Wednesday, April 01, 2015

One way to raise oil prices? Or, is this what happened in Turkey?
New Attack Campaign Targets Energy Industry in Middle East
Researchers at Symantec have observed a sophisticated, multi-stage attack campaign focused on energy companies in the Middle East.
First observed between January and February, the attack campaign was spotted using a new piece of malware dubbed 'Laziok', which Symantec has classified as a reconnaissance tool and an information stealer. The attacks are focused on the petroleum, gas and helium industries, with by far the largest percentage of victims (25 percent) being located in the United Arab Emirates. Saudi Arabia, Pakistan and Kuwait account for 10 percent apiece of the Laziok infections detected by Symantec. Five percent of the infections occurred in the United States.


This has been true so far, but then the breaches have impacted customers not the core operations. (The exception was Sony and even their stock price increased!)
Elena Kvochko and Rajiv Pant review the impact of some of the major breaches, noting what we’ve all noted – that breaches generally don’t have a huge economic impact on stock prices. Here’s a snippet from their article:
This mismatch between the stock price and the medium and long-term impact on companies’ profitability should be addressed through better data. Shareholders still don’t have good metrics, tools, and approaches to measure the impact of cyber attacks on businesses and translate that into a dollar value. In most cases, at the time a security breach is disclosed, it is almost impossible for shareholders to assess its full implications. Shareholders should look beyond short-term effects and examine the impact on other factors, such as overall security plans, profitability, cash flow, cost of capital, legal fees associated with the breach, and potential changes in management.
Read more on Harvard Business Review.


Perhaps they need more hand-holding?
Enterprise Security Pros Embracing Threat Intelligence, But Question Reliability: Survey
Awareness of the role threat intelligence can play in improving cyber security may be growing, but some still remain unsold on its effectiveness, a new study has shown.
In a new report from the Ponemon Institute commissioned by Webroot, 80 percent of the IT professionals surveyed that had experienced a breach during the past two years said they felt threat intelligence would have helped prevent or minimize the consequences of the attack. The stat is telling, as 40 percent of the 693 people participating in the survey said their organization had been breached during that period.
Larry Ponemon, chairman of the Ponemon Institute, said one of the main misconceptions organizations have about threat intelligence is that technology alone is sufficient for having actionable and reliable information. Those companies underestimate the need for hiring experts to manage the process of using the intel, he said.


Is all of their evidence collection so poorly documented?
Cyrus Farivar reports:
Last fall, a judge in Charlotte, North Carolina unsealed a multi-case set of 529 court documents that detail the use of a stingray, or cell-site simulator, by local police. After that, the Mecklenburg County District Attorney’s office set out to review the applications and determine which records needed to be shared with defense attorneys.
The DA’s office released a statement Friday saying its review is complete, and the county’s top prosecutorial authority found that “only two cases” involved the use of stingrays “for investigative purposes,” meaning defense attorneys should be notified.
However, the report is not that simple.


Which part of “Duh!” didn't you understand?
Facebook tracks all users in breach of EU law
theguardian, Samuel Gibbs: “Facebook tracks the web browsing of everyone who visits a page on its site even if the user does not have an account or has explicitly opted out of tracking in the EU, extensive research commissioned by the Belgian data protection agency has revealed. The report, from researchers at the Centre of Interdisciplinary Law and ICT (ICRI) and the Computer Security and Industrial Cryptography department (Cosic) at the University of Leuven, and the media, information and telecommunication department (Smit) at Vrije Universiteit Brussels, was commissioned after an original draft report revealed Facebook’s privacy policy breaches European law. The researchers now claim that Facebook tracks computers of users without their consent, whether they are logged in to Facebook or not, and even if they are not registered users of the site or explicitly opt out in Europe. Facebook tracks users in order to target advertising. The issue revolves around Facebook’s use of its social plugins such as the “Like” button, which has been placed on more than 13m sites including health and government sites. Facebook places tracking cookies on users’ computers if they visit any page on the facebook.com domain, including fan pages or other pages that do not require a Facebook account to visit.”
You can download the latest version of the report here.
You can download Annex 1 “Facebook tracking through social plug-ins” here
[From the report:
Facebook combines data from an increasingly wide variety of sources (e.g., Instagram, Whatsapp and data brokers). By combining information from these sources, Facebook gains a deeper and more detailed profile of its users. Facebook only offers an opt-out system for its users in relation to profiling for third-party advertising purposes.


Should be interesting.
From the Office of the Privacy Commissioner for Personal Data, Hong Kong:
The Office of the Privacy Commissioner for Personal Data (“PCPD”) published today a Guidance on CCTV Surveillance and Use of Drones (the “Guidance”).
… “While the privacy implications of surveillance tools such as CCTV are fairly well understood, drones when fitted with cameras could add a new dimension to these privacy concerns by virtue of their unique attributes. These include their mobility as well as ability to stay in the air for a considerable period of time, gather information from vantage points and over a broad territory.
… The privacy guidelines for the use of CCTV apply equally to the use of drones. However, to address the drones’ special attributes such as mobility, small size and difficulty to identify the operator, innovative measure to safeguard privacy are called for. Specific illustrations of this approach are provided in the Guidance.

(Related) In this country, we (or is it only democrats from New Jersey) don't even understand what “commercial” means.
Dem warns against risks of commercial drones
Rep. Bonnie Watson Coleman (D-N.J.) has introduced a bill requiring the Department of Homeland Security to research the risks posed by small to medium-sized commercial drones.
Watson Coleman cited the January incident at the White House when a drone landed on the grounds around 3 a.m.


There is no “Best App for all users?”
How Facebook Controls the Future of Messaging
Facebook, which thoroughly dominates the current era of the online social networking industry, is setting itself up nicely for the next. Many see messaging apps as the future of social: Lightweight, real-time, personal conversations that can become rich environments for media sharing, entertainment, and even commerce. Facebook is in a particularly luxurious position here.
It now owns the two largest messaging services in the world: No. 1, WhatsApp, which last said it had 700 million monthly active users, and was acquired by Facebook for more than $20 billion. And no. 2, its homegrown Facebook Messenger, which now has 600 million monthly active users.
What’s interesting is how the apps are starting to diverge: Two similar concepts with increasingly different feature sets, philosophies, and strengths.


Now this is how you fool April.
Apple Starts a Religion, Microsoft Cancels Windows 10, & More… [Tech News Digest]


For my Javascript students.
Microsoft upgrades JavaScript, Visual Studio development tools
… Version 4.0 also focuses on interoperability. "We believe you should use WinJS and your favorite JS frameworks together, whatever they may be," the blog post says. "The AngularJS-WinJS wrapper we now provide allows you to use WinJS seamlessly in your Angular projects."
WinJS 4.0 Preview is downloadable at the TryWinJS website, and the full release is due later this year.
In the IDE realm, Microsoft's Visual Studio 2015 tool set, due this summer, will highlight three principal offerings intended to meet specific needs for developers. Visual Studio 2015 Enterprise with MSDN is geared to teams building high-scale applications and services and unites the Premium and Ultimate versions of the tool set. It also offers advanced testing and devops. Next on the roster is Visual Studio Professional with MSDN, a collection of tools and services for individual developers or small teams to build professional-grade applications. Rounding out the rollout is Visual Studio Community, offering free access to tools for non-enterprise and open source development.


This could be an interesting forum debate for my Business Intelligence class. Could also be fun in my Statistics class.
What to Do When People Draw Different Conclusions From the Same Data
“In God we trust; all others must bring data.” William Edwards Deming
… What if data analysis were crowdsourced, with multiple analysts working on the same problem and with the same data? Sure, the result might be a range of answers, rather than just one. But it would also mean more confidence that the results weren’t being influenced by any single analyst’s biases.
… And a paper released earlier this year gives an indication of how it might work.
The researchers recruited 61 analysts (mostly academics) and asked them to assess whether soccer referees were more likely to give red cards to players with darker skin tones. The analysts split up into 29 teams, and were given a dataset that included numerous variables about both players and referees.
Each team devised their method for answering the question, and then shared that approach – but not any results – with the group. The result was a heated debate over which methods were defensible, and which were not. If you’re looking for a correlation between skin tone and red cards received, does it make sense to control for the position the player plays? What about the country their team is located in, or how many yellow cards they’ve received?

(Related) Or is it?
Once You Align the Analytical Stars, What’s Next?
… For organizations to gain business value from analytics, managers must turn the analytical results into action — the organization must be able to consume analytical results, not just produce them. Consuming analytical results is a growing problem for organizations. Organizations that build the expertise to produce stellar analytical results, also create a sizable gap between their ability to produce these results and their ability to consume them.
This analytics gap can be narrowed from two directions: by producing analytical results that are easier to consume, or by improving capabilities to consume them.


For my students who research (yes, ALL of you!)
Open Government Guide
Reporters Committee for Freedom of the Press: “The Open Government Guide is a complete compendium of information on every state’s open records and open meetings laws. Each state’s section is arranged according to a standard outline, making it easy to compare laws in various states. If you’re a new user of this guide, be sure to read the Introductory Note and User’s Guide.”

(Related) My librarians will love this.
Libraries and Librarians in the Internet Age
Libraries in the Internet Age is the title of the latest video produced by Common Craft. The video provides a clear overview of how libraries and the importance of librarians has changed over time. The video echoes a point that I made in a webinar today and that I have heard many librarians say to students, "Google is not the only search engine." Librarians can help students access databases that they otherwise wouldn't be able to use which in turn takes them to information they wouldn't otherwise find. … You can also click here to watch it.
Libraries in the Internet Age could be a great video to show to students at the beginning of the school year or just before they embark on a new research project. The video might help students realize that there is a lot more to their school libraries than meets their eyes.


Will my students find this adequate? Stay tuned!
Microsoft Corporation (MSFT) Counters Chromebooks With Cheap Notebooks
Microsoft Corporation is gearing up to compete against Google Inc.’s Chromebooks with the launch of two inexpensive notebook computers, before the end of the year. A Taipei research firm reports that the Window-based PCs will be ready for shipping by mid-year, specifically targeting the education sector as well as other wider consumer market.
… This model is to go on sale for $179.


Why would I ever sell my SciFi collection? But then, a place for you to sell is a place for me to buy!
The Best Ways to Sell Books Online
… Here on MakeUseOf, we’ve made you aware of the various ways you can buy books cheaply online, but just how do you go about selling them? How do you get a quick sale, and is it possible to get a rare or unusual book to sell for the right price?


Interesting “How To,” even if it is limited to the Apple platforms. I'm sure we could find Apps for any platform
How To Write and Publish Your First iBook Using iBooks Author

No comments: