At
some point, someone needs to be the “Bad Example.”
Back
in 2013, I blogged about a breach
involving TerraCom and YourTel.
Their breach response was so poor that I devoted two
posts
to criticizing them. But as bad as the breach and their response
were, things got even worse when Scripps News kept investigating and
uncovered more
problems. It was no surprise, therefore, to learn that the
Indiana
Attorney General was investigating.
What
is a surprise, however, is an announcement today by FCC that they
intend to fine TerraCom and YourTel $10 million:
They
probably got my brother...
On
July 30, 2014, Delaware River and Bay Authority
(“the Authority”) was
notified [“Someone
had to tell us” Bob] of a possible security compromise
involving credit and debit card data stored on certain systems at the
Cape May-Lewes Ferry‘s terminals and vessels. An
investigation into this incident was immediately initiated and our
team, including third-party forensics experts, has been working
continuously to understand the nature and scope of the incident.
Although this investigation is ongoing, we have determined that the
security of card processing systems relating to food, beverage, and
retail sales at the Cape May – Lewes Ferry were compromised and
some data from certain credit and debit cards that were used from
September 20, 2013 to August 7, 2014 at Cape May – Lewes Ferry’s
terminals and vessels may be at risk.
…
“Despite any company’s
best efforts, intrusions can occur. [True
as stated. But that's like saying, “It's the best we can do.”
Not, “It's the best thing to do.” Bob] With the help
of professional experts, we want to understand the nature and scope
of this incident so we can learn from it.” The Authority is also
working with these experts to enhance the security of its credit and
debit card processing systems at the Cape May-Lewes Ferry’s
terminals and vessels. Gehrke emphasized that the food, beverage,
and retail locations at the Cape May – Lewes’s
terminals and vessels have been processing credit and debit card
transactions securely since August 8, 2014. [“We
have fixed our lousy security.” Bob] Gehrke also
stressed that only food, beverage, and retail sales locations were
affected by the security compromise. The Cape May – Lewes Ferry
reservation system, including on-line bookings and terminal
point-of-sale locations, utilized for the purchase of vehicle or
passenger tickets was not compromised.
…
An update on the Cape
May – Lewes Ferry web site states:
The credit and debit card data potentially at risk includes the card
number, the cardholder’s name and/or the card’s expiration date.
We have not determined that
any specific
cardholder’s credit or debit card data was stolen by the intruder.
[“We didn't
know we were breached, we have no idea what was taken...” Typocal.
Bob] We’re offering free identity protection services,
including credit monitoring, to any customer who has purchased food,
beverages or retail items at the Cape May – Lewes Ferry from
September 2013 through August 2014.
For
my Ethical Hackers. Halloween is coming. What do you think of a
nation-wide zombie alert? (They had to send this alert, right? If
an alert message comes in, what would tell them it is false?)
Bogus
federal agency emergency warnings irk AT&T U-verse subscribers
…
Red banners lined the television screens of viewers in the affected
areas, falsely alerting them an important message was inbound.
U-verse is AT&T's fiber optic service.
"A
Federal Emergency Management Agency (FEMA) investigation indicates
that a nationally syndicated radio show not affiliated with AT&T
accidentally sent a message over the National Emergency Alert
System," stated
an AT&T spokeswoman.
A
scam by any other name would still stink. I had worked out the rough
outlines of a Computer Leasing company once, but with the
proliferation of hand-held devices (phones, tablets, etc.) I kind of
lost interest. Perhaps it is time to re-visit this market?
http://www.pcadvisor.co.uk/news/tech-industry/3582576/court-shuts-down-alleged-pc-tech-support-scam/
Court
shuts down alleged PC tech support scam
A
court has shut down a New York tech support vendor after the U.S.
Federal Trade Commission accused the company of scamming computer
users into paying hundreds of dollars for services they did not need.
The
FTC's complaint against Pairsys, based in Albany, New York, also
alleged
that the company charged customers for software that was
otherwise available for free.
Pairsys
cold-called computer users in the U.S. and other countries, claiming
to be representatives of Microsoft or Facebook, and convinced them to
allow the company's workers to gain remote control over the
customers' PCs as a way to diagnose computer problems, the FTC said.
Pairsys
charged computer owners US$149 to $249 to fix nonexistent problems on
their PCs, the FTC alleged.
I
prefer Calibre, but the local library makes it easier to use Adobe DE
to download eBooks.
Adobe
Updates Digital Editions Following Privacy Controversy
In
response to accusations that it's spying
on users of the e-book reader application Adobe Digital Editions,
Adobe Systems has released a new version of the software that
addresses some
of the reported issues.
Earlier
this month, reports surfaced about Adobe collecting information from
Digital Editions 4.0 users, including the books they read and the
ones stored in their library. Researchers also noticed that all
the data was sent back to Adobe's servers without being encrypted.
“Adobe
Digital Editions allows users to view and manage eBooks and other
digital publications across their preferred reading devices—whether
they purchase or borrow them. All information collected from the
user is collected solely for purposes such as license validation and
to facilitate the implementation of different licensing models by
publishers," Adobe said at the time.
…
Adobe
maintains its position that the data collected by the e-book reader
software has been in line with the end user license agreement and the
company's privacy policy. However, the company wants to be more
explicit about its practices so it has added a dedicated
page to the Adobe Privacy Policy where it details the collection
and use of data.
…
On
the other hand, many experts and users say there still are some
questions related to Adobe's data collection practices that remain
unanswered.
For
my Ethical Hackers. Half for you, half for your professor...
Apple
Pay glitch: Nearly 1,000 Bank of America debit transactions
mistakenly duplicated
As a
result of an apparent glitch in Apple's newly-launched Apple Pay
mobile payment system, the debit transactions of nearly 1,000
customers of Bank of America were mistakenly duplicated on the
system.
A
source familiar with the glitch has revealed on the condition of
anonymity that the Apple Pay malfunction was seemingly rooted in a
processing error which occurred between Bank of America and at least
one payment network. The source also said that the glitch was fixed
on Wednesday.
It
is an interesting question, but is repeating the failures of inBloom
the best way to answer it?
Benjamin
Herold reports:
A coalition of prominent research universities is receiving federal
support to redesign and scale up a massive repository for storing,
sharing, and analyzing learning and behavioral data that students
generate when using digital instructional tools, demonstrating the
continued faith that many personalized-learning proponents have in
the power of “big data” to transform schooling.
But the project, which is dubbed “LearnSphere” and in some
respects echoes the ill-fated attempt by controversial nonprofit
inBloom to facilitate the collection and sharing of large amounts of
educational information, also raises raising new questions in the
highly charged debate over student-data privacy.
Read
more on Government
Technology.
[From
the article:
- Chat-window dialogue sent by students participating in some online courses and tutoring programs;
- Potentially, "affect" and biometric data, including information generated from classroom observations, computerized analysis of students' posture, and sensors placed on students' skin, in order to track measures such as student engagement.
[Can
this data be “anonymized?”
Bob]
Eventually,
there will be a resolution.
Cindy
Cohn and Andrew Crocker write:
Today EFF filed our latest brief
in Jewel v. NSA,
our longstanding case on behalf of AT&T customers aimed at ending
the NSA’s dragnet surveillance of millions of ordinary Americans’
communications. The brief specifically argues that the Fourth
Amendment is violated when the government taps into the Internet
backbone at places like the AT&T
facility on Folsom Street in San Francisco.
Read
more on EFF.
Some
interesting insights.
http://blogs.hbr.org/2014/10/the-internet-of-things-will-change-your-company-not-just-your-products/
…
Product management. Successful IoT plays require
more than simply adding connectivity to a product and charging for
service — something many companies don’t immediately understand.
Building an IoT offering requires design
thinking from the get-go. Specifically, it requires reimagining
the business you are in, empathizing with your target customers and
their challenges, and creatively determining how to most effectively
solve their problems.
…
Finance. Finance teams, which are not known for
their flexibility to begin with, often have trouble changing their
traditional planning, budgeting, and forecasting processes to
accommodate radically new IoT business models. I saw this when
traditional manufacturers tried to build internet intelligence into
products like refrigerators, office products, and health management
devices. The finance departments of these companies struggled to
account in the same set of books for both one-time revenues for
product sales and the recurring subscription revenues for IoT-related
services.
…
Operations. When product-based companies add
services and connectivity, operational requirements increase. The
resulting challenges may include new contract-manufacturing
relationships, which can be a complicated and disorienting process
for the uninitiated.
…
Sales. In IoT businesses, sales departments often
struggle to determine how to best take a combined product and service
to market.
…
Human resources. HR has the job of developing the
human capabilities needed to capture the IoT opportunity. These may
involve new areas for the company (e.g., telemetry, communications
and connectivity protocols, electrical hardware engineering).
Building them can be an especially daunting task when the business
itself is unsure of what capabilities are required.
…
Engineering. It is rare for a single company to
have all the required engineering capabilities under one roof.
Consider the breadth and scope that may involve communications and
connectivity technologies (telemetry, WiFi, Bluetooth, Zigbee),
electrical hardware engineering (sensor technologies, chips,
firmware, etc.), and design and user experience. Developing these
engineering skills is one big challenge; integrating them into a
functional, integrated engineering effort is another.
Interesting.
Apparently ignorance is not bliss, it is fear!
The
Chapman University Survey on American Fears
“Chapman
University has initiated a nationwide poll on what strikes fear in
Americans. The Chapman
University Survey on American Fears included 1,500
participants from across the nation and all walks of life. The
research team leading this effort pared the information down into
four basic categories: personal fears, crime, natural disasters and
fear factors. According to the Chapman poll, the number one fear in
America today is walking alone at night.”
Okay,
this is a bit depressing. I know I haven't seen them in a while, but
are you telling me ALL the dinosaurs are gone?
Your
Life On Earth - How the World Has Changed In Your Lifetime
Your
Life On Earth is a feature of the BBC's Earth
website. Your
Life On Earth shows you how the world has changed during your
lifetime. Enter your birthdate and Your
Life On Earth will show you things like how much the world's
population has grown, how many new species have been discovered, and
how many earthquakes and volcanic eruptions have occurred since you
were born.
For
the library.
A
Handy Sheet of Google Search Modifiers
Back
in August I shared an infographic
featuring search strategies that every student can use.
Yesterday, Vicki
Davis posted a great companion to that infographic. Vicki shared
this Google
Search Modifiers Poster (link opens a PDF). Many of the
modifiers featured in the poster can also be used by opening the
advanced search menu in Google and making search choices.
The
infographic
and the search
modifiers poster together make a good set of reminders for
students. Print them out and post them in your library, computer
lab, or classroom.
For
my Data Science students.
Open
Data Hub of the European Union
“This
portal is about transparency, open government and innovation. The
Open
Data Portal will provide access to open public data from the
European Union. It will also provide access to data of other Union
institutions, bodies, offices and agencies at their request. The
published data will be downloadable by everyone interested to
facilitate reuse, linking and the creation of innovative services.
Moreover, this Data Portal will promote and build literacy around
Europe’s data. The data publishers, application developers and the
general public will be able to use new functionalities enabled by the
semantic technologies.”
An
Android Camera App.
–
automatically detects and analyzes faces, scenes, objects and lines
and guides you to the perfect frame in every click. Camera51 invites
you to start taking photos like a professional. It uses photography
principles used by professional photographers and artists and applies
this vast knowledge in a fun and simple interface.
My
students may resist this, but perhaps I can use these ideas when I
tutor.
Want
To Become An Expert At Something? Try Deliberate Practice
It’s
all too easy to feel crestfallen when you’re arduously trying to
improve a certain skill (say, learning a new programming language),
yet seem to be fighting (and losing) an uphill battle. In cases like
these, it may be high time to try your hand at some deliberate
practice to get you over that infuriating plateau.
…
But hold on…there is another way! All it takes is one
hour of deliberate practice each day. Allow me to explain.
Time
for humor.
…
LAUSD’s new superintendent Ramon Cortines says
that construction bonds shouldn’t pay for iPads
and Pearson curriculum. Currently, construction
bonds are paying for the district’s iPads and Pearson curriculum.
So the LAUSD iPad saga continues…
…
Via
Tressie McMillan Cottom: the top degree-granting
institutions for African Americans. Take a guess at what
they are. Then read Tressie’s article and analysis. [Not
what I guessed. Bob]
…
Researchers from the Stanford Center on Longevity and the Berlin Max
Planck Institute for Human Development issued
a statement this week about the promises made by “brain
training” companies: “To date, there is little evidence
that playing brain games improves underlying broad cognitive
abilities, or that it enables one to better navigate a complex realm
of everyday life.” (Hello ed-tech: please keep this in mind the
next time you see someone drop the phrase “brain based” into
their blog posts or webinars.) Meanwhile,
“Research shows Portal 2 is better for you than ‘Brain
training’ software.”
…
“The Impact of
Open Textbooks on Secondary Science Learning
Outcomes.” From the abstract: “Although the effect size of
the gains were relatively small, and not consistent across all
textbooks, the finding that open textbooks can be as effective or
even slightly more effective than their traditional counterparts has
important considerations in terms of school district policy in a
climate of finite educational funding.” [Part
of my reasoning for having students create their own textbooks. Bob]