Tuesday, December 15, 2015

Not much detail yet. Note that this is another young hacker (like those arrested for the TalkTalk hack). What are they feeding them in England?
UK Man Arrested In VTech Hack Investigation
A 21-year-old man has been arrested in the UK as part of an investigation into the attack on Hong Kong-based children’s toy maker VTech.
He was taken into custody this morning in Bracknell, Berkshire, on suspicion of two offences under the Computer Misuse Act 1990, the South East Regional Organised Crime Unit (SEROCU) announced.


(Related) This is not going to work.
Stefan Armitage writes:
… Now, the European Union is on the verge of implementing new laws that would see children under the age of 16 banned from Facebook, Snapchat, Instagram and email, unless they have parental permission. The new regulations would see the age of consent for websites to use personal date raise from 13 to 16-years-old.
Read more on The Viral Thread. Not surprisingly, there’s a lot of opposition to the proposal.




Not exactly hacking in to Apple. More like finding the results of phishing.
13 Million MacKeeper Users Exposed
The makers of MacKeeper — a much-maligned software utility many consider to be little more than scareware that targets Mac users — have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er…users. Perhaps more interestingly, the guy who found and reported the breach doesn’t even own a Mac, and discovered the data trove merely by browsing Shodan — a specialized search engine that looks for and indexes virtually anything that gets connected to the Internet.
IT helpdesk guy by day and security researcher by night, 31-year-old Chris Vickery said he unearthed the 21 gb trove of MacKeeper user data after spending a few bored moments searching for database servers that require no authentication and are open to external connections.




A lot of my students will be facilitating and (I hope) securing the BYOD world.
Bye-bye Intranet, Hello Mobile App
… "The corporate intranet in a mobile environment is lousy. How do you make it work with a two-and-a- half by 4-inch screen," said Jeff Corbin, founder and CEO of APPrise Mobile, provider of an application development platform that can be used to create native, mobile communications apps for employees, investors and conference attendees, among other audiences.




Has the “click-wrap license” spread off the Internet? Sounds like it.
Len Litchfield, M.D., writes:
So you are a health professional or knowledgeable consumer and think you understand the issues surrounding privacy and exchange of personal health information? So did I, until I recently became a patient and had the temerity (or is that foolishness and patience?) to actually read the consent when I went to the outpatient surgical center for a cancer screening procedure.
And what I read was — to say the least — disturbing. When it came to sharing my health information, there were no middle options: either it could be shared with other exchanges, vendors, consultants, and others nationwide, or I wouldn’t be able to get access when I really needed it — especially in an emergency situation.
Read more on MedPage Today.




Because they have something better?
Matt Reynolds reports:
Human Rights Watch on Monday dropped legal claims over a Drug Enforcement Administration bulk-surveillance program, confirming the database used to store call records was destroyed this year.
“Today we can declare victory and voluntarily dismiss our case,” Human Rights Watch senior coordinator Henry Peck said in a statement, adding that while bulk collection still continues overseas “we can celebrate a small victory for transparency and legality today, and hope for further victories to come.”
Read more on Courthouse News.




Should we “bulk collect” social media content? If not, how would we identify individuals with “jihadist tendencies?”
Immigration officials prohibited from looking at visa applicants' social media
Homeland Security Secretary Jeh Johnson decided against ending a secret U.S. policy that prohibits immigration officials from reviewing social media posts of foreigners applying for U.S. visas, according to a report by ABC News.
Johnson decided to keep the prohibition in place in early 2014 because he feared a civil liberties backlash and “bad public relations,” according to ABC.
… A DHS spokesman told ABC News that in the fall of 2014 after Cohen left, the department began three pilot programs to include social media in vetting, but officials say it's still not a widespread policy and a review is underway.




A draft regulation only 211 pages long? They're not taking this serious.
Press Release – FAA Announces Small UAS Registration Rule
The U.S. Department of Transportation’s Federal Aviation Administration (FAA) today announced a streamlined and user-friendly web-based aircraft registration process for owners of small unmanned aircraft (UAS) weighing more than 0.55 pounds (250 grams) and less than 55 pounds (approx. 25 kilograms) including payloads such as on-board cameras.
… Registrants will need to provide their name, home address and e-mail address. Upon completion of the registration process, the web application will generate a Certificate of Aircraft Registration/Proof of Ownership that will include a unique identification number for the UAS owner, which must be marked on the aircraft. [Those numbers will be for sale on the Dark Net shortly. Bob]
… The full rule can be viewed here: www.faa.gov/news/updates/media/20151213_IFR.pdf


(Related) What took you so long?
Critics threaten lawsuit over drone registration rules
… The Washington, D.C.-based Competitive Enterprise Institute said Monday the FAA violated federal requirements for allowing public comments on the drone registration proposal, which usually lasts for a period of 30 to 60 days.


(Related)
Your Kid Just Got a Drone. Should You Get Insurance?
… One of the only insurance policies designed to cover hobbyist drone pilots comes from membership in the Academy of Model Aeronautics, which charges adults $75 per year. All the group's 185,000 members enjoy $2.5 million in personal liability coverage from Westchester Surplus Lines Insurance, part of ACE Group, and $25,000 medical coverage.
“Most of the claims we have are small claims,” says Rich Hanson, the AMA’s director of government relations. The most common case involves an out-of-control drone flying into a car. The AMA declined to reveal how many claims on average are filed per year.
Homeowner policies at Allstate, one of the largest property insurers, will cover damage if a policyholder crashes a drone and damages someone else’s property. But a “first-party claim”—damage you do to your own home—isn’t covered, says Allstate spokesman Justin Herndon.


(Related)
Fuel cell keeps drones in flight for hours, not minutes




They will hold a grudge until you die, then have you stuffed.
The RIAA has scored another win in a prominent piracy lawsuit. The music group has prevailed in its case against the 'reincarnation' of the defunct Grooveshark music service, with a New York federal court granting more than $13 million in piracy damages plus another $4 million for willful counterfeiting.
Last May, Grooveshark shut down after settling with the RIAA. However, within days a “clone” was launched aiming to take its place.




Which reminds me…
Dotcom ditches Coatesville mansion
Kim Dotcom has moved out of the sprawling Auckland mansion that was the centre of the armed raid in which he was arrested in 2012.
The internet entrepreneur, who is waiting on a district court decision as to whether he should be extradited to the United States, will take up residence in an apartment on Princes Wharf from today.
He has also confirmed to RNZ he still owes about $2 million in outstanding legal fees to his former New Zealand lawyers.
Mr Dotcom began renting the mansion in Coatesville, north of Auckland, in 2010 at a cost of $1 million a year.
However, the ongoing cost of his legal battle to stay in New Zealand had forced him to downgrade his accommodation to a mere four-bedroom penthouse overlooking Waitemata harbour.




I thought the whole point was for everything to communicate.
Philips updates Hue firmware to block bulbs from rivals
It seems that the IoT wars are finally heating up and Philips may have just fired the opening shot. The company has just rolled out a firmware update to its Hue brand of network-connected smart bulbs and one of if not the most significant thing it does is to cut off connectivity with third party bulbs, which is to say smart bulbs from its rivals like GE. This will, at least for the time being, probably dash the hopes of some to have an interconnected smart home, or at least smart lighting, with IoT devices from different and competing brands.
Technically, Philips Hue bulbs speaks the language of Zigbee, a wireless communications protocol that many devices, including some routers and remote controls, support. The purpose of such standards is to actually make devices talk to one another. At least in an ideal world. Philips, however, would prefer not to be so communicative.




Another attempt to summarize Privacy.
NISO Releases Set of Principles to Address Privacy of User Data in Library, Content-Provider, and Software-Supplier Systems
by Sabrina I. Pacifici on Dec 14, 2015
“NISO [National Information Standards Organization] has published a set of consensus principles for the library, content-provider and software-provider communities to address privacy issues related to the use of library and library-related systems. This set of principles developed over the past 8 months focus on balancing the expectations library users have regarding their intellectual freedoms and their privacy with the operational needs of systems providers. The NISO Privacy Principles set forth a core set of guidelines by which libraries, systems providers and publishers can foster respect for patron privacy throughout their operations. The Principles outline at a high level basic concepts and areas which need to be addressed to support a greater understanding for and respect of privacy-related concerns in systems development, deployment, and user interactions. The twelve principles covered in the document address the following topics: Shared Privacy Responsibilities; Transparency and Facilitating Privacy Awareness; Security; Data Collection and Use; Anonymization; Options and Informed Consent; Sharing Data with Others; Notification of Privacy Policies and Practices; Supporting Anonymous Use; Access to One’s Own User Data; Continuous Improvement and Accountability.”




Perspective. Mostly some trivial(?) examples, but I see a trend here. Social media as ombudsman?
Did You Get Screwed By a Company? Take It to Twitter!




The hoopla is over. Should we buy them? (Anyone have a spare billion or two?)
Could A GoPro Downgrade Help Fuel A Buyout?
… The downgrade cited slower growth, higher inventory, slowing demand on the drone business and stagnating product growth. We first heard about it on Twitter.
… But let's take a look at the valuation. Do we think the company will be around in 10 or 15 years to be able to deliver the future earnings that you are paying for at today's price? Yes, we do. Also, the company has zero debt, and that leaves their balance sheet open for leverage in case they want to consider things like a stock buyback or taking on debt to acquire companies or finance future operations.




See what being politically correct will do to you?
New submitter scrote-ma-hote writes:
From stuff.co.nz, news comes that the Church of the Flying Spaghetti Monster is now able to solemnize marriages. The registration was listed in the NZ gazette yesterday. The Registrar-General decided that the Church met the criteria in New Zealand for solemnizing marriages, as per the Marriage Act 1955, namely that the "principal object of the organization was to uphold or promote religious beliefs, philosophical or humanitarian convictions."




Something for my students to use. Congress asks and these guys answer – then Congress ignores them.
CRSReports.com – free access to CRS Reports
by Sabrina I. Pacifici on Dec 14, 2015
CRSReports.com is a free web based repository of Congressional Research Service (CRS) Reports. This digital library is dedicated to hosting an extensive collection of CRS documents. All information provided by CRSReports.com is publicly available and can be accessed for free without sign-up or registration. This growing collection of CRS reports is made freely available to policy makers (including Hill staffers who while off of the Hill may decide not to login into the Capitol intranet) and other users for purposes beneficial to our political system and the public… CRSReports.com hosts but does not author CRS documents. CRS documents are written by the Congressional Research Service an information resource within the US Library of Congress. CRS does not serve members of the public directly, they focus solely on assisting and informing Congress. CRS serves the US federal legislative branch and in this manner indirectly serves the public.”
  • CRSReports.com – “The Internet’s largest free and public collection of Congressional Research Service Reports.”




For my students. Slow my video to ¼ speed and I'll still flunk you too fast to see! (The “F” is quicker than the eye.)
Speed Up Is YouTube’s Greatest & Most Underrated Feature
… After expanding the gear settings symbol with a click, you can disable annotations, change the video quality, edit subtitles, or change the speed — yes, YouTube allows you to play the video in normal time, sped up at 1.25x, 1.5x, or 2.0x speed, or slowed down to 0.5x or 0.25x speed.


No comments: