Saturday, November 22, 2014

The surprising part to me is that the DA claims to have never seen the warrants! Does the defense not have the right to see them and if they can, why did no one ask to see them?
Judge unseals info on secret cellphone spying
… The judge in Charlotte, N.C., acted after a petition from the Charlotte Observer to make the documents public.
Included are 529 requests from local Charlotte-Mecklenburg police asking judges to approve the use of a technology known as StingRay, which allows cellphone surveillance.
… The records date back to 2010, meaning police made requests roughly twice a week. There were no records before 2010. The police requests are “rarely, if ever” denied, the Observer reported, and judges at times appeared to not know exactly what they were authorizing.
As a result, the Mecklenburg County District Attorney’s Office, which had not previously seen the documents, will review each case in which the technology was used.


How should you deal with “used to be” customers? OR What procedure should be followed to ensure you don't “over delete?”
Ross Todd reports:
A federal judge in San Jose just delivered Apple Inc. a double whammy in proposed class actions over a glitch that prevented the delivery of text messages to users who switched to non-Apple devices.
[…]
On Wednesday she declined to dismiss claims in a separate lawsuit alleging privacy intrusions under the Wiretap Act—claims that carry statutory damages of up to $10,000 per violation.
“Plaintiffs have sufficiently alleged a viable cause of action under the Wiretap Act for [Apple]’s intentional interception of text messages from current to former Apple device users,” she wrote in Backhaut v. Apple, 14-2285.
Read more on The Recorder.


The evolution of the rules for autonomous vehicles.
Connected cars are accelerating consumer benefits and driving privacy issues
… By the end of the decade, one in five vehicles on the road will be connected to the Internet.
But for consumers to welcome these advances, they need to be sure their personal data will be handled in a trustworthy manner, as early research shows that considerable numbers of new car buyers are concerned about data privacy when it comes to car connectivity.
To address those concerns, the Alliance of Automobile Manufacturers and the Association of Global Automakers have come together to put forward a set of privacy principles for vehicle technologies and services.
… A new and timely study, "The Connected Car and Privacy: Navigating New Data Issues," seeks to provide policymakers and all stakeholders with an overview of the various technologies currently available in cars and identifies the types of data collected and the purposes for which it is collected.


For my students, the most common cause of “I can't do math” syndrome seems to be the ability (or inability) of their early Math teachers to understand (or at least be comfortable with) math. If they had teachers who read “the one and only way” from the math textbook but could not handle the inevitable “Why?” they were doom to believe that “math is too hard for normal people.”
Women in Academic Science: A Changing Landscape
“Much has been written in the past two decades about women in academic science careers, but this literature is contradictory. Many analyses have revealed a level playing field, with men and women faring equally, whereas other analyses have suggested numerous areas in which the playing field is not level. The only widely-agreed-upon conclusion is that women are underrepresented in college majors, graduate school programs, and the professoriate in those fields that are the most mathematically intensive, such as geoscience, engineering, economics, mathematics/computer science, and the physical sciences.
… The results of our myriad analyses reveal that early sex differences in spatial and mathematical reasoning need not stem from biological bases, that the gap between average female and male math ability is narrowing (suggesting strong environmental influences), and that sex differences in math ability at the right tail show variation over time and across nationalities, ethnicities, and other factors, indicating that the ratio of males to females at the right tail can and does change.
… Importantly, of those who obtain doctorates in math-intensive fields, men and women entering the professoriate have equivalent access to tenure-track academic jobs in science, and they persist and are remunerated at comparable rates—with some caveats that we discuss. The transition from graduate programs to assistant professorships shows more pipeline leakage in the fields in which women are already very prevalent (psychology, life science, social science) than in the math-intensive fields in which they are underrepresented but in which the number of females holding assistant professorships is at least commensurate with (if not greater than) that of males. That is, invitations to interview for tenure-track positions in math-intensive fields—as well as actual employment offers—reveal that female PhD applicants fare at least as well as their male counterparts in math-intensive fields.”


Perhaps we could create an infographic like this to let everyone know about our research & development!
What’s Happening In The Google Labs?
Surely you’ve heard of the Google Labs, it’s a place of imagination where some of the coolest possible products of the future are in the works. But what is Google actually working on there? Are there any products that will be of interest to you? Will these projects ever actually see the light of day? So many questions, and thanks to the infographic below, so many answers!
Via Gryffin


For all my students, because Harvard is never wrong.
How to Improve Your Business Writing


Education is amusing..
The White House also hosted superintendents this week to sign a “Future Ready” pledge, promising to buy more digital stuff from textbook publishers and tech companies and telecoms. Because future.
LAUSD has argued that a middle schooler can consent to sex with a teacher. The case involves a 14 year old student and her 28 year old student. The district, which is being sued by the girl’s family for negligence, says that the girl bears some responsibility.
Back from the dead! LAUSD has not canceled all its contract with Apple and Pearson apparently, and the district will spend $22 million to buy 20,000 iPads just in time for spring standardized testing season. But this time around, instead of spending $504 per device, the district will pay $552 per iPad.
Last week Coursera announced free verified certificates for veterans; this week, it’s free verified certificates for teachers.
Not to miss out on the PR opportunity, edX is also offering free certificates for teacher training.
The Gates Foundation has adopted an open access policy “that enables the unrestricted access and reuse of all peer-reviewed published research funded, in whole or in part, by the foundation, including any underlying data sets.”
… Not to let LAUSD’s student information system get all the laughs, New York City says it’s dumping the system it spent $95 million on.
… According to a study by Augenblick, Palaich and Associates, a Denver education research firm, “Colorado state government and school districts spend up to $78 million a year on testing, and some kind of standardized testing takes place during every week of the school year.”

Friday, November 21, 2014

Depressing, but useful in my case.
Have I been pwned?” – now with RSS!
As feature releases go, this is not exactly a killer, but to my surprise it was one that was requested quite frequently. It turns out that people really wanted to be able to keep abreast of new breaches and pastes in Have I been pwned? (HIBP) via RSS. Not only is that a perfectly reasonable request, but it was also an easy one to get on top of so here it is!
There are two RSS feeds both linked in from various places on the site including in the navigation. For your RSS’ing convenience, they are both available as direct links here:
I choose these numbers because pastes appear very frequently – sometimes dozens per day – whilst breaches being a highly manual process means I do maybe only a couple a month on average. Both feeds have their own attractions, breaches because it’s always a serious volume of data from a verified event and pastes because if you’re like me, I’m kinda curious to see the sort of data that’s continuously being dumped onto Pastebin.


I might print this infographic for my Computer Security class.
Who Is Tracking You Via Your Smartphone?
… how much does your smartphone know about you? Specifically, who is actually tracking your smartphone? What methods are they using to track you? This infographic has the answers you seek!


Something to consider.
3 Compelling Reasons Why Firefox’s Stance On Privacy Is Worth Paying Attention To
Internet privacy is on the minds of many people including those who normally don’t pay much attention to technology. No one wants to think they’re being watched without consent or being boiled down to numbers in a database. Yet two of the main companies offering popular web browsers, Google and Microsoft, sit on the wrong side of the privacy issue. Both have an interest in what you do online and Google in particular is often unapologetic about its collection of data.
Fortunately there’s a browser that does care about your privacy; Firefox.


Would it be legal for me to use this technology as an individual? If so, I know where I can buy a few thousand “recorders” for next to nothing.
After Raising $100 Million To Blow Up The TV Industry, Aereo Files For Bankruptcy
Aereo, a startup that raised ~$100 million in venture funding, has filed for bankruptcy.
The company's plan was to change the way we watch TV. It was delivering broadcast TV through the internet. To do this without permission from TV companies, it thought it found a legal loophole that involved using antennas.
It turns out, Aereo had no legal loophole. The Supreme Court said the company was operating illegally.


Another example of Big Data for my analysts to ponder.
IMF announces all online data free of charge effective January 1, 2015
Christine Lagarde, Managing Director, IMF “…Finally, let me turn to another very important aspect of the IMF’s statistical work—data publication. We very much recognize the importance of data as a public good. In this context, we are upgrading our data platforms and improving the way we distribute data and statistics to our membership throughout the world. Think of the One African Data Hub that the IMF has recently launched in collaboration with the African Development Bank. This is a “cloud-based” data reporting tool that makes it less onerous for reporters to provide economic data, and much easier for users to share data. Much of our data is already freely available. This is especially true of the data that supports our main forecasts for the global economy in the World Economic Outlook. And I have an important announcement to makestarting January 1, 2015 we will provide all our online data free-of-charge to everyone. This will help all those who draw on our data make better use of this vital statistical resource—from budget numbers to balance of payments data, debt statistics to critical global indicators. The IMF will continue to be a vital source of public information that is needed to underpin sound policy decisions.”


An article for all my students and the faculty. Tips and tools for learning.
How To Set Up YouTube For Better Learning
… Want to learn a musical instrument? How about learning how to draw? For the handyman there are tutorials on DIY basics and for the code-minded there are computer programming lessons. If you feel like building your skills and knowledge, YouTube will always have some great starter videos.


I use this in my Statistics class (probability) so I'll keep the link to this article.
Understanding the Monty Hall Problem
Suppose you’re on a game show, and you’re given the choice of three doors: Behind one door is a car; behind the others, goats. You pick a door, say No. 1, and the host, who knows what’s behind the doors, opens another door, say No. 3, which has a goat. He then says to you, “Do you want to pick door No. 2?” Is it to your advantage to switch your choice?


I can rest easy. According to this article, I do everything bass-ackwards!
5 Secrets To Small Business Blogging Success
… You don’t need a professional copywriter to bring your posts up to scratch: these tips will help make your blog the best it can possibly be.

Thursday, November 20, 2014

You can't rely on those “assurances” released with initial details of a breach. It seems the damage is always worse than initially suspected. Another way to look at it: How can they even hit that they know the extent of the breach if they are still analyzing?
Aliya Sternstein reports:
Compensation files for U.S. Postal Service workers might also have been breached during a recent hack that exposed the Social Security numbers and other personal data on about 800,000 USPS employees, a postal inspector said Wednesday.
[...]
We’re still conducting forensic analysis of the impacted servers,” said Randy Miskanic, incident commander on the case and the USPS secure digital solutions vice president. “There is the possibility of additional compromise, specifically as it relates to some workers’ compensation files.”
Read more on NextGov.


Big Data must include Big Breaches.
RiskBased Security reports:
We have been so busy here at Risk Based Security recently that we neglected to release our latest Data Breach QuickView report to the public last month! The report already shows that 2014 is the highest year ever for exposed records. The 1,922 incidents reported during the first nine months of 2014 exposed over 904 million records. While 60.2% of breaches exposed only between 1 and 1,000 records, twenty breaches exposed one million or more records with four finding a place on the Top 10 All Time Breach List.
About the Data Breach QuickView Report
The Data Breach QuickView report is intended to be an executive level summary of the key findings from RBS’ analysis of 2014’s data breach incidents. Contact Risk Based Security for your customized analysis of the 2014 data breaches.
You can view the 2014 Data Breach QuickView report here: https://www.riskbasedsecurity.com/reports/2014-Q3DataBreachQuickView.pdf


Unfortunately, this response also fits the facts exactly: “Of course we can't talk about it. We are doing something so illegal that the case would get thrown out.” Looks like they tossed all of their evidence. Good luck with the prosecution.
Justin Fenton reports:
Baltimore prosecutors withdrew key evidence in a robbery case Monday rather than reveal details of the cellphone tracking technology police used to gather it.
The surprise turn in Baltimore Circuit Court came after a defense attorney pressed a city police detective to reveal how officers had tracked his client.
City police Det. John L. Haley, a member of a specialized phone tracking unit, said officers did not use the controversial device known as a stingray. But when pressed on how phones are tracked, he cited what he called a “nondisclosure agreement” with the FBI.
You don’t have a nondisclosure agreement with the court,” Baltimore Circuit Judge Barry G. Williams replied. Williams threatened to hold Haley in contempt if he did not respond. Prosecutors decided to withdraw the evidence instead.
Read more on Baltimore Sun.
[From the article:
Law enforcement officials in Maryland and across the country say they are prohibited from discussing the technology at the direction of the federal government, which has argued that knowledge of the devices would jeopardize investigations.
… Some critics say the use of such technology might be appropriate, with court approval, to help law enforcement locate a suspect. But in the secrecy surrounding its use, they say, it's not always clear that law enforcement officials have secured the necessary approval, or stayed within their bounds.
… Police say phone records show that the phone that was used to call in the delivery was also used to make and receive hundreds of calls to and from Taylor's phone. [If the defendant had called Mom, would she now be a “co-defendant?” Bob]
… Finally, Seidel said prosecutors would drop all evidence found during the search of the home — including, authorities have said, a .45-caliber handgun and the cellphone. The prosecutor said the state would continue to pursue the charges.
Wessler, of the ACLU, said Williams was right to ignore the nondisclosure agreement with the FBI.
"You can't contract out of constitutional disclosure obligations," Wessler said. "A secret written agreement does not invalidate the Maryland public records law [and] does not invalidate due process requirements of giving information to a criminal defendant."


A Hypothetical: All it took was a handshake in the middle east and we have something far better than sanctions to put pressure on Russia. (It's easy to out maneuver a country that thinks it does not need to cooperate with anyone.)
Russia has little to offer in oil price war
… Russian wells will freeze if they stop pumping oil, and the country cannot store the output it would otherwise export.
… But despite needing oil prices of $100 a barrel to balance its budget, Russia has changed little since 2008 when the Organization of the Petroleum Exporting Countries urged Moscow to join forces to cut supply to shore up prices.
Then and now, the world's biggest producer lacks the ability to increase or turn down its own production.
… Some experts argue that Russia could even need oil prices as high as $115 to balance the budget, since social and military spending have soared, while Western sanctions over Ukraine have cut off Moscow from funds it borrows in Western financial markets.


“Default is de-stupid way!”
Thousands Of People Worldwide With Home Security Cameras Are Being Spied On By A Russian Website
The UK government has warned that Russian website Insecam is collecting the feeds of thousands of webcams worldwide, allowing any internet user to see into private homes.
The Daily Mail reports that the site works by collecting the feeds of webcams that have either poor or non-existent security.
It's common for people to purchase internet-connected security cameras to monitor their houses and businesses. But what they often don't realise is that the default security settings on those devices can leave them wide open to for anyone on the internet to view them.


Might be fun to try. What happens if you hit a false positive?
This New Tool Tells You If The Government Is Spying On Your Computer
… Amnesty International release the product today in a fight back against "repressive governments" who are misusing spyware against society.
Detekt scans computers for traces of major spyware and sends alerts to users if something is picked up.


Perhaps learning to “govern data” begins at home? But if your house is “smarter” than you are, your house may flash “12:00,” just like your old VCR.
Wink Connects and Simplifies Your Smart Home
The smart home market is currently full of innovative companies, all working to create the best way to make your home more powerful and more efficient, but they don’t always work together well.
… you can buy the Wink hub, a $50 smart home controller that unifies all of your wireless devices — most of which had no way to communicate with each other before. The hub allows them to “speak the same wireless language,” letting you do some pretty cool things that involve multiple devices (which we’ll get to below). Wink also offers a $300 touchscreen relay controller that replaces a light switch in your home; you can then control all of your connected devices from the single relay point.
… By using the Wink hub to link all of your devices together, you can create sets of actions – a bit like your own private If This Then That system for your home.
One example that Wink gives on its website is having your lights and air conditioning turn on whenever you unlock your front door. In addition to combining these behaviors, you can also set timers for various activities, so the blinds will go up and the kitchen lights will turn on when you get up in the morning.

(Related)
Battle of the Smart Home Hubs: What’s Out There and What’s Coming?


I've been asking my students and they all say, “Save yourself!” The logic will certainly become an issue in any lawsuit.
Google teaches ethics to driverless cars. Can they react better than humans?
A large truck speeding in the opposite direction suddenly veers into your lane.
Jerk the wheel left and smash into a bicyclist?
Swerve right toward a family on foot?
Slam the brakes and brace for head-on impact?
[Force the truck to have 'self-driving' software? Bob]
It's relatively easy to write computer code that directs the car how to respond to a sudden dilemma. The hard part is deciding what that response should be.


Legal arguments – you try explaining them to my students. Think of the poor cellphone user who worries that an ex-wife or the NSA will guess his password, and so sets up security such that the fingerprint confirms that he is the one entering the password. Is the fingerprint protected in that circumstance?
A couple of weeks back, there was a flurry of media coverage of a Virginia state court opinion where the judge granted an order to compel a defendant’s fingerprint to unlock his cellphone while simultaneously denying a request to compel the defendant to turn over his passcode. We requested a copy of the decision from the court, which we’re posting for you today below.
In his opinion, the judge addressed whether a cellphone’s passcode and/or fingerprint authentication are testimonial communication, and thereby covered by the Fifth Amendment’s privilege against self-incrimination. In the end, the judge determined that a defendant “cannot be compelled to ‘divulge through his mental processes’ the passcode for entry” to data on a locked cellphone. Disclosure of the fingerprint, however, “does not require the witness to divulge anything through his mental processes.” As a result, the judge ordered the defendant to provide his fingerprint to unlock his cellphone.


Coming soon to a classroom near me.
How IoT Will Change Big Data Analytics
What do SAS, Cisco, Duke Energy and AT&T have in common? They are all big proponents of the Internet of Things (IoT), also often called the Industrial Internet.
The central idea behind IoT is that sensors and microchips can be placed anywhere and everywhere to create a collective network that connects devices and generates data. Instead of that data sitting in an information silo where it is accessible to only a few specialists, it becomes part of a Big Data "lake" where it can be analyzed in the context of other information.
"The Internet of Things means everything will have an IP address," said Jim Davis, executive vice president and chief marketing officer, SAS.
He laid out the value proposition for oil rigs which generate eight terabytes of data per day. IoT could open the door to greater productivity and more effective predictive maintenance. If something breaks down, it can lead to millions in losses. By placing sensors on rigs and monitoring them, it is possible to better understand what’s happening and keep the equipment running.
Not All IoT Data Is Important
A key challenge with IoT, he believes, is data management: determining what type of data is important, what should be transmitted immediately, what should be stored and for how long, and what information should be discarded. Otherwise, you could end up with an almost infinite pile of data to analyze, when only a relatively small portion is of real importance.
"Some data just needs to be read and thrown away," Khan said.

(Related) ...and here's why we analyze!
Finding the Money in the Internet of Things


For the Security toolkit. (I ask my students to look at articles like this and to their horror they discover that they have security and privacy vulnerabilities. Imagine that.)
5 Best Open Source Web Browser Security Apps

Wednesday, November 19, 2014

First reported by Krebs ( http://krebsonsecurity.com/2014/10/banks-credit-card-breach-at-staples-stores/ ) back in October. If it takes this long to investigate and correct, it may be HUGE!
Mathew J. Schwartz reports:
Staples is now confirming that there was a malware-related breach, although it’s offering scant additional information. “We are continuing to investigate a data security incident involving an intrusion into some of our retail point-of-sale and computer systems,” Staples spokesman Mark Cautela tells Information Security Media Group. “We believe we have eradicated the malware used in the intrusion and have taken steps to further enhance the security of our network.”
To date, however, Staples has declined to say how many of its more than 2,000 stores in 26 countries – including 1,800 across the United States and Canada – may have been affected by the breaches. “The company is working with law enforcement and is investigating whether any retail transaction data may have been compromised,” Cautela says.
Read more on BankInfoSecurity.com.


If we offered this class, we would need to limit the number of police/DHS/NSA students or we'd never have room for my Ethical Hackers!
Cyber-Criminal Training Services for Sale in Brazilian Underground: Trend Micro
In a new report, Trend Micro describes a thriving marketplace where service providers offer to train customers to create remote access tools and commit bank fraud.
"What distinguishes the Brazilian underground from others is the fact that it also offers training services for cybercriminal wannabes," according to the whitepaper. "Cybercriminals in Brazil particularly offer FUD (fully undetectable) crypter programming and fraud training by selling how-to videos and providing support services via Skype. Anyone who is Internet savvy and has basic computing knowledge and skill can avail of training services to become cybercriminals. How-to videos and forums where they can exchange information with peers abound underground. Several trainers offer services as well. They even offer support when training ends."
The most popular course among aspiring cyber-criminals is related to bank fraud, the report notes. Beginners start by learning the fraud workflow and are then taught how to obtain the requisite tools and knowledge to start stealing for R$1,499 (US$579). The report also highlighted another 10-module fraud training course on "practically everything cybercriminal wannabes need to know to start their digital fraud career with the aid of interactive guides and practical exercises (e.g., simulating attacks) is also offered for R$1,200 (US$468).support and lifetime updates and can be contacted via Skype."
The paper can be viewed here.


Interesting reasoning.
Matt Reynolds reports:
Attorneys for the hunting group Safari Club International faced an uphill battle Monday in persuading the 9th Circuit to suppress a video that its former president used to support defamation claims against the group.
Read more on Courthouse News.
[From the article:
Noting that interruptions to the conversation by waiting staff reflected "usual" pauses in conversation, Judge Selna said there was "nothing in Whipple's body language to suggest he was attempting to maintain privacy."
"There is no indication that either Rudolph or Whipple regarded the conversation as confidential or took steps to conceal or limit the hearing of the conversation," Selna wrote in his Jan. 16, 2014 ruling.


This article from the digest looks at managing really Big Data that is not logically organized.
Twitter Completes Indexing All Tweets
Twitter has completed indexing all public tweets made since 2006. Twitter has published a long blog post detailing how they accomplished this, but all the average user needs to know is that search results will now contain tweets dating all the way back to the beginning of Twitter.
[From the Blog:
  • Scalability: The full index is more than 100 times larger than our real-time index and grows by several billion Tweets a week. Our fixed-size real-time index clusters are non-trivial to expand; adding capacity requires re-partitioning and significant operational overhead. We needed a system that expands in place gracefully.


Something to play with.
Apple's new WatchKit SDK hints at the future of Apple Watch's apps
Apple released a bevy of developer resources for the upcoming Apple Watch Tuesday.
The company released a WatchKit, documentation and guidelines for developers alongside the new iOS 8.2 SDK. The WatchKit page includes a Getting Started with WatchKit video outlining the new tools and how developers can build apps.
… You need to be a registered developer to download the tools, but anyone can read the Apple Watch Human Interface Guidelines, which outline the basics for designing for the Apple Watch.


Interesting, but for rookies – real winos drink all the whites, then all the reds.
Next Glass App Helps you Select the Perfect Drink
Ever wondered if there was a way to work out if you would like that particular bottle of red or white wine before you take a sip?
Well, the Next Glass app takes all the guess work out of it as it uses science to predict whether you will like a certain bottle of alcohol or not.
[My favorite: http://nextglass.co/beer-census/ I'm hoping for a “Send me a case” purchase option.


For the Gaming club. (and no, I don't think “Pummel the Professor” is a good game idea)
Learn To Develop Video Games For $49, 99% Off Regular Price
Have you always dreamed of building your own video games? With the rise of the indie game development scene, it’s easier than ever for a single person working on a game to actually get noticed, but of course, you need knowledge and skill to actually make your game ideas a reality.
That’s where this fantastic course bundle comes into play. It will allow you to go from zero to hero in game development, and for a limited time, you can get this massive bundle of game development tutorials for $49, which is 99% off the regular price of $989. Read on to find out exactly what you get in this crazy deal.
Intro To Game Design w/ Unity3D
Create Your First Computer Game with Stencyl
HTML5 Mobile Game Development for Beginners
Learn to Code by Building A Simplified Flappy Game for iOS 7
Create Your Own Match 3 Puzzle Game
Creating iOS Games For Beginners
Learn Android App Development From Scratch


As long as we're on the game theme...
Six Fun Games for Geography Awareness Week - And Tools To Make Your Own
This week is Geography Awareness Week. As always, National Geographic offers a collection of educational activities for the week.
Spacehopper is a game based on Google Maps Street View imagery
Smarty Pins is a Google Maps game develop by Google.
Where is...? the name of a city is presented to the players and they have to click the map to guess where the city is located.
GeoGuessr. GeoGuessr shows you a Google Street View image and a clue to try to guess where in the world the imagery was captured.
Capital Toss is a free geography game from ABCya.
Math Trail provides a nice blend of geography questions and math questions
You can create your own GeoGuessr games by using GeoSettr.
Mission Map Quest, developed by Russel Tarr, is a map-based tool for creating virtual treasure hunts.


Dilbert explains “trickle down” economics.

Tuesday, November 18, 2014

Could better security have saved Home Depot $34 million?
Home Depot profit beats estimates as U.S. job market improves
Home Depot Inc, the world's No.1 home improvement chain, reported a better-than-expected quarterly profit as an improving job market encouraged Americans to spend more on renovations.
… That includes about $34 million of net costs related to a data breach between April and September.
The company said it may face other breach-related costs, including legal action, that could have a material impact on results for the fourth quarter and future periods.
The retailer is facing at least 44 civil lawsuits related to the breach in the United States and Canada.
… Home Depot's net income rose to $1.54 billion, or $1.15 per share, in the third quarter ended Nov. 2, from $1.35 billion, or 95 cents per share, a year earlier.


Are you connected in ways you don't know? Perhaps there will be a market for a “Internet connection detection” service?
Internet-Connected Devices Soar
A report from Ericsson released Tuesday (Nov. 18) shows some startling growth of Internet-connected devices in the U.S., with 90 percent of U.S. households having three or more such devices, while almost half have five or more such devices and almost 25 percent have seven or more such devices. The report, as reported by Recode, said the average number of Internet devices per household was 5.2.
Some other goodies that the report itself opted to highlight:
  • By 2020, 90 percent of the world’s population over 6 years old will have a mobile phone, and smartphone subscriptions are expected to top 6.1 billion, compared with 2.7 billion smartphone subscriptions today.
  • India and China show fastest growth for new mobile subscriptions with 18 million and 12 million net additions in Q3 2014
  • 800 million new smartphone subscriptions in 2014 brings total to 2.7 billion worldwide
  • Mobile video traffic to increase tenfold and constitute 55 percent of all mobile data traffic by 2020


If these folks are a dim-witted as we believe, perhaps someone should collect a “Best Example of Stupid” from their Social Media so we can all have a good laugh.
For Hate Groups Like The KKK, Social Media Is A Double-Edged Sword
Spreading hate speech just isn’t as easy as it used to be as a Missouri chapter of the Ku Klux Klan found out when, after threatening Ferguson protesters with violence, its website was knocked offline. For that the Klan can thank the Anonymous hacking collective, which also took control of the KKK’s social media presence and claimed to leak personal information about members of the white supremacist group.
… “The Internet gives these groups more of a voice, there’s no question about that,” said Mark Potok, a senior fellow at the Southern Poverty Law Center and the editor of the award-winning Intelligence Report journal. “Whether it actually gives them more influence is highly debatable. The vast majority of people, as they learn about these groups, are turned off by them.”
… Still, the Anonymous hacking collective was angry enough with the Traditionalist American Knights of the KKK’s letter threatening “lethal force” against Ferguson protesters to un-hood alleged members of the group, posting names, addresses and phone numbers online while also knocking multiple sites offline and taking control of the @KuKluxKlanUSA Twitter feed.

(Related) Now that's a headline!
According to a new US court ruling made in San Francisco, Google can list its search results in whatever order it pleases—and it has the First Amendment behind it, too.
That's according to a hearing which saw a site called CoastNews file a lawsuit against Google, saying that it was knowingly lowering its rankings in search results. It argued that it appeared at the top of results created by Bing and Yahoo, and was being actively relegated by Google.
But Judge Ernest Goldsmith has said that Google was merely undertaking a "constitutionally protected activity." In other words, it was exercising its right to free speech.


If you have 300 million users, some of them will be way to the right on the litigious scale.
Karina Basso reports:
On Nov. 13, a federal judge refused to toss an email harvesting class action lawsuit filed against the internet company LinkedIn Corp., ruling the popular social media business could not claim immunity under the Communications Decency Act (CDA). The proposed LinkedIn class action lawsuit alleges the company broke into LinkedIn users’ personal accounts in order to send emails on the users’ behalf.
In addition to denying immunity to LinkedIn, U.S. District Judge Lucy H. Koh also disagreed with the company’s argument that the alleged email harvesting was protected under the First Amendment.
[...]
While Judge Koh has dismissed most of the claims in the LinkedIn email harvesting class action lawsuit, the social media internet service has prevailed on one count. The judge did dismiss plaintiffs’ claims under California’s statutory right of publicity, however, the plaintiffs have been granted permission to amend their complaints under this statute.
Read more on Top Class Actions.

(Related)
Peter S. Vogel writes:
LinkedIn has been a wildly successful social media business site for many years. It provides a free platform for millions of members to share professional experiences and for businesses to promote themselves. However, LinkedIn’s financial success also makes it a target for lawsuits — even suits that don’t seem to make much sense.
LinkedIn Sued for Making Employment History Available
LinkedIn currently claims that it “operates the world’s largest professional network on the Internet with more than 313 million members in over 200 countries and territories.”
Its members voluntarily post their employment history (whether true, embellished, or fabricated) as an online biography or resume. This information is available both to LinkedIn members and Internet users (depending on members’ LinkedIn settings).
A lawsuit was filed on Oct. 4, on behalf of a potential class in the U.S. District Court for the Northern District of California, claiming that LinkedIn violated the Fair Credit Reporting Act (FCRA).
The basis of the suit is that “any potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained.”
Read more on TechNewsWorld.


Interesting idea. Think what this might mean for a business leasing computers to grandpa and grandma – all they need is an access device.
Cloud computing's not-so-secret mission
There is no denying that the cloud and cloud computing have changed the way many of us are doing business. You only had to attend last week’s sold out AWS re:Invent conference in Las Vegas to see the cloud out in force.
But as the cloud matures, we are seeing another layer of cloud computing that promises to shake the foundation of our IT infrastructure to its core – the advent of IT-as-a-Service, which will be perhaps the cloud’s highest calling.


Could be interesting... Registration required.
McKinsey Quarterly’s 50th anniversary edition
“In this unique anniversary edition of the Quarterly, leading management thinkers tackle the management challenges of tomorrow. Leaders including author Tom Peters, former IBM CEO Lou Gerstner, eBay head of HR Beth Axelrod, and The Second Machine Age authors Erik Brynjolfsson and Andrew McAfee explore topics such as leadership, the future of the organization, machine learning, long-term capitalism, and global productivity.”

Monday, November 17, 2014

Have you been getting strange(er) emails from John Kerry?
State Department unclassified email system shutdown for repairs
The US State Department has shut down its entire unclassified email system after a suspected hacker attack. The email system was shut down it give techs time to evaluate and repair any damage done by the hacking attack. The first word of the attack came Sunday from a State Department official who said that "activity of concern" had been noticed on the email network around the same time as a similar incident targeting computers at the White House was noticed.


If you don't know what your employees are doing, or don't react appropriately to unauthorized actions? This could happen to you!
As this blog noted in July 2013, a jury awarded a Walgreens customer $1.44 million after finding Walgreens and one of their pharmacists violated the customer’s privacy. In this case, a female pharmacist had looked up and shared the customer’s records when she suspected the female customer had shared a sexually transmitted disease with a man who was the customer’s ex-boyfriend and the pharmacist’s now-husband. The customer first discovered the breach when her ex-boyfriend (and father of her child) texted her [Would Walgreeens have discovered this on their own? Bob] that he had a printout of her prescription history that showed she had not renewed her birth control prescription for the two months prior to conception.
When the customer subsequently discovered that her ex-boyfriend was living with a Walgreens pharmacist, she contacted Walgreens to report the breach. Walgreens investigated and confirmed there had been a breach, [So they had the data they needed to confirm a breach, but hadn't bothered to look at it? Bob] but could not confirm that the pharmacist had shared the information with anyone else. The pharmacist was given a written warning and required to retake some HIPAA training.
The customer, Abigail Hinchy, subsequently filed a lawsuit against Walgreens and the pharmacist, Audra Withers.
As I also noted at the time of the jury verdict, I was impressed that the employer, Walgreens, was also held liable for the breach.
Not surprisingly, Walgreens appealed the judgement. One of its four arguments on appeal was that the trial court erred by refusing to grant summary judgment or a directed verdict in Walgreen’s favor on claims based on respondeat superior and negligent retention and supervision of an employee. Its fourth argument was that the jury verdict was excessive and based on improper factors.
On November 14, Judge Baker of the Court of Appeals of Indiana issued the court’s opinion in Walgreens v. Hinchy, rejecting all of Walgreen’s arguments and affirming the judgement.
Readers may find the court’s discussion of the respondeat superior aspect interesting, as well as the types of harm the jury had considered in determining their award (pp. 21-23).
Although I do not have any information on this, I do wonder what the jury might have done about Walgreens’ liability if Walgreens had fired the pharmacist promptly on learning of the breach.


Perhaps the State Department could use this App?
Telegram Provides A Secure & Fast-Growing Alternative To WhatsApp
Earlier this year we detailed some secure alternatives to WhatsApp, and one option was Telegram. Since then, it has seen a lot of growth — fuelled in part by Facebook’s acquisition of WhatsApp and receiving a further five million signups during a four-hour WhatsApp outage in February.
Telegram is becoming a serious contender for the title of best free messaging app,
… To get full end-to-end encryption, in which Telegram never receives an unencrypted version of your message, you can use what’s called a secret chat. With the end-to-end encryption, the option to confirm with your recipient that you’re using the same encryption key to increase security, and the ability to set a self-destruct timer, secret chats provide about as much security as you could ask for in messaging, though this doesn’t allow for cross-platform messages.
Telegram is so confident in their security that they’re offering $200,000 to anyone who can crack it.
… There are always tradeoffs between convenience and security, but the non-profit team behind Telegram aims to make them minimal. Even with all of the security Telegram provides, it manages to be very convenient. To get it up and running, you just download the app, enter your phone number, and enter the security code you receive by text. You’re now ready to start messaging.


Secure email?
Cotse.net is now requiring its customers use encryption to send mail.
From their user login page today:
Nov 16 – We now require encryption for the sending SMTP server (between you and us), if you are experiencing errors in sending, ensure that your mail client is set up to use STARTTLS or SSL/TLS.
The reason for this change is two-fold, first, if you want to send all your mail across an unencrypted connection, why are you using a service like us? Second, because frankly, we could not find definitive answers on the downgrade attack described here with regards to all email clients, specifically during an auto-config process. So, to just negate it, if the connection between you and us isn’t encrypted at all, the send will fail.
Another reason to love that company!


“It's for the fish!” What if this technology could track your car as easily? When your “black box” connects to the Internet of Things tracking will be automatic.
Tracking Fishy Behavior, From Space
… on Friday, American non-profits SkyTruth and Oceana, supported by Google, unveiled a prototype program called Global Fishing Watch that will eventually allow anyone with a computer to observe which vessel is fishing where—and perhaps infer whether they are poaching or not.
“Our goal is to make the invisible visible,’ John Amos, the president of SkyTruth, told me.
… According to the team, it will be possible for experts to go online and zoom into areas like marine reserves where fishing is forbidden or coastal areas where it’s restricted to vessels with permits by next March.
The program is based on the Automatic Identification System (AIS), originally a voluntary collision-avoidance system for ships that relies on VHF transmitters aboard vessels that transmit their position, identity and speed continuously to other ships and to satellites.


When this guy says “comprehensive,” he means it! (Except he missed the PrivacyFoundation.org)
New on LLRX – Guide To Privacy Resources 2015
Via LLRX.comGuide To Privacy Resources 2015 – Marcus P. Zillman’s guide is a comprehensive listing of privacy resources currently available on the Internet that impact your email, smartphones, websites, hard drives, files and data. Sources include associations, indexes, search engines as well as individual websites and organizations that provide the latest technology and information to raise awareness of privacy and security as you interact with others using the internet.


A question for my Computer Security class. What could possibly go wrong?
Facebook seeks foothold in your office
Facebook is secretly working on a new website called “Facebook at Work” to get a foothold in the office that will see the social network of more than 1bn people compete directly with Google, Microsoft and LinkedIn.
The Silicon Valley company is developing a new product designed to allow users to chat with colleagues, connect with professional contacts and collaborate over documents, competing with Google Drive and Microsoft Office, according to people familiar with the matter.
The new site will look very much like Facebook – with a newsfeed and groups – but will allow users to keep their personal profile with its holiday photos, political rants and silly videos separate from their work identity. [Unless someone looks for them... Bob]


For my Statistics class. How to tell when people you survey are lying.
This Simple Mathematical Formula Proves That We Lie About Sex
A new study on kissing in the microbiology journal Microbiome contains an interesting statistical discrepancy that demonstrates the way men and women lie about sex.
… But a section of the study briefly addresses a statistic that proves some of the people in the study must have been misreporting their numbers. The study was of couples, and there was an equal number of men and women. Yet the average number of intimate kisses per day reported by the men was twice the number of those reported by the women. This is a statistical impossibility. Men and women ought to report the same average number of kisses, and you can prove that with math. The fact that the numbers mismatch demonstrates that someone in the study was either exaggerating or downplaying the number of kisses they received, as the authors of the study helpfully point out


Better than printing your own money!
The Humans That Make The Apps We Love
… Have you ever thought about who makes the apps you love? Sure you know Facebook owns WhatsApp, but have you ever considered the humans who got it started? That’s just what this infographic takes a look at. Get ready for a fascinating look at the people responsible for the apps we love.


Data Vusualization.
DATA + DESIGN a simple introduction to preparing and visualizing information
“Information design is about understanding data. Whether you’re writing an article for your newspaper, showing the results of a campaign, introducing your academic research, illustrating your team’s performance metrics, or shedding light on civic issues, you need to know how to present your data so that other people can understand it. Regardless of what tools you use to collect data and build visualizations, as an author you need to make decisions around your subjects and datasets in order to tell a good story. And for that, you need to understand key topics in collecting, cleaning, and visualizing data. This free, Creative Commons-licensed e-book explains important data concepts in simple language.
[Download or read online: https://infoactive.co/data-design