Friday, June 05, 2015

You wouldn't want the US to be a second rate CyberWar power would you? (How do they stage these just when they need them?)
Chinese hackers breach federal government’s personnel office
Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S. officials said Thursday, and the agency will notify some 4 million current and former federal employees that their personal data may have been compromised.
The hack was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S. government networks in recent months. Russia last year compromised White House and State Department e-mail systems in a campaign of cyber espionage.
OPM, using new tools, discovered the breach in April, according to officials at the agency who declined to discuss who was behind the hack.
Other U.S. officials, who spoke on condition of anonymity citing the ongoing investigation, identified the hackers as being state-sponsored.


(Related) “Patterns” would suggest anything originating in North Korea and many IP addresses in China.
Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border
Without public notice or debate, the Obama administration has expanded the National Security Agency‘s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified N.S.A. documents.
In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad — including traffic that flows to suspicious Internet addresses or contains malware, the documents show.
The Justice Department allowed the agency to monitor only addresses and “cybersignatures” — patterns associated with computer intrusions — that it could tie to foreign governments.




I wonder why no law school has created a “New Technologies and the Law” center to explain how new technologies might impact the law. Wouldn't the companies who create the technology be willing to fund it? (And pot holes should be regulated under the marijuana laws because... Pot!)
From the see-why-judges-need-to-understand-technology dept.:
Sean Whaley reports:
The Nevada Supreme Court said Thursday that the state’s wiretap law permits the interception of cellphone calls and text messages even though it has not been updated since 1973.
[…]
But a three-justice panel of the court said Nevada’s law regarding “wire communications” includes cellphones. The court said that “wireless” cellphone communications do involve the use of a wire when the communication reaches a cellular tower and is then transmitted by wire through a switching station to another transmitting tower.
Read more on Las Vegas Review-Journal.


(Related) Perhaps the Computer Security industry would help fund such a center...
IoT Poses Security Challenge to Enterprise Networks
There are many things in the Internet of Things (IoT); so many that enterprises are often finding themselves challenged to keep up and secure them all.
In a new study from OpenDNS entitled 'The 2015 Internet of Things in the Enterprise Report', researchers found that IoT devices are common in highly-regulated industries, even though the infrastructure supporting those devices has its share of cracks in it.
"The traditional approach of designing a strong perimeter and controlling everything inside of that perimeter just isn’t possible anymore," said Mark Nunnikhoven, senior research scientist on the OpenDNS Security Labs team.




Can you really Opt-Out?
Orin Kerr writes:
The federal Wiretap Act is the major privacy law that protects privacy in communications.
[…]
In this post, I want to focus on a particularly tricky and important application of the problem that is raised in a case now pending in the Third Circuit: How does the Wiretap Act apply to surveillance of websurfing? Say a person is surfing the web, and a surveillance device is monitoring the URLs that a person is visiting. When, if at all, can that violate the Wiretap Act? Are the URLs contents or metadata, and if URLs are contents, who are the parties to that communication that can consent?
Read more on The Volokh Conspiracy.
[From the Third Circuit article:
Google and a couple of other Internet companies that use third-party cookies to track the online behavior of people who use browsers that are specifically designed and advertised as barring that kind of tracking are the only defendants in the case, "but this is how systems across the entire Internet work and whatever ruling this court issues is going to affect broad swaths of companies and how they interact," said Michael Rubin, the Wilson Sonsini Goodrich & Rosati lawyer who represented Google in front of the Third Circuit.




This is a significant change. I can see why many tech companies would love it.
Emma Woolacott reports:
Under the draft provisions of the latest trade deal to be leaked by Wikileaks, countries could be barred from trying to control where their citizens’ personal data is held or whether it’s accessible from outside the country.
Wikileaks has released 17 documents relating to the Trade in Services Agreement (TISA), currently under negotiation between the US, the European Union and 23 other nations. These negotiating texts are supposed to remain secret for five years after TISA is finalized and brought into force.
Read more on Forbes.




Perhaps we should take a look at this?
Chris DiMarco reports:
The National Institute of Standards and Technology is probably best known for the cybersecurity guidelines it released in late 2013, but the organization frequently authors reports on critical issues in the technology space. The NIST recently released a draft of one such report designed to aid federal organizations in processing private citizen information. Now entering a public commenting period that will remain open until July 13, the report, “Privacy Risk Management for Federal Information Systems,” seeks to create a universal vocabulary for discussing the challenges of private data processing, while providing modes of thinking that can be applied as information processing continues to evolve.
[…]For more on the “Privacy Risk Management for Federal Information Systems Framework” draft and to submit comments, visit NIST.gov.
Read more on LegalTech News (sub. req.)




Perhaps you should not use social networking without thinking about the possible downside. This is about as far from a “Like” as you can get.
General: Social media post led to strike against ISIS
A general suggested at an event that the Air Force was able to target an attack on a building used by the Islamic State in Iraq and Syria (ISIS) based on a single social media post, according to an account published by Defense Tech.
“It was a post on social media to bombs on target in less than 24 hours,” Gen. Hawk Carlisle said during an Air Force Association event. “Incredible work when you think about.”
“The guys that were working down out of Hurlburt, they’re combing through social media and they see some moron standing at this command. And in some social media, open forum, bragging about the command and control capabilities for Daesh, ISIL. And these guys go: ‘We got an in.’ So they do some work, long story short, about 22 hours later” the building had been destroyed by a strike, he said.
… Social media platforms have moved to suspend users associated with the group, but the authors of the Brookings paper found those were not successful on a broad scale.
“Account suspensions do have concrete effects in limiting the reach and scope of ISIS activities on social media,” they wrote. “They do not, at the current level of implementation, eliminate those activities, and cannot be expected to do this.” [Think of this a permanent suspension. Bob]




Interesting. How long does it take to review 200 man-years of code?
Microsoft is going to let governments look at its source code in a special office to prove spies can't use it
Microsoft has opened a special office in Brussels that will allow European governments to dig through its source code in search of any backdoors that could allow foreign spy agencies to intercept information.
Microsoft posted on its blog that it's launching the special office to support a "high level of openness and cooperation" with European governments, who are deeeply suspicious of the online surveillance conducted by the US's NSA.
It already has one transparency center in Washington, but this is the first of its kind to be opened in Europe.
… Apple did something similar in China when it allowed the government to inspect its products in search of NSA backdoors, amid fears that Apple products could be used by the US government to spy on Chinese citizens. CEO Tim Cook reportedly agreed in December 2014 that Apple would comply with Chinese "security audits"




A clear indication that China is becoming a regional problem.
Manila "gravely concerned" over reported Chinese warning shot at sea
The Philippines on Friday expressed concern over reports a Chinese warship has fired a warning shot on a Filipino fishing boat near a reclaimed reef in the disputed South China Sea, Manila's defence minister said.
China has been rapidly expanding its occupied reefs in the Spratly archipelago, alarming other claimants, and drawing sharp criticism from the United States, Japan and European States.
"If indeed this happened, it is a cause of grave concern." Defence Minister Voltaire Gazmin told journalists in a text message from Tokyo, where he joined a four-day state visit by Philippine President Benigno Aquino.
China claims most of the South China Sea, through which $5 trillion in ship-borne trade passes every year. The Philippines, Brunei, Malaysia, Taiwan and Vietnam also have overlapping claims.


(Related)
Japan to Provide Patrol Vessels to Philippines
The Japanese government is providing more maritime equipment to its neighbors, as part of moves by U.S. regional allies to forge closer security ties in response to China’s aggressive behavior in the Western Pacific.
On Thursday, Philippine President Benigno Aquino III, who is on a state visit to Japan this week, signed a deal with a Japanese shipbuilder to buy a fleet of 10 patrol vessels. Tokyo will provide a low-interest loan worth ¥19 billion ($150 million) to pay for the ships, marking a significant shift in Japan’s foreign aid program focused until now on infrastructure projects.




Math stuff for my Math (and Excel) students.
Thoughts this week
Excel is my favourite Microsoft program both for its use in Mathematics teaching and for data analysis. In 2013 at the TSM Conference I was very fortunate to meet and be trained by Mike Hadden. I had already discovered and often used Mike’s Excel files for my teaching; in 2013 thanks to Mike I discovered the joys of Excel macros which save me a serious number of hours in my job!
Mike now has a blog where you can find out more about his Excel files for teaching (scroll down) and also learn more about macroshave a look at the Macro Recorder Demo.




For the Toolkit
The Mega Guide to Media File Conversion Tools in Windows




We don't teach our students how to use technology to communicate properly.
10 Simple Tips to Elevate Your Small Business Emails


No comments: