Some big ISPs are extracting a toll because they can -- they effectively control access to millions of consumers and are willing to sacrifice the interests of their own customers to press Netflix and others to pay," Hastings wrote.
… The issue flared up earlier this year following news that Netflix streaming speeds for customers of ISPs including Verizon and Comcast were slowing, as these firms attempted to extract a fee from Netflix in exchange for connecting directly to their networks and resolving the issue.
Netflix announced an agreement with Comcast last month in which it will indeed pay for a connection, and has been in talks with Verizon as well. But Hastings said the company was engaging in these talks "reluctantly."
"If this kind of leverage is effective against Netflix, which is pretty large, imagine the plight of smaller services today and in the future," Hastings wrote.


More properly, an obfuscation report.
According to Kevin Bankston, Comcast has become the first cable ISP to issue a transparency report. You can read it here (pdf). It’s obvious that the section on NSL is still pretty useless when you contrast it to the specificity of their report on criminal and emergency requests, but that’s the fault of the government for not allowing companies to be more specific.


Just a brief follow-up on New Jersey's over-protectionist laws. Something for all industries to think about.
The Fight Over Tesla Shows How Little Value Dealerships Add


For all my students. Please. (I'll highlight a couple tricks)
Real Excel power users know these 11 tricks
There are two kinds of Microsoft Excel users in the world: Those who make neat little tables, and those who amaze their colleagues with sophisticated charts, data analysis, and seemingly magical formula and macro tricks.
"If" formulas
IF and IFERROR are the two most useful IF formulas in Excel. The IF formula lets you use conditional formulas that calculate one way when a certain thing is true, and another way when false. For example, you can identify students who scored 80 points or higher by having the cell report “Pass” if the score in column C is above 80, and “Fail” if it’s 79 or below.
Flash Fill
Easily the best new feature in Excel 2013, Flash Fill solves one of the most frustrating problems of Excel: pulling needed pieces of information from a concatenated cell. When you’re working in a column with names in “Last, First” format, for example, you historically had to either type everything out manually or create an often-complicated workaround.
In Excel 2013, you can now just type the first name of the first person in a field immediately next to the one you’re working on, click on Home > Fill > Flash Fill, and Excel will automagically extract the first name from the remaining people in your table. [Now there is no excuse for sorting students by first name! Bob]
Quick analysis
Excel 2013’s new Quick Analysis tool minimizes the time needed to create charts based on simple data sets. Once you have your data selected, an icon appears in the bottom right hand corner that, when clicked, brings up the Quick Analysis menu.
This menu provides tools like Formatting, Charts, Totals, Tables and Sparklines. Hovering your mouse over each one generates a live preview.


Another one for my niece, the Guitar Goddess
– it is very important if you want to play the guitar that all the strings are tuned properly. Otherwise “Highway To Hell” really WILL sound like hell. FreeTuner is a site, powered on HTML5, which enables you to tune your guitar via your microphone.

Thursday, March 20, 2014

So hackers now have an “off the shelf” Advanced Persistent Threat tool? We're all doomed! (We can't even agree on an APT definition.)
Target's Data Breach: The Commercialization of APT
Target's breach should mark the watershed line of the enterprise's security. Not just because of the immense volumes of stolen data (40M credit cards details), or the financial damage that Target may be subject to (Target reported 61M in costs related to the breach until February 1st), but because of the APT techniques used in that process by non-state backed hackers on a strictly commercial target (pardon the pun). The attack should serve as a wakeup call for enterprises: Enterprise should consider themselves as a target to APT-like campaigns and prepare their defense accordingly.


Warning! (And I get lots of student links)
New Phishing Scam Uses Scarily Accurate Google Login Page
… Here’s how it worked: victims got emails with the subject line “Documents.” The email itself contained what looked to be a link to the a Google Doc – complete with an actual “Google.com” domain – and pointed users to what looks like a legitimate Google login screen.
It’s not uncommon for users to need to sign in before seeing a Google Doc, so many dutifully typed their passwords. They were re-directed to an actual Google Doc, but their username and password weren’t used by Google: criminals recorded them instead.
Google claims all such pages have since been taken down, but it’s still worth being vigilant. Don’t click links to Google Docs if you’re not sure of the sender. If you must, check that you’re logged into Google Docs before clicking through the link.


Could the NSA use this technology to silence critics? (Yes, that's an attempt at humor.)
Google won't face email privacy class action
Google Inc won a significant legal victory as a U.S. judge decided not to combine several lawsuits that accused the Internet search company of violating the privacy rights of hundreds of millions of email users into a single class action.
In a Tuesday evening decision, U.S. District Judge Lucy Koh in San Jose, California, said the claims, including those on behalf of users of Google's popular Gmail service, were too dissimilar to be grouped together. She also said the plaintiffs cannot pursue their broad-based class action again.
… Gmail users accused Google of violating federal and state privacy and wiretapping laws by scanning their messages so it could compile secret account profiles and target advertising.
Claims were also raised on behalf of students at schools that use Gmail, and people who do not use Gmail but communicate by email with people who do.
The lawsuit sought damages of $100 per day for each email user whose privacy was violated.
Google has said its software simply looks for keywords that can lead to the tailored advertisements.

(Related) Perhaps more laws?
From the ACLU of Northern California:
Imagine the government is constantly monitoring you: keeping track of every person you email or meet, every place you go, every item you buy, and more. And when you challenge them, they claim you have no right to expect this kind of information to be private, so they can collect as much of it as they want, even without a search warrant. Besides, they’re not actually listening to your calls or reading your email, so what’s the big deal anyhow?
Unfortunately, this scenario is more real than imaginary. The NSA, local police, and others have taken advantage of uncertain legal protections for metadata (descriptive information about our communications and activities) to sweep up vast amounts of data about innocent Americans without a warrant. And new technology is demonstrating just how sensitive metadata can be: how friend lists can reveal a person’s sexual orientation, purchase histories can identify a pregnancy before any visible signs, and location information can expose individuals to harassment for unpopular political views or even theft and physical harm.
Our new policy paper, Metadata: Piecing Together a Privacy Solution, examines how outdated laws and new technologies combine to put personal privacy at risk—and highlights efforts to change that. Lawmakers and the Supreme Court both have begun to recognize the sensitivity of metadata and the need to upgrade its privacy protections. This paper proposes a way forward to ensure that sensitive data of any type gets the protection it deserves.


One of those “Best Practices” that become quite obvious after the breach.
Improving Security via Proper Network Segmentation
Recent headlines around data breaches have highlighted a common security mishap – improper network segmentation.
Let’s face it, there is no such thing as being 100% secure. If an attacker really wants to get into your network, they will find a way. So you don’t want a single point of failure. Once unauthorized access is gained, network segmentation or “zoning” can provide effective controls to mitigate the next step of a network intrusion and to limit further movement across the network or propagation of a threat.
… Standards such as PCI-DSS provide guidance on creating clear separation of data within the network – in the case of PCI, cardholder data should be isolated from the rest of the network, which contains less sensitive information. An example would be to ensure that Point-of-Sale (PoS) systems and databases are completely separated from areas of the network where third parties have access. [Hear that, Target? Bob]


It gets back to this question: “Do we buy or rent our phones?”
Is It Illegal To Root Your Android or Jailbreak Your iPhone?


Probably a wise move. We're still in the “expand the user base” phase. However, “In Country” storage may become a premium service.
Brazil to drop requirement that Internet firms store data locally
Brazil’s lawmakers have agreed to withdraw a provision in a proposed Internet law, which would have required foreign Internet companies to host data of Brazilians in the country.
The provision was backed by the government in the wake of reports last year of spying by the U.S. National Security Agency, including on communications by the country’s President Dilma Rousseff.
The legislation, known as the “Marco Civil da Internet,” will be modified to remove the requirement for foreign companies to hold data in data centers in Brazil, according to a report on a website of the Brazilian parliament.


What does Google get out of this? Will their logo be on every search? Probably. Best reward may be increasing influence in all areas of government. (They already have ears in the White House.)
White House Launches Climate Data Initiative
by Sabrina I. Pacifici on March 19, 2014
News release: “…we are launching the Climate Data Initiative, an ambitious new effort bringing together extensive open government data and design competitions with commitments from the private and philanthropic sectors to develop data-driven planning and resilience tools for local communities. This effort will help give communities across America the information and tools they need to plan for current and future climate impacts… For example, Esri, the company that produces the ArcGIS software used by thousands of city and regional planning experts, will be partnering with 12 cities across the country to create free and open “maps and apps” to help state and local governments plan for climate change impacts. Google will donate one petabyte—that’s 1,000 terabytes—of cloud storage for climate data, as well as 50 million hours of high-performance computing with the Google Earth Engine platform. The company is challenging the global innovation community to build a high-resolution global terrain model to help communities build resilience to anticipated climate impacts in decades to come. And the World Bank will release a new field guide for the Open Data for Resilience Initiative, which is working in more than 20 countries to map millions of buildings and urban infrastructure.”


Cable is out, Internet TV is in?
Fewer viewers paying for wider menu of cable channels
The number of Americans who pay for TV through cable, satellite or fiber services fell by more than 250,000 in 2013, the first full-year decline, according to research firm SNL Kagan.
… The decline is small so far. Video subscribers across the entire pay-TV industry, which includes Comcast, DirecTV and Verizon, dropped by 251,000 last year to about 100 million,


A Blog can be about anything that interests you. Perhaps my Criminal Justice students would like to cover Denver?
I have one spiritual ritual in my life: every morning I check the Los Angeles Times' Homicide Report blog to learn who was killed in Los Angeles County while I slept.1
The Homicide Report addresses two questions every newspaper covering a major metropolis should answer: who was killed last night, and why?
… The Homicide report is anchored by a single reporter, Nicole Santa Cruz, an Arizona-born Latina, with glasses, pretty Etsy jewelry and a sweet voice. Nicole makes a round of phone calls every morning to the coroner, the LAPD, and sheriff’s department to find out who died last night. In the weeks and months that follow she attempts to answer the question ‘why?’


Mainly for my Computer Security students, but it is the first Virtual Job Fair that looked like more than a gimmick.
… Coming up this June 18 and 19, 2014, Cyber Aces is presenting the first National Cybersecurity Career Fair (NCCF). NCCF is an innovative virtual meeting place for the top cybersecurity employers and cybersecurity jobseekers in the United States.
… The virtual job fair takes place June 18 and 19. Job seekers can register to participate for free at http://www.nationalcybersecuritycareerfair.com/. Once they register, they can fill out a personal profile and upload a resume.
Companies looking to recruit entry or mid level workers also can visit http://www.nationalcybersecuritycareerfair.com/ to reserve “booth” space.
Though the career fair spans two days, people can come and go for the activities they prefer to attend. The main page of the website will direct participants into a networking lounge. From there they can look at a national job board, apply for jobs, and check the schedule for employer web and video chats. Employer participants have their own booth where they can meet virtually with candidates for employment, show videos about the company, and post materials specific to the organization or their available jobs.
As a special incentive to get people to participate in the NCCF, SANS Institute is giving each job candidate the opportunity to stand out by taking the SANS Cyber Talent exam for free. This exam usually costs $2500 and is a way to measure a person’s aptitude for work as a cybersecurity professional. People who take the exam prior to the career fair can post their scores to their online profile.
To get more information, to register as a participant, or to reserve an employer booth, visit http://www.nationalcybersecuritycareerfair.com/.


Perhaps this will help me interpret student papers.
What’s Your Acronym IQ?

Wednesday, March 19, 2014

Looks like Putin was right. Nominal “consequences” for re-claiming their warm water port. What (where) is his next conquest?
West furious as Crimea accepted into Russia
Shortly after Russian President Vladimir Putin added his name to the agreements, US President Barack Obama announced that Western leaders would be gathering to decide the next course of action.


Did Target break some specific regulation or is this just “piling on.”
Brendan Sasso reports:
Target could face federal charges for failing to protect its customers’ data from hackers.
The retailer has been in contact with the Federal Trade Commission, Molly Snyder, a Target spokeswoman, told National Journal.
It’s unclear whether the FTC has issued any subpoenas or other formal demands for information. The FTC declined to comment on whether it has launched a formal investigation.
Read more on National Journal.


That's true, but I bet they have better than average backups.
Paul Ziobro reports:
Not even hackers are immune to hacking.
Websites that were used to sell credit card data stolen in the massive holiday data breach at Target Corp. were themselves shut down by unknown culprits Monday.
“Hi subhumans and miscreants, your fraud site is gone now. Go away,” reads the first line of a message posted on rescator.so and rescator.cm, two sites are used as clearinghouses for troves of credit card data stolen from retailers like Target, Neiman Marcus and Sally Beauty Holdings Inc. in recent months.
Read more on WSJ.


Them thar Californians really love their cars!
Data privacy for cars target of new state bill
… “Our cars collect data not just used for maintenance and repair but also information systems, guidance systems, phone systems,” said Senator Monning, “were seeking to establish certain consumer rights in California.”
The bill targets so called “connected cars” that collect volumes of data and transmit that data to automobile manufacturers.


Why would the government (us taxpayers) need to pay (politician say, “incentivize”) companies to protect their assets? Perhaps holding the BoD responsible (as in criminally responsible) would produce some action.
The NIST Cybersecurity Framework - Improving Cyber Resilience?
A few weeks ago, the National Institute of Standards and Technology (NIST) issued the final version of a new set of cyber security guidelines designed to help critical infrastructure providers better protect themselves against attacks. The framework was the result of an executive order issued by President Barack Obama last year that in part directed NIST to come up with a set of voluntary cyber security standards for critical infrastructure companies.
Notably, the framework falls short in offering incentives to organizations to apply the NIST Cybersecurity Framework, which was the original intention of the President’s Executive Order. Organizations too often lack the necessary resources to apply all of the outlined standards, guidelines, and practices. Without the commitment of management and board of directors to provide adequate resources for risk management, organizations’ security posture won’t significantly improve. [That, I can agree with. Bob]
That’s because applying the NIST Cybersecurity Framework adds to the volume, velocity, and complexity of data feeds that must be analyzed, normalized, and prioritized. Without automation it can take months and even years to perform big data risk analysis and piece together an actionable security assessment picture. [Fortunately, if you need cybersecurity, you have computers. Bob]


This is “Bring Your Own Cloud”
Dropbox will let you switch between work and personal accounts next month
Dropbox will let you manage separate work and personal accounts on all of your devices next month, The Verge has learned. In advance of an April 9th press event, the company has notified users of its Dropbox for Business product that they will soon be able to access personal and work Dropbox files without logging in and out of their accounts.


Perspective. Are people willing to pay more to avoid ads? How elastic is an “I hate it” fee?
Pandora raises price of ad-free service


For my students in the “Future Billionaires (who will cut Bob in for a share)” Club
How To Create A 'Killer App': A Guide For Entrepreneurs
The term “killer app” was redefined recently when Facebook announced its $19 billion purchase of instant-messaging service WhatsApp to great fanfare, and equally great controversy. Mark Zuckerberg countered critics by arguing that WhatsApp was worth even more than Facebook paid, despite not yet having leveraged its enormous reach into a comparable revenue stream. “The reality is that there are very few services that reach a billion people in the world,” Zuckerberg said. “They are all incredibly valuable, much more valuable than [$19 billion].”


Because not everyone has a T-shirt printer...
– is an on-demand online printing site where you can get your custom design printed on a variety of items, including posters, framed prints, mugs, and T-shirts. Just register for an account and upload your design. The goods will then be sent to you.


For my students who claim they have no time to read or write.
Speech recognition software can be very pricey, but adding a speech recognition option to your computer doesn't have to be expensive. Here are two free speech to text tools to try.
Text to speech tools can make the web more accessible to some students. These three free tools can be helpful to students who need a little support when reading articles on the web.


I thought Microsoft Office came with OneNote.
Microsoft Releases OneNote 2013 As Free Download for Mac And Windows
Microsoft’s OneNote is the best note-taking app for Windows 8 and there’s some good news. It’s now completely free and Microsoft has also come out with a version for Mac, which means OneNote is now a cross-platform app available on Web, Windows, Mac, iOS, Android and Windows Phone.


I'll file this under “Apps I wish I had made”
An Amazing App for Learning Music
All musical notation is a kind of compression, which is to say a compromise between ease of transmission and depth of reception.
The notes on a score tell you a lot about a song, but not everything. The same goes for guitar tabs, which tell you where to put your fingers, not what the notes are.
So, if you want to learn a song, it's best to hear someone playing it decompressed, while using the notation as an aide-mémoire.
This isn't an easy thing to do, especially in the repetitive way that's necessary to learn a song.
Or it wasn't until Adrian Holovaty and PJ Macklin created Soundslice, a beautiful HTML5 app that syncs professional studio recordings with sheet music and guitar tablature. Soundslice debuted in late 2012, but they released a new version of the software for sheet music yesterday, and it's wonderful.


Students: If “like, you know” is the largest phrase, you better rewrite!
Try These Word Cloud Tools to Help Students Analyze Writing
Using word clouds can be a good way to help students analyze documents. By copying the text of a document into a word cloud generator your students can quickly see the words that appear most frequently in that document.


Because if you haven't yet, you better soon...
7 IRS Website Tools That Could Save You Time And Money
According to Ben Franklin, nothing in this world is certain but death and taxes.

Tuesday, March 18, 2014

In reality, there's not much more to be done. Congress has said, “Don't bother us, we're fund raising.” (and no one wants to be the last politician to die in the Crimea.)
Russia moves to annex Crimea, laughs at US sanctions
… "Comrade Obama, what should those who have neither accounts nor property abroad do? Have you not thought about it?" Deputy Prime Minister Dmitry Rogozin tweeted. "I think the decree of the President of the United States was written by some joker."

(Related) Interesting that the BBC has created a “real time” Crimea page. Perhaps their experiences make it more of a concern?


Krebs reported on March 5th (http://krebsonsecurity.com/2014/03/sally-beauty-hit-by-credit-card-breach/) that cards were already for sale. Perhaps looking for evidence like this should be part of your “breach detection” process?
Sally Beauty has updated its report on a security breach first disclosed by security researcher Brian Krebs:
In a new statement on their website, they write:
As we previously stated on March 5th, our systems detected an unauthorized attempted intrusion into our Sally Beauty Supply LLC network. At the time of this discovery, we immediately engaged a top-tier forensics firm (Verizon) to investigate this security incident. As a result of this ongoing investigation, we have now discovered evidence that fewer than 25,000 records containing card-present (track 2) payment card data have been illegally accessed on our systems and we believe it may have been removed. As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation. As a result, we will not speculate as to the scope or nature of the data security incident.
We take this criminal activity very seriously. We continue to work diligently with Verizon on this investigation and are taking necessary actions and precautions to mitigate and remediate the issues caused by this security incident. In addition, we are working with the United States Secret Service on their preliminary investigation into the matter.
Customers are our top priority at Sally Beauty, and we will be responding to customers’ needs concerning this security incident. Please check our website sallybeautyholdings.com in the coming days to learn about the progress of our work to address the security incident, the status of our investigation, and steps we will be taking to assist any affected customer. We will be providing appropriate notifications to affected consumers and others, as necessary, as the facts develop and we learn more.


This one slipped by me. These have very short lives, but seem to have access to “every movie ever made” on the day they are released (and sometimes before release.) The MPAA must feel like they are playing “whack-a-mole.” When will they learn to make money using technology like this?
Popcorn Time: Video and Television Torrenting App Deleted, Could be Sued
Popcorn Time, an app that quickly became popular, has been deleted from its host website Mega.co.nz.
The app enabled users to watch a range of movies and TV shows for free and has been described as a having a “Netflix-style” interface that actually has more up to date selections.
A Popcorn Time development member told Torrent Freak that Kim Dotcom, the owner of Mega, deleted the app.

(Related) Look at who didn't miss it...
Popcorn Time app that allows you to watch free movies online removed by its host Mega
… It is open-source software, freely distributed, and was hosted on New Zealand based file sharing website, Mega, owned by Kim Dotcom
… Some of the movies present on the menu of Popcorn Times are – American Hustle, The Hunger Games: Catching Fire, Dallas Buyers Club, 12 Years a Slave and Frozen. Normal torrent sites require you to download the file and then play it. This application finds selected titles from the torrent directories and then streams the titles within no time.
It was tweeted by the developers of the application that they are finding a new hosting provider and soon they will be back. The Popcorn Time website states that a bunch of geeks from Buenos Aires created the application.
It was reported by piracy-news website TorrentFreak that according to one of the developers behind the application, who identifies himself as Sebastian, they did not expect any legal issues as the app is free of charge, carries no advertisements and even the files were not hosted on the application itself.


Tools for recording student responses. Could be useful.
Seven Good Student Response Systems That Work On All Devices
Earlier today I received an email from someone who had found this comparison chart of student response tools. He was interested in learning a bit more about each of them beyond what was in the chart so I put together this collection of information about popular student response tools. Each of these tools can be used on iPads, Android tablets, and in the web browser on your laptop or Chromebook.

Monday, March 17, 2014

This was a slam dunk..I wonder if Japan could do this to Sakhalin island? Russia probably would not like giving back the oil fields.
Crimean Parliament Votes to Secede from Ukraine
A day after a contested referendum, legislators in Crimea moved swiftly on Monday to begin the process of splitting from Ukraine, with the regional Parliament declaring that Crimea is an independent state, with special status for the city of Sevastopol.
While the ballot on Sunday has been rejected in the West and by the government in Kiev, the legislators asserted that the laws of Ukraine no longer applied to Crimea and that state funds and all other state property of Ukraine in Crimea had been transferred to the new state. They also announced that the Ukrainian authorities had no power in Crimea.

(Related) Our big “or else” is, we'll ask Congress to come back from vacation?
U.S. warns Russia against annexing Crimea


Several interesting choke points in places I would not have guessed. (Think of this as a CyberWar target map.)
– there are many cables criss-crossing the oceans floors, more than you could possibly keep track of. This Cable Submarine Map details where a lot of them are. Zoom in for more details, or buy a print copy of the map.


IBM does not offer cellphone service nor do they run Internet search services. What information do they hold that the NSA would want?
Richard Chirgwin reports:
IBM has become the latest of the tech giants to deny handing over customer data to the NSA’s PRISM program.
In this open letter, Big Blue’s general counsel Robert Weber (also senior veep for legal and regulatory affairs) gives the “no way” message to the world at large.
Read more on The Register.


I'll have my students whip up an App to detect “trademark conflicts” for a mere $20 per hit.
Web Domain Name Revolution Could Hit Trademark Defense: UN
The mass expansion of Internet domain names could cause havoc for the defense of trademarks in cyberspace, the UN's intellectual property body warned on Monday.
There have long been just 22 generic top-level domains (gTLDs), of which .com and .net comprise the lion's share.
Around 1,400 new gTLDs are gradually being put up for grabs, with the first 160 already delegated to various Web registration firms.
"The opportunity for misuse of trademarks expands exponentially," said Gurry, noting that registering a domain name is a cheap, automatic procedure that takes a matter of seconds and does not have a filter to examine whether there is a trademark conflict.
"That brings with it the attendant inconvenience of a much greater burden of surveillance on the part of trademark owners," he said.


I want one!


For my students with minds. Both of them.
Ten Good Online Tools for Creating Mind Maps
Creating mind maps or webs is one of my favorite ways to organize ideas and information. I've often had my students create mind maps as an exercise in making visual connections between important concepts, events, and people in a unit of study. The following free tools offer good options for creating mind maps online.

Sunday, March 16, 2014

What does Putin see when the US threatens “consequences?” Have we publicly removed all of our lines in the sand?
Blood flows in Ukraine's streets while Congress does nothing
Blood flowed in Ukraine’s streets Thursday as the threat of a Russian invasion intensified — but after huffing and puffing for weeks, Congress pulled a signature move: It did nothing.
The House and Senate recessed for a 10-day vacation after failing to reach a deal on legislation helping Ukraine and punishing Russia.
Members are not scheduled to return until March 24.

(Related) I'll ask the question again. How large a DDoS attack does it take to become an act of war? (I guess one consideration is: do you want it to be an act of war?)
Major cyber-assaults on Ukraine, then Moscow, on eve of Crimea vote (+video)
With a disputed vote in Crimea set for Sunday, a powerful eight-minute cyber-attack was launched against Ukraine Thursday in the form of a large denial-of-service attack, originating in Russia, that hammered a computer network, cyber-security experts said.
Thursday’s distributed denial-of-service attack (DDoS) against an unidentified computer network in Ukraine was notable for being 32 times larger than the largest known distributed denial of service (DDoS) attack during Russia’s invasion of Georgia in 2008, according to Arbor Networks, a Burlington, Mass.-based cyber-security company.
It was followed on Friday by a powerful DDoS attack that temporarily knocked out websites belonging to the Kremlin, the Russian central bank, and Foreign Ministry. But it’s unclear if that was a Ukrainian response, and Russian authorities said the attack had nothing to do with the Ukraine crisis.

(Related) If this keeps up, Russia may declare Cleveland to be part of the Crimea.
Ukraine denounces ‘invasion’ by Russian forces on eve of Crimea’s referendum
Russia’s military staged a provocative new act of aggression Saturday, occupying a natural gas distribution center and village on a strip of Ukrainian land near the Crimean Peninsula and prompting Kiev’s Ministry of Foreign Affairs to denounce “a military invasion by Russia.”
The incident marked the first face-to-face standoff between the Ukrainian and Russian militaries outside the Crimean Peninsula, suggesting that Moscow is testing the will of Kiev amid fears of further Russian incursions in eastern and southern Ukraine.


Soon, we will be able to do this here in the US! Won't that be wonderful?
Jon Ungoed-Thomas reports:
A billion NHS records containing details of patients’ hospital admissions and operations have been sold to a marketing consultancy working for some of the world’s biggest drug companies, The Sunday Times can reveal.
Harvey Walsh, a healthcare intelligence company, has paid for a database that, although stripped of names and addresses, does include the age, postcode district, medical condition and place of treatment for every patient who has received hospital care in England.
Read more on The Sunday Times.
[From the article:
Harvey Walsh says it already has 10 years of data and can “track” the treatments that individual patients receive over their lifetime. [Names and addresses not required. Bob] It said yesterday the data helped pharmaceutical companies to drive improvements in patient care.