Wednesday, November 04, 2015

Privacy Breaches
Friday, November 6, 2015 10:00AM — 1:00 PM Followed by lunch∙
Privacy Foundation at the University of Denver Sturm College of Law, Ricketson Law Building, Room 290, 2255 E Evans Avenue, Denver, Colorado 80208
Register online at http://dughost.imodules.com/privacybreaches or contact Privacy Foundation Administrator Anne Beblavi at abeblavi@law.du.edu
Seminar, CLE (3 hrs. pending) & Lunch $30 Free for DU Faculty & Students




Interesting how quickly they are rolling up the hackers. Makes me think it was a very amateurish hack – and therefore TalkTalk's security was equally amateurish. Plenty happening to keep this in the news.
TalkTalk hack: MPs launch inquiry after police make fourth arrest
… To get a better grasp of the situation, the UK's cross-party Culture, Media and Sport Committee has launched an inquiry today into the recent attack. While TalkTalk is the focal point -- MPs will look at the "nature" of the hack and TalkTalk's response -- it'll also be considering the telecoms and internet service provider (ISP) industry as a whole. Specifically, the Committee wants to know what measures are being taken to stop these sorts of breaches, how much money businesses are investing in their defences, and whether response protocols could be improved.
Police have now arrested four individuals as part of its ongoing investigation. Yesterday evening, detectives used a search warrant at an address in Norwich, apprehending a 16-year-old boy in the process. He's suspected of Computer Misuse Act offences and has since been released on bail. Officers say he will likely be recalled in late March next year. A further three arrests have taken place over the last 10 days; a 15-year-old boy from Northern Ireland, a 16-year-old from London and a 20-year-old man from South Staffordshire. Police haven't revealed their identities or drawn any connections between them -- the short timeframe for the arrests, however, points to the involvement of an organised hacker group. [Or multiple, unconnected hacks? Bob]




The vets in my classes are still a bit pissed at OPM. This is just another indication of really poor management.
Dustin Volz reports:
Fewer than a quarter of 21 million federal workers hit by a major computer hack have been officially told that their personal information was compromised, six months after the breach was detected, a U.S. government official said on Tuesday.
About 5 million notifications about the hack have been sent out so far, a spokesperson for the U.S. Office of Personnel Management (OPM) told Reuters in an email.
Read more on Reuters.
[From the article:
The Defense Information Systems Agency in September awarded a $1.8 million contract to Advanced Onion, a technology firm, to help locate and notify victims of the OPM breach, which exposed names, addresses, Social Security numbers and other sensitive information of current and former federal employees and contractors. About 5.6 million fingerprints were pilfered, an upwardly revised number from an initial estimate of 1.1 million.
… Despite the precaution, a prominent cybersecurity researcher said on Monday there was no indication any hacked OPM data was for sale on the black market, reaffirming the likelihood that the hackers were working for a foreign country.




For my Computer Security students. How will you defend, detect and mitigate?
FFIEC Releases Statement on Cyber Attacks Involving Extortion
by Sabrina I. Pacifici on Nov 3, 2015
“The Federal Financial Institutions Examination Council (FFIEC) members today issued a statement alerting financial institutions to the increasing frequency and severity of cyber attacks involving extortion. The statement describes steps financial institutions should take to respond to these attacks and highlights resources institutions can use to mitigate the risks posed by such attacks. Cyber attacks against financial institutions to extort payment in return for the release of sensitive information are increasing. Financial institutions should address this threat by conducting ongoing cybersecurity risk assessments and monitoring of controls and information systems. In addition, financial institutions should have effective business continuity plans to respond to this type of cyber attack to ensure resiliency of operations. Financial institutions are also encouraged to notify law enforcement and their primary regulator or regulators of a cyber attack involving extortion. More information about financial institution cybersecurity, including information about mitigating the effects of destructive malware and other threats, is available from the FFIEC at www.ffiec.gov/cybersecurity.htm.”




Also for my Computer Security students: It is possible your best efforts are not going to be enough.
Could the Sony Hack Happen at Other Tech Firms?
Almost one year ago, a group of hackers with an alleged connection to North Korea hacked into the servers of Sony Pictures. The consequences of the breach are still being felt: in leaked scripts, in terminated executives, in class-action lawsuits, in Jennifer Lawrence’s salary.
In our unscientific survey of technology industry leaders, we asked: Could hackers pull off a similar attack on your company?
The overwhelming reply: Any company is vulnerable to such a hack.


(Related) Any company... (Holy mackerel snapper, Batman!)
Shelley Chandler reports:
Investigators with the Vatican City police force arrested a high-ranking member of the clergy along with a Vatican employee for leaking confidential documents.
Read more on Wireless Goodness.




Computer facilitated crime. See if you can find what may have caused the exchanges to notice his trading.
High-frequency trader convicted in first U.S. spoofing case
A jury on Tuesday convicted high-frequency trader Michael Coscia of commodities fraud and "spoofing", in the U.S. government's first criminal prosecution of the banned trading practice.
… Coscia, owner of New Jersey-based Panther Energy Trading, was accused of entering large orders into futures markets in 2011 that he never intended to execute. His goal, prosecutors said, was to lure other traders to markets by creating an illusion of demand so that he could make money on smaller trades, a practice known as spoofing.
… The trial spanned seven days, but the jury in Chicago convicted Coscia on six counts of commodities fraud and six counts of spoofing, all of the charges he had faced, after deliberating for just about an hour.
… Coscia's firm had fewer than 10 employees. However, he "entered more large orders than anyone else in the world" in nearly a dozen CME Group Inc markets ranging from corn and soybeans to gold after he began using two algorithmic trading programs in August 2011, prosecutors said during the trial.
… Coscia's case is U.S. v. Coscia, 14-cr-00551, U.S. District Court, Northern District of Illinois.




Perspective. The world is changing fast, Congress is only half-fast at keeping up. However, I don't think new technologies always need new rules. Some procedures/words may change, but the concepts do not.
Amazon, Apple and Google Unite Behind Financial Innovation Coalition
… “A technological transformation is going to make financial services more accessible, more affordable and more secure,” said Brian Peters, executive director of Financial Innovation Now. “The challenge in Washington is making sure policy-makers understand that, and they’re comfortable with it, and they don’t apply old rules to new technology.”
The contours of a changing world are already visible: More than 2,500 banks and credit unions support Apple’s mobile payments system, ApplePay, which is on track to be accepted at some 1.5 million retail locations by the end of the year. Online crowdfunding site Kickstarter helped raise more than $2 billion in pledges for some 95,000 projects, while the peer-to-peer lending marketplace LendingClub originated some $2.2 billion in loans in the last quarter alone.
Goldman Sachs estimates $4.7 trillion in revenue could be up for grabs as technology upends borrowing, lending, making payments and investing.




We seem to be at the dawn of research via social networks. Collectively, they probably reveal all our secrets.
From the University of Rochester:
Instagram could offer a novel way of monitoring the drinking habits of teenagers.
Using photos and text from Instagram, a team of researchers from the University of Rochester has shown that this data can not only expose patterns of underage drinking more cheaply and faster than conventional surveys, but also find new patterns, such as what alcohol brands or types are favored by different demographic groups. The researchers say they hope exposing these patterns could help develop effective intervention. [And better marketing to underage drinkers! Bob]
Read more on U. Rochester.




I probably spend 60% of my “teaching” time working at home – planning classes, grading papers, researching resources, answering student questions, etc.
In US Telecommuting for Work Climbs to 37%
by Sabrina I. Pacifici on Nov 3, 2015
  • Average worker telecommutes two days per month
  • 46% of telecommuters do so during the workday
  • Most say telecommuters just as productive as other employees
Thirty-seven percent of U.S. workers say they have telecommuted, up slightly from 30% last decade but four times greater than the 9% found in 1995. These results are based on Gallup’s annual Work and Education poll, conducted Aug. 5-9. Technology has made telecommuting easier for workers, and most companies seem willing to let workers do their work remotely, at least on an occasional basis if the position allows for it. Even though telecommuting has become more common, the growth in the practice appears to have leveled off in recent years. It is unclear how much more prevalent telecommuting can become because it is really only feasible for workers who primarily work in offices using a computer to perform most of their work duties. Along these lines, telecommuting is much more common among those who have had more formal education, those who are upper-income and those who have white-collar professions…”




I don't think this means we have all the Big Data questions solved, but it might suggest where we are headed next.
Top 10 Rising and Falling Buzzwords in Tech Job Postings
… For the study, Textio tracked more than 50,000 unique phrases commonly seen in tech job listings, said Kieran Snyder, the company’s chief executive officer. The startup compiled a list of terms that experienced the biggest changes in impact, positively and negatively, over the last year. Among the five biggest losers, none were turn-offs to job candidates in 2014, which shows how fast the industry changes. Among the top five buzzwords, only two were even on the map a year ago, Snyder said.
    1. Rising

Artificial intelligence, Real-time data, High availability, Robust and scalable, Inclusive
    1. Falling

Big data, Virtual team or V-team, Troubleshooting, Subject matter expert, Drug-free workplace




Interesting, but I have a canned reply for 90% of my school emails – “Yes, I'm quite sure you got an “F.” No, I won't change it.”
Google's New AI Will Reply to Your Emails so You Don't Have To
Later this week people who have the Inbox email program on their iPhones or Android devices will soon have a new option when it comes to replying to emails. Instead of coming up with their own responses on their mobile devices, they’ll get to choose between three options created by a neural network built by Google researchers. Google claims it has built an AI that can read incoming emails, understand them, and generate a short, appropriate response that the recipient can then edit or send with just a click.
… Compounding all of this is the issue of privacy. Because Google can’t let its researchers read your emails, it can’t actually check to see if its AIs are generating the right responses outside of the researchers’ emails. And once Google solved that problem, it found that its replies in many cases were variations on the same reply, which wasn’t really very helpful. The company had to build another neural network to teach the computer how to recognize semantically similar replies and discard those so it would come up with three different options for the user to choose from.
Finally it had a surprising issue in that one of the replies was almost always “I love you.” [Something I never say to students. Bob]




On occasion, I am surprised by new applications of technology. I shouldn't be, it's just another way for marketing to get inside my head.
Marketers Should Pay Attention to fMRI
Despite its popularity in academic settings, functional magnetic resonance imaging (fMRI) machines are rarely used as a marketing tool in the corporate world.
… Academic researchers are often attracted to fMRI for its comprehensive ability to investigate a range of neural activity across the entire brain. But for a CMO weighing costs against immediate benefits, the cost of an fMRI-based study might seem prohibitive. fMRI studies depend on access to specialized equipment most commonly found in medical or university settings, and the scanners require significant training to operate. Analyzing the resulting data also takes expertise and time. What’s more, despite being at least three times more expensive than traditional methods, there has been scant evidence that fMRI reveals anything beyond what could be learned by just asking people for their opinions, making the technique hard to justify in a commercial setting.
We believe that may be about to change.
A number of recent studies suggest that neural data recorded from relatively small groups of people (<30 ad="" and="" anti-smoking="" been="" behavior="" behavioral="" better="" but="" campaigns.="" can="" charity="" data="" donations="" even="" fmri="" from="" has="" in="" it="" market-level="" marketing="" music="" not="" of="" only="" outperform="" p="" persuasiveness="" predict="" predicting="" relative="" sales="" scans="" shown="" than="" the="" to="" tools.="" traditional="">




Windows 10 is inevitable. Resistance is futile.
OEMs to stop selling PCs with Windows 7 by October 31, 2016
In February last year, Microsoft said that it would give a one year warning of when systems with Windows 7 preinstalled would no longer be available from OEMs. That time has finally come to pass. As spotted by Ed Bott, there's now a date after which Windows 7 OEM preinstalls will no longer be available: October 31, 2016.
That same date will also apply to Windows 8.1. Windows 8 preinstalls will end a few months earlier than that, June 30, 2016. This means that after October 31 next year, the only version of Windows that will be available on a new system from a PC builder will be Windows 10.


No comments: