Saturday, August 02, 2014

For my Computer Security students. All new malware is, for a time, undetectable.
Backoff Malware So Sophisticated it Can Hardly be Traced
A never been seen before malware called Backoff, which has infected point of sale systems and remote desktop applications, has gone virtually undetected causing a huge security threat.
Hackers have developed a virus that has infected point of sale (PoS) software for retailers and businesses as well as remote desktop applications which are commonly used by telecommuting employees or independent contractors to connect to the businesses main network.
… businesses and retailers are being cautioned to monitor their traffic patterns and look out for strange IP addresses. They are also warning everyone to ensure they have strong passwords.
Those who have Microsoft’s or Apple’s Remote Desktop system are being asked to pay extra attention to unusual activity and make sure that their passwords are secure.


Silly and poorly thought out. If they can't video from overhead, they'll probably stand across from the gate and video “cars going in and out.” When that's banned, they will move a block away and do the same thing. Then telescopes? Perhaps following the cars with dashboard cams?
Ah, delicious irony….
Joseph Serna reports:
Los Angeles police on Friday said they have asked the city attorney’s office and county prosecutors to explore whether they can legally prohibit civilians from flying drones with cameras over department-owned parking lots.
The inquiry was sparked after a South Bay man who routinely films police activity and posts the footage on his website flew his drone over the parking lot of the LAPD’s Hollywood station this week and filmed squad cars going in and out.
He then posted the video on YouTube.
“What concerns us is that they are filming over private property and it’s gated – you’re looking at the layout of the police station, how we operate, personnel license plates,” said police Lt. Michael Ling. “It’s kind of like if it was your house, if they’re flying over your backyard you’d start asking questions about it.”
Read more on L.A. Times.


This is the world of social media. People can't imagine living without their toys.
Facebook goes down, panicked users call 911
When Facebook went down for some on Friday, a few people panicked and called 911, CNET reports. Whether they were prank calls or people truly concerned about the inability to update their status remains a mystery for now.


Interesting article. It seems to suggest that at least for mobile, the neutrality of the Internet is no more.
Free Mobile Data Plans Are Going to Crush the Startup Economy
The deal sounds great: Stream unlimited music without any data charges. The offer from T-Mobile includes popular services such as Spotify, iTunes, and Pandora. These app s will no longer count against your data plan, the company announced recently, no matter how much you stream across its 4G LTE network.
Or consider Sprint’s new offer, via its Virgin Mobile pre-paid service: unlimited access to Facebook, Twitter, Instagram, or Pinterest for just $12 per month. Unlimited access to all four is $22 monthly, and $5 more also gets you unlimited music.
Yesterday, we described the Sprint deal as a Netflix-like unbundling of mobile data options, an à la carte alternative to standard all-access data plans that resemble nothing so much as cable’s all-or-nothing bundles that force you to pay for channels you don’t actually want. And there’s a truth to this. But a prominent New York venture capitalist has a far more pessimistic take on the new trend toward unlimited data for certain apps. Fred Wilson, co-founder of Union Square Ventures, views such deals—which he calls “zero rating”—as a discriminatory salvo against mobile innovation.
“What all of this zero rating activity is setting up is a mobile internet that looks a lot more like cable TV than our wide open Internet,” Wilson writes. “Soon, a startup will have to negotiate a zero rating plan before launching because mobile app customers will be trained to only use apps that are zero rated on their network.


I didn't know this was a problem. I'll post the chart for my students.
How to Share Files Between Mobile Phones and Computers
Your digital photos, documents, music, and other files are spread across a range of devices from your mobile phones to tablets and your computers. The devices are running different operating systems and therefore there’s no standard method that will allow you to easily copy files from one device to another.


Believe it or not, I have students who read for pleasure.
It’s a tedious thing to monitor time sensitive offers at Amazon, especially free ones these days. Fortunately independent sites that monitor such offers do exist and the good news is – they’re in abundance. Daily offers or very limited time free kindle ebook offers will be posted on a daily basis, allowing you the option to download and sample these stories without the need to log in to Amazon for the latest lists.


This is for my students who spend class time catching up on their favorite TV shows.
Hulu Android App Updated, Now Streaming Free Content
This week, video-streaming service provider Hulu released a major update to its app designed for Android smartphones and tablets.
The latest update allows mobile Android users to access and stream select TV shows and movies for free.
To download the updated Android Hulu Plus app, visit https://play.google.com/store/apps/details?id=com.hulu.plus&hl=en

(Related) I'll have to pull their earbuds to get their attention, but the might like this.
– listen instantly to 60 million songs. Atraci is an application for Windows, Mac and Linux that lets you listen instantly to more than 60 million songs (way more than iTunes’s 26 million). It requires no sign up, displays no ads and is 100% safe.
Android and iOS apps on the way


I can't believe this happens every week!
Missouri Governor Jay Nixon has signed a bill extending existing privacy laws for library records to include materials related to e-books, streaming video, and downloadable audiobooks. More via School Library Journal. [“Library records” didn't include this information? Bob]
In order to stop cheating, the Air Force dropped grading as part of the examination procedures for its nuclear officers
This story from the Hoboken School District of its plans to destroy, yes destroy, all its laptops from its “failed” 1:1 laptop program details an amazing amount of administrative incompetence.
Some 31 million people enrolled in college during the last 20 years left without earning a degree. And via the chart-loving Vox: “7 charts that show what happened to 31 million American college dropouts.”

Friday, August 01, 2014

Oh no! Not Jimmy Johns!
Sandwich Chain Jimmy John’s Investigating Breach Claims
Sources at a growing number of financial institutions in the United States say they are tracking a pattern of fraud that indicates nationwide sandwich chain Jimmy John’s may be the latest retailer dealing with a breach involving customer credit card data. The company says it is working with authorities on an investigation.
… The unauthorized card activity witnessed by various financial institutions contacted by this author is tied to so-called “card-present” fraud, where the fraudsters are able to create counterfeit copies of stolen credit cards.
Beyond ATM skimmers, the most prevalent sources of card-present fraud are payment terminals in retail stores that have been compromised by malicious software.
… Reports of a possible card compromise at Jimmy John’s comes amid news that the Delaware Restaurant Association is warning its members about a new remote-access breach that appears to have been the result of compromised point-of-sale software.


Oh look, banks have rules!
Financial Crimes Enforcement Network: Customer Due Diligence Requirements for Financial Institutions
by Sabrina I. Pacifici on Jul 31, 2014
News release: “The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) today issued a Notice of Proposed Rulemaking (NPRM) to amend existing Bank Secrecy Act (BSA) regulations to help prevent the use of anonymous companies to engage in or launder the proceeds of illegal activity in the U.S. financial sector. The proposed rule would clarify and strengthen customer due diligence obligations of banks and other financial institutions (including brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities). The proposed amendments would add a new requirement that these entities know and verify the identities of the real people (also known as beneficial owners) who own, control, and profit from the companies they service… The proposed rule benefits from extensive outreach and discussion with financial institutions and regulatory agencies. These proposed amendments represent significant enhancements to the BSA and build upon post-9/11 augmentation of the regulations designed to protect the U.S. financial system. They would make valuable information needed to disrupt illicit finance networks available to law enforcement. The resulting increase in financial transparency would enhance the ability of financial institutions and law enforcement to identify the assets and accounts of criminals and national security threats. The rule also would further the United States commitments in the G-8 Action Plan for Transparency of Company Ownership and Control published in June 2013. The rulemaking clarifies that customer due diligence includes four core elements: identifying and verifying the identity of customers; identifying and verifying the beneficial owners of legal entity customers; understanding the nature and purpose of customer relationships; and conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions. The proposed requirement to identify and verify the identity of beneficial owners is addressed through the proposal of a new requirement for covered financial institutions to collect beneficial ownership in a standardized format. Those financial institutions will have to identify and verify any individual who owns 25 percent of more of a legal entity, and an individual who controls the legal entity.”


Is this really unexpected?
Twitter and the US government square off yet again
Twitter’s latest transparency report shows a steady rise in government requests for account information. And an increasing number of requests are coming from foreign governments. In the past six months, the company received more than 2,000 different requests from 54 different countries, an increase of almost 150 percent since Twitter began releasing the data in 2012.

(Related) Or this one?
Microsoft ordered to hand over emails on Dublin server
Microsoft's latest attempt to resist a US government warrant demanding access to emails stored on servers in Ireland has been dismissed by a federal judge.
A court in New York ruled against the tech company, which has consistently fought the order issued in December as part of a drug-trafficking trial.
Microsoft immediately announced plans to challenge the decision.
The company has previously said it will allow users to choose where their data is stored.


Is there a trend to make more/less data sensitive?
Daniel Solove writes:
…. I find it interesting what various countries define as sensitive data, and K Royal has created an awesome chart that she shared with me. To a privacy wonk like me, a chart like this makes me giddy with excitement, and so I thought I’d share it with you (with her permission, of course).
First, here’s a tally of the various types of most-commonly recognized categories of sensitive data. This is based on a chart of the sensitive data category of many countries that K Royal created.
See the chart and read more on LinkedIn.


If nothing else, ammunition for the annual budget wars.
NY AG Releases Report Showing Rise In Data Breaches, Provides Security Tips To Small Businesses & Consumers
by Sabrina I. Pacifici on Jul 31, 2014
“Attorney General Eric T. Schneiderman today issued a new report examining the growing number, complexity, and costs of data breaches in the New York State. Using information provided to the Attorney General’s Office pursuant to the New York State Information Security Breach & Notification Act, the report, titled “Information Exposed: Historical Examination of Data Security in New York State, analyzes eight years of security breach data and how it has impacted New Yorkers. The report reveals that the number of reported data security breaches in New York more than tripled between 2006 and 2013. In that same period, 22.8 million personal records of New Yorkers have been exposed in nearly 5,000 data breaches, which have cost the public and private sectors in New York upward of $1.37 billion in 2013. In addition, the report also found that hacking intrusions – in which third parties gain unauthorized access to data stored on a computer system – were the leading cause of data security breaches, accounting for roughly 40 percent of all breaches. Attorney General Schneiderman’s report also presents new recommendations on steps that both organizations and consumers can take to protect themselves from data loss.”


Rethinking our security strategy?
Don’t let your enterprise network fail on ‘the basics’
As many have pointed out, network security relies not on defenses that never fail, but on defenses that fail intelligently. However, today’s enterprise networks most often “fail on the basics,” according to Dmitriy Ayrapetov, director of product management at Dell SonicWall.
That has been a recurring theme at the Gartner Security & Risk Management Summit this week in Washington, D.C. New research from Gartner shifts the focus of security planning away from “preventive controls (such as signature-based anti-malware, network and host intrusion prevention systems, pervasive encryption and continuous patching),” calling such controls “increasingly ineffective.” Instead, Gartner’s analysis concludes that “the digital workplace reinforces the need to focus more on detective and reactive controls.”
… He noted the recent collapse of CodeSpaces.com, a code-hosting and project management service provider whose customer data was eradicated last week by an unknown intruder, causing the company to fail within a day. According to a published IDG News Service release published by ComputerWorld and other sources, “The devastating security breach happened over a span of 12 hours and initially started with a distributed denial-of-service attack followed by an attempt to extort money from the company.”

(Related)
Mobile Apps Are Replacing the Web - Is Your Enterprise Ready?
We know mobile is quickly changing the way we do business and now it’s also beginning to replace the web. A recent Gartner study shows that 86 percent of users are now using mobile apps compared to the 14 percent still using mobile browsers. The trajectory is very clearly shifting from web to mobile and as CISOs, we really need to reevaluate if we are ready to properly secure and protect mobile applications from threats.
A recent study showed that this year, mobile users actually surpassed desktop users. The “mobile first” trend has finally arrived and it’s coming in at full force.
Whether we like it or not, BYOD is here and being adopted in most organizations.
Follow OWASP’s top 10 mobile risks and the remediation for those risks is a great start. This covers everything from data encryption to preventing man-in-the-middle attacks to client side injection.


Perhaps we could host a war game?
Deloitte Brings Cyber War Games to the Enterprise
Deloitte's Cyber Risk Services group has launched new “cyber war-gaming and simulation services” that aim to unite those tasked with managing enterprise-wide responses to cyber-attacks.
According to Deloitte, its cyber threat war-gaming approach relies on thinking from the military and academia and incorporates lessons learned from war-game simulations conducted for multi-national companies, government entities, regulatory bodies and industry groups.
Deloitte co-authored the "After Action" report (PDF)for Quantum Dawn 2, a simulated systemic cyber attack on the U.S. financial system back in June 2013.

(Related)
Microsoft Launches EMET 5.0
Microsoft announced on Thursday the general availability of the Enhanced Mitigation Experience Toolkit (EMET) 5.0.
According to the company, version 5.0 of the free security tool comes with two new mitigations, Attack Surface Reduction (ASR) and Export Address Table Filtering Plus (EAF+), both of which were introduced in EMET 5.0 Technical Preview.


Should be enlightening.
From EPIC:
The U.S. Court of Appeals for the D.C. Circuit ruled in favor of EPIC today in a Freedom of Information Act case seeking the full text of National Security Presidential Directive 54, a previously-secret Presidential order granting the government broad authority over cybersecurity matters. EPIC successfully obtained the Directive from the NSA, and the DC Circuit has vacated the lower court’s Fall 2013 ruling that NSPD-54 was not an “agency record” subject to the FOIA. The Directive also includes the Comprehensive National Cybersecurity Initiative and evidences government efforts to enlist private sector companies to assist in monitoring Internet traffic. EPIC has several related FOIA cases against the NSA pending in federal court. For more information, see EPIC v. NSA: NSPD-54 Appeal and EPIC: Freedom of Information Act Cases.


Might be useful
If you missed the 2014 Health Privacy Summit, you can view videos from the conference on Patient Privacy Rights’ site.


I'm shocked, shocked I tell you! Imagine a regulation requiring you to treat every request as if it was rational and reasonable. Then imagine individuals with no such requirements.
Zach Miners reports:
Some of those seeking to scrub their histories from the Web under Europe’s “right to be forgotten” rule are being economical with the truth when making their requests, Google said Thursday.
In a letter to European data regulators, Google listed some of the challenges it faces in complying with the ruling, which allows people to compel search engines like Google and Bing to remove links to pages that mention their name, if the references are “inadequate,” “irrelevant” or “excessive.”
Read more on Computerworld.


SkyNet will not work unless robots can self-repair.
Robot 'learns to keep going with broken leg'
Engineers have taken a step towards having machines that can operate when damaged by developing a robot that can teach itself to walk, even with a broken leg.
Using "intelligent trial and error", their six-legged robot learned how to walk again in less than 2 minutes.


Something useless for the game club. (Wink wink)
Play Game Boy Advanced Games On Your iPhone
Apple doesn’t allow emulators on its platform, but coders keep finding a way to offer them. GBA4IOS is a free Game Boy Advanced emulator you can install on your iPhone or iPad, for free.
Installing this is a little odd: you’ll need to set your time back 24 hours before you can download it, a trick that apparently lets this unapproved app get around Apple’s walled garden.
Of course, you can’t play any games with this unless you download ROMs – which would be illegal. We know none of you would break the law, ever, so I suppose this isn’t useful – just like the emulators you installed on your Raspberry Pi.
Oh well.


I know some students who will love this.
A Tool That Answers 'What's That Typeface?'
… it's so addicting to be able to mouse over and identify any font you see online. That's what the browser plug-in FontFace Ninja allows. There's even a button that lets you hide everything on the page except for the text.

Thursday, July 31, 2014

Looks like some people are taking Russia's offer seriously.
Tor Warns of Attack Attempting to Deanonymize Users
The Tor Project has disclosed details of an attack which appeared to be an attempt to deanonymize users of the popular anonymity network.
According to Tor Project Leader Roger Dingledine, the attack was detected on July 4 while the organization was trying to identify attacks leveraging a method discovered by researchers at Carnegie Mellon University's CERT.
The researchers, Michael McCord and Alexander Volynkin, planned on detailing a way to break the anonymity network by exploiting fundamental flaws in its design and implementation at the upcoming Black Hat security conference, but their presentation was cancelled because their materials had not been approved for public release by the Software Engineering Institute at Carnegie Mellon University.


Probably small, but not the kind of message you want to send your customers. Points for honesty? Probably not. I wonder if they have records (activity logs) going back to 2011?
Ouch. Lasko is notifying some customers of the Lasko and Air King web sites that on July 2, they became aware that some customers were receiving phishing e-mails. Investigation suggested that it may have been related to a hack of their system that exposed customers’ names, email addresses, phone numbers, credit card numbers and card expiration dates.
“Although most of the activity associated with this unauthorized hacking into our computer network appears to have occurred during March – June 2014, we can not rule out the possibility of unauthorized access to our network leading to the exposure of credit card information dating back to 2011,” writes Edward V. McAssey III, Chief Operating Officer. The meta-data for their submission to the California Attorney General’s Office indicates that the hack may have occurred in December 2011.
Those notified were offered a year of free services through AllClear ID, but there’s no indication in the letter how many customers are being notified.

(Related) People say they are concerned, but they don't seem to act that way.
Customer Loyalty Seriously Affected by Data Breaches: SafeNet
A global survey conducted by data protection solutions provider SafeNet once again confirms that data breaches, especially ones that involve financial data, have a negative impact on customer loyalty.
According to the study, 65% of the roughly 4,500 respondents are unlikely to do business with a company that experienced an incident in which credit card details, bank account numbers or online banking login data was stolen. Consumers in the United States and Germany appear to be the least concerned, with 54%, respectively 53%, saying that they would not do business with a firm that suffered a data breach. Japan is at the other end of the poll with 82%.
The Q2 Breach Level Index published by SafeNet on Wednesday shows that a total of 175 million records were exposed worldwide in the second quarter as a result of the 237 data breaches that occurred during this period.


Security as “competitive advantage.” Interesting.
Can BlackBerry Become The Next Security Superpower?
BlackBerry announced its intent to acquire Secusmart. It’s a company that offers high-security voice and data encryption and anti-eavesdropping solutions for government organizations, enterprises and telecommunications service providers.
… BlackBerry is hanging its hat on becoming the next security company…and that’s not a bad thing. BlackBerry is making progress with its Enterprise Mobility Management (EMM) solution but this is a tough market to win against the likes of Vmware/Airwarch and Mobileiron.


Is this all in reaction to NSA surveillance?
iPhone App "Signal" Enables Free Encrypted Phone Calls
Open Whisper Systems, the creators of the RedPhone secure calling app for Android, announced on Tuesday the availability of Signal, an iPhone application that lets users make encrypted voice calls worldwide for free.
According to the open source software group, Signal is specifically created for mobile devices and it's fully compatible with RedPhone. The new application uses existing phone numbers and it's designed to display only contacts that area reachable through Signal.
Users don't need any passwords when utilizing the app. Instead, both the caller and the receiver are presented with a pair of words. If the words match on both ends, the connection is secure; if not, someone is possibly eavesdropping on the conversation.
In order to ensure that communications are protected, Signal uses ZRTP, a protocol invented by Phil Zimmermann, who is also the creator of Pretty Good Privacy (PGP). In fact, Zimmermann also co-founded Silent Circle, a company providing encrypted communications services.


Is DNA like fingerprints? I kinda think it is.
Ian Duncan reports:
An appeals court on Wednesday sanctioned the police’s use of genetic material obtained in one investigation to solve other crimes, but agreed with attorneys for a burglar that questions surround the little known practice.
Three judges of the Court of Special Appeals upheld the burglary conviction of George Varriale, a homeless Anne Arundel County man, which was based in part on DNA that he had voluntarily given to police to clear himself in a rape investigation.
Read more on Baltimore Sun.

(Related) Do we need a global DNA database? (No doubt the FBI would volunteer to run it)
A ‘mass exchange’ of DNA profiles between the Netherlands and Belgium may have helped solve hundreds of crimes, Belgian media report on Thursday.
In total, 1,745 matches were found when crime scene DNA held in data banks in the two countries was compared. In 576 cases, DNA found at a crime scene in one country could be linked to someone who had been forced to give a sample in the other.
[...]
Belgium will also soon make DNA exchanges with German and French DNA banks.
Since 2005, everyone convicted of a crime punishable by four years or more in jail in the Netherlands must give a dna sample. This is kept on the data base for 20 years.
There’s no mention in this article of any privacy or human rights concerns. How would you feel if the U.S. shared your DNA with other countries for law enforcement purposes? I can see querying in particular cases, but mass exchange?


No decision, but lots of argument.
A National Consensus: Cell Phone Location Records Are Private – EFF
by Sabrina I. Pacifici on Jul 30, 2014
“The Fourth Amendment protects us from “unreasonable” government searches of our persons, houses, papers and effects. How courts should determine what is and isn’t reasonable in our increasingly digital world is the subject of a new amicus brief we filed today in San Francisco federal court. At issue is historical cell site data—the records of the cell towers a customer’s cell phone connects to. The government has long maintained that it’s unreasonable for customers to expect those records to remain private. As a result, the government argues it does not need a search warrant to obtain historical cell site records from cell phone providers. Federal appeals courts are divided on the issue. In 2013, the Fifth Circuit Court of Appeals, which covers Louisiana, Mississippi and Texas, ruled there was no expectation of privacy in historical cell site data. But last month, the Eleventh Circuit Court of Appeals, which covers Alabama, Florida and Georgia, reached the opposite conclusion, ruling people did have an expectation of privacy in this information. Federal magistrate judge Nathanael Cousins in San Francisco, who is not required to follow either the Fifth or Eleventh Circuit–he’s bound to follow the Ninth Circuit which hasn’t ruled on the issue yet–recently requested the local U.S. Attorney’s office to explain why the government believed it did not need a search warrant to obtain cell site records. He invited the San Francisco Federal Defender to file a response as well, and we filed an amicus brief supporting a warrant requirement. The ACLU of Northern California and University of San Francisco law professor Susan Freiwald and EFF special counsel Marcia Hofmann also submitted amicus briefs. A Fourth Amendment “search” is an intrusion upon something in which a person has a subjective expectation of privacy that society considers reasonable. By definition, determining whether a search is “reasonable” requires looking at what society considers to be deserving of privacy protection. So our amicus brief explains why many Americans actually expect this detailed and sensitive location information to remain private, even when it’s stored by phone companies.”


Today it's to study traffic flow, tomorrow it will be for “prevention of terrorism!”
Soo Kim reports:
All mobile phones logged into the Wi-Fi network at Helsinki Airport will be monitored by an in-house tracking system that identifies passengers’ real-time movements.
The technology has been criticised by privacy advocate groups, but is said to be aimed at monitoring crowds and preventing bottlenecking at the airport, which sees around 15 million passengers a year, Bloomberg reports.
Read more on The Telegraph.


Another case of lawyers (and lobbyists) knowing more about health tan mere doctors?
John Commins reports that physician groups will appeal the 11th Circuit ruling upholding Florida’s “Docs vs. Glocks” law. I am glad to hear that as I think the law is not only a gag on health professionals’ First Amendment rights, but a prohibition on professional speech/conduct that is a disservice to public health and safety. In my opinion, states should only be interfering in (regulating) doctor-patient discussions or care when there is sufficient evidence that a practice causes harm or puts patients at unacceptable risk. There has been no such demonstration in this case.
Just as pediatricians and those of us who work with children may routinely inquire about a child’s nutrition and sleep patterns in screening for factors that may contribute to health and functioning, so too do professionals screen for other factors that may affect our patients’ health – including the presence of guns in homes where there are impulsive or curious young children. Mental health issues such as depression or anger issues are not the only reason or justification for asking about guns.
Those supporting the Docs vs. Glocks law seem to believe that inquiring is just an attempt by professional groups to condemn guns or interfere with adults Second Amendment rights to own guns. It’s not. It’s an attempt to do our jobs properly.
And given that we are required to maintain patient confidentiality and no law requires us to record all of a patient’s answers, why is there even a problem?
In any event, the Docs vs. Glocks needs to be struck down - to protect the health and safety of the public and so that health professionals’ hands are not unreasonably tied. If the state wants to regulate our speech, it should have to meet a higher level of scrutiny.


Perhaps my Ethical Hackers could do the same here? Students only? (Not really)
Facebook app gives free Internet to mobile users in Zambia
Facebook introduced an app on Thursday that will give mobile phone subscribers in Zambia access to a set of free basic mobile data services—and Facebook.
The app is part of Facebook’s Internet.org project that aims to bring Internet access to the two thirds of the world’s population that doesn’t have it. With the app, people can browse a set of health, employment and local information services without data charges, Facebook said on Thursday.
“By providing free basic services via the app, we hope to bring more people online and help them discover valuable services they might not have otherwise,” Facebook’s director of product management, Guy Rosen , wrote.
… Facebook has already done something similar in the Philippines where it partnered with service provider Globe to offer services for free. It also has partnered with carrier Tigo in Paraguay in the early stages of the Internet.org project. According to Facebook CEO Mark Zuckerberg the number of Internet users doubled in the Philippines while Tigo saw the growth of Internet users rise by 50 percent as a result as a result of the tests.


I wonder of Facebook et al pay for this?
What Sprint's New Wireless Plan Says About the Future of Mobile
Sprint and Virgin Mobile USA announced phone plans Wednesday that will let you access only four of the most popular social media apps in the country.
Marketed with parental controls and targeted toward families, customers can pay $11.98 for the new Virgin Mobile Custom plan, a no-annual-contract program for unlimited access to one of four social media apps: Facebook, Twitter, Pinterest or Instagram.
Each pre-paid $6.98 base plan includes 20 minutes of voice and 20 texts. Another $5 provides customers with unlimited access to one of those four apps. Or, you can choose to pay $15 for access to all four of those apps.
“Phones have migrated largely away from ‘talking’ at this point and are much more utilized for apps, searching and making purchases,” said Ken Wisnefski, founder and CEO of online marketing agency WebiMax. “Talking is secondary. Who talks on a phone anymore?


...'cause us teachers love Wikipedia.
enables you to have the whole of Wikipedia on hand wherever you go. On a boat, in the middle of nowhere or in jail, Kiwix gives you access to the whole of human knowledge. You don’t need the Internet, as everything is stored on your computer, USB flash drive or DVD. Kiwix is free software, which means you can freely copy, modify and distribute it.
[From the webpage:
Kiwix is mostly installed in schools, universities and libraries which can't afford a broadband Internet access. It is much faster than the Internet and also can be used by many institutions to save bandwidth and reader's time. But many people use Kiwix for their own personal purposes, for example, of people suffering from censorship or prisoners.


Translating student speak. (Of course, you can always Google it)
How To Speak Gen Z
Have you ever received text messages from Mum or Dad (maybe Grandma) asking,”What’s ‘LOL’?” or “What’s “FML’?” If you’re still unsure about the lingo of today’s generation Z, here’s a quick cheat sheet to get you back on track.
While you’re at it, you may as well learn the alphabet the geeky way, as opposed to learning the alphabet the obsolete way.


For my students.
Tech Jobs of the Future: What To Study If You Want a Cool Job Tomorrow
… If you’re a student and looking to establish yourself in a field of study that has a bright future in the world of high technology, then you’ll need the mindset of a futurist. Understanding the direction of technology will help you decide how you want to position yourself to succeed, and figure out exactly what you need to study to get there.
Modern state of the art throughout the world of tech ranges across many disciplines, including virtual reality, artificial intelligence, drones, and even biotechnology. How do you know where to start? The following are a few examples of the sort of tech jobs you can expect to see within the next 5 to 10 years if advancements continue along the paths they are going. Review them and decide whether your personality and interests would make you a good candidate for any of these future jobs.
Cyber Security
Drone Programmers
Virtual Reality Designers
Vehicle Programmers
Smart Home Programmers
Advanced Automation
Artificial Intelligence Programmer

Wednesday, July 30, 2014

For the “How to Hack” guidebook my Ethical Hackers are assembling. Along with tips on detection and mitigation...
How do hackers breach institutions like Canada's NRC?
Cyberattacks like the one against the National Research Council of Canada are increasing around the world. But by knowing the steps hackers would use for a sophisticated attack, security experts try to gain the upper hand.
"Sometimes in breaches, companies call it a 'highly sophisticated cyberattack' (as the Government of Canada's chief technology officer said in a statement Tuesday) in order to make it seem like they were beaten by the best," Geoffrey Vaughan, a security consultant with Security Compass, told CTV News Channel.
"In this case, the fact they were able to observe the attack for up to a month in advance probably suggests it was a serious, sophisticated attack."
Vaughan, who is an ethical hacker, told CTVNews.ca the process is complicated, but broke it down into six steps most hackers will use for more sophisticated jobs.

(Related) We collect these in the Appendices.
Boost Your Security Posture through Membership in an Industry Information Sharing and Analysis Center (ISAC)
… On the belief that there is strength in numbers, many organizations are joining an industry-specific Industry Sharing and Analysis Center (ISAC) to confidentially share threat and mitigation information with their peers within their own industry.
According to The National Council of ISACs, “ISACs are trusted entities established by Critical Infrastructure Key Resource (CI/KR) owners and operators to provide comprehensive sector analysis, which is shared within the sector, with other sectors, and with government.


Another report management should read?
Last week the Center for a New American Security (CNAS) released a new report on cybersecurity authored by Richard Danzig titled “Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies.”
… Danzig outlines why and how cyber-vulnerabilities exist in a manner that is approachable for newcomers to the field while offering deep commentary for old hands. Highly recommended for anyone with an interest in cyber policy. The report can be found at the CNAS’s website here, and the video of the panel is embedded below. The executive summary is reproduced below the video.


You don't really invest time and money to make Netflix faster, you just make everyone else slower.
Netflix Signs Streaming Deal With AT&T
Netflix has signed yet another peering deal, this time with AT&T. The deal, which follows on from similar agreements with Comcast and Verizon, means Netflix will receive VIP treatment through the AT&T tubes. This is good news for customers in the short term, but bad news for everyone in the long term… less buffering now means the death of net neutrality later.


The world, she is a-changing!
How the Internet of Things Changes Business Models
As the Internet of Things (IoT) spreads, the implications for business model innovation are huge. Filling out well-known frameworks and streamlining established business models won’t be enough. To take advantage of new, cloud-based opportunities, today’s companies will need to fundamentally rethink their orthodoxies about value creation and value capture.
… But in a connected world, products are no longer one-and-done. Thanks to over-the-air updates, new features and functionality can be pushed to the customer on a regular basis. The ability to track products in use makes it possible to respond to customer behavior. And of course, products can now be connected with other products, leading to new analytics and new services for more effective forecasting, process optimization, and customer service experiences.
… In his classic book Competitive Strategy, Michael Porter describes three generic strategies: differentiation, cost leadership, and focus. For some industries, those basic strategies still hold true today. But in industries that are becoming connected, differentiation, cost, and focus are no longer mutually exclusive; rather, they can be mutually reinforcing in creating and capturing value. If your company is an incumbent firm that built its kingdom through a traditional product-based business model, be concerned as your competition and disruption-minded start-ups take advantage of the IoT.

(Related) Move, but move carefully!
70 Percent of IoT Devices Vulnerable to Cyberattacks: HP
A new study published by HP on Tuesday reveals that 70% of the most popular Internet of Things (IoT) devices contain serious vulnerabilities.
The company used its HP Fortify on Demand application security testing service to check ten of the most commonly used IoT devices and their cloud and mobile application components. The list includes TVs, power outlets, webcams, smart hubs, home thermostats, sprinkler controllers, home alarms, scales, garage door openers, and door locks.
According to HP's report,"Internet of Things Security: State of the Union", a total of 250 security holes have been found in the tested IoT devices — on average, 25 per device. The issues are related to privacy, insufficient authorization, lack of transport encryption, inadequate software protection, and insecure Web interfaces.
For example, the study shows that 80% of the tested devices, including their corresponding cloud and mobile apps, raised privacy concerns regarding the collection of user data such as names, email addresses, physical addresses, date of birth, financial and health information.


Something for those idle law school students? Perhaps in collaboration with my industrious geeks?
This is an exciting RFP:
The Berkeley Center for Law & Technology and Microsoft are issuing this request for proposals (RFP) to fund scholarly inquiry to examine the civil rights, human rights, security and privacy issues that arise from recent initiatives to release large datasets of government information to the public for analysis and reuse. This research may help ground public policy discussions and drive the development of a framework to avoid potential abuses of this data while encouraging greater engagement and innovation.
This RFP seeks to:
  • Gain knowledge of the impact of the online release of large amounts of data generated by citizens’ interactions with government
  • Imagine new possibilities for technical, legal, and regulatory interventions that avoid abuse
  • Begin building a body of research that addresses these issues
Read the details and criteria on Berkeley Law. The proposal application deadline is September 25th.


Microeconomics 101 The elasticity argument is true, but the “alternate goods” argument is better.
Amazon Does E-Book Math For Hachette In Arguing For $9.99 Prices
After months of speculation and squabbling, Amazon.com finally laid out its position in black and white in its dispute with Hachette Book Group. In a post on Tuesday to an Amazon Kindle forum, the Seattle company said that its “key objective” was to lower e-book prices, noting that there would be greater benefits for authors, the publisher, customers and the online retailer if prices were cut by as much as half.
… “For every copy an e-book would sell at $14.99, it would sell 1.74 copies if priced at $9.99,” the company wrote. “So, for example, if customers would buy 100,000 copies of a particular e-book at $14.99, then customers would buy 174,000 copies of that same e-book at $9.99. Total revenue at $14.99 would be $1,499,000. Total revenue at $9.99 is $1,738,000.”
Citing e-books’ high price elasticity, Amazon went on to argue that e-books aren’t simply competing with other books. Rather, they’re competing with other forms of media engagement–from games to movies to online news publications–that take up a potential reader’s time.

(Related) Competing for a large market.
Amazon to invest $2 billion in India, a day after Flipkart's $1 billion funding
A day after Flipkart announced raising $1 billion in funds, e-commerce giant Amazon on Wednesday said that it will invest an additional $2 billion in India to support its growth in the country.
"After our first year in business, the response from customers and small and medium-sized businesses in India has far surpassed our expectations," said Jeff Bezos, founder and CEO of Amazon.com.
"We see huge potential in the Indian economy and for the growth of e-commerce in India.


Another “competition” story. (Is this why Rupert Murdock wanted Time Warner?)
FCC chairman calls out Time Warner over Dodgers TV impasse
The Federal Communications is not happy with Time Warner Cable about the Dodgers TV situation.
In a blistering letter to Time Warner Cable Chief Executive Rob Marcus, FCC Chairman Tom Wheeler criticized the company for its inability to reach agreements with other area pay-TV distributors for SportsNet LA, the new Dodgers-owned channel.
"I am writing to express my strong concern about how your actions appear to have created the inability of consumers in the Los Angeles area to watch televised games of the Los Angeles Dodgers," Wheeler wrote. "The FCC will continue to monitor this dispute closely and will intervene as appropriately necessary to bring relief to consumers."


Somehow I think this is wishful thinking.
As Sanctions Pile Up, Russians’ Alarm Grows Over Putin's Tactics
Russia, facing the toughest round of Western sanctions imposed since the Ukraine crisis erupted, has adopted a nonchalant public stance, with President Vladimir V. Putin emphasizing the importance of self-reliance and a new poll released Tuesday indicating a “What, me worry?” attitude among the bulk of the population.
But beneath that calm facade, there is growing alarm in Russia that the festering turmoil in Ukraine and the new round of far more punitive sanctions — announced Tuesday by both European nations and the United States — will have an impact on Russia’s relations with the West for years to come and damage the economy to the extent that ordinary Russians feel it.


The future belongs to Twits?
Twitter Reveals Its Master Plan For Growing As Big As Facebook
… For months, Twitter has been struggling with the perhaps unreasonable expectation of investors that its growth curve resemble that of Facebook. This is a significant problem, as its acquisition of monthly active users has been slowing down, meaning it could be decades, not years, before it accrues the 1.3 billion Facebook has now.
Costolo’s solution is to tell everyone we’ve been counting wrong. The 271 million MAUs Twitter announced today (itself marking a comfortable jump of 16 million from the previous quarter’s mark) only comprise one segment of Twitter’s audience.


Because no music existed before 1960?
– is your way to be taken back to a previous year and listen to the music for that year. The music comes from YouTube, and covers the period between 1960 till 2013. Just choose your year, and the page will fill up with YouTube videos for the music for you to play.


I find this interesting. Since movie theaters are now digital, you could download and screen any movie at any time. Perhaps libraries will add theater rooms. How expensive could old movies be? Perhaps a student “Movie Club?”
– is a site where you can attend screenings others have created, or by creating and sharing your own screenings. So if you missed the latest blockbuster, only love the classics, need to organise a party or have just made your first feature, this is the place for you. Pick your film. Choose your cinema. Select your date and time. Invite your friends. If enough people book tickets, your screening happens.


High heeled roller skates. (From a discussion with my students.)
Acton RocketSkates