You allocate time and treasure based on your
strategic vision. “It is better to look good than to feel good.”
Billy Crystal
Apple iOS
privacy bugs again -- lockscreen unsafe in 9.0.1 update
… José Rodriguez reported lockscreen failings
in iOS versions 5.1–5.1.1, 6.0–6.1.3, 7.0–7.0.1, 8.0–8.3, 9.0
and now he says the bug is still in 9.0.1.
The never-ending story... OPM “discovers”
things they should have known about immediately.
Andrea Peterson reports:
One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people’s fingerprints were stolen as part of the hacks.
That’s more than five times the 1.1 million figure the agency had cited in earlier updates after the cyberattacks were disclosed over the summer. However, the agency said the total number of those believed to be caught up in the breaches remains the same.
Read more on Washington
Post. And then do read Emptywheel’s
commentary on what OPM’s revelations really demonstrate.
Strange. They should be better than this.
Josh Chin reports:
The email attachment would tempt anyone following the diplomatic standoff between China and other countries in the South China Sea. The Microsoft Word document contained text and photos depicting Thai naval personnel capturing Vietnamese fishermen and forcing them to kneel at gunpoint.
But the attachment was a decoy: Anyone who opened it inadvertently downloaded software that searched their computers for sensitive information and sent it to an obscure corner of the Internet. Manning that corner, according to a new report from U.S. security researchers, was Ge Xing, a member of a Chinese military reconnaissance unit.
Read more on WSJ.
Apparently the obvious isn't obvious in
Washington. All those antennas on Embassy roofs are not just for TV.
ACLU –
Capitol Hill staffers should be able to make encrypted calls, send
secure text messages
by Sabrina
I. Pacifici on Sep 23, 2015
“Today, the ACLU
sent a letter
to both the House and Senate, urging them to provide secure voice and
text messaging capabilities to Members and their staff. (The
Washington Post writes
about our letter today. In recent years, computer security
researchers have warned about the poor security of cellular networks,
which in many cases use broken encryption technology that is several
decades old. As a result, it is often trivially easy for third
parties—which can include foreign intelligence services, criminals
and stalkers—to intercept calls and text messages Although the
calling and texting services provided by wireless carriers are not
secure, there are a number of widely available secure communications
apps that individuals and organizations can use to protect
themselves. These include tools like Apple’s iMessage and
Facetime, Facebook’s WhatsApp, and Open Whisper Systems’ Signal.
In the letter we sent today, to the House and Senate Sergeants at
Arms—who are also responsible for Congress’ digital security—we
encourage the Sergeants to provide smartphones and secure
communications apps, such as Signal or FaceTime, to members and their
staff. As we note in the letter:
“While the civil liberties implications of vulnerable government information technology may not be readily apparent, they are nonetheless, and increasingly, significant….secure communications facilities preserve effective checks and balances in constitutional government, and insecure facilities threaten them. Those checks and balances serve as safeguards of individual liberties and civil rights. They also protect the civil liberties and privacy of the thousands of Congressional and government employees, who are themselves attractive targets of both foreign adversaries and, indeed, insider threats. Ensuring the security of Congressional communications against all interception—whether by foreign governments, criminals, or even other branches of the U.S. government or rogue Congressional staffers — would promote both basic liberty interests and national security.”
Perspective. For my Computer Security students.
The price
of your identity in the Dark Web? No more than a dollar
… In Trend Micro's new report, dubbed
"Understanding Data
Breaches," the security firm explores who is most often
targeted in data breaches, how they take place, and what happens to
data once it leaves corporate networks.
Using the Privacy
Rights Clearinghouse (PRC)'s Data Breaches database, Trend Micro
found that hacking or malware was behind only 25 percent of data
breach incidents from 2005 to April this year. Insiders are also a
common reason for data loss, as well as the use of physical skimming
devices and the loss or theft of devices including laptops, flash
drives and physical files were also found to be the root cause of
damaging data breaches.
However, not all data breaches are caused
maliciously. Unintended disclosure, through mistakes or negligence,
is also a reported reason for information to end up in the wrong
hands.
The price of getting it wrong?
Babak Siavoshy writes:
One of the more interesting cases slated for review by the Supreme Court next term is Spokeo v. Robins (here’s a WSJ blog post with an outline of some of the issues). First things first: several regular and guest contributors to this blog have written a ‘friend of the court’ brief in the case. You can find that brief here; scotusblog has the dozens of other briefs supporting one side or the other.
While I’m planning to write more about the case’s substantive legal issues (which concern Article III standing), this post will be dedicated to the small bit of silliness outlined in the title. Namely, what will the justices’ reactions be when they look themselves up on Spokeo’s service, and find results that may strike them as a bit… revealing?
Read more on Concurring
Opinions.
Because deflated footballs aren't enough?
This is not what I mean when I teach my students
to manage their social media accounts.
Volkswagen appears to have scrubbed many
references to clean diesel from its webpage and social media accounts
amid a growing scandal over its attempts to trick regulators’ air
pollution tests.
… While the Justice Department has reportedly
launched a criminal investigation, at least one Democratic lawmaker
is called for the Federal Trade Commission (FTC) take action against
its allegedly deceptive advertising — which appears to have been
scrubbed from the web.
A new technology for 'digital evidence?'
New on LLRX
– Vermont’s Legislature is Considering Support for Blockchain
Technology and Smart Contracts
by Sabrina
I. Pacifici on Sep 23, 2015
Via LLRX.com
– Vermont’s
Legislature is Considering Support for Blockchain Technology and
Smart Contracts: Bitcoin is a significant disruptive technology
with a growing impact on the financial sector and legal sectors,
around the world. Alan
Rothman expertly educates us on new legislation from Vermont that
is intended to move the state towards using blockchain technology for
“records, smart contracts and other applications.” One of the
key distinctions Rothman highlights is that Vermont is not in any
manner approving or adopting Bitcoin, but rather, the state is
diversifying and adapting the underlying blockchain technology that
supports it.
[From
the article:
“Blockchain technology shall be a
recognized practice for the verification of a fact or record,
and those facts or records established through a valid blockchain
technology process shall
have a presumption of validity for matters to be
determined subject to, or in accordance with, the laws of the State
of Vermont.“
(Related)
New on LLRX
– Wearable tech data as evidence in the courtroom
by Sabrina
I. Pacifici on Sep 23, 2015
Via LLRX.com
– Wearable
tech data as evidence in the courtroom – Nicole
Black discusses how data downloaded from wearable technology has
entered into the discovery phase of personal injury cases. A wealth
of data can be collected about the direct activities of individuals
who are using wearable devices while exercising, as well as
conducting routine and regular activities such as walking. The
implications of this concept may have considerable implications on
par with those pertaining to the use of social media.
For my geeky students.
A first
look at the Chinese operating system the government wants to replace
Windows
… NeoKylin has long been part of the Chinese
government’s hopes that a successful domestic OS would emerge.
This has been driven by Microsoft dropping support for Windows
XP—still widely
used in China—and the government’s push to limit
dependence on foreign technology, primarily for security reasons.
Now NeoKylin is starting to be considered a
legitimate option even for users outside the government. Workers in
the entire city of Siping switched to it. Over
40% of commercial PCs sold by Dell in China are running NeoKylin, the
company says.
For my Ethical Hacking students. That is NOT me
in the photograph of General Grant.
How to
Change a Picture’s Date in Google Photos
Perspective. Where all browsers are heading.
Firefox 41
integrates WebRTC messaging app as it fights for relevance
Firefox 41, released yesterday, has a new feature:
integrated instant messaging, with voice and video, called Firefox
Hello.
… This enables Web-based voice and video
messaging between Firefox, Chrome, and Opera. Microsoft is working on
a related spec, Object RTC, which is available in the most
recent preview of the Edge browser
Perspective.
As publishers renegotiated new terms with Amazon
in the past year and demanded the ability to set their own e-book
prices, many have started charging more. With little difference in
price between a $13 e-book and a paperback, some consumers may be
opting for the print version.
On Amazon, the paperback editions of some popular
titles, like “The Goldfinch” by Donna Tartt, are several dollars
cheaper than their digital counterparts. Paperback sales rose by 8.4
percent in the first five months of this year, the Association of
American Publishers reported.
A challenge to my students. Write a replacement.
Copyright
on 'Happy Birthday' Song Ruled Invalid
… "Happy Birthday to You," the
most popular tune in the English language, is copyrighted.
So, using the tune means paying licensing fees.
At least, that used to be the case. On Tuesday, a
federal court judge in Los Angeles ruled that copyright on "Happy
Birthday to You" is in fact invalid. If the ruling stands, the
song will enter the public domain, free for all to use.
That's a blow to Warner/Chappell Music and its
parent company, the Warner Music Group, which has held the tune's
copyright since 1988 and collects around
$2 million in annual licensing fees, according
to The New York Times.
… The "Happy Birthday" tune -- which
was co-written by Kentucky sisters Patty and Mildred Hill and
originally titled "Good Morning to All" -- was first
published in 1893 by Clayton Summy, a company later purchased by
Warner/Chappell.
The copyright case was filed in 2013 by the
independent filmmaker Jennifer Nelson. In July Nelson
produced powerful new evidence in the form of a songbook
published in 1927 -- eight years before Warner/Chappell's copyrighted
version appeared -- that contains the song's lyrics.
Considering that Summy never acquired the rights
to the tune's lyrics, the judge ruled, the copyright is invalid.
I admit I like to tease my students with cool
Apps. Perhaps I can inspire them to write their own Apps. (A couple
I found interesting.)
The 20 most
fascinating iOS apps from TechCrunch Disrupt
Shelfie
The best new app for bibliophiles, Shelfie
(free) is like Shazam for your book collection. Simply take a photo
of books on your shelf (a shelf selfie, or “shelfie” if you will)
to create a digital library that you can share with fellow
book-lovers. The makers of Shelfie have also struck deals with
several publishers, including Harper Collins, to let
you read an ebook version of a print book you already own for free or
with a discount.
Witness
Built to empower citizen journalism, Witness
is a different type of livestreaming app. You can use it to record
video whenever you feel you are in danger or want to document
criminal activity, all while being able to call 911 and communicate
with police. The footage then gets sent anonymously to Witness’
secure servers, where it can be retrieved as legal evidence shall you
have to appear in court. Sign up on
their website to get early access to the iOS app.
For all my students.
… The app lets you browse Khan Academy's huge
collection of educational videos and explanations on various topics
ranging from math to science, history, economics, art, and more.
Find something you want to study later on, while you're in the subway
for example? You can bookmark it to be saved and available offline
to you. And everything you do is synced between the app and the
website. However, the app doesn't have the website's cool exercises
that help you better understand each subject matter. I guess they
gotta leave something for future versions.
The app is available for free on the Play Store or
you can grab
it on APK Mirror. The Google+
community is still live if you want to stay on top of the latest
beta improvements to the app before they make it to the public
release.
For my Website students.
U.S. Web
Design Standards
by Sabrina
I. Pacifici on Sep 23, 2015
Open
source UI components and visual style guide to create consistency and
beautiful user experiences across U.S. federal government websites:
“Tools for creating beautiful online experiences for the American
people Built and maintained by a team of U.S. Digital Service and 18F
designers and developers, this resource is built on the highest
standards of 508 compliance, reuses best practices of existing style
libraries and modern web design to guide us in creating beautiful and
easy-to-use online experiences for the American people.”
Statistically speaking...
Yogi Berra
Was One Of A Kind
(Related) Some more Yogi Berra quotes.
… You wouldn't have won if we'd beaten you.
… If the world was perfect, it wouldn't be.
… You
don’t have to swing hard to hit a home run. If you got the timing,
it’ll go.
No comments:
Post a Comment