Thursday, May 28, 2015

God helps those who help themselves and God help those who don't. How much would your liability rise if there were records proving you had been warned but did nothing?
Gwyn D’Mello reports that an online music site was hacked to make a point after they failed to secure their site despite multiple warnings:
A white hat hacker used an exploit to gain access to Gaana.com user credentials, because they neglected to fix a security bug he reported.
It seems Gaana.com was hacked a few hours ago, with user data and credentials being accessed. But, in a fortunate turn of events, the responsible party turned out to be a white hat hacker.
[…]
Mak Man, the hacker responsible, detailed the incident in a Facebook post, saying he had reported the exploit to the website’s team on multiple occasions, but was ignored. He says he was trying to bring attention to the glaring hole in their security, and had no malicious intent.
While users’ credentials were accessed, Mak Man has since said that the data was being queried in real time, and was not stored or copied on their server.
Read more on DNA.
The site notes that all its passwords were hashed. See their tweets about the incident.


(Related) Don't pay the ransom, but there are still things you can and should do.
The mSpy data breach is the kind of breach that I cover over on databreaches.net, but the privacy implications of this one are so severe that I thought I should note it here.
If you’re using spyware to spy on your children or a partner – regardless of whether you call it spying or “monitoring” or any other euphemism – note that you – and they can be exposed in a breach by companies that do not take adequate security protections.
Brian Krebs has been all over this breach. Today, he writes:
The mSpy data was leaked to the Deep Web, where hundreds of gigabytes of files, chat logs, location records and other data was dumped after the company reportedly declined to comply with extortion demands made by hackers who’d broken into mSpy’s servers. Included in that huge archive is a 13 gigabyte (compressed) directory referencing countless screen shots taken from devices running mSpy’s software — including screen shots taken secretly by users who installed the software on a friend or partner’s device.
The log file of the screen shots taken from mSpy-infested devices doesn’t store the actual screenshot, but instead includes incomplete links to the images. Incredibly, nearly two weeks after this breach became public, all of the leaked screen shots remain viewable over the Internet with nothing more than a Web browser if one knows the base URL that precedes the file name. And that base URL is trivial to work out if you have an active mSpy account.
Read more on KrebsOnSecurity.com.
[From Krebs:
Almost a week after I requested comment from mSpy, a person named Amelie Ross responded with a somewhat nonsensical statement that essentially said the whole incident was dramatically exaggerated and aggravated by the media.
“Data logs do not include the information of the account user, therefore cannot be tracked back to data owner,” Ross said, ignoring the fact that I was able to identify and contact many of the company’s customers.




Local. We may not have as many skimmers as Florida, but we aren't immune either.
Police are hoping that citizens can help catch some men suspected of attaching credit card ‘skimmer’ devices at local banks….. The devices have been discovered on ATM machines at both branches of Bank of Colorado in Grand Junction.
Read more on WesternSlopeNow.com.




Something for my Ethical Hacking students to push?
ACLU: Feds should offer rewards for finding cybersecurity flaws
… The group told the Department of Commerce Internet Policy Task Force in a letter Wednesday to provide financial incentives for security researchers who bring flaws to the government's attention. Such rewards are common practice at large tech firms.




Do we have to do this state by state? No mention of any other state's DA being involved.
Acting Attorney General John J. Hoffman and the New Jersey Division of Consumer Affairs obtained a settlement with the developer of “Tidbit,” a software code designed to help websites generate revenue by using their viewers’ computers to mine for the virtual currency known as Bitcoin.
A New Jersey Division of Consumer Affairs investigation has found that, despite initial assertions by Tidbit’s developer, the software was used to gain access to computers owned by persons in New Jersey, without the computer owners’ knowledge or consent.
The Division further found that the developer of Tidbit offered and provided the software to web developers without reviewing their privacy policies, and without having any control, compliance, or review mechanism in place. The Division alleges that these actions constituted violations of New Jersey’s Computer Related Offenses Act and Consumer Fraud Act.
… Pursuant to the Consent Order announced Tuesday, Tidbit’s developer is prohibited from accessing or attempting to access New Jerseyans’ computers without clearly and conspicuously notifying the owners and obtaining their verifiable consent. The Consent Order also includes a $25,000 monetary settlement that shall be suspended and automatically vacated within two years, provided the software developer complies with the settlement terms.
… Bitcoins are generated or “mined” through the solving of highly complex algorithms, a process that requires significant amounts of computer processing power.
… Rather than show ads to consumers, and earn money by selling space to advertisers, websites that use Tidbit would earn money by taking over part of the processing power of computers that visited those sites, and by using those computers to mine for Bitcoins.




For my Computer Security students. Facebook should sell T-shirts with a big bulls-eye on them. Add this to your weaponized drone software as “automatic targeting” and SkyNet is here?
Facebook Messenger sends out 'creepily' precise location data, as revealed by Marauders Map Chrome extension
Facebook sends out such precise data to people you chat with that your location can be tracked to individual streets, a new Chrome extension shows.
Every time a person sends a Facebook message from a phone, it sends out their location to the person chatting with them. The extensions scrapes all of that data and overlays it on a map, meaning that a precise chart of people’s movements can be done using those conversations.
… Some of the data sent out makes it possible to pinpoint locations to less than a meter, he said, and that can be used to figure out people’s regular schedule or to spy on them. Khanna points out that it doesn’t take many messages to work out people’s habits, especially if a number of people collude to share their data.
… The location sharing can easily be turned off. iOS users can do so by heading to settings and then location services, and turning location off for Facebook Messenger. Android users can go on the app itself, head to its settings, and turn off Location Settings.




For my Statistics students. Often, we assume we know things we don't know. Or at least lawmakers do.
… The plaintiffs are challenging the usual method (counting total number of people living in a district) and are asking that states use the total number of eligible voters instead. The trouble is, we don’t have robust statistics on the number of eligible voters. If the Supreme Court were to set new standards for districting, we would need to overhaul the nation’s statistics and surveys.




Another area where auto-completion will no doubt cause confusion and amusement.
Google’s ‘Mind-Reading’ Search Answers Your Questions Before You Finish Typing
When Google introduced "Instant" to its search engine five years ago, it quickly became another feature that cemented Google as many persons' go-to provider. With features like that and the overall accuracy, it's no wonder why Google hogs 65% of the world's search market share.
Well... it looks like Google's search is about to become even better. So much better, in fact, that it aims to answer a question before you can even ask it. A good example can be seen below:




For the “I want it now!” generation. (and another weapon in the Amazon-Google war)
Amazon expands same-day delivery, offers free shipping on orders over $35
Amazon.com Inc said on Thursday it will expand same-day delivery to San Diego and the Tampa Bay Area under its Prime shipping service, which has been an engine of revenue growth for the online seller.
Amazon offers same-day delivery to Prime members for $5.99 per order and non-members for $8.99 plus 99 cents per unit. It will now allow Prime members free same-day shipping on orders over $35, Greg Greeley, head of Prime, told Reuters.
"We know same-day delivery volumes will grow dramatically now that we are making it free," he said.




Another example of the US as the world's police force? Interesting questions on where these crimes took place and what the laws were in those countries. Or do we not really care?
FIFA officials to be indicted by U.S. on corruption charges
About 10 officials of FIFA, the governing body of world soccer, will be indicted in the U.S. on Wednesday on corruption charges involving the awarding of the World Cup and marketing and broadcast deals.


(Related) On the other hand, this does not surprise me at all.
The world's biggest brands could sue FIFA for millions over 'wasted' marketing budgets
The arrests of several FIFA officials on Wednesday on racketeering and corruption charges has already led to a number of big name sponsors questioning whether they will continue with their advertising contracts.
But the charges, which relate to more than $150 million in alleged bribes and kickbacks from the 1990s to today, not only place Qatar's 2022 World Cup hosting in jeopardy, they also could lead to some of the world's biggest brands suing FIFA for advertising and marketing money already spent on the event.




Looks like the Russian economy has rebounded enough to start this stupidity again. (Or perhaps certain naysayers have been silenced?)
Reuters reporter: Russia is amassing unmarked tanks and soldiers on its border with Ukraine
Russia's army is massing troops and hundreds of pieces of weaponry including mobile rocket launchers, tanks and artillery at a makeshift base near the border with Ukraine, a Reuters reporter saw this week.
Many of the vehicles have number plates and identifying marks removed while many of the servicemen had taken insignia off their fatigues. As such, they match the appearance of some of the forces spotted in eastern Ukraine, which Kiev and its Western allies allege are covert Russian detachments.




For all my students.
How Famed Tech Analyst Mary Meeker Foresees the Future of the Internet
The ever-mounting number of users to join the World Wide Web may finally be starting to plateau. So says esteemed tech analyst Mary Meeker, partner at Kleiner Perkins Caufield & Byers, in her 20th annual Internet Trends report, which she presented today at the Code Conference in California.
To be fair, Internet user growth is still solid, Meeker says, but only increased by 8 percent in 2014 compared to 10 percent in 2013. Smartphone subscriptions followed a similar trajectory, posting increases of 23 percent last year versus 27 percent the year prior.
Her report, embedded below, covers a vast array of topics, including the expected proliferation of drone usage in 2015. Meeker predicts that 4.3 million total consumer drones will be shipped in 2015, comprising a $1.7 billion market.
Meeker also covers the ways in which today’s youth is consuming -- and increasingly creating -- content on the Web.


(Related) This may help me communicate with my students. (I did say, “May.”) My library does not have this yet.
Microsoft Researcher Nancy Baym offers her new take on communication in the digital age
… MIT Comparative Media Studies and Microsoft Researcher Nancy Baym took time out to publish her research on the related phenomenon. Five years ago, Nancy published Personal Connections in the Digital Age. The publication was an investigation into whether technology had the capacity to diminish the interpersonal relationships or in some way negatively impact humanity as a whole.
… Nancy has updated her research publication to include the additional years and has now published a second edition of Personal Connections in the Digital Age, released this week.
… “In the second edition, in particular, I wanted to show that research done before social networking sites existed still has relevance. We don't need to invent the conceptual and empirical wheels anew with each new medium.” [Brilliant! Bob] During the interview, Nancy was also asked about her opinion on whether or not we are on a road to losing intimacy of personal connections? Her short answer was no.




Something for the geek toolkit.
Remote Access Tools or How to Be In Two Places at Once
the right remote access tools can help you connect to and operate a computer in your office as if you were sitting right in front of it. They vary in ease of use, features and cost, but we've collected five of the best for your consideration.


(Related) For the entrepreneur's toolkit.
Free Technology Resources for Small Business Start-Ups




For my data crunching students.
Dasheroo Delivers Insight into Critical Business Metrics
There's certainly no shortage of social media outlets, emarketing sites and online services to help you reach the Internet masses and grow your small business. But there is a shortage of time to track your business' performance on them all. Sure, you can log into Google Analytics, then Facebook, then Salesforce, then MailChimp and so on to check the performance snapshots that each service offers. But what you really need is a dashboard for your dashboards—which is precisely what Dasheroo delivers.
… At the present time, Dasheroo lets you choose from a solid selection of 18 popular online services (with more Insights in the works) that includes Google Analytics, Facebook, Twitter, Google Sheets, YouTube, Campaign Monitor, MailChimp, Instagram, Salesforce, LinkedIn, SurveyMonkey, Vertical Response, Constant Contact and others. Simply select the services you want Dasheroo to track, enter your log-in info for each (you only have to do that once), and you're ready to construct your custom Dashboard.
[From the Dasheroo website:
20 Years for FREE! We love you, our early adopters! So, for all of you that sign-up by June 15, 2015...drum roll please: You’ll get Dasheroo Grande plan FREE for the next 20 years. Yup. Free. Until 2035.


(Related) For my Data Management students.
Did You Realize There Were So Many Facebook Apps?
… The official messaging app, Facebook Messenger, is a widely-used form of communication. You can not only send messages to your Facebook friends, but those in your phone’s contact list as well. You can create group chats, send photos and videos, and see when others have viewed your messages. Facebook Messenger is available for both iOS and Android.




For all my students. Very handy App.
Office Lens - Now Available on Android, iOS, and Windows Phones
Office Lens is an app from Microsoft that is designed for converting pictures of notes on whiteboards and paper into notes that can be edited in Microsoft Word or PowerPoint. I wrote about the app eight weeks ago when it was still in a limited beta for Android users. Office Lens is now available for all Android users. You can find the app in the Google Play store. The iPhone version is available here and the Windows Phone version can be found here.
Probably the best aspect of Office Lens is that hand-drawn images and figures captured through the app can be separated from the text to move and manipulate as individual objects in PowerPoint slides. See the video below for an overview of Office Lens.
Office Lens could be a great app for students to use to snap a picture of something on a whiteboard then add their own comments to it in a Word Document.
The option in Office Lens to separate hand-drawn objects could be a good way to digitize a brainstorming session. When I brainstorm I often do it in a paper notebook that has pages of edits. By taking a picture of the brainstorming session I could separate each part of the notes then move them into new positions on slides or in a document.


No comments: