Saturday, September 06, 2014

According to Blogspot, this is my 3000th blog post. Since I do everything wrong, that translates to 3000 days (I post everything at once) and roughly 30,000 articles.


It's our fault. We have always wanted the computer on Star Trek. And now the NSA has it's dream chip.
Intels Clever and Kinda Creepy Chips that are Always Listening
Intel has released a new line of clever, but creepy computer chips that are always listening and ready to turn on using voice commands.
“Hello Computer” is all you have to say to turn on your computer when it is equipped with one of Intel’s latest chips.
… The chips have the ability to constantly listen for sounds or voice instructions due to the digital signal processor core that is designed to process audio with minimal power use.
“It doesnt matter what state the system will be in, it will be listening all the time,” stated Ed Gamsaragan, an engineer at Intel. “You could be actively doing work or it could be in standby.”
The device can also be trained to only respond to your voice however currently, the system is not secure enough to replace a password.


Have I mentioned that Google was a big Obama supporter? Looks like they still have his ear. “What's good for General Bashington T. Bullmoose IS good for the country!”
White House names Google’s Megan Smith the next Chief Technology Officer of the United States
The White House announced Thursday that it has named its next Chief Technology Officer. She is Megan Smith, a Google executive with decades of experience in Silicon Valley. The Obama administration named as deputy U.S. CTO, Alexander Macgillivray, a former Twitter lawyer known as a staunch defender of the free flow of information online.


Might interest my Computer Security students.
30 days with space and cyber Airmen
Air Force Space Command invites Airmen, their families, and the public to follow online as the 3rd Combat Camera Squadron tells the story of Airmen and mission partners conducting critical space and cyber missions during the month of September.
… Throughout the mission, Olguin and his team will post coverage on the official Air Force Space Command website: www.afspc.af.mil and on the Air Force Space Command Facebook site: www.facebook.com/AirForceSpaceCommand. The team will also highlight activities and Airmen on the command Twitter account: afspace. Audiences can follow Twitter coverage under #30daysAFSPC.


Humor every week. How do they do it?
Some 4000 Starbucks employees have applied to Arizona State University. Bonus points if, as a university president, you can make shitty comments about baristas and English majors. [Easy come]
About 25% of the student population at Kentucky State University, a HBCU, are being kicked out for failing to pay their fees. [Easy go]
Colleges have licensed their logos to Jell-O for shot molds and to Franklin for peer pong balls.
… “A 23-year-old teacher at a Cambridge, Maryland, middle school has been placed on leave and—in the words of a local news report—’taken in for an emergency medical evaluation’ for publishing, under a pseudonym, a novel about a school shooting.” Via The Atlantic.


A regular feature. (I select a few)
Free iPhone Apps
Summary Pro ($1.99, now free)
Unstoppable Gorg ($4.99, now free)
Assassin’s Creed Pirates ($4.99, now free)

Friday, September 05, 2014

“We're your government and we are hip to all that computer security jive!” (I feel a Forrest Gump quote coming on...)
Obamacare Website Hacked as U.S. Says Data Wasn’t Taken
The HealthCare.gov website that had an error-plagued debut last year was hacked in July, although no personal data appear to have been taken, according to the U.S. Centers for Medicare and Medicaid Services.
The attack, discovered Aug. 25 and disclosed yesterday, marks the first known intrusion into the federally run website.
… “Our review indicates that the server did not contain consumer personal information,” Aaron Albright, an agency spokesman, said yesterday in an e-mailed statement. “We have taken measures to further strengthen security.” [Translation: “We didn't implement all the security we should have... Bob]
… The July attack exploited a test server used to support the website and was never intended to be connected to the Internet, Albright said. The server was protected with only a default password.
“Shame on the U.S. government for allowing this to happen,” Jon Clay, a security manager with the network security company Trend Micro Inc., said in a phone interview. “We paid how many millions to put this thing up and a default password was used on a server?”

(Related) I doubt that China is the only country where criminal activity is growing.
China's Cybercrime Marketplace Boomed in 2013: Trend Micro
By all indications in the report, China's cyber crime market was bustling in 2013. Between March 2012 and December 2013, Trend Micro monitored nearly 500 chat groups communicating via the QQ instant messaging service.
By the end of 2013, the firm had obtained 1.4 million publicly available messages from the groups it was monitoring. According to the report, the number of messages in the groups doubled in the last 10 months of 2013 compared to the same period in 2012 - a sign of serious growth in cybercrime activity.
"Based on the ID of the senders, we also believe that the number of participants has also doubled in the same period," blogged Lion Gu, a senior threat researcher at Trend Micro.
"In sum, the Chinese underground market players are keeping pace with the developments in the security landscape," the report states. "They no longer just peddle malicious wares to attack PC users but also to attack the rapidly growing mobile device market. This should serve as another reminder to all [computers] or any Internet-connected device to always be security-aware to live a threat-free digital life."
The report can be read here.


Perspective. My Disaster Recovery class will have to consider a scenario where the Broncos are playing in the SuperDuperBowl and terrorist are starting to flood Denver cellphone towers at the same time. What might they be planning to do next?
City of Seattle asks people to stop streaming videos, posting photos because of football
… Jeff Reading, a communications director for Mayor Ed Murray, told MyNorthwest.com that the city wants people to limit their “non-essential mobile conversation” so that cell networks can stay unclogged in case of emergencies.
… The fact that one too many Snapchat videos may delay emergency response tonight in Seattle is quite frankly a little ridiculous — and extremely concerning.
This also brings up an interesting dilemma — is it reasonable for City to ask its citizens to restrict social media use solely based on the fact that private networks can’t handle the amount of bandwidth being used during an event like tonight’s game?
… This isn’t the first time that city officials have asked people to ease off on their personal technology use. During the Seahawks Super Bowl parade in February, the Seattle Emergency Operations Center sent an alert that asked people to wean off cell phone use to keep 911 lines open. Then at the Torchlight Parade in July, Seattle Police asked citizens to text friends and family instead of calling.


Inevitable I suppose.
Rebecca Rose writes:
A gallery in Florida is planning to stage an exhibit featuring nude images stolen from women including Scarlett Johansson and Jennifer Lawrence.
Oh, you thought that horrible charity drive was the worst, most misguided decision to come out of the celeb photo leak? Nope, not by a long shot. An artist who goes by the name XVALA, which stands for “Someone who is clearly mad at himself for not getting cast on Work of Art” is planning to put the images on display at a gallery in St. Petersburg, Florida.
Read more on Jezebel.
Apart from incredibly poor taste, how is this not copyright infringement and/or appropriation of name or likeness? Are lawyers lining up to go after XVALA and the art gallery? I hope so.


Perspective.
Breaking Down the Freelance Economy
The American workforce is now 34% freelancer, according to a new study commissioned by the Freelancers Union and the recently-merged Elance-oDesk. Well, sort of: 14.3 million of the 53 million freelancers counted in the survey are “moonlighters” (people with full-time jobs doing independent work in their spare time). Another 5.5 million are temp workers.


“We've already tested the video equipment in Afghanistan, so let's be politically correct rather than run a comprehensive test.” It is a test, right?
Army now says it won’t put cameras on surveillance aircraft in Maryland
Military surveillance aircraft slated to be set aloft over suburban Baltimore this year were originally designed to carry video cameras capable of distinguishing between humans and wheeled vehicles from a distance of at least five kilometers, according to documents the Army has newly released to a privacy group.


Good.
Matt Cooper reports:
A judge improperly tried to rip the cloak of anonymity from a blogger who lambasted a software maker online, the Texas Supreme Court ruled.
The dispute stems from an online attack that a blogger calling himself “the Trooper” launched against Reynolds & Reynolds Co., a developer of automotive-dealership software.
Read more on Courthouse News.


My students might find this useful. (Windows, Mac, Linux)
– is your own personal wiki, where you can store everything from quick notes, to detailed checklists for work, to the outline for that next bestseller novel. With Scribbleton, you can easily create clickable links between words, phrases, and pages, allowing you to quickly locate cross-reference information. Your Scribbleton wiki files live on your local machine. Nothing is sent to any outside servers.

Thursday, September 04, 2014


“I double dog dare you to do anything about it!” Vladimir Putin. Russia sends in the army and we send politicians to play golf and talk about it?
NATO chief, at summit, says Russia attacking Ukraine
NATO's top official accused Moscow outright on Thursday of attacking Ukraine as allied leaders gathered for a summit to buttress support for Kiev and bolster defenses against a Russia they now see as hostile for the first time since the Cold War.
U.S. President Barack Obama and his 27 allies meeting at a golf resort in Wales will also discuss how to tackle the Islamic State straddling parts of Iraq and Syria, which has emerged as a new threat on the alliance's southern flank, and how to stabilize Afghanistan when NATO forces leave at year's end.


How big is this breach? Stay tuned.
Brian Krebs reports:
New data gathered from the cybercrime underground suggests that the apparent credit and debit card breach at Home Depot involves nearly all of the company’s stores across the nation.
Read more on KrebsOnSecurity.com.


Apparently my (mostly male) Ethical Hackers are carefully studying these photos too.
Analysis Of Kate Upton Photos Shows Hackers May Have A Backup Of Her Entire iPhone
It just got even worse for the 101 celebrities whose naked photos were hacked from their iCloud accounts: An analysis of the metadata on Kate Upton's photos showed that her account was hacked using a piece of software intended for law-enforcement agencies that downloads an entire backup copy of all the files on a target's iPhone.
The software is called EPPB, or Elcomsoft Phone Password Breaker. [Available to anyone at http://www.elcomsoft.com/eppb.html Bob] It is intended for police departments and government agencies that want to "rip" entire copies of iPhones for evidence. We first saw the story on 9to5Mac, but the full account is on Wired. Here's the key section:
If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages.

(Related) Just in case...
How To Delete Your Own Nude Photos From Apple's iCloud: A Step-By-Step Guide


For my Computer Security students.
Hack Your API First – learn how to identify vulnerabilities in today’s internet connected devices with Pluralsight
A few years ago I was taking a look at the inner workings of some mobile apps on my phone. I wanted to see what sort of data they were sending around and as it turned out, some of it was just not the sort of data that should ever be traversing the interwebs in the way it was. In particular, the Westfield iPhone app to find your car caught my eye. A matter of minutes later I had thousands of numberplates for the vehicles in the shopping centre simply by watching how this app talked over the internet:

(Related) Things for your Internet. (Is this really the best we can do?)
5 Smart Home Appliances You Should Be Buying


Just knowing you communicated with a doctor tells me a lot.
Nadia Kayyali writes:
Turns out, the DEA and FBI may know what medical conditions you have, whether you are having an affair, where you were last night, and more—all without any knowing that you have ever broken a law.
That’s because the DEA and FBI, as part of over 1000 analysts at 23 U.S. intelligence agencies, have the ability to peer over the NSA’s shoulder and see much of the NSA’s metadata with ICREACH. Metadata is transactional data about communications, such as numbers dialed, email addresses sent to, and duration of phone calls, and it can be incredibly revealing. ICREACH, exposed by a release of Snowden documents in The Intercept, is a system that enables sharing of metadata by “provid[ing] analysts with the ability to perform a one-stop search of information from a wide variety of separate databases.” It’s the latest in a string of documents that demonstrate how little the intelligence community distinguishes between counter-terrorism and ordinary crime—and just how close to home surveillance may really be.
Read more on EFF.


Perspective.
NFL exec: 70% of fans use a second screen while watching football
… Twitter CEO Dick Costolo … noted how the NFL is “hugely important” for Twitter. “You can literally see the spikes in tweet traffic that are perfectly coordinated with interesting moments in the game,” he said.
… Much of Wednesday’s event focused on NFL Now, a new app from the league that is largely a video hub for all things NFL. Available as a free or paid app, NFL Now features instant highlights, behind-the-scenes content, historic NFL Films footage, and much more.
… Whether it’s NFL Now, the use of Microsoft Surface tablets on the sidelines, or RFID tags that will be embedded in player shoulder pads this season, it’s clear that the NFL trying to keep up with the times.


Perspective. Portables are getting cheap.
A Windows 8.1 Tablet For Just $119
If you desperately want a Windows 8.1 tablet but cannot afford the pricey Surface Pro 3, then the Encore Mini from Toshiba may fulfil your needs. This is a 7-inch Windows 8.1 tablet priced at just $119. A price which buys you a quad-core Intel Atom CPU, 1GB of RAM, and 16GB of storage.
The Toshiba Encore Mini is set to start shipping on Sept. 17, and we can see these things flying off the shelves. Windows 8.1 may suck as a desktop operating system but it’s surprisingly good on tablets.

(Related) But this one is even cheaper!
Ikea Mocks Apple With BookBook Commercial
And finally, Ikea has mercilessly mocked Apple and its hyperbolic, hipsterish style of ads with a video introducing the 2015 catalog. This isn’t a book, it’s a bookbook. With eternal battery life, and no need for any cables, this is a mesmerizing product. Just don’t try playing Angry Birds on it, or you’ll be bitterly disappointed.


For my Data Analytics students. If at first you don't succeed...
Learn from Your Analytics Failures
By far, the safest prediction about the business future of predictive analytics is that more thought and effort will go into prediction than analytics. That’s bad news and worse management. Grasping the analytic “hows” and “whys” matters more than the promise of prediction.
In the good old days, of course, predictions were called forecasts and stodgy statisticians would torture their time series and/or molest multivariate analyses to get them. Today, brave new data scientists discipline k-means clusters and random graphs to proffer their predictions. Did I mention they have petabytes more data to play with and process?


For my website students?
Lifetime Membership To OSTraining For $79, Be An Expert Web Developer
… If you’re ever thinking of becoming a web developer (or if you already are), this is an essential skill. It’s really not that difficult to learn, especially with the right guidance. OSTraining provides just that, and lifetime access to their entire library of 1,800 tutorials is currently available at a whopping 96% discount.


Something for my upcoming spreadsheet class.
Turn a Set of Spreadsheet Cells Into Easy to Read Documents
Save As Doc is a free Google Spreadsheets Add-on that enables you to select a series of adjacent cells and turn them into an easy to read Google Document. The Save As Doc Add-on takes just a minute to install. Once installed select the Add-on from your "Add-on's" drop-down menu and click "start." After clicking "start" you can choose a set of cells or all cells to be converted into a Google Document. The document will appear in your Google Drive dashboard (it might take a minute or two to appear if you have selected a large set of cells) where you can then view it, edit it, or download it as a PDF.

Wednesday, September 03, 2014

Here we go again?
Home Depot Investigating Potentially Massive Credit Card Breach
… Home Depot has confirmed that it’s investigating some “unusual activity” with regards to its customer data, and the consistently spot-on Brian Krebs is saying that it’s a credit card breach. According to Krebs, two “massive” batches of cards appeared on a credit card number seller site early this morning.
It’s unclear just how long the breach was in play — but Kreb’s early analysis of the credit card data suggests that its tentacles reached into the majority of Home Depot’s 2,200 stores, possibly going as far back April of this year...


Mandating surveillance? Of course this does nothing to prevent crime, but might make catching the criminals a bit easier.
If you have a business in Gary, Indiana that’s open during the hours of 10 pm and 6 am, you must have outside surveillance cameras – whether you want to or not. Rob Earnshaw reports:
Businesses in the city operating between the hours of 10 p.m. and 6 a.m. will be required to have three high-resolution surveillance cameras recording public access areas following passage Tuesday of an ordinance by the City Council.
Businesses have a three-month grace period until the ordinance is enforced and failure to comply after that could result in fines up to $2,500 and revocation of its business license.
Read more on NWI.
[From the article:
Gary Police Cmdr. Kerry Rice said Police Department reports show that in 2013 more than 60 percent of reported crimes and 80 percent of shootings at gas stations and convenience stores in Gary occurred between the late evening to early morning hours.
… According to the ordinance the cameras must produce reproducible digital color images from a digital video recorder that is approved by the Police Department. Businesses must also post a conspicuous sign stating that the property is under camera surveillance. Each camera must display a date and time stamp on each image and produce retrievable images suitable for permanent police records.
The camera system must also be able to store and retrieve 30 days of recorded material.


Let's make a law... (I skipped a lot of this post that would probably be of interest to lawyers)
The Australian Law Reform Commission’s Final Report, Serious Invasions of Privacy in the Digital Era (Report 123, 2014) was tabled in Parliament today and is now publicly available.
The Terms of Reference for this Inquiry, required the ALRC to design a tort to deal with serious invasions of privacy in the digital era. In this Report, the ALRC provides the detailed legal design of such a tort located in a new Commonwealth Act and makes sixteen other recommendations that would strengthen people’s privacy in the digital environment.
… The Report and a Summary Report is available to freely download or purchase in hard copy from the ALRC website. The Report is also freely available as an ebook.


It's the (marketing) principle of the thing!
Microsoft Defies Judge, Refuses To Hand Over Customer Emails
Microsoft looks set to be found in contempt of court after defying an order from a US judge that it should hand over data stored in Ireland.
Judge Loretta Preska, chief of the US District Court in Manhattan, has lifted a stay on her previous order that Microsoft must give email messages held in an Irish data center to US prosecutors investigating a criminal case.
However, Microsoft is refusing to comply. While the judge has concluded that the order itself isn’t appealable, a refusal to play ball by Microsoft could force her to find the company in contempt. Microsoft could then appeal against that finding to continue arguing its case.
… The disagreement hinges on whether the servers on which the data is kept are subject to US jurisdiction. In July, the judge ruled that Microsoft must hand over the emails because, while they were stored overseas, they were under the control of a US company.
… Alternatively, we may start to see more of a move towards the encryption of all customer data. If Microsoft and other cloud providers didn’t have access to the encryption keys, the data couldn’t be deemed to be under their control – and they couldn’t hand it over.


It's an argument, not a solution.
Chris Hoofnagle writes:
A revolution is afoot in privacy regulation. In an assortment of white papers and articles, business leaders—including Microsoft—and scholars argue that instead of regulating privacy through limiting the collection of data, we should focus on how the information is used. It’s called “use regulation,” and this seemingly obscure issue has tremendous implications for civil liberties and our society. Ultimately, it can help determine how much power companies and governments have.
Read more on Slate.
[From the article:
Use regulations offer no real protection, because businesses themselves get to choose what uses are appropriate. Worse yet, companies misusing data will have a huge legal loophole—the First Amendment. Companies have long argued that privacy rules are a form of censorship, and thus limits on use will be an abridgement of their free expression rights. The only workable situation for this problem is to require companies to contractually waive their First Amendment rights with respect to personal data.


For my Statistics students.
A Predictive Analytics Primer
No one has the ability to capture and analyze data from the future. However, there is a way to predict the future using data from the past. It’s called predictive analytics, and organizations do it every day.
Has your company, for example, developed a customer lifetime value (CLTV) measure? That’s using predictive analytics to determine how much a customer will buy from the company over time. Do you have a “next best offer” or product recommendation capability? That’s an analytical prediction of the product or service that your customer is most likely to buy next. Have you made a forecast of next quarter’s sales? Used digital marketing models to determine what ad to place on what publisher’s site? All of these are forms of predictive analytics.
… Lack of good data is the most common barrier to organizations seeking to employ predictive analytics.
Regression analysis in its various forms is the primary tool that organizations use for predictive analytics.

(Related) For law school students? Interesting question?
Should Lawyers Be Big Data Cops?
Many police departments are using big data analytics to predict where crime is likely to take place and prevent it. Should lawyers do the same to predict and stop illegal, non-criminal activities? This is not the job of police, but should it be the job of lawyers? We already have the technology to do this, but should we? Should lawyers be big data cops? Does anyone even want that?
… The necessary software and search skills already exist to do this. Lawyers with big data skills can already detect and prevent breach of contract, torts, and statutory violations, if they have access to the data. It is already possible for skilled lawyers to detect and stop these illegal activities before damages are caused, before disputes arise, before law suits are filed. Lawyers with artificial intelligence enhanced evidence search skills can already do this.
I have written about this several times before and even coined a word for this legal service. I call it “PreSuit.” It is a play off the term PreCrime from the Minority Report movie. I have built a website that provides an overview on how these services can be performed. Some lawyers have even begun rendering such services. But should they? Some lawyers, myself included, know how to use existing predictive coding software to mine data and make predictions as to where illegal activities are likely to take place. We know how to use this predictive technology to intervene to prevent such illegal activity. But should we?


For my programming students. Read this understand why you need a lawyer.
Open Source Software Licenses: Which Should You Use?

Tuesday, September 02, 2014

This will continue in the news until everyone has copies of the pictures.
Apple Patches Vulnerability Possibly Linked to Celebrity Picture Leaks
Apple has patched a flaw that may be linked to the leak of salacious celebrity photos on the Web.
The flaw existed in the 'Find My iPhone' service. In order to use it, hackers would need to know the username of the account they are targeting. The vulnerability allowed attackers to guess passwords repeatedly without being locked out and without notifying the account owner. If the password was successfully guessed, the attacker could then access the iCloud account.
A tool for brute forcing the accounts was posted on GitHub.
"There have been claims that iCloud may be involved, but it’s tricky to confirm even if all of the celebrities affected use Apple devices," blogged security researcher Graham Cluley. "Many folks are blissfully unaware about iPhone photos being automatically sent to an Apple iCloud internet server after it is taken.
The tool posted to GitHub was developed by HackApp, which also posted slides and a presentation about iCloud security online. [Just like someone was teaching Ethical Hacking... Bob]


Completely unrelated to the article above, but you have to consider how secure your lawyer's data will be in the cloud.
New on LLRX – How to choose Web-based legal software
by Sabrina I. Pacifici on Sep 1, 2014
Via LLRX.com - How to choose Web-based legal software: More and more lawyers are moving to Web-based legal software because it’s convenient, provides 24/7 on-the-go-access to case-related information, and is affordable. Lawyer and legal tech expert Nicole Black says the good news is now that cloud computing is becoming more familiar and accepted, new platforms are being introduced into the legal marketplace at record speed. She explains how to make effective business choices when determining how and what cloud based applications to use.


For my Computer Security students and for my Ethical Hacker's “How to” guide. (Apparently, this reporter thinks Seoul is the capital of North Korea or perhaps he can't spell Pyongyang.)
North Korea's Cyber Warfare Capabilities Detailed in New Report
... the fact that the Web is strictly controlled by the regime means that independent hacker groups can't operate, so all cyber activity originating in the country can be assumed to be sponsored by the government. North Korea is well aware that any cyber activity traced back to its territory is automatically associated with the government so many attacks sponsored by the regime are launched from cells in China, the United States, South Asia, Europe and even South Korea.
"While North Korea’s cyber warfare capabilities pale in comparison to those of wealthier nations, the regime has made significant progress in developing its infrastructure and in establishing cyber operations. The rate of this progress warrants a closer look at North Korea’s motivations, TTPs, and capabilities," HP said.
The complete report on North Korea's cyber threat landscape is available online.


Not a very strong argument.
The Brattleboro Reformer posted this editorial that appeared in The Kennebec Journal of Augusta (Maine) on Aug. 28:
If the federal government can’t get states to sign on to the Real ID law, it has only itself to blame.
All the darkest nightmares of privacy advocates who warned in the early 2000s of an Orwellian state in which everyone is under surveillance all the time have turned out to be true.
Read more on Brattleboro Reformer.


Apparently, there is money to be made in the “privacy lawsuit bidness”
Catherine Baksi writes:
The number of privacy cases fought in UK courts has doubled in the last five years, amid an explosion in the amount of personal data held and shared by government agencies, and retained by businesses.
In the year to 31 May 2014, there were 56 cases in the High Court, up from 28 five years ago, according to figures from legal information provider Thomson Reuters.
[...]
Thomson Reuters said a high proportion of the cases this year involve claims against public institutions, particularly the police. These have included stop and search complaints.
 
In one high-profile example of the police’s invasion of privacy, it was revealed that undercover police officers secretly gathered intelligence over two decades on Doreen Laurence and 18 families fighting to get justice from the police over deaths in custody and other matters.
Read more on Law Society Gazette.

(Related)
Meanwhile, Canada is also seeing a rise in privacy cases, as Arshy Mann reports:
With the certification of Evans v. The Bank of Nova Scotia, the newly introduced tort of intrusion upon seclusion has become another weapon in the arsenal for the class action plaintiffs’ bar.
But while Evans has gotten the lion’s share of attention, other developments in privacy law are also portending an increase in privacy class actions. The tort of intrusion upon seclusion emerged in Ontario in Jones v. Tsige, a 2012 case involving a bank employee who accessed a colleague’s personal information for her own purposes.
Read more on Law Times.


“DARPA's like a box of chocolates. You never know what you're gonna get.” F. Gump
DARPA Open Catalog
by Sabrina I. Pacifici on Sep 1, 2014
“Welcome to the DARPA Open Catalog, which contains a curated list of DARPA-sponsored software and peer-reviewed publications. DARPA sponsors fundamental and applied research in a variety of areas including data science, cyber, anomaly detection, etc., that may lead to experimental results and reusable technology designed to benefit multiple government domains. The DARPA Open Catalog organizes publicly releasable material from DARPA programs. DARPA has an open strategy to help increase the impact of government investments. DARPA is interested in building communities around government-funded research. DARPA plans to continue to make available information generated by DARPA programs, including software, publications, data, and experimental results. The table on this page lists the programs currently participating in the catalog.”

Monday, September 01, 2014


Hot news du-jour. "Any Publicity is good publicity" "I don't care what they say about me as long as they spell my name right." "There is only one thing worse than being talked about and that is NOT being talked about." There is a really, really, really simple way to avoid this in future...
Darren Pauli reports:
Naked photos of US celebrities including Jennifer Lawrence, Kate Upton and Ariana Grande have been published online by an anonymous hacker who reportedly obtained the explicit pics from the victims’ Apple iCloud accounts.
Nude photos of 17 celebrities have been published online. The anonymous hacker posting on grime-’n-gore board 4Chan claimed to have naked pics on more than 100 celebrities in total.
Lawrence’s publicist Bryna Rifkin confirmed the validity of the photos [Why? Bob] and condemned their publication.
“This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence,” Rifkin told Buzzfeed.
Read more on The Register.


Yeah, it's that easy.
Adam Greenberg reports:
Though unnamed in a breach notification and follow-up reports, a professor of ethical hacking at City College San Francisco (CCSF), Sam Bowne, has come forward on the internet to clarify that he did not demonstrate hacking a medical center’s server in a class, but rather came across sensitive information during a Google search.
In a Thursday post, Bowne said he performed the search and connected to an open FTP server full of medical information that ended up being from E.A. Conway Medical Center, a part of the University Health System. He explained that he was not teaching a class at the time and did not demonstrate it to anyone, as was indicated in a SCMagazine.com Data Breach Blog post and other published reports.
Read more on SC Magazine.

(Related) I won't say this makes a great target for my Ethical Hackers. I won't say it.
FBI Digitizes Millions of Files
by Sabrina I. Pacifici on Aug 31, 2014
“The digital conversion of more than 30 million records—and as many as 83 million fingerprint cards—comes as the FBI fully activates its Next Generation Identification (NGI) system, a state-of-the-art digital platform of biometric and other types of identity information. The system, which is incrementally replacing the Bureau’s Integrated Automated Fingerprint Identification System, or IAFIS, will better serve our most prolific customers—law enforcement agencies checking criminal histories and fingerprints, veterans, government employees, and the FBI’s own Laboratory. The conversion from manual to digital systems began more than two decades ago, when paper files outgrew the space at FBI Headquarters in Washington, D.C. They were shipped to West Virginia, where the FBI built a campus in Clarksburg in 1992 for its Criminal Justice Information Services (CJIS) Division and leased warehouse space in nearby Fairmont for the burgeoning files. In 2010, CJIS broke ground on a new Biometric Technology Center and redoubled its efforts to digitize all the files. The most recent push—digitization of 8.8 million files in two years—not only added more data points to the NGI program, but also eliminated the need to move scores of cabinets full of paper into the new technology center.”


No big deal, other than as a “thought experiment.” What would happen if someone did this in the US?
Rob O’Neill reports that the hacking of blogger Cameron Slater’s Whale Oil email account, and the exposure of those emails (and other materials apparently not from his email account) in a book and to the media is disrupting national elections in New Zealand:
New Zealand cabinet minister Judith Collins resigned yesterday in what appears to be a direct response to the hacking of a controversial blogger’s email.
The resignation is a blow to the ruling National Party which, while well ahead in the polls, has seen its campign plan torn apart by a series of unexpected and unwelcome disclosures.
[...]
Ironically, the email that forced Collins to resign does not appear to have been part of that cache. It was received some time last week by the Prime Minister’s office from a source the office agreed to keep confidential.
Prime Minister John Key released the email when announcing Collins’ resignation yesterday, attracting one of a flurry of complaints to the Privacy Commissioner following the hacking, Whale Oil complained that in releasing it, Key himself breached New Zealand’s privacy laws.
Read more on ZDNet.


It's California, it doesn't have to make sense.
Shawn Tuma writes:
Yes, in California it just happened!
The fact that this happened in California should be of no comfort to Texas businesses, however, because the Texas Anti-SLAPP law comes from California and, therefore, California jurisprudence is considered persuasive authority in Texas. This means that in the not so distant future Texas employees could steal their employers’ data and then SLAPP them for it as well. Many other states have anti-SLAPP laws that are derivative of California’s as well.
Let’s look at a case study to demonstrate what I’m talking about.
Case Study:
Emanuel Medical Center, Inc. v. Dominique, 2014 WL 4239346 (Cal. App. Aug. 27, 2014)
Read more on ShawnETuma.com


Perspective.
3 things to know about the biggest IPO in a long time
… Analysts say Alibaba could be worth as much as $200 billion. That's roughly twice the market cap of Amazon and Ebay combined; or four times more than Lockheed Martin, the world's largest defense firm.
With those numbers, it's perhaps no surprise that the Chinese company's market debut might raise even more than Facebook's $16 billion IPO in May 2012.


Yet another tool for my student gamers.
New social media sensation Twitch creating ‘rock star gamers’
… Twitch is the Fox Sports of video games – letting users log on to watch the best players across thousands of titles or conquering the computer to set high scores.
Despite being relatively unknown to non “gamers”, it has more than 55 million users who watch more than a million gamers broadcast each month.
… Twitch is now the internet’s fourth biggest source of traffic during peak hours behind Netflix, Google and Apple.
… Some of Twitch’s most successful streamers make six figure salaries and have more than half a million followers.

Sunday, August 31, 2014


You have got to be kidding. Where in government are you going to find a division of sarcastic people? Dim-witted, certainly. Opinionated, without doubt.
US Cyber-Warriors Battling Islamic State on Twitter
The United States has launched a social media offensive against the Islamic State and Al-Qaeda, setting out to win the war of ideas by ridiculing the militants with a mixture of blunt language and sarcasm.
For the past 18 months, US officials have targeted dozens of social network accounts linked to Islamic radicals, posting comments, photos and videos and often engaging in tit-fot-tat exchanges with those which challenge America. At the US State Department, employees at the Center for Strategic Counterterrorism Communications (CSCC), created in 2011, manage an Arabic-language Twitter account set up in 2012, an English-language equivalent and a Facebook page, launched this week. [Just learned about that Facebook thing, huh? Bob]..


Was the idea to deploy blimps everywhere or just to protect congress? Who was it again that had cruise missiles targeting Washington?
EPIC FOIA Case – Army Blimps over Washington Loaded with Surveillance Gear, Cost $1.6 Billion
by Sabrina I. Pacifici on Aug 30, 2014
EPIC has received substantial new information about the surveillance blimps, now deployed over Washington, DC. The documents were released to EPIC in a Freedom of Information Act lawsuit against the Department of the Army. The documents also reveal that the Army paid Raytheon $1.6 billion. EPIC will receive more documents about the controversial program In October. For more information, see EPIC: EPIC v. Army – Surveillance Blimps and EPIC: Freedom of Information Act Litigation.”


A generic Opt-Out form? Will that work? (Or is it merely an, “If you do this, we will sue” notice?)
Merrill Hope reports:
Breitbart Texas has learned that a new “Student Privacy Protection Request Form” has been released by the Thomas More Law Center (TMLC), a national non-profit public interest law firm based in Ann Arbor, Michigan.
The “data-mining” opt-out form was designed to protect students from Big Data’s chokehold on the classroom. It was crafted with the Common Core states in mind; however, it is relevant to non-Common Core states, like Texas, who are still tied to Fed Led Ed’s reporting and database systems.
Read more on Breitbart.


On one hand, this is “public data” since anyone can read and record license plates. On the other hand, somewhere in this vast collection of data might be something that a criminal could use to violate someone's privacy. So the data is both public and private?
Cyrus Farivar reports:
A Los Angeles Superior Court judge will not force local law enforcement to release a week’s worth of all captured automated license plate reader (ALPR, also known as LPR) data to two activist groups that had sued for the release of the information, according to a decision issued on Thursday.
Read more on Ars Technica.
[From the article:
The organizations had claimed that these agencies were required to disclose the data under the California Public Records Act. In late July 2012, the ACLU and its affiliates sent requests to local police departments and state agencies across 38 states to request information on how LPRs are used.
"The [LPR] data contains hot list comparisons, [Was that requested? Bob] the disclosure of which could greatly harm a criminal investigation," Superior Court Judge James Chalfant wrote in his 18-page decision. "It also would reveal patrol patterns [Or we could follow the cars Bob] which could compromise ongoing investigations, and even fixed point data could undermine investigations. Disclosure could also be used by a criminal to find and harm a third party. [Based on where their car was two years ago? Bob] Balanced against these harms is the interest in ascertaining law enforcement abuse of the ALPR system and a general understanding of the picture law enforcement receives of an individual from the system, unsupported by any evidence as to how well the ALPR data will show this information. The balancing works in favor of non-disclosure."


We can because we say we can.
From Public Intelligence:
The following report on the FBI’s use of national security letters (NSL) from 2007-2009 was released in August by the Department of Justice.
A Review of the Federal Bureau of Investigation’s Use of National Security Letters: Assessment of Progress in Implementing Recommendations and Examination of Use in 2007 through 2009
  • 232 pages
  • August 2014


Perspective. Worth reading.
Predictive First: How A New Era Of Apps Will Change The Game
Over the past several decades, enterprise technology has consistently followed a trail that’s been blazed by top consumer tech brands. This has certainly been true of delivery models – first there were software CDs, then the cloud, and now all kinds of mobile apps. In tandem with this shift, the way we build applications has changed and we’re increasingly learning the benefits of taking a mobile-first approach to software development.
Case in point: Facebook, which of course began as a desktop app, struggled to keep up with emerging mobile-first experiences like Instagram and WhatsApp, and ended up acquiring them for billions of dollars to play catch up.
The Predictive-First Revolution
Recent events like the acquisition of RelateIQ by Salesforce demonstrate that we’re at the beginning of another shift toward a new age of predictive-first applications. The value of data science and predictive analytics has been proven again and again in the consumer landscape by products like Siri, Waze and Pandora.
Big consumer brands are going even deeper, investing in artificial intelligence (AI) models such as “deep learning.” Earlier this year, Google spent $400 million to snap up AI company DeepMind, and just a few weeks ago, Twitter bought another sophisticated machine-learning startup called MadBits. Even Microsoft is jumping on the bandwagon, with claims that its “Project Adam” network is faster than the leading AI system, Google Brain, and that its Cortana virtual personal assistant is smarter than Apple’s Siri.


Free is good!
Millions of historic images posted to Flickr
An American academic is creating a searchable database of 12 million historic copyright-free images.
Kalev Leetaru has already uploaded 2.6 million pictures to Flickr, which are searchable thanks to tags that have been automatically added.
The photos and drawings are sourced from more than 600 million library book pages scanned in by the Internet Archive organisation.
… To achieve his goal, Mr Leetaru wrote his own software to work around the way the books had originally been digitised.
The Internet Archive had used an optical character recognition (OCR) program to analyse each of its 600 million scanned pages in order to convert the image of each word into searchable text.
As part of the process, the software recognised which parts of a page were pictures in order to discard them.
Mr Leetaru's code used this information to go back to the original scans, extract the regions the OCR program had ignored, and then save each one as a separate file in the Jpeg picture format.
… He added that he also planned to offer his code to others.
"Any library could repeat this process," he explained.
"That's actually my hope, that libraries around the world run this same process of their digitised books to constantly expand this universe of images."


All I need is a cup of coffee!