Saturday, February 07, 2015

Encryption is not a big deal. It certainly never rises to the level of an excuse!
Anthem Data Not Encrypted When Stolen (ANTM)
… The company suspects that a stolen employee password was used by the hackers to gain access to the database holding the customers’ records.
… The data that was stolen was reportedly not encrypted when the hackers launched their attack.
A person familiar with the matter said that there is a difficult balance with health insurers on making the information accessible to those that need it and protecting the information from those without access.


Copyright your coffee maker?
Keurig Users Unsurprisingly Reject DRM For Their Coffee
… DRM exists on Keurig 2.0 machines to prevent its users from taking advantage of alternative K-cup brands. Once a cup is inserted, it's scanned for legitimacy, and is either rejected or accepted. The DRM mechanism isn't that effective, though. One of Keurig's competitors, Rogers Family Company, offers anyone a free "Freedom Clip" to bypass the DRM, and get a free "Onecup" sample, as well.


Aren't all prescription drugs “controlled?” In other words, “prescription” is only a bit down the slippery slope from “controlled.”
John Wesley Hall reports on two court rulings out of Texas concerning the same case: United States v. Zadeh. From the court’s opinion in one of the cases:
In this case, it is clear that the information sought by the DEA is relevant to its investigation, but the question is whether the use of an administrative subpoena to obtain the information sought is reasonable. After thoroughly reviewing the case law set forth above, the Court finds the reasoning set forth in Colorado Board of Pharmacy—holding that properly authorized DEA subpoenas of confidential state pharmacy records in a federal investigation of possible CSA violations by three physicians were per se reasonable, and thus, passed Fourth Amendment muster—more persuasive than the analysis in Oregon Prescription Drug Monitoring Program. To begin with, as noted by the Court in Acklen, 690 F.2d at 75, the pharmaceutical industry is a “pervasively regulated industry” and “virtually every phase of the drug industry is heavily regulated, from packaging, labeling, and certification of expiration dates.” Jamieson-McKames Pharm., Inc., 651 F.2d at 537. While the cases discussed above mainly dealt with pharmacies and pharmacists, the Court concludes that such analysis can easily be applied to physicians, and in turn, their patients. Both have a reduced expectation of privacy in the medical records regarding controlled substances as such records are relevant to the issue of whether there has been compliance with the CSA, a federal law that regulates controlled substances.
Read more on FourthAmendment.com. It continues to disturb me that as patients, we have (and are we supposed to know we have?) a reduced expectation of privacy in our medical records if they involve controlled substances.


Is it as rare as I think that anyone copies US law?
Monika Kuschewsky writes:
Pursuant to a press release of the German Federal Ministry for Justice and Consumer Protection, the German Government approved a draft law to strengthen the private enforcement of certain data protection law provisions that aim to protect consumers. In particular, the draft law empowers consumers and other qualified associations to send cease-and-desist letters and to initiate legal action for injunctive relief against companies violating the law’s provisions.
Read more on Covington & Burling Inside Privacy.


Russia is willing to “bail them out.” Is anyone else?
Ukraine’s currency just collapsed 50 percent in two days
Ukraine, to use a technical term, is broke. That's what you call a country whose currency has lost half its value in just two days.
The problem is simple: Ukraine has no money and barely any economy. It's already talking to the IMF about a $15 billion bailout and what's euphemistically being called a debt "restructuring"—i.e., default—as its reserves have dwindled down to $6.42 billion, only enough to cover five weeks of imports. (Three months worth is considered the absolute least you can get by with).


Tell me Humor isn't a major.
Hack Education Weekly News
Via Vox: “A program that provides contraceptives to low-income women contributed to a 40-percent drop in Colorado’s teen birth rate between 2009 and 2013, according to state officials.”
Also via Vox: “Cursive handwriting is useless, but politicians want students to learn it anyway.”
… The French Parliament has passed a bill banning WiFi in nursery schools.
… The latest Babson Survey Research Group report on online learning is out. Here’s Phil Hill’s write-up. Here’s Inside Higher Ed’s. The tl;dr from The Chronicle of Higher Education: “3 Things Academic Leaders Believe About Online Education.”
Virtual Preschool. Yes, really.
… Fourth-grader Aiden Stewart has been suspended from school for allegedly possessing Sauron’s One Ring and threatening to use its magical powers to make a classmate disappear. [Huh! Bob]
… The New York Times asks Is Your First Grader College Ready?


Pure coincidence: This week's lesson is Data Governance.
Senate designates ‘Internet governance awareness week’
The Senate on Thursday afternoon voted to dedicate next week to the awareness of Internet governance.


Tools for “gathering” data, not for plagerizing.
5 Ways to Strip the Formatting When You Copy & Paste Text


Dilbert explains why Marketing is legal.

Friday, February 06, 2015

The article seems a bit speculative as it relates to this single hack, but the generalization is correct. Hack everything you can. Gather all the data you can. Put it together as relevant dossiers when you select a target.
Chinese State-Sponsored Hackers Suspected in Anthem Attack
Investigators of Anthem Inc.’s data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health-care companies for purposes other than pure profit, according to three people familiar with the probe.
… The attack appears to follow a pattern of thefts of medical data by foreigners seeking a pathway into the personal lives and computers of a select group -- defense contractors, government workers and others, according to a U.S. government official familiar with a more than year-long investigation into the evidence of a broader campaign.
… Hackers could use stolen information -- which Anthem said in its case included birthdates and e-mail addresses -- to conduct “phishing” attacks on customers who unwittingly provide access to their companies’ networks.


Now we know who will take the blame for the Sony breach.
Amy Pascal Lands in Sony’s Outbox
… Ms. Pascal had been in contract renewal talks for months, well before hackers in December made available private correspondence in which she made denigrating remarks about President Obama’s presumed preference for black-themed movies.
She profusely apologized, and top studio executives stood behind her in the aftermath. But the pressures of the hacking crisis, coupled with structural changes at the studio, made alternatives to renewing her contract more attractive.
… Ms. Pascal also went through a draining month of turmoil within Sony as studio leaders struggled to cope with a hacking that crippled the company’s computers and exposed personal data about its employees. Known to be a fiery counterpart to the more reserved Mr. Lynton, Ms. Pascal was particularly distressed by the assault, exhibiting both anger and tearful regret before Sony employees.


For my Ethical Hackers. What a target! Note that a breach would be easy to detect if it resulted in Congress actually doing something.
Lawmakers call for 'virtual Congress'
Reps. Steve Pearce (R-N.M.) and Eric Swalwell (D-Calif.) have introduced a bill urging development of ways for members of Congress to avoid traveling to Washington away from their districts.
The resolution offered by Pearce and Swalwell, who both hail from districts on the opposite side of the country as Washington, envisions a Congress allowing members to vote and participate in committee hearings via the Internet.
… The bipartisan duo argue that a virtual Congress would prevent members and staff from becoming out of touch with their districts.
… The measure further cites security concerns of having all 535 members of Congress in one place.


...and you still wonder why medical records are targeted?
Putin Has Asperger's, Pentagon Report Says
Russian president Vladimir Putin has Asperger's syndrome, according to a Pentagon report obtained by US broadcaster CBS News.
The report, written in 2008, describes Asperger's as "an autistic disorder which affects all of his decisions".
The research was conducted by the Office of Net Assessment and is based solely on videos of Mr Putin dating back to 2000.
… "His primary form of compensation for his disorder is extreme control and this is reflected in his decision style and how he governs," the report says.


How not to get the best out of Best Practices. Lots of bad examples for my Comouter Security class.
Understanding the Federal Government’s IT Insecurity Crisis
A February 5, 2015 Report From the International Association of Information Technology Asset Managers – “U.S. taxpayers have paid $59 billion for data protection since Fiscal Year 2010, including $10.3 billion in the most recent year under the Federal Information Security Management Act (FISMA). This week, the Obama Administration proposed a $14 billion cybersecurity budget for 2016. Nonetheless, Information Technology (IT) security and IT Asset Management (ITAM) woes in federal agencies have been major staples of headlines in recent months, including problems and mishaps at the Internal Revenue Service, the White House, State Department, and the Veteran’s Administration.”


Still not the perfect model. (Article 1)
Record Labels Streaming Music Money
An increasing number of artists are expressing their displeasure at the sums of money they see from music streaming services such as Spotify and Deezer. The most obvious example is Taylor Swift, who went as far as removing her whole back catalog from Spotify because of her distaste for the company’s business model.
However, a new report compiled by Ernst & Young strongly suggests it’s the labels that these artists should be angry with rather than the streaming services themselves. This is because the labels are taking the lion’s share of the revenue generated by people subscribing to these services.
As discussed by TechDirt, the labels take 45.6 percent of a typical $10 subscription. The platform itself takes 20.8 percent. And 16.7 percent disappears in taxes. A further 10 percent goes to the songwriters and publishers. Which leaves just 6.8 percent going to the artists actually recording this music for our listening pleasure.
OK, so that’s still more than artists see from music piracy, but the labels are still to blame much more than the likes of Spotify and Deezer.


My students have never heard of these shows. (Article 5)
Watch Old Shows on Shout Factory TV
A new, free, ad-supported streaming service called Shout Factory TV has launched, with a hefty collection of movies and TV shows that can best be described as cult classics. With 1,000 hours of content to begin with, and 200 hours more promised each month, there should be something for everyone here.
TV shows available to watch include The Abbott & Costello Show, The Twilight Zone, and Mystery Science Theater 3000. Classic films available to watch include Death of a Salesman, Room With a View, and Jackie Chan’s Police Story. All of which are well worth the price of admission of zero dollars and zero cents.


Something my students should watch before working on their projects?
Got a wicked problem? First, tell me how you make toast
Making toast doesn’t sound very complicated — until someone asks you to draw the process, step by step. Tom Wujec loves asking people and teams to draw how they make toast, because the process reveals unexpected truths about how we can solve our biggest, most complicated problems at work. Learn how to run this exercise yourself, and hear Wujec’s surprising insights from watching thousands of people draw toast.
[You will also need: http://www.drawtoast.com/

Thursday, February 05, 2015

Could be all 80 million. Probably less.
Anthem Hacked in ‘Sophisticated’ Attack on Customer Data
Anthem Inc., the second biggest U.S. health insurer by market value, said hackers obtained data on tens of millions of current and former customers and employees in a sophisticated attack that has led to a Federal Bureau of Investigation probe.
… “As soon as we learned about the attack, we immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation,” Anthem said. The Indianapolis-based company, formerly known as WellPoint, didn’t provide information on how the breach occurred or when it was discovered. [I think this is a mistake Bob]
… What is known is that the malicious software used to infiltrate the network and steal data was customized, which can be a sign of an advanced attacker, and is a variant of a known family of hacking tools, De Souza said. What’s rare in this case is that Anthem discovered the breach itself, instead of being alerted to it by a third party such as a bank or a credit-card company, De Souza said.


“We found DNA at the scene and this guy's got DNA so he's guilty!”
Denver police DNA mistake frees man after two months in jail on sex-assault charge
… According to a statement released by Denver police, the initial investigation indicated that Hale's DNA matched DNA directly related to the assault.
… Hale's DNA was found at the scene, police said, but the DNA evidence did not implicate him in the sexual assault.


Ha! I knew lawyers were anti-social! But seriously, if you want to be secure/private, you have to control access. If you can gain access to my private data without my knowledge and consent, it was never private in the first place!
Jason C. Gavejian writes:
As we previously reported, sending a ”friend” request to access information on an individual’s Facebook page that is not publicly available may have serious ethical implications. Specifically, the New Jersey Office of Attorney Ethics (OAE) alleges John Robertelli and Gabriel Adamo violated the Rules of Professional Conduct, including those governing communications with represented parties, when they caused a paralegal to “friend” the plaintiff in a personal injury case so they could access information on the plaintiff’s Facebook page.

(Related) As long as we're talking about Privacy... (Maybe Facebook users aren't intellectuals?)
Neil Schoenherr writes:
In our increasingly digital world, the balance between privacy and free speech is tenuous, at best.
But we often overlook the important ways in which privacy is necessary to protect our cherished civil liberties of freedom of speech, thought and belief, says Neil M. Richards, JD, a privacy law expert at Washington University in St. Louis and author of the new book, “Intellectual Privacy: Rethinking Civil Liberties in the Digital Age,” published Feb. 2 by Oxford University Press.

(Related) Facebook no longer has privacy.
Social Network Privacy Social Networking facebook in re Facebook
EPIC – With New Policy Changes, Facebook Tracks Users Across the Web: “Over the objections of consumer privacy organizations, Facebook has implemented policy changes that allow the company to track users across the web without consent. The Dutch data protection commissioner launched an investigation after the original announcement. This week the a German privacy agency announced a similar investigation. Last year, EPIC and a coalition of consumer privacy groups urged the FTC to halt Facebook’s plan to collect web-browsing information from its users. Facebook is already under a 20 year consent decree for changing users’ privacy settings. The consent decree resulted from complaints brought by EPIC and others in 2009 and 2010.”


I would have thought this was obvious. You know what you want, here it is piled up with no effort required on your part and no hint that you were in your target's system (because you were not!)
Glenn Greenwald reports:
The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents.
In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . . get access to the emails themselves,” reads one top secret 2010 National Security Agency document.
[…]
GCHQ created a program called LOVELY HORSE to monitor and index public discussion by hackers on Twitter and other social media.
Read more on The Intercept.


Interesting. Let's give special attention to anyone using an App like this. Clearly they have something to hide! My Ethical Hackers know how to fake “touch detected” coordinates.
This App Actually Lets You Send Screenshot-Proof Messages And Photos
Confide, an app that launched in January 2014 as a way to send confidential texts, just added the ability to send documents and photos.
Here’s how Confide protects your messages from being saved via screenshot: You can only view tiny pieces of the words, photo or document that you receive. In order to see a message sent to you, you have to push down on your screen with your finger. Only the portion under your finger is visible. Once you’ve read the message, it disappears completely.
… Confide, which is free on Android and iOS devices, was able to completely disable in-app screenshots for Android users.


Imagine all the fans who could not get tickets to the next World Cup sending their drones instead. Clouds of hundreds of drones swarming to the ball.
Patt Morrison reports:
Hard cases, said a long-ago Supreme Court justice, make bad law. The startling outliers shouldn’t be the yardstick for crafting routine criminal law. When a tipsy off-duty employee of the National Geospatial-Intelligence Agency lost control of his friend’s drone last month and smashed it onto the White House lawn, the cry went up for more drone regulation. But the incident was an oddity; the real legal questions about drone regulation have to do with privacy, policing, commerce and other uses. Ryan Calo, a law professor at the University of Washington, specializes in robotics. The White House drone flew right onto his radar.
Read more on Los Angeles Times.


Five simple rules.
CDT Letter on Body Cameras to the Task Force on 21st Century Policing
“The Center for Democracy & Technology (CDT) provided recommendations related to body-worn cameras in response to the Task Force on 21st Century Policing consideration of the issue and request for public comment. With use of body cameras rapidly expanding across the country2 and federal legislation being offered for nationwide use, CDT is pleased to see the Task Force addressing this important new technology, and its impact on privacy and civil liberties.”


Even though oil prices have jumped, analysts say they will go lower.
http://www.cnbc.com/id/102399810?__source=google|editorspicks|&par=google&google_editors_picks=true
Oil heading for $30, currency war coming: Analysts
… "I still believe we're going to go to that $30 to $33 area, which is the low point from the financial crisis in 2008, 2009. What you saw over the past several days was technical in nature, a short squeeze. This volatility is a little crazy and I think that $30 target is a downside target is for technicians that are in this market," the founding partner of Again Capital said in a "Squawk Box" interview.


Perspective. There is a reason why they call it Big Data. Can no one do Math (or proof read)?
77 Open Source Storage Applications
As the volume of digital data continues to grow, storage becomes a bigger and bigger problem for both home users and organizations. According to the latest Digital Universe study by IDC, 4.4 zettabytes (4.4 billion terrabytes) of digital information existed in 2013, and the amount of data is doubling every two years. That means by the end of 2015, there will be 8.8 zettabytes in our world, and by 2010, there will be 44 zettabytes, enough to fill a stack of tablets stretching to the moon and back six times.


Tools for social media managers?
5 Social Media Tools That Will Make You Look like the Boss
… keeping on top of all the ever-expanding social media tools can be a full-time job in itself. How do you know if your posts are being seen by the right people? How do you know if you are hanging out with the right people? Here are 5 social media tools that will make you look like the Boss.


Another discussion starter for my Data Management class?
Your Data Should Be Faster, Not Just Bigger
It’s universally acknowledged that Big Data is now a fact of life, but while large enterprises have spent heavily on managing large volumes and disparate varieties of data for analytical purposes, they have devoted far less to managing high velocity data. That’s a problem, because high velocity data provides the basis for real-time interaction and often serves as an early-warning system for potential problems and systemic malfunctions.

Wednesday, February 04, 2015

This can't be true. The FBI concluded that North Korea was the culprit (it made sense from a movie promotion point of view) and the President claimed “secret intelligence” that confirmed it. Don't bother us with facts to the contrary!
Russian Hackers Breached Sony's Network: Report
A group of Russian hackers had — and possibly still has — unauthorized access to the network of Sony Pictures Entertainment, according to a report published on Wednesday by Taia Global.
The Russian team allegedly breached the entertainment company’s network by sending spear phishing emails containing a remote access Trojan (RAT) to Sony employees in India, Russia and other Asian countries. Once they had access to the computers of these employees, the attackers leveraged advanced pivoting techniques to make their way to Sony’s network in Culver City, California, the report said.
Yama Tough claims to have been in contact with a member of a Russian group that has had access to Sony’s network since last fall and until at least late January 2015. The unnamed Russian blackhat, who is said to have worked occasionally with Russia’s Federal Security Service (FSB), provided Yama Tough with a large number of files allegedly stolen from Sony, the report said.
Yama Tough sent some of the files to Taia Global, including seven Microsoft Excel spreadsheets, five of which are dated from November 30 through December 10, and six emails, two of which are dated January 14 and January 23. Taia Global says the information is not included in the previously dumped Sony files, and the company has received confirmation regarding the authenticity of one of the documents from its author.
North Korea denied any involvement in the attack and many experts questioned the findings of US authorities, especially since they haven’t provided any concrete evidence to back their claims.
In late December, Taia Global conducted a linguistic analysis of the messages written by GOP and concluded that the hackers were most likely Russian, not Korean.
If Taia Global’s reports are accurate, it’s possible that Sony was breached not by North Koreans, but by a Russian group. Another possibility, according to the company, is that Sony’s network was penetrated simultaneously by both Russian and North Korean threat actors.
The attack launched against Sony by a Russian group will be discussed today by Taia Global President Jeffrey Carr in a 25 minute talk at the Suits and Spooks security conference in Washington, DC.


Not untypical, I'm afraid. Note that this has moved from a small breach hardly worth posting to my blog, to a Very Significant “Go away boy, stop bothering us.” The longer it takes them to take some visible action, the worse they will look when their victims start the lawsuits. Can't they see that?
On January 24, this blog reported that Carbonic had claimed to have hacked the University of Chicago. The U. of Chicago never responded to a notification and inquiry this blog sent via e-mail on January 22nd.
Yesterday, SLC Security reported that the university is still leaking information and is still vulnerable:
During a recent receive (sic) of some incidents being covered by databreaches.net I was able to do some additional research and confirm that even as recent as an hour ago that information is still being offered in the underground community. In addition server IP addresses owned by the organization are attacking other colleges and universities in the US and elsewhere.
Well, that’s not good. DataBreaches.net will send a second notification to U. of Chicago and hope that this time, they respond and take action to address any compromises they may have been – or may still be – experiencing. If I get a response from them, I will update this post.
SLC Security also notes that both the Illinois Institute of Technology and Northwestern University are also compromised, although I haven’t found anything through routine searches about their situations, other than Northwestern being reportedly hacked on January 20 by @AnonGhost (mirror of defacement here).
Update: I received the following email from the U. of Chicago’s Associate Vice President for Safety, Security and Civic Affairs & Chief of Police:
Both of your messages have been received and shared with our information technology services staff. Thank you for your concern.
Well, that doesn’t answer my question about what they’re actually doing and why the site is reportedly still leaking information, but at least we now know that they got my notifications.

(Related) Too common.
SLC Security reports that they are
seeing indicators that this entity has been breached for over a month and does not realize it. It appears as though their infrastructure is being used to launch farther attacks on other educational institutions.
They also appear on Emerging Threats for malicious activity since at lease the 11th of December, 2014. You would think these large organizations would do something to get themselves off the blacklist but as of today we are still detecting malicious activity.


Food for thought.
Web-Borne Malware Breaches Cost $3.2M to Remediate: Survey
A new survey from the Ponemon Institute calls web-borne malware not only a growing threat to enterprise data security, but a costly one.
According to the report, which surveyed 645 IT pros and IT security practitioners and was sponsored by security firm Spike Security, web-borne malware attacks cost the organizations in the survey an average of $3.2 million to remediate. The organizations surveyed had an average of 14,000 employees.
While all of the companies surveyed utilized a multilayered, defense-in-depth approach, they still dealt with an average of 51 security breaches during the past year tied to the failure of malware detection technology. According to the findings, the cost to respond to and remediate a single breach resulting from these detection failures was roughly $62,000 per incident.
"What many organizations forget is that the browser is the only application that is permitted to download and execute code from a 3rd party location -- any external web site. Every time you allow unknown code into your network, you put yourself and your business at risk. This is why browser isolation outside the network is so important. It is the only way to prevent this problem."


I get the impression that even the Kim Dotcom haters are shocked by this ruling. They seem to think New Zealand just did whatever the US asked without bothering to consider the consequences.
Chris Barton: Chilling privacy call from our Supreme Court
Our Supreme Court has handed down a chilling ruling about the state's right to invade individual privacy - particularly when it's contained, as it is so often these days, on computers or mobile phones.
… The case was at the heart of our Supreme Court ruling which found, four to one, that the authority to ransack Kim Dotcom's Coatesville home on 20 January 2012 was perfectly legal. It was a ruling that excused shoddy police work and shoddy court work - a ruling that said warrants sanctioned by the court can be scant and meaningless and they are still OK. It established everyone's home is not their castle, even if your home looks more like a castle than others.
… In other words that they can't be general in nature and worded to allow police to freely rummage about and seize whatever they like. Yet that's exactly what happened in the Coatesville raid when police took away a staggering 150 terabytes of data, accessed through more than 135 computers and electronic devices.
They even took away the system that opened and closed the mansion's doors. "It is now acknowledged that a substantial amount of this data, perhaps as much as 40 per cent, was irrelevant to the offences charged. Some of it was personal and private," says Elias in her judgement.
The deeply concerning issue here is that while elsewhere in the world Supreme Courts are recognising computers and mobile phones are containers of individual lives and souls, our Supreme Court seems oblivious to the fact. It found that the warrant allowing holus-bolus searching of Dotcom's vast collection of computers and other devices with no provision for sorting out what was irrelevant or private was perfectly OK.
The court saw no miscarriage of justice despite Dotcom being unable to get access his seized information for more than two years. Not to mention that if Dotcom's legal team hadn't initiated a judicial review, all of this material would have been whisked away to the United States never to be seen again.
Elias was alone in saying a warrant should be right when it's issued and it was wrong to treat a fundamentally flawed warrant as valid on the basis of what happened after the event.


For my Ethical Hackers.
Poll: Millennials eager for online voting
Nearly half of young people say they would be more likely to vote in the 2016 presidential election if they could cast their ballot online, according to poll released Tuesday.
The Fusion poll, which surveyed 18-to-34 year olds, found that 49 percent said an online system could encourage them to vote. A large portion, 42 percent, said voting online would make no real difference. Another 8 percent said they would be less likely to vote if it was made available online.
Thirty-eight percent said they would be more likely to vote if they could do it over their mobile phone.


Background for my Business Intelligence students.
Demographics of Key Social Networking Platforms
Pew Report – “Fully 71% of online adults use Facebook, a proportion unchanged from August 2013. Usage among seniors continues to increase. Some 56% of internet users ages 65 and older now use Facebook, up from 45% who did so in late 2013 and 35% who did so in late 2012. Women are also particularly likely to use Facebook compared with men, a trend that continues from prior years. Facebook users were asked additional questions about their friend networks. Among Facebook users, the median number of Facebook friends is 155. When asked to approximate how many of their Facebook friends they consider “actual” friends, the median number reported was 50…
Some 23% of online adults currently use Twitter, a statistically significant increase compared with the 18% who did so in August 2013. Twitter is particularly popular among those under 50 and the college-educated. Compared with late 2013, the service has seen significant increases among a number of demographic groups: men, whites, those ages 65 and older, those who live in households with an annual household income of $50,000 or more, college graduates, and urbanites…
Some 26% of online adults use Instagram, up from 17% in late 2013. Almost every demographic group saw a significant increase in the proportion of users. Most notably, 53% of young adults ages 18-29 now use the service, compared with 37% who did so in 2013. Besides young adults, women are particularly likely to be on Instagram, along with Hispanics and African-Americans, and those who live in urban or suburban environments…
Some 28% of online adults use Pinterest, up from the 21% who did so in August 2013. Women continue to dominate the site, as they did in 2013: fully 42% of online women are Pinterest users, compared with just 13% of men (although men did see a significant increase in usership from 8% in 2013). While Pinterest remains popular among younger users, there was an 11-point increase between 2013 and 2014 in the proportion of those 50 and older who use the site. Other demographic groups that saw a notable increase in usership include whites, those living in the lowest- and highest-income households, those with at least some college experience, and suburban and rural residents.”


Business tool or buzzword? Analysis of Big Data is being talked about, but not in as much depth as my students see.
Using Data to Call the Shots
Daryl Morey loves good data, and lots of it. As general manager of the Houston Rockets, he has made a name for himself with his devotion to using data analytics to make team decision—on everything shot selection to whom to acquire in a mid-season trade. Morey talks with Kellogg Insight about the importance of assembling a staff that understands analytics, how to ensure you are using the data wisely, and the need to always keep your eye on the prize when crunching the numbers.


See? I'm not the only one!
Morgan Stanley thinks Russia’s doomed
And now Morgan Stanley is out with a pretty scary forecast, too.
We downgrade 2015 growth from -1.7%Y to -5.6%Y and revise our 2016 growth from a mild (0.8%Y) recovery to a 2.5%Y recession,” writes Morgan Stanley’s Alina Slyusarchuk.


I think we have some students who do this...
123D Circuits - Design and Test Electric Circuits Online
123D Circuits is a free tool from Autodesk for collaboratively designing electronic circuits online. On 123D Circuits you can design your circuits and test them on the simulator in your browser. You can create circuits from scratch or use and modify templates and other publicly shared projects.
Autodesk recently published a short playlist of videos containing demonstrations of how to use 123D Circuits for various tasks. Short engineering lessons are included in the second half of the videos.
Click here for seven other resources you can use to teach students about electricity and circuits.


For my International students. (There are even more in the article)
English Grammar Aids for Both Native Speakers and Students
… learning grammar is easier than ever now — with the right apps, of course.
And they are not just for people learning English; they’re also good for those of us who already speak it.
The free app Practice English Grammar from Cleverlize is among the most polished, and is easy to use for improving your grammar skills. It’s available for both iOS and Android and covers the whole gamut of grammatical details from conjunctions through tenses to using the passive voice.
… Another option is the LearnEnglish Grammar app from the British Council.
… This app is free for both iOS and Android, but you must pay for the complete range of content. Packs cover grammatical topics at different levels, from Beginner Pack 1 to Intermediate Pack 2 for more advanced lessons, and each costs $1.
Interestingly, there’s both a British English edition (free on iOS and Android) and an American English one (free on iOS and Android)
… A free alternative to these apps on Android is English Grammar Ultimate from Maxlogic.


Can't find the book you want to read in electronic format? Could my students divide a textbook and merge the electronic versions? Uses Windows 7 or 8, stores images on Amazon. (Article 3)
Kindle Convert Turns Paper Into E-Ink
Amazon has released Kindle Convert, a Windows program which lets you turn printed book into digital books. Currently priced at $19 (but with a list price of $49), Kindle Convert requires you to scan each page of the book you want to convert into the Kindle format. Which will require a lot of time and patience.
While this is likely to put most people off, it’s still good to have this option, especially for those who want to digitize rare or out-of-print books. Unfortunately, Kindle Convert is only available in the U.S. for the time being, though that’s likely to change in the future.


Global Warming! Global Warming! Another prediction they got wrong?
Accelerated Ice Melt Causing Iceland to Rise

Tuesday, February 03, 2015

It is sometimes difficult to determine where a breach occurred. It is even difficult to know where personal data comes from unless there is a specific identifier built into the data or whoever posts it on the hacker site names the victim.
When in doubt, notify. Even if you suspect that it may be a vendor and not your firm that’s been breached – particularly if it’s the FBI or Secret Service that comes knocking on your door to alert you that you may have been breached.
CICS Employment Services Inc is notifying an undisclosed number of individuals that their information may have been accessed without authorization. The firm provides investigative and background checks in Oregon.
I am writing to inform you of an incident that may affect the security of your personal information. We were recently notified by the Federal Bureau of Investigation (the FBI) that personal information we processed regarding an application you made for employment may have been accessed without authorization.
… The FBI’s forensic examinations of relevant portions of our computer network, database and third party storage provider revealed no evidence of any compromise. [I didn't know the FBI turned over the results of their forensic examinations. Maybe only the ones where they find nothing. Bob]
… We immediately engaged the services of an independent forensics investigation firm [Because they didn't trust the FBI review or like me, didn't think they'd get the results? Bob] to determine whether CICS’ security had been compromised. The forensic examinations revealed no evidence that our network or database have been compromised.
we changed web hosts and have ensured that all PII contained in our network is encrypted and secure. [Suggests none of this was true before. Bob]
Read their full notification letter on the California Attorney General’s web site. The firm has not responded by publication time to an inquiry asking them how many individuals have been notified and if the FBI had any evidence that the information had been misused for identity theft.


Curious. Who makes choices like this? Teenage boys?
260,000 Facebook Users Infected With Trojan Disguised as Flash Update
Once it infects a computer, the Trojan installs an extension in the victim’s Web browser. The threat tags the victim’s Facebook friends in a post advertising an adult video. When users click on the link, they are presented with a preview of the video, after which they are instructed to install what appears to be a Flash Player plugin. This component is the malware downloader.


Interesting. Perhaps the FBI should hire a lawyer to review stuff like this.
Ken Ritter of AP reports:
Undercover FBI and Nevada regulatory agents misled a federal judge and violated the rights of a wealthy Malaysian businessman and his son by posing as Internet repairmen to get into Las Vegas Strip hotel rooms in a gambling probe last summer, a U.S. magistrate judge said.
In a case with Fourth Amendment implications, U.S. Magistrate Judge Peggy Leen said evidence the agents collected as a result of the ruse didn’t justify the deception used in the case involving Wei Seng “Paul” Phua and his son, Darren Wai Kit Phua.
Read more on ABC.
[From the article:
"A search warrant is never validated by what its execution recovers," Leen wrote in her 32-page recommendation that Gordon dismiss evidence. "The search warrant is fatally flawed and lacks probable cause to support the search."
… The government also impounded Wei Seng Phua's $48 million Gulfstream jet as collateral. [Guilty or innocent, they never get that back, right? Bob]


Perhaps a “Push” service to alert users when the “we have not been served” notice does not go out? (Or are all my potential customers terrorists or crooks?) In theory, this notice could be sent to individual users.
EFF Joins Coalition to Launch Canarywatch.org
“Warrant canary” is a colloquial term for a regularly published statement that an internet service provider (ISP) has not received legal process that it would be prohibited from saying it had received, such as a national security letter. The term “warrant canary” is a reference to the canaries used to provide warnings in coalmines, which would become sick from carbon monoxide poisoning before the miners would—warning of the otherwise-invisible danger. Just like canaries in a coalmine, the canaries on web pages “die” when they are exposed to something toxic—like a secret FISA court order. Warrant canaries rely upon the legal theory of compelled speech. Compelled speech happens when a person is forced by the government to make expressive statements they do not want to make. Fortunately, the First Amendment protects against compelled speech in most circumstances. In fact, we’re not aware of any case where a court has upheld compelled false speech. Thus, a service provider could argue that, when its statement about the legal process received is no longer true, it cannot be compelled to reissue the now false statement, and can, instead, remain silent. So far, no court has addressed this issue. But if you’re not paying attention to a specific canary, you may never know when it changes. Plenty of providers don’t have warrant canaries. Those that do may not make them obvious. And when warrant canaries do change, it’s not always immediately obvious what that change means. That’s why EFF has joined with a coalition of organizations, including the Berkman Center for Internet and Society, New York University’s Technology Law & Policy Clinic, and the Calyx Institute to launch Canarywatch.org. The Calyx Institute runs and hosts Canarywatch.org.” See this FAQ for more information.


Interesting. Assumes everything reported about the Snowden leaks is true and could be used by terrorists, or “authoritarian regimes.” So they ask their governments (but not the terrorists and authoritarian regimes) to promise never to do it again.
Council of Europe Report on Mass Surveillance
Provisional version – Committee on Legal Affairs and Human Rights – Mass surveillance. Rapporteur: Mr Pieter Omtzigt, Netherlands, Group of the European People’s Party.

(Related)
Skype Chats Compromised Syrian Rebels: Researchers
Syrian opposition groups lost critical information when its members fell victim to a "femme fatale" scheme using Skype chats that injected computers and phones with malware, researchers said Monday.
The security firm FireEye said it uncovered the hacking scheme that stole tactical battle plans, geographical coordinates, information on weapons and other key data in a period from November 2013 to January 2014, and possibly longer.
The hackers lured victims into online chats with attractive female avatars, eventually delivering a malware-laden photo, that allowed the operators of the scheme to steal "scores of documents that shed valuable insight into military operations planned against President (Bashar al) Assad's forces," FireEye said in a report.


Do we really need one hour shipping? Pizza parlors will need to deliver much faster (perhaps ovens on the drones?)
Four Technologies That Are Bringing One-Hour Shipping to Life
Earlier this month, Amazon rolled out its new Prime Now shipping service to a few zip codes in Manhattan.
If you’re a Prime subscriber and live in the serviced areas, the service promises one hour delivery of packages to Prime users for about seven dollars — alternately, you can get packages shipped in two hours for free. The service currently supports about 250,000 of the most popular items, and services only a small area.


Just in time for my Data Management students to hear my governance lecture.
4 Data Governance Trends to Watch in 2015
… Many enterprises have benefited from the industry’s shift from solely using traditional master data management to implementing broader, higher-performing information governance environments


A reasonably small set of “Big Data” for my students to analyze and since Pew has already crunched the data, I know what results they should get!
How to access Pew Research Center survey data
“Earlier in January [2015], the Pew Research Center released the full dataset from our largest study ever conducted on U.S. politics, the 2014 Political Polarization and Typology survey, to make it available to researchers. For the study, we interviewed 10,013 adults on landline and cellphones. The dataset includes more than 150 measures of political attitudes and behavior, plus a complete set of demographic variables. It also has the full series of political-values items asked on Pew Research Center surveys dating back to 1994; the summary measures of ideological consistency and typology group membership constructed using these items; and measures of partisan animosity and political engagement used in the center’s reports released in 2014. There are two ways to locate and download this and any other Pew Research Center dataset. Each research area at the center has a “Datasets” or “Data and Resources” section with the available data listed in reverse chronological order by when the survey was fielded….”


For my geeky students.
$35 Raspberry Pi 2 Faster, Runs Windows 10
The Pi Foundation on Monday announced that it has released the latest version of its "entry-level PC." The Raspberry Pi 2 is now available for US$35, the same price as the previous Model B+.
This build-it-yourself computer features an 800MHz quad-core ARM Cortex-A7 CPU, which will offer six times the performance of the previous system. It also includes double the memory with 1GB LPDDR2 SDRAM.
The Raspberry Pi 2 will be fully compatible with the Pi 1, and because it utilizes the ARMv7 processor, it can run a full range of ARM GNU/Linux software including Snappy Ubuntu Core and, notably, Microsoft's Windows 10.


I can be an artist? (Article 4)
Everybody Can Draw with Adobe PaintCan
Adobe Labs has released a free app called PaintCan. Available for free exclusively on iOS (only in the U.S.), PaintCan lets you turn photographs into paintings in a matter of minutes. The video above shows how it works, with automatic presets and manual brushstrokes applied.
Due to its experimental nature, Adobe is actively seeking feedback about PaintCan, which may end up becoming a full Adobe product, be folded into Photoshop, or disappear altogether. Which means you should probably get hold of it for free while you can.


The monopolies will fall. Power to the people, dude!
Booker cheers move against Web ‘special interests’
Sen. Cory Booker is cheering news that federal regulators will bar two states from enforcing laws to prevent communities from building out their own broadband Internet services.
… “I’m pleased the FCC is standing up for the rights of municipalities over special interests that may not find it profitable to invest in low-income and rural areas,” he said in a statement on Monday, hours FCC officials confirmed the upcoming action.
… "Every community should have the right to determine its broadband needs and the path of its digital future, including the ability to pick competition over monopoly for broadband services,” echoed Shiva Stella, a spokeswoman for advocacy group Public Knowledge.