Saturday, February 14, 2015

Should be an interesting read for my Computer Security students.
The Target and Other Financial Data Breaches: Frequently Asked Questions
“In November and December of 2013, cybercriminals breached the data security of Target, one of the largest U.S. retail chains, stealing the personal and financial information of millions of customers. On December 19, 2013, Target confirmed that some 40 million credit and debit card account numbers had been stolen. On January 10, 2014, Target announced that personal information, including the names, addresses, phone numbers, and email addresses of up to 70 million customers, was also stolen during the data breach. A report by the Senate Committee on Commerce in March 2014 concluded that Target missed opportunities to prevent the data breach.
Target. To date, Target has reported data breach costs of $248 million. Independent sources have made back-of-the-envelope estimates ranging from $240 million to $2.2 billion in fraudulent charges alone. This does not include additional potential costs to consumers concerned about their personal information or credit histories; potential fines or penalties to Target, financial institutions, or others; or any costs to Target related to a loss of consumer confidence. The breach was among the largest in U.S. history. Consumer concern over the scale of this data breach has fueled further congressional attention on the Target breach and data security and data breaches more broadly. In the wake of Target’s revelations, between February 3 and April 2, 2014, Congress held seven hearings by six different committees related to these topics. In addition to examining the events surrounding the Target breach, hearings have focused on preventing such data breaches, improving data security standards, protecting consumers’ personal data, and notifying consumers when their data have been compromised.”


Surely someone can articulate a reason that does not disclose “state secrets.” If Jewel could prove there was no warrant, the defense would be that the warrant was secret and she should not have been able to prove there was no warrant? Do we not teach logic an more?
Nadia Prupis writes:
A federal judge ruled in favor of the National Security Agency in a key surveillance case on Tuesday, dismissing a challenge which claimed the government’s spying operations were groundless and unconstitutional.
Filed in 2008 by the Electronic Frontier Foundation, the lawsuit, Jewel v. NSA, aimed to end the agency’s unwarranted surveillance of U.S. citizens, which the consumer advocacy group said violated the 4th Amendment.
[…]
US District Judge Jeffrey White on Tuesday denied a partial summary judgment motion to the EFF and granted a cross-motion to the government, dismissing the case without a trial. In his order, White said the plaintiff, Carolyn Jewel, an AT&T customer, was unable to prove she was being targeted for surveillance—and that if she could, “any possible defenses would require impermissible disclosure of state secret information.”
Read more on Common Dreams.


Why can't I trust this article? Not sure where this is coming from, but it reads like an MPAA press release. They call it a Mega Conspiracy (a sound byte for the prosecutors) but it's not actually a company. Kim Dotcom has “not fled the country,” was a resident of New Zealand for some time before the Black Helicopters (literally) descended. Does a plea deal count as a “conviction?” Interesting that the “largest criminal copyright case in U.S. history” results in a “year and a day” sentence.
Megaupload programmer sentenced to year in prison
An Estonian computer programmer pleaded guilty on Friday to helping build Megaupload and conspiring to violate vast numbers of copyright licenses.
Andrus Nomm, 36, admitted to helping run the website as a forum for pirated movies, music and other content, in the process doing more than $400 million of damage to the companies that created them.
The company behind Megaupload, Mega Conspiracy, also obtained at least $175 million through the efforts, Nomm admitted.
This conviction is a significant step forward in the largest criminal copyright case in U.S. history,” Assistant Attorney General Leslie Caldwell said in a statement. “We intend to see to it that all those responsible are held accountable for illegally enriching themselves by stealing the creative work of U.S. artists and creators.”
From 2007 until his arrest in 2012, Nomm worked as a programmer with Mega Conspiracy and personally downloaded a number of files from Megaupload and similar websites.
At its peak, Megaupload accounted for 4 percent of all Internet traffic, with more than 50 million visitors per day.
Four of the people charged alongside Nomm — including Kim Dotcom, the founder of Megaupload — have fled the country. An extradition hearing for them is scheduled for June in Auckland, New Zealand.
Two other people charged in the case remain at large.
“We continue to pursue his co-conspirators until they face justice in the American legal system,” Andrew McCabe, the FBI’s assistant director of the case, said in a statement.


What the guys just north of Colorado think.
James Chilton reports:
A House committee on Thursday approved two Senate bills related to private information and companies’ duties in notifying clients of data breaches.
The House Corporations, Elections and Political Subdivisions Committee unanimously approved Senate Files 35 and 36.
SF35 would establish the actions companies must take if they learn that clients’ personal information has been breached, while SF36 expands the definitions of personal identifying information.
Read more on Casper Star-Tribune.


For the Marketing Club.
Better Business Bureau Updates Advertising Standards to Reflect Digital Realities
… While the BBB has always enforced honesty in advertising, recent changes in the way advertisers reach their audiences (e.g., social media, texting, the Web, etc.) prompted the bureau to update its Code of Advertising, a set of advertising standards for businesses to follow.
These changes place added responsibility on advertisers to ensure that their ads are accurate. According to the code, "the primary responsibility for truthful and nondeceptive advertising rests with the advertiser."
Additionally, advertisers need to be able to back up anything they share. The code states that advertisers "should be prepared to substantiate any objective claims or offers made before publication or broadcast."
… To keep up with all of the new changes, read the full BBB Code of Advertising here.


For my Data Management students.
Knowledge is Power. But Knowledge About What?


To subscribe or to get the same thing for free (as long as you have a smartphone), that is the question.
Free or cheaper versions of Microsoft Office programs abound
Just as I was warming up to choosing a Microsoft Office 365 subscription over making a one-time software purchase, Microsoft started giving away a lot of subscription benefits for free. The company now offers Word, Excel and others at no cost on most mobile devices.
It's a smart move by Microsoft, but it makes me wonder whether you really need a subscription, which starts at $70 a year.
The subscription will appeal to people who use Office apps on traditional Windows or Mac computers or Windows tablets, such as the Surface Pro 3. Those who primarily use iOS and Android mobile devices can probably stick with free apps. What's right for you comes down to whether you need a PC or can get things done with just your smartphone or tablet. Here's what to consider.
… -- For PCs, a $70 one-user annual subscription lets you use all seven Office apps on multiple PCs and tablets by signing in and out. The $140 one-time purchase limits you to one device and four of the seven apps.


Tools for the toolkit?
The 5 Best OCR Tools for Extracting Text from Images


Free laughter every week – what an industry!
Hack Education Weekly News
… Indiana is looking to shorten its standardized testing, says Politico, “after learning it could take students up to 12 hours to complete the exams.”
… “Passwords Stored in Plain Text” and other horrors from library information security.
… Woot Math, which offers apps for teaching math, has raised $1 million in funding from the Foundry Group. [Based in Boulder Bob]
… The latest Horizon Report for Higher Education. On the horizon: BYOD, maker spaces, the flipped classroom, wearable technologies, adaptive learning, and the Internet of Things.


Perhaps this is the replacement for internships?
20 Micro Jobs to Help You Make Money in Your Free Time
… However, it can be difficult to sniff out the legit companies from the scams. Below are 20 legit opportunities to easily make some extra income in your free time.


An interesting read...
Women in Tech: What Future Tech Companies Need to Know
… Few reasonable people suggest that women under-perform in tech. This list from the Huffington Post is just the tip of a large, expanding iceberg of influential women in tech, including:
Another excellent example is Sandy Lerner, co-founder of Cisco Systems.
#1 There are more female users than male
… If women are the leading adopters, users, media consumers and buyers in so much of the tech industry, it surely makes sense to ensure their interests are properly represented within tech companies themselves.

Friday, February 13, 2015

They didn't see this before? How are they looking at their data differently now that they know they have been breached? Should this “new” way of looking at the data be part of everyone's Best Practices?
Chad Terhune reports:
Insurance giant Anthem Inc. said Thursday that hackers had access to customer data going back to 2004 as investigations continue into the massive breach.
I would not take that to mean that the Anthem is not retaining data that goes back before 2004, but only that the database the hackers accessed went back to 2004. I hope more on the issue of data retention is raised by Congress, HHS, and state attorneys general.
Terhune also reports:
In the meantime, Anthem said all current and former customers going back to 2004 can begin enrolling Friday for two years of identity theft protection and free credit monitoring.
Consumers can sign up and learn more details online or by calling (877) 263-7995.
Read more on The Los Angeles Times.
[From the article:
The Indianapolis-based company said its internal investigation was ongoing and it hadn't yet determined which customers might have been affected. [Are they saying there may be more? Bob]


Interesting, but grab the full package, the parts have some problems.
This looks like a great – and free – resource!
Fordham University School of Law Center on Law and Information Policy is pleased to announce the publication of the Privacy Handbook for Student Information Online: A Toolkit for Schools and Parents, which is designed to provide materials that offer tools for school administrators, teachers and parents so that they can better understand and address online privacy protections and legal requirements.
School districts across the country rely on online service providers and technology companies to improve education and facilitate school administrative functions. These services typically involve the transfer of student information to third-party commercial organizations and raise significant privacy concerns for student information. The Fordham Center on Law and Information Policy (“Fordham CLIP”) conducted a research study titled “Privacy and Cloud Computing in Public Schools” (http://ir.lawnet.fordham.edu/clip/2/) which showed that major gaps exist in the protection of student privacy for many of the services used by schools.
“The study identified that school districts have a tremendous need for assistance in addressing privacy and called for the development of a national clearinghouse and research center to develop and distribute materials for schools to be able to use free of charge,” said Professor Joel R. Reidenberg, the Stanley D. and Nikki Waxberg Chair in Law and founder and director of the Fordham CLIP.
Under the direction of Professor Reidenberg, the Technology and Privacy Law Practicum course at Fordham Law School prepared this set of materials to assist school communities in addressing online privacy issues. [I love making students do the work! Bob]
The Privacy Handbook consists of a complete binder in PDF format and each tool as a stand-alone file, including the slides for the professional development presentations. All files may be downloaded and used free of charge by school communities. Any commercial uses will require prior written permission from the tool authors. The Privacy Handbook can be found here: law.fordham.edu/privacyhandbook
Professor Reidenberg will testify at a hearing on “How Emerging Technology Affects Student Privacy” on Thursday, February 12, 2015. The hearing is being held by the U.S. House of Representatives Committee on Education and the Workforce Subcommittee on Early Childhood, Elementary and Secondary Education.
Professor Reidenberg’s testimony will focus on the need to modernize federal educational privacy law to meet the challenges of today’s educational technologies, as well as make recommendations that Congress modernizes the Family Educational Rights and Privacy Act of 1974. For a complete list of hearing witnesses, please visit: http://edworkforce.house.gov/calendar/eventsingle.aspx?EventID=398317
SOURCE: Fordham Law School


For my Computer Security students. Do-It-Yourself Identity Theft guides
Brent Weisberg reports:
Joe V. Johansen was arrested Jan. 30 by officers with the Portland Police Bureau’s Street Crimes Unit that operates out of East Precinct.
[…]
In the affidavit that requested an increase for bail, Jackson wrote Portland police officers Michael Strawn and Patrick Mawdsley received a downloaded copy of a computer that Johansen admitted belonged to him.
“The computer download contained the Oregon Department of Motor Vehicles list of Oregon identification numbers, as well as 13 different victims’ federal income tax forms,” Jackson wrote.
Read more on KOIN6.
[From the article:
Investigators found a file on the computer that was titled “Guide to making fake IDs in the Privacy of Your Own Home,” Jackson wrote. On Jan. 7, 2015, the officers received another download of a second computer that Johansen admitted belonged to him, Jackson wrote.
On that computer, officers found another guide on how to make fake identifications, as well as roughly 350 forged prescriptions, including seven different doctor’s names and Drug Enforcement Administration (DEA) number, Jackson wrote.
Records show Johansen is on federal probation for bank fraud. Officers used the data from his GPS device that showed Johansen was going to various pharmacies around the Portland area “with unusual frequency,” Jackson wrote.

(Related) Phishing for fun and profit?
Phishing Kits Hook Victims in Attacks
According to Symantec, scammers can buy phishing kits for between $2 and $10. These kits do not always require technical skill to use – with just basic knowledge of PHP, attackers can customize their phishing pages to meet their needs, blogged Symantec's Roberto Sponchioni.
"Some of the kits that we observed were quite basic and only included two web pages," he blogged. "However, others appeared to be more professional and convincing, with more than 25 PHP source files and 14 different language files that can be loaded based on the user’s location.

(Related) First, write yourself a Presidential Pardon for all the crime you are about to commit. (http://deadfake.com/Default.aspx) Be sure to mention the national security implications that “will require the Secretary to deny any knowledge of your operation.”
5 Online Sources for Disposable Email Addresses


We are starting to look ahead but still not willing to turn over full control?
DEATH is NOT THE END, on Facebook: 'Legacy' can be you BEYOND the GRAVE
A new feature from Facebook allows users to bequeath control of their accounts to loved ones when they die. It tries to tread the line between handing over full control and helping those who have lost someone use their memories and contacts to grieve.
For some time Facebook has had a “Memorialization” option which locks the account of a deceased person and stops the person from popping up in others' timelines.
The new legacy feature, rolling out soon in the US with other countries to follow, allows Facebook users to specify who should have limited control in the event of the user dying. One name can be selected from the account's security settings and optionally sends a message to the chosen contact.
People “inheriting” a dead person's Facebook account will be able to write a post to display at the top of the “memorialized” timeline. Facebook reckons this could be used, for example, to announce a memorial service or share a special message. They will also be able to respond to new friend requests from family members and friends and to update the deceased's profile picture and cover photo. The word “remembering” appears above the name of the person who has died.


For my programming students. I have used the “rubber duck” debug, but I call it the Major Smith method and I use a real person.
7 Useful Tricks for Mastering a New Programming Language


Resources for math teachers and students.
Banish Your Number Phobia With a Bit of Everyday Math

Thursday, February 12, 2015

My tax dollars at work. “We don't have the time or the money to do it right, so we'll take more time and spend more money to fix it later!”
Tax-Refund Fraud Soaring, Little IRS Can Do
Tax-refund fraud is expected to soar again this tax season, and hit a whopping $21 billion by 2016, from just $6.5 billion two years ago, according to the Internal Revenue Service.
And the problem—which the agency admits is growing quickly—is compounded by an outdated fraud-detection system that has trouble identifying many attempts to trick it.
… The IRS is well-aware of the magnitude of the problem. But budgetary constraints and legal mandates have created a system where it is often unable to follow up on the red flags that its system throws up until after a refund check has been cut and sent.


Privacy is dead? Let the debate begin!
Or so Dominic Basulto tries to argue, seemingly ignoring masterful pieces like Neil Richard’s arguments as to the importance of privacy for intellectual thought, and oh, a host of other reasons privacy still is – and will continue to be – important.
You can read his opinion piece on Washington Post.
[From the atricle:
Spend just a few minutes on today’s Internet, though, and you’ll realize that this 125-year-old notion of privacy is already an anachronism. Our accounts are hacked, our photos are uploaded for all to see, our medical records are open secrets and our intimate dealings and e-mails are “proclaimed from the house-tops.” Instead of wanting to be “let alone,” we now want to be part of communities and networks. To top it all off, “pieces of personal information are not only social currency but also more or less the basis for the entire world of online commerce.”


I missed even more...
E. Michael Power has compiled a roundup of some significant privacy law cases in Canada last year. A few of them are cases I covered either on this blog or PHIprivacy.net, but there are some that I never covered, so do go read his post. and get caught up. These are all judicial decisions and not Commissioner’s findings or orders.


I would expect similar software built into any device you attach to your system. The software might tell you it detects a problem and ask permission to send a message to the manufacturer, but there is nothing to keep them from sending the messages without telling you. What else could it “report?”
Dell's tech support will call before trouble strikes your PC, tablet
The company is launching a new ProSupport Plus support package to monitor remotely the health of key hardware components and software in a PC or tablet. If a problem is detected, Dell will call or e-mail to alert the customer to a possible problem, and offer a remedy or replacement.
… Dell will install software called Support Assist on tablets and PCs that will monitor the health of the hard drive, memory, battery and other hardware components. If an issue is detected, the software will issue a support ticket and automatically send it to Dell over the Internet. Depending on the issue, Dell will call or email the customer and offer to fix or replace the hardware.


I even like lists that are in slide format.
Best of the Web - Winter 2015 - Slides from #OETC15
This afternoon at the Ohio Educational Technology Conference I presented my latest version of Best of the Web (and various app stores). This version contains some of the sites and apps that were in my fall 2014 version of the same slides. Those that have been included again either released some notable updates or are so good that I think they're worth including again. This version is also different because for the first time I included slides to denote sections of the presentation. Many people asked for the slides so I'm sharing them below as a Google Slides presentation. You can also click here to open a copy.

Wednesday, February 11, 2015

When we say, “No one is safe,” we really mean no one.
Anthony Noto, Twitter CFO, gets first-hand feel of hacking as account breached
Anthony Noto, Twitter’s chief financial officer, got a first-hand feel for the pain a hacker inflicts after discovering someone was tweeting out spam from his account.
Twitter spokesman Jim Prosser confirmed the account was hacked for a brief time.
“His account was sending spam tweets,” Mr. Prosser said, the New York Post reported. “We’ve locked the account down and deleted the tweets. There’s no indication any account information was accessed.”

(Related)
Newsweek, International Business Times Twitter Accounts Hacking By Cyber Caliphate Makes Us Question Twitter's Cybersecurity Features
Newsweek's Twitter account was commandeered by a group claiming to be connected with the Islamic State Tuesday for about 15 minutes and spewed threatening messages to First Lady Michelle Obama, with publication's Twitter banner switched out for one featuring a Black Standard flag and a masked man.
… Also hacked Tuesday, by reportedly the same group, was the Twitter account of a military veteran organization called Military Spouses of Strength and the website of International Business Times, was also hacked.

(Related) Now this is just mean. Article 3
Forbes’ Hack of the Day
Forbes’ Thought of the Day, which is presented to readers when they first land on the site, was used to send malicious code to visitors’ computers. As reported by The Washington Post, security researchers have discovered the widget was compromised for several days at the end of last year, starting on Nov. 28.
It is believed that Chinese hackers used the Thought of the Day to launch an attack primarily aimed at financial institutions and defense contractors. Vulnerabilities in Internet Explorer and Adobe Flash were used (surprisingly!), both of which have since been patched.


“Existing agencies don't share data, so we will rely on the data they share to make this center work!” Typical politician thinking. Should I think of this as a Library of Cyber Threats? More importantly, will I be able to tap into it directly?
White House to Create New Cyber Security Agency
The new agency will be known as the Cyber Threat Intelligence Integration Center (CTIIC)
its focus will be integrating intelligence about cyber-threats and providing analysis to policymakers and operators, she explained.
The center will not collect intelligence; it will only analyze and integrate information already collected by other sources, she added.


Perhaps I should send all 10,000,000 an email to let them know?
Dan Goodin reports:
A security consultant has published 10 million passwords along with their corresponding usernames in a move he characterized as both necessary and legally risky given a legal landscape he said increasingly threatens the free flow of hacking-related information.
Most of the existing corpus of passwords exposed in hack attacks is stripped of usernames, preventing researchers from studying the possible relationship between the two fields.
Read more on Ars Technica.


When everyone is required to report a breach, I'll release an App that finds this information and delivers it to any Class Action lawyer who pays my fee. (If I charge $0.99 per breach and there are a bazillion security breaches each year, I should be able to buy my own brewery!)
Telecompaper reports:
The lower house of the Dutch parliament has approved legislation requiring businesses and organisations to report security breaches of personal data they hold. The Law on Personal Information will be expanded to include the new requirement, which applies to businesses of all sizes as well as public sector agencies.
Read more on Telecompaper.


Marketing is always inventing new ways to intrude on any technological experience. Imagine this coming in the middle of a sales pitch to Coca Cola.
Samsung Smart TVs 'inserting ads' into video apps
Users of Samsung's Smart TVs are complaining that advertisements are being inserted into their own locally-stored programmes and films without their permission.
In a post on the Reddit community website, several Australian users of the Plex app on Samsung Smart TVs reported their viewing had been interrupted half way through by a Pepsi video ad.


Unless you opted out, Google is in (location) data gathering mode.
Use this trick to see a map of everywhere Google knows you've been
If you have a Gmail account or use any of Google's apps, there's a good chance Google has some of your location data stored in its systems.
Luckily, there's an easy way to see exactly what Google knows about where you've been, and you can even see a map of past locations you have visited.
This all depends on whether you have enabled two settings tied to your Google account: location reporting and location history. Of course Google lets you turn these settings off at any time, and it even offers step-by-step instructions.


Google is helping us move towards a healthier world! (Any liability here?) Article 1
A Healthier Google Knowledge Graph
Google is adding a range of health-related information to its Knowledge Graph. This means that when someone searches for the answer to a common health question, Google will present the relevant information at the top of the results page.
Information presented in this way includes “typical symptoms and treatments … how common the condition is … whether it’s critical, if it’s contagious, what ages it affects, and more.” Some results will be augmented by helpful illustrations.
The good news for hypochondriacs is that all the information has been compiled, curated, and reviewed by real medical doctors. Even so, Google is at pains to point out that the medical information contained in its Knowledge Graph should only be considered the first step, and people should still consult a healthcare professional if they need to do so.


I guess I knew that, just never heard it stated so clearly.
Ed. Note, this post offers a preview of the authors’ upcoming article in the Santa Clara Law Review: The Notice Paradox: Secret Surveillance, Criminal Defendants & the Right to Notice.
… Though few may realize it, the public today depends on the people it is desperately trying to put in prison—criminal defendants, often in terrorism cases no less—to litigate the privacy rights of millions.


Just a thought, should all those “connected things” on the Internet of Things have kill switches? (In case someone wants to steal my refrigerator or my thermostat.)
Smartphone theft in London down by half thanks to 'kill switches'
Thefts involving smartphones have reportedly decreased by 50 per cent in London, since manufacturers began implementing 'kill switches' that allow the phones to be deactivated remotely.
Smartphone theft has also dropped in San Francisco and New York by 40 per cent and 25 per cent respectively, authorities said on Tuesday.


I might use this then again I might make my students use it. Yeah, my students.
Flipboard launches a full web version with design cues from Medium and Pinterest
Today Flipboard is unleashing the full version of its magazine-aggregating app on the web, in a sleek new interface that looks like a mix between Medium and Pinterest.
… In the new web version, rather than flipping pages, Flipboard serves up content in modules containing pictures, headlines, and occasionally a leading sentence.
Here are a few examples that show off the platform’s new visual capabilities:
  • Designica, a magazine that combines trippy animated GIFs with trippy soundtracks from Soundcloud, curated by Flipboard CEO Mike McCue [You should sit down before viewing this one. Bob]
  • The Hipster, a magazine of things that are too cool for you, by Gus Gostyla
  • The Explorer, a magazine curated by former NFL player and NASA astronaut Leland Melvin


For all my students.
Google Celebrates ‘Safer Internet Day’ With Security Checkup, 2GB Of Free Google Drive Space
While it’s not quite the 100GB of free One Drive cloud storage space that Microsoft is giving away if you sign up for Bing Rewards, Google is giving away freebies of its own to commemorate Safer Internet Day. In an effort to ensure that users are protected against hackers and other cyber threats, Google is asking its users to complete its Security Checkup by February 17.
The Security Checkup prompts you to verify your account recovery options (email, phone), gives you a listing of recent sign-ins on your account to help you spot any suspicious activity, and allows you to confirm or remove app that have access to your Google account information.


I collect anything I can use to harass my Math students.
Insert Graphs and Equations Into Google Docs and Forms
One of the most frequently asked questions in my webinars and workshops about Google Drive is, "how can I add math problems to my Form?" Thanks to Google Forms Add-ons there is a rather simple answer to this question now. g(Math) is a Google Forms Add-on that allows you to insert graphs and mathematical expressions into your Google Forms.
To get the Add-on select "get Add-ons" from the Add-ons menu in Google Forms. Then search for g(Math). Click the install button, give the Add-on permission to access your account, and then you're ready to go. To insert graphs and equations into your Form select g(Math) from your Add-ons menu and follow the directions that pop-up on the right side of the screen.
g(Math) is also available as an Add-on for Google Docs. The process of installing it and using it is the same as it is for the Google Forms versions of g(Math).


Have your phone read your textbook to you?
Read & Write for iPad and Android - Text to Speech and More
The popular Chrome app Read & Write for Google is now available as a free iPad app and as a free Android app. According to the email I received from Read & Write's product manager the new apps are essentially keyboards that allow users to access the support tools that have made Read & Write for Google popular over the last couple of years. Some of those popular tools include text-to-speech, a talking dictionary, and a picture dictionary.
The Read & Write iPad app and Android app provide text-to-speech functionality for free forever. The other features are free as a one month trial. But teachers who use their Google Accounts to sign into the apps (use your school-issued Google Account) can get all of the features for free. Click here for information on getting a Read & Write account with your Google Apps for Edu account.


Undo reliance, in one image.