For my Computer Security students. Most companies warn their
employees about unsolicited links and emails. This is just one
version of the bad things that could happen.
Researchers
have found a way to trick Android users into executing potentially
malicious applications by hiding them inside innocent-looking image
files.
Axelle
Apvrille,
mobile/IoT malware analyst and researcher at Fortinet, and Ange
Albertini,
reverse engineer and author of Corkami.com, have created an
application that can be used to encrypt an APK to make it look like a
PNG image file.
In
a real attack leveraging this method, the attacker sends an
application containing an image to the potential victim. When
the app is launched, the victim only sees the harmless-looking image.
In the background however, a malicious payload is installed onto the
victim's Android device.
The
encryption is done with AngeCryption,
an application developed by the researchers
The FBI would settle for a wide open front door. (Bad advice makes
you seem silly.)
Thursday,
FBI Director James Comey delivered
a talk at the Brookings Institution, titled “Going Dark: Are
Technology, Privacy, and Public Safety on a Collision Course?” His
thesis did not stray too far from his
(and
others’)
recent calls for limitations on software from companies like Google
and Apple that employs strong cryptography that even the companies
themselves cannot break, even if law enforcement agencies produce a
warrant for the encrypted data. These calls by law enforcement for
companies to provide “back doors” to encryption and other
security systems, through which companies could “unlock” the data
by using, as one editorial board unfortunately put it, a “secure
golden key they would retain and use only when a court has approved a
search warrant.”
The
problem with the “golden key” approach is that it just doesn’t
work. While a golden key that unlocks data only for legally
authorized surveillance might sound like an ideal solution (assuming
you trust the government not to abuse it), we don’t actually know
how to provide this functionality in practice. Security engineers,
cryptographers, and computer scientists are in almost universal
agreement that any technology that provides a government back door
also carries a significant risk of weakening security in unexpected
ways. In other words, a back door for the government can easily –
and quietly – become a back door for criminals and foreign
intelligence services.
(Related)
A more “to the point” headline! (Links to other contradictory
articles.)
“...and now for something completely different.” Monte Python
Safeguarding
the Personal Information of all People – ODNI
Office
of the Director of National Intelligence (ODNI) – Safeguarding
the Personal Information of all People, July
2014.
“As
the President said in
his speech on January 17, 2014, “the challenges posed by
threats like terrorism, proliferation, and cyber-attacks are not
going away any time soon, and for our intelligence community to be
effective over the long haul, we must maintain the trust of the
American people, and people around the world.” As a part of that
effort, the President made clear that the United States is committed
to protecting the personal information of all people regardless of
nationality. This commitment is reflected in the directions the
President gave to the Intelligence Community on that same day, when
he issued Presidential
Policy Directive/PPD-28, Signals Intelligence
Activities. New
Standards for Safeguarding Privacy: PPD-28 reinforces
current practices, establishes new principles, and strengthens
oversight, to ensure that in conducting signals intelligence
activities, the United States takes into account not only the
security needs of our nation and our allies, but also the privacy of
people around the world. The Intelligence Community already conducts
signals intelligence activities in a carefully controlled manner,
pursuant to the law and subject to layers of oversight, focusing on
important foreign intelligence and national security priorities. But
as the President recognized, “[o]ur efforts will only be effective
if ordinary citizens in other countries have confidence that the
United States respects their privacy too.” To that end, the
Intelligence Community has been working hard to implement PPD-28
within the framework of existing processes, resources, and
capabilities, while ensuring that mission needs continue to be met.
In particular, PPD-28 directs intelligence agencies to review and
update their policies and processes – and establish new ones as
appropriate – to safeguard personal information collected through
signals intelligence, regardless of nationality and consistent with
our technical capabilities and operational needs.”
In order to be “fair,” shouldn't your opponents also receive an
indication that you are fatigued?
Pablo
S. Torre and Tom Haberstroh report:
… The boom officially began during work hours. Before last season,
all 30 arenas installed sets of six military-grade
[??? Bob]
cameras, built by a firm called SportVU, to record the x- and
y-coordinates of every person on the court at a rate of 25 times a
second — a technology originally developed for missile defense in
Israel. This past spring, SportVU partnered with Catapult, an
Australian company that produces wearable GPS trackers that can gauge
fatigue levels during physical activity. Catapult counts a baker’s
dozen of NBA clients, including the exhaustion-conscious Spurs, and
claims Mavericks owner Mark Cuban as both a customer and investor.
To front offices, the upside of such devices is rather obvious:
Players, like Formula One cars, are luxury machines that perform best
if vigilantly monitored, regulated and rested.
Read
more on ESPN.
In case you didn't know, when you book a flight the government must
okay issuance of a boarding pass.
From
Papers, Please!:
We talked at length with Watchdog
investigative reporter Dave Lieber for his column in today’s Dallas
Morning News: Travelers,
say bon voyage to privacy.
Lieber hits the nail on the head by calling out how few travelers
realize that the U.S. government is keeping a permanent file of
complete mirror copies of their reservations
Read
more on Papers,
Please!
Your
car is just another thing on the Internet of Things.
Dr.
Stefan Schuppert writes:
The Conference of the German Federal and State Data Protection
Authorities during its last meeting on 8 and 9 October adopted the
resolution “Data
Protection in the Car”. The resolution expresses a concern
about what it describes as privacy risks involved in the growing
collection and processing of personal data in cars, and the interests
of various actors (car manufacturers, service providers, insurance
companies, employers) in using those data.
The resolution outlines several obligations of car manufacturers,
dealers, repair shops, and providers of communication services.
Read
more on Hogan Lovells Chronicle
of Data Protection.
More
words or mere words?
Katherine
Gasztonyi writes:
At the International Conference of Data Protection and Privacy
Commissioners in Mauritius this week, representatives of the private
sector and academia joined together to discuss the positive changes
and attendant risks that the internet of things and big data may
bring to daily life. Attendees memorialized the observations and
conclusions of their discussions in a Declaration
on the Internet of Things and a Resolution
on Big Data. The documents are not, of course, binding. But,
the fact that the Declaration and Resolution drew the consensus of a
large gathering of international data protection regulators renders
them relevant indicators of direction of data privacy policies and
trends.
Read
more on Covington & Burling Inside
Privacy.
Now
this is interesting. We can drag the Copyright lawyers (no doubt
kicking and screaming) into the technical discussions about Big Data
and the Internet of Things. What if I seeded Denver with devices
that transmitted, “I am Bob's thing number 762. I am located at
39° 44' 21" N / 104° 59' 3" W Copyright © 2014 by Bob.
You owe me $0.02 for this information.”
Big
data and the “internet of things” — in which everyday objects
can send and receive data — promise revolutionary change to
management and society. But their success rests on an assumption:
that all the data being generated by internet companies and devices
scattered across the planet belongs to the organizations collecting
it. What if it doesn’t?
Alex
“Sandy” Pentland, the Toshiba Professor of Media Arts and
Sciences at MIT, suggests that companies don’t own the data, and
that without rules defining who does, consumers will revolt,
regulators will swoop down, and the internet of things will fail to
reach its potential. To avoid this, Pentland has proposed a set of
principles and practices to define the ownership of data and control
its flow. He calls it the New Deal on Data. It’s no less
ambitious than it sounds. In
the November issues of HBR, Pentland discusses how the New Deal
is being received and how it’s already working in a little town in
the Italian Alps.
Just
because Google can't point to an article does not mean the article
goes away.
BBC
to publish 'right to be forgotten' removals list
The BBC is to publish a continually updated list of its articles
removed from Google under the controversial "right to be
forgotten" rule.
The
ruling allows people to ask Google to remove some types of
information about them from its search index.
But
editorial policy head David Jordan told a public meeting, hosted by
Google, that the BBC felt some of its articles had been wrongly
hidden.
…
Google decided to notify affected websites each time a link had been
removed.
The
BBC will begin - in the "next few weeks" - publishing the
list of removed URLs it has been notified about by Google.
Eventually,
your phone will do everything for you and keep on doing it for months
(years?) after your death.
Google:
We'll make you smarter ... if you share your data
Google's
chairman says the search giant can create your ideal artificial
personal assistant. The catch? You need to give up more and more of
your personal information.
Tools
for personal security.
MasterCard's
New Credit Card Will Come With a Fingerprint Scanner
…
MasterCard is now teaming up with biometric tech company Zwipe to
prevent people from paying for items this way with stolen credit
cards. It's a way to prove that it's actually you using the card.
The
Zwipe MasterCard, which might
be offered only in the UK for now, comes with a built-in
fingerprint scanner that stores your thumbprint. When you put your
thumb on the scanner, the embedded chip unlocks and you'll be able to
tap the card to make purchases.
My
world is changing – Harvard tells me so.
…
Broadly speaking, competency-based education identifies explicit
learning outcomes when it comes to knowledge and the application of
that knowledge. They include measurable learning objectives that
empower students: this person can apply financial principles to solve
business problems; this person can write memos by evaluating
seemingly unrelated pieces of information; or this
person can create and explain big data results using data mining
skills and advanced modeling techniques.
…
The key distinction is the modularization of learning.
Nowhere else but in an online competency-based curriculum will you
find this novel and flexible architecture. By breaking free of the
constraints of the “course” as the educational unit, online
competency-based providers can easily and cost-effectively stack
together modules for various and emergent disciplines.
(Related)
A
New Initiative: The GA Credentialing Network
…
In partnership with a consortium of more than twenty companies,
including GE, PayPal, and Elance-oDesk, we are developing a series of
competency-based credentials for high-skilled positions in
technology, design, and business. Our first credential, for web
development skills, will be publicly available in early 2015. This
initial program —and those that follow—will be available to
job-seekers beyond the limits of the General Assembly student
community, and will be free
of charge for both job-seekers and employers.
For
my lucky spreadsheet students.
35
Years Ago Today, Spreadsheets Were Invented
On
this day in 1979, a computer program called VisiCalc first shipped
for the Apple II platform, marking the birth of the spreadsheet,
a now-ubiquitous tool used to compile everything from grocery lists
to Fortune 500 company accounts.
And
that’s why October 17th is Spreadsheet
Day, celebrated by fans of the form.
I've
been looking for a simple tutorial for my Math students.
How
to Calculate Using Japanese Abacus Part 1
Hard
to believe they are serious...
…
LAUSD
will not
release an inspector general’s report into the district’s
decision-making process that went into its massive purchase of iPads
and Pearson
curriculum. The school board voted 4–3 against releasing the
information to the public.
…
LAUSD Superintendent John
Deasy resigned
this week, on the heels of investigations into the district’s
iPad procurement process and failures
of its new student information system. Ray
Cortines has been
named
interim superintendent.
…
A group of Harvard Law
School professors
say
that the university’s new sexual assault policies “lack the most
basic elements of fairness and due process, are overwhelmingly
stacked against the accused, and are in no way required by Title IX
law or regulation.”
…
“The Public Sociology Association, made up of graduate students at
George Mason University, has published what adjunct
advocates are calling the most comprehensive study of one
institution’s adjunct faculty working conditions ever.” More on
the report via
Inside Higher Ed.
http://www.hackeducation.com/2014/10/17/hack-education-weekly-news-10-17-2014/