Wednesday, April 29, 2015

This sounds strange to my ears. 1) Isn't WiFi available on planes? 2) I planned my flight before I got in the plane. Are they claiming that no one noticed a problem until they were about to take off? Sounds like the airline recalled the planes to update the software (I doubt the pilots did it) which suggests some aircraft were flying with defective iPads. I'll have to see how many ways my Ethical Hacking students can come up with to make subtle changes to this software.
American Airlines Flights Delayed After App Issues in Cockpit
American Airlines said that a glitch with a third-party application used on pilots' iPads caused several flights to be delayed on Tuesday.
The airline said that some planes were forced to return back to flight gates so that pilots could access a WiFi connection and fix the app issues. It was not immediately clear how many flights were affected. The issue was with software containing mapping and flight-planning information, according to Re/code.




Another area for concern. If someone like my Ethical Harking students could pull information from a company before its scheduled release, they could make a fortune by buying or short-selling the stick. I expect we will hear more on this.
Twitter earnings leaked ... on Twitter. Stock tanks 20%
Twitter's latest quarterly results came out earlier than expected after someone on Twitter (naturally) leaked them.
… The numbers first appeared on the Twitter account of Selerity, a self-described financial intelligence platform, at 3:07 ET. Twitter was not due to release its results until after the market closed at 4 p.m.
After Twitter officially released earnings, Selerity tweeted that it got the numbers directly from Twitter's investor relations site.
"No leak. No hack," Selerity tweeted.
Twitter's investor relations team released a statement on Twitter.
"We asked [the New York Stock Exchange] to halt trading once we discovered our Q1 earnings numbers had leaked, and published our results as soon as possible," the company tweeted. "We are investigating the source of the leak."




I am becoming convinced that the Health Care industry is today's “low hanging fruit” when it comes to hacking (or simply walking off with) personal information.
In reading the substitute notice below, note that they do not say from where the laptop was stolen, nor how many were affected. And what kind of “commitment” to privacy is it to just password-protect a laptop with PHI – and to keep “former member and dependent” information on it? C’mon, folks. We can and must do better.
As part of its ongoing commitment to protecting the privacy of personal health information, Oregon’s Health CO-OP is notifying members of a security incident.
On April 3, 2015, a password protected laptop containing Oregon’s Health CO-OP member and dependent information was stolen.
… The information on the stolen laptop included current and former member and dependent names, addresses, health plan and identification numbers, dates of birth and social security numbers. No medical information was on the laptop. [Makes you wonder what the laptop user's job was... Bob] There is no indication this personal information has been accessed or inappropriately used by unauthorized individuals.
… Oregon’s Health CO-OP has established a confidential inquiry line, staffed with professionals trained in identity and credit protection and restoration who are familiar with this incident and the contents of this notice. [This must be some outside service. (Clearly not the health co-op) I don't recall seeing it before, but I bet they get lots of business. Bob]
SOURCE Oregon’s Health CO-OP




Just a few days ago, Sony asked the court to toss out some class actions because it had been a whole 5 months since their breach.
Brian Krebs reports that he received a tip about physicians’ data up for sale on a darknet marketplace called AlphaBay. One of the databases for sale was a large text file called, “Tenet Health Hilton Medical Center” that contained the name, address, Social Security number and other sensitive information on dozens of physicians across the country.
Did you ever hear about that breach? I never did – not under that name, but it turns out in September, 2014 I had reported the breach on PHIprivacy.net in my report on PST, a McKesson subsidiary. I just didn’t know at that time that Tenet Health was another affected client as there was no entry for them on HHS’s public breach tool.
It’s interesting that some of the data are up for sale now. How many times have we heard entities say “We have no evidence of misuse?” InCompass Health was surprised to learn that the data were up for sale when Brian contacted them.
I wonder what they will do now. Will they send a second notification/update to say, “Hey, we just learned your data are up for sale” or will they figure they’ve already covered themselves in their first notification? [No legal obligation, right? Bob]
And how much more of the data may be up for sale? Keep in mind that data were reportedly exposed on the Internet between December 1, 2013 and April, 2014, when the breach was detected and the data were secured.
Trot on over to KrebsOnSecurity.com for more info on how healthcare entity breaches result in patient (and provider) information getting around.




This should be of great interest to my computer security students.
Calculating Cyber Security ROI for Enterprises
Communicating the value of security in dollars and cents to a board of directors can be a complicated endeavor.
To help with this conundrum, consultancy firm Booz Allen Hamilton has offered up its own methodology for determining an organization's return on investment (ROI) in cybersecurity.




Another example of a management group who never heard of Privacy?
The editors of the Deccan Chronicle in India address a breach noted earlier this week:
In an appalling act of recklessness, the Telecom Regulatory Authority of India has compromised the privacy of over a million Internet users of the country by publishing online all the responses of their consultation paper on Net neutrality. Either the bureaucrats running Trai are ignorant [Got it in one! Bob] of how the Internet works or they were simply getting back at the virtual unanimity in opposing the erosion of the equity of providing Internet service by telecom companies creating shortcuts for corporates. Not only are all the 11 lakh email IDs in the public domain but all the addresses and phone numbers of those who may have put such details in their mails as part of their emailing template.
Read more on Deccan Chronicle




What other organizations do this? If your favorite hotel chain did, would they tell you? Can you stay in a hotel without giving your name if you pay in advance in cash? (Is a name enough to identify the guest? They must provide all the information they have.)
Joe Cadillic sends along this very disturbing news story. After reading it, I decided that I will never stay at a Motel 6 again.
Patrick Anderson and Tracee M. Herbaugh report:
City police have arrested four people staying at the Motel 6 on Jefferson Boulevard as a result of the hotel chain’s agreement to provide police with a daily guest list, Mayor Scott Avedisian said Tuesday.
The names of Motel 6 guests, which police then check for outstanding warrants, is one of five steps Motel 6 corporate managers agreed to take in response to a string of high-profile incidents and concerns the establishment was becoming a haven for passing criminals.
… As of now, guests who check-in at Warwick’s Motel 6 will not be told their names are on a list that goes to the police station every night.
Alerting motel guests that local police know their whereabouts “is not a normal process of our check-in,” said Victor Glover, a vice president of safety and security for G6 Hospitality, the parent company for Motel 6. “I don’t know that we have any plans of instituting that as we move forward.”
Glover said that, generally, if a local police department wants a property’s guest list, Motel 6 makes it available. Glover would not say, however, if the Motel 6 brand has had similar problems at other locations, only that “there are times that issues come up.”
Read more on Providence Journal.




Why would you shut off communications that the public uses, but not the communications that a smart group of terrorists would use? (e.g. FireChat) It provides a clear indication that the DHS is on the scene but the only negative impacts are to the victims.
DHS Defends Government Secrecy in “Internet Kill Switch” Case
by Sabrina I. Pacifici on Apr 28, 2015
EPIC – “The Department of Homeland Security has filed a brief in response to EPIC’s petition for rehearing in the “Internet Kill Switch” case. EPIC is seeking the release of the public policy that allows the government to suspend cell phone service. The D.C. Circuit previously ruled that DHS may withhold the policy. EPIC pursued the shutdown policy after government officials disabled cell phone service during a peaceful protest in San Francisco. EPIC cited both free speech and public safety concerns and noted that the policy was never subject to public rule making. The Federal Communications Commission recently warned government agencies not to use “jammers,” devices that block cell phone signals, because of public safety risks.”




Is Google going to oppose patent trolls or become one? (Digest Item 2)
All Your Patents Are Belong To Google
Google wants your patents. All of them. Or at least those it feels have some value. In order to find these patents and buy them from their current owners, Google has created a new Patent Purchase Promotion. Which is essentially a marketplace designed to remove any friction from the process.
The marketplace will open on May 8 and stay open until May 22. Individuals and businesses are invited to put their patents up for sale during that window, and Google will then determine which patents it wants to purchase. Google hopes to have all sales tied up by the end of August.
The big idea here is for Google to buy up valuable patents before they fall into the hands of patent trolls out to make a fast buck. As noted by TechCrunch, the added bonus for Google is that it gets to see what patents are currently available, and pick and choose those which it thinks will pay off financially over the longterm.




Another interesting article. (Dem guys a Haaarvard must be really smart, or maybe I just agree with them?)
How Technology Has Affected Wages for the Last 200 Years
… are we really at an historical turning point? No. In fact, the present is not so different than the past. Throughout history, major new technologies were initially accompanied by stagnant wages and rising inequality, too. This was true during the Industrial Revolution in the early nineteenth century and also during the wave of electrification that began at the end of the nineteenth century. However, after decades these patterns reversed; large numbers of ordinary workers eventually saw robust wage growth thanks to new technology.




Curious. I'll have to run this by our librarians to see if it will handle some of the stuff I didn't purchase from Amazon. (No surprise, their video never mentions that possibility.)
Amazon Whispercast 3.0 Helps Your Teacher Stay Organized
Amazon today launched Whispercast 3.0 to make it easier for schools and businesses to manage their Amazon gadgets.
Whispercast, which debuted in 2012, lets schools and businesses easily discover and manage e-books, apps, and more for Amazon's lineup of Kindle devices. With Whispercast 3.0, Amazon is promising upgrades like tiered administration and group management, which provides more freedom to set up organizational hierarchies and delegate control. Users can also organize content by classes, grades, groups, or whatever structure makes most sense for them.
Digital Transition Services, meanwhile, will provide users with access to service representatives who can help with the setup process. But a step-by-step setup wizard is also intended to let users organize and distribute content on their own.
… also lets users access documents on Android and iOS handsets, Chromebooks, Macs, and PCs.




For my students, who will be involved as creators or users of digital information. (Free PDF)
Preparing the Workforce for Digital Curation
by Sabrina I. Pacifici on Apr 28, 2015
“The massive increase in digital information in the last decade has created new requirements for institutional and technological structures and workforce skills. Preparing the Workforce for Digital Curation focuses on education and training needs to meet the demands for access to and meaningful use of digital information, now and in the future. This study identifies the various practices and spectrum of skill sets that comprise digital curation, looking in particular at human versus automated tasks. Additionally, the report examines the possible career path demands and options for professionals working in digital curation activities, and analyzes the economic benefits and societal importance of digital curation for competitiveness, innovation, and scientific advancement. Preparing the Workforce for Digital Curation considers the evolving roles and models of digital curation functions in research organizations, and their effects on employment opportunities and requirements. The recommendations of this report will help to advance digital curation and meet the demand for a trained workforce.” Committee on Future Career Opportunities and Educational Requirements for Digital Curation; Board on Research Data and Information; Policy and Global Affairs; National Research Council.




For my Computer Security students. Make them pay well for your services.
Experts Warn on Critical Shortage of Cybercrime Specialists
Riyadh - Experts warned at a conference in Saudi Arabia on Tuesday of a critical shortage of global specialists trained to confront increasingly malicious cyber security threats.
"Some reports say that we have globally less than 1,000 people who are truly qualified, whereas we need over 30,000 to address the problem," said Mark Goodwin, of Virginia Tech university in the United States.




Another tool for creating lectures my students will ignore?
SoundCloud Is Making It Easier for Anyone to Publish a Podcast
SoundCloud is one of the audio recording tools that I have been recommending for years. I've always liked the ease with which you can record, save, and share audio through the service. The option to insert text comments into SoundCloud tracks has been an appeal of the service too. Today, SoundCloud added a new feature that will appeal to anyone that has wanted to try his or her hand at podcasting.
SoundCloud for Podcasting creates an RSS feed for the recordings that you make or upload to your SoundCloud account. This doesn't seem like a big deal until you realize that by having that RSS feed created for you, you can then easily publish your podcast across multiple podcasting services including iTunes. Compare Apple's directions for publishing to iTunes to SoundCloud's directions for the same and you'll see why SoundCloud makes it easier to distribute podcasts.
Applications for Education
SoundCloud for Podcasting could be a great service to try if you have wanted to try podcasting with your students, but have been overwhelmed or frustrated by the process of distributing the recordings your students have made. The free SoundCloud for Podcasting plan provides hosting for up to three hours of recordings.


No comments: