Saturday, September 12, 2015

Should “Best Practices” be selected to catch the bad guy or to get your services back online quickly? Perhaps you should contact the experts before you are hacked. Here are just a couple of points the article is trying to make.
US-CERT’s do’s-and-don’ts for after the cyber hack
Too often, agencies are erasing key forensic evidence after a cyber attack.
… So with that rule to live by, US-CERT offers these best practices:
General missteps
Hacked organizations shouldn’t automatically initiate reactive measures to the network without first consulting incident response experts.
… “This can cause loss of volatile data such as memory and other host-based artifacts. We also see them touching adversary infrastructure. It seems unusual, but we do,” she said. “They are pinging or doing name server (NS) look up, browsing to certain sites. Agency staff is trying to investigate the incident, naturally, and they want to conduct the analysis on suspicious domains or IPs. However, these actions can tip off the adversaries that they have been detected. Again, a no-no. You don’t want to do that.”
Resist pre-emptive password resets
Don’t erase audit logs




Nice to see proof it works both ways.
Joshua Phillipp reports:
Hackers released a list showing the phone numbers and home addresses of nine alleged ISIS recruiters, in countries including Turkey, Indonesia, Kuwait, and Iraq. Alongside this, one of the hackers behind the leak detailed how the terrorist organization recruits members using the Internet.
According to the hacker, who goes by the moniker “JhonJoe,” a favorite venue for ISIS recruiters is Twitter. When the recruiters find someone who expresses views similar to their own, they’ll make contact using the direct message function on Twitter.
“We ran a sting operation to uncover this,” said JhonJoe, in an interview on Twitter.
Read more on Epoch Times.




“We're government security. You can trust us!”
TSA Master Baggage Keys Compromised, Now Available Online For 3D Printing
When The Washington Post posted a story about the "secret life" of TSA bag handlers, it thought it'd spice up its presentation with a neat shot of master baggage keys being spread in someone's hand like a fan. As it happens, that was unwise, as when it comes to standard keys like those used for baggage, all that's needed to duplicate them is a clear image.




“Minority Report” is coming.
Joe Cadillic writes:
Your child’s writings, texts etc., could get them arrested and put on the Terror Watch List.
Future policing and incarceration is becoming a reality, a B.S. study called “Profiling School Shooters: Automatic Text-Based Analysis” alleges DHS, teachers and psychologists can identify future school shooters based entirely on a students writings!
What’s that you say? It can’t possibly be real? But the study was conducted with the Department of Education (DOE)!
Read more on MassPrivateI.




An extension of privacy or a tool for terrorists?
First Library to Support Anonymous Internet Browsing Effort Stops After DHS Email
Since Edward Snowden exposed the extent of online surveillance by the U.S. government, there has been a surge of initiatives to protect users’ privacy.
But it hasn’t taken long for one of these efforts — a project to equip local libraries with technology supporting anonymous Internet surfing — to run up against opposition from law enforcement.
In July, the Kilton Public Library in Lebanon, New Hampshire, was the first library in the country to become part of the anonymous Web surfing service Tor. The library allowed Tor users around the world to bounce their Internet traffic through the library, thus masking users’ locations.
Soon after [How closely is DHS monitoring libraries? Maybe they are just mapping TOR? Bob] state authorities received an email about it from an agent at the Department of Homeland Security.
“The Department of Homeland Security got in touch with our Police Department,” said Sean Fleming, the library director of the Lebanon Public Libraries.
After a meeting at which local police and city officials discussed how Tor could be exploited by criminals, the library pulled the plug on the project. [Because deterring crime is more important than securing your communications Bob]


(Related) Still making it sound like every crook uses encryption, which contradicts their reports to Congress. If the message is encrypted, we still have: Who called, who was called, time the call was made, duration of the call, locations of caller and person called, owner of each phone (usually), etc.
RT reports:
FBI Director James Comey continued his push for Silicon Valley to give the federal government backdoor access to encrypted data at a congressional hearing. However, the tech industry has told committee members that it’s not in their interest to help.
At a House Intelligence Committee hearing on Thursday, Comey said that he wants Silicon Valley to create a workaround that would give the federal government access to encrypted data in their programs and hardware, even though more than 140 tech firms have come out against the idea.
Read more on RT.


(Related) This is what the FBI really wants.
Lisa Eadicicco reports:
Siri will be able to perform an important new trick when Apple’s next iPhones come out.
The virtual assistant will always have an ear open, listening for users to summon it, ever ready to answer questions or to assist with certain tasks.
[…]
There are a lot of unanswered questions around these “always listening” devices, such as how they can use the data and who they can share it with.
“[The license agreements] have an extraordinarily wide latitude,” Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law, said to Business Insider. “And that’s a huge worry.”
Read more on Business Insider.




Schools may need to re-think some of their projects.
Kumar Singam reports:
Reliable sources have informed the Examiner that Montgomery County Public Schools (MCPS), the largest school system in Maryland, has installed LanSchool in Chromebooks distributed to students.
[…]
As the product brochure disarmingly mentions, LanSchool can be used for real-time monitoring of student activity on the computer. The website states that “Thumbnail monitoring allows the teacher to quickly view each student’s screen. At a glance, it is easy to see which students are on or off task. Administrators can monitor up to 3000 students at a time and dual-monitors are supported.” The website goes on to say that “LanSchool v7.8 automatically logs all keystrokes on student machines. (This can be disabled if your organization has policies against keystroke monitoring) Months of keystrokes are kept in a rolling log that can be watched in real-time or exported to a .csv file.”
[…]
The Examiner has confirmed through knowledgeable sources that MCPS did not obtain parental authorization for the use of the intrusive software from students who were given Chromebooks with LanSchool installed.
Read more on Examiner.com




Ah man. Are they taking away my right to ram anyone that irritates me? That's unAmerican!
Automakers Will Make Automatic Braking Systems Standard in New Cars


(Related) I'll be these guys don't get that system. Only us second class citizens.
Dodge Charger Pursuit Gets High-Tech System




Journalists (or anyone) could broadcast using Periscope or a similar App, but this way they have a predefined audience?
Journalists Can Now Broadcast Live Over Facebook
Facebook wants more journalists to use its platform as their distribution channel of choice. Now the company is giving reporters a new tool: the ability to stream live on Facebook itself.
Facebook said today that verified journalists, experts, and other “influencers” will now be able to use its Mentions app—formerly available only to select celebrities. The app will allow journalists to post live to Facebook during breaking news, for behind-the-scenes reports, or to host live Q&As with followers, among other possibilities.




Is Microsoft expanding into hardware or (like Amazon and Google) expanding into everything?
Juicy Rumor Suggests Microsoft Looking To Rock Computing World With Possible AMD Acquisition
If you thought that news of Windows 10 downloading in the background without your knowledge was the biggest bombshell to come out of Redmond, Washington today, then you’re sorely mistaken. A very interesting rumor is making the rounds that has the possibility to send shockwaves through the entire computing industry.
Microsoft is reportedly in talks to acquire AMD, which would make things quite interesting not only in the CPU sector (where AMD has played second fiddle to Intel for years), but also in the graphics sector (where AMD dukes it out with NVIDIA). For all its efforts to stand up to Intel recently, AMD just hasn’t had much luck in making a noticeable dent in the company’s massive share of the desktop, notebook, and server markets. And even in the graphics sector, NVIDIA has opened up a pretty significant lead in the discrete graphics market [PDF] as far as sales are concerned.




Sony does it again? (Screws up, that is.)
Sony: Don't Use Those 'Waterproof' Xperias Underwater
Turns out, Sony's "waterproof" Xperia devices might not be so waterproof after all.
After talking up the waterproof capabilities of its Xperia devices for years — even running marketing campaigns showing people happily using its devices underwater — Sony now says that they should not be submerged. As XperiaBlog first reported, Sony recently revised its support page on water and dust protection to warn people against taking a swim with their gadgets.
"Remember not to use the device underwater," the site says.




Maybe someday that long, boring commute won't be so bad...
European Court Rules That Commuting Time Is Part of the Workday
If Dante had known the pain of traveling to and from work, he would have made it a punishment in one of the circles of hell. But a recent court decision in Europe might actually make some workers want to commute longer.
On Thursday, Europe’s top court ruled that the time spent commuting to and from work should count as part of the workday. The ruling applies to employees who don’t have a regional office to work out of, like electrical technicians, for example.
The time spent commuting to the first appointment and driving home from the last appointment is to be considered part of the work day, according to the ruling, which was handed down by the Court of Justice of the European Union in Luxembourg.




“I'm shocked, shocked I tell you!”
Iran says finds unexpectedly high uranium reserve
Iran has discovered an unexpectedly high reserve of uranium and will soon begin extracting the radioactive element at a new mine, the head of Iran's Atomic Energy Organisation said on Saturday.
The comments cast doubt on previous assessments from some Western analysts who said the country had a low supply and would sooner or later would need to import uranium, the raw material needed for its nuclear program.




Sounds classified to me.
Exclusive: New Emails on Secret Benghazi Weapons
On the third anniversary of the Benghazi terrorist attack, emails reviewed by Fox News raise significant questions about US government support for the secret shipment of weapons to the Libyan opposition.
… As Fox News chief intelligence correspondent Catherine Herridge first reported, a heavily redacted email released to the Benghazi committee in May clearly states that on April 8, 2011, a day after the Turi/Stevens exchange, Clinton was interested in arming the rebels using contractors:
"FYI. the idea of using private security experts to arm the opposition should be considered," Clinton wrote. Significantly, the state department released emails blacked out this line, but the version given to the Benghazi select committee was complete.




Perspective.
On the 3rd of September, 2015, Benedict Evans, a veteran mobile industry analyst turned venture capitalist, tweeted a chart showing how traditional TV is losing its share of screen to smartphones and tablets. While Mr. Evans’ chart was not the first chart to alarm the cable industry, its timing was particularly interesting, as it came exactly a week before Apple’s major update of its Apple TV hardware. In fact, many financial and industry analysts have predicted the demise of the cable industry since rumors of a new Apple TV hardware or an Apple over-the-top streaming service emerged earlier this year.
For the first time ever, time spent inside mobile applications by the average US consumer has exceeded that of TV.




While my students played video games?
Interview: Seattle girls launch a balloon spacecraft to the edge of space, and NASA takes note
Our guests on the GeekWire radio show this week are Rebecca Yeung, 10, and Kimberly Yeung, 8 — two sisters from Seattle who built a spacecraft out of wood, broken arrow shafts and a high-altitude balloon, sending it to the edge of space this past weekend. Their project — and especially their handwritten “lessons learned” — captured the attention of thousands of people, including an exec at NASA’s Jet Propulsion Lab.




This could be useful.
Zoom - Record Video Conferences in HD
Zoom.us is a great service for hosting and recording video conferences in high definition. I was introduced to it by Rod Berger when he proposed using to record segments for the #askRichardByrne video series that we're producing. I'm glad he recommended it because it is a fantastic tool.
Zoom.us allows you to record your video in a side-by-side format to equally feature both people in the recording or switch between featuring one person more than another in the video (click here for an example). When you record through Zoom you're given an HD video file to save locally as well as a separate HD voice recording. Zoom isn't limited to just webcam views as you can also share your screen through the service. Zoom's free plan allows you to record for up to forty minutes in each video. The number of videos that you can create is not limited.
Zoom does require that you install a desktop client in order to call, receive calls, and to record.




For my iPhone using students. Also note that this is another example of “free” resulting in higher sales.
Camera+, The Third-Party Camera App With 14 Million Users, Goes Free
Tap tap tap, the company behind the popular third-party camera app Camera+, is making its flagship application free today. The app
… Many app makers believe that offering a free version of their app will hamper sales of their paid version, which is why they’ll often roll out stripped-down, “lite” versions of the app as a way to encourage users to upgrade to the full experience.
… Then last year, tap tap tap ran a big promotion with Apple which made the app – the full version – available for free on the App Store. And what the company discovered was surprising.
“With the Apple promotion, we definitely were concerned that giving away the full version for free could potentially hurt sales,” explains Casasanta. “We still decided that it would’ve been worth the risk to try it out and when we did, we were pleasantly surprised to find out that it actually helped sales as we got a significant spike during the promotion and afterward.”
That experience then prompted the company to refocus on developing the free version of Camera+, which is available today.




I do teach all this but I find it better to let my spreadsheet students see that others think it's valuable.
5 Excel Tools You Need Right Now
Powerful and complex, Microsoft Excel comes packed with so many tools that it's often hard to know which tool can solve a particular problem. Ever feel like it's easier to just keep doing things the slow way simply because it works? But you deserve better than that, so we've gathered five essential Excel tools that save you time and effort. If you're not currently using them, it's time to up your game.




Laugh educator, laugh.
Hack Education Weekly News
According to Los Angeles Unified Superintendent Ramon Cortines, the district is close to a $6 million settlement with Apple and Pearson over its botched iPad program. [For the failure of a $1.3 billion program? Someone has good negotiators. Bob]
Via Inside Higher Ed: “The Texas State University System on Thursday announced a Freshman Year for Free program in which students can earn a full year of credit through massive open online courses offered by edX and coordinated by a new nonprofit called the Modern States Education Alliance. The only costs to students would be either Advanced Placement or College Level Examination Program tests, which would be passed after completing various MOOCs. Appropriate scores would be required on the tests to receive credit from Texas State campuses.”
… “Meet the Crowdfunded Professor,” says The Chronicle of Higher Education. “He's left his tenured job and gone online, solo.” (Related: Ian Bogost on “Quit Lit.”)
Richmond Community College in North Carolina will offer free tuition to high school students in the area: “The program, dubbed RichmondCC Guarantee, promises two free years of college for students of public, private and home schools who have at least a 3.0 grade-point average and two college courses under their belts.”
Via ProPublica: “First Library to Support Anonymous Internet Browsing Effort Stops After DHS Email.” The Kilton Public Library in New Hampshire was using Tor, but police have pressured the library to stop.
Via the US Census: back-to-school factoids.
… “US education is a $1.5 trillion industry and growing at 5 percent annually,” says McKinsey.


No comments: