Saturday, March 14, 2015


The government seems to have difficulty following Best Practices. No doubt hackers everywhere revel in their incompetence.
State Department Finally Cleans Malware From Emails Four Months After Hack
The State Department said Friday it was “implementing improvements” to its unclassified email systems, months after a breach in its networks.
… Last November, the department confirmed that it had detected “activity of concern” in its systems, but ensured the public that its classified systems had not been breached. Psaki’s statement on Friday said the breach had also not touched its “core financial, consular, and human resource systems.”
… A U.S. official last fall told CNN that the State Department hack was tied to the breach of White House computers in October. Russian hackers were the primary suspects in that hack, a charge that Russia has denied. As of February, the Wall Street Journal reported, the State Department still had not fully removed the malware planted.


For my Computer Security students.
Cisco 2015 Annual Security Report
New Threat Intelligence and Trend Analysis – “Despite advances by the security industry, criminals continue to evolve their approaches to break through security defenses. Attackers are realizing that bigger and bolder is not always better. The Cisco 2015 Annual Security Report reveals shifts in attack techniques, emerging vulnerabilities, and the state of enterprise security preparedness.


Of course your risk increases if you hold sensitive data. Hackers can encrypt your data on your computers and demand payment for the encryption key OR they can download your data and threaten to release it. Which would cost your organization more?
Kaspersky Lab writes:
Computer users in many countries are increasingly falling victim to so-called encryption malware – programs that encrypt important data on infected computers and then demand a ransom to decrypt it. In 2014, over 7 million attempts to carry out such attacks were made against Kaspersky Lab users alone. Kaspersky Lab experts have prepared an overview of the evolution of encryption malware, as well as advice on how to avoid being affected by this threat.
[…]
Cybercriminals prefer to be paid in the Bitcoin cryptocurrency, which offers them a sufficiently high level of anonymity. At the same time, it is common for attackers to specify their rates in real-world currencies, such as US dollars, euros or rubles. The cost of decrypting data for home users starts at 1000 rubles (about $15) but can be as high as several hundred dollars. If a corporate computer is infected, the attackers’ demands increase five-fold. Cybercriminals are known to have demanded ransoms as high as 5000 euros to decrypt files. Sadly, companies that have lost their data often prefer to pay up rather than lose important information. It comes as no surprise, therefore, that businesses are a prime target for cybercriminals who use encryption malware to make money.
Read more on Kaspersky Lab.

(Related)
Rex Mundi is back again. After hacking Synergie and dumping data from Temporis in January, the hackers, who have made a business of hacking for profit, have announced that they have now hacked a diagnostic laboratory in France, Labio. And once again, they announced the hack on Twitter:
[Omitted]
… In response to a tweeted question from DataBreaches.net, Rex Mundi indicated that they had demanded €20,000 from Labio not to release the data.
Because they have followed through on their threats in the past when organizations have not paid the extortion demands, we’ll have to see what happens on Tuesday.
Other entities hacked by Rex Mundi include Swiss bank Banque Cantonale de Geneve, French loan company Credipret, Swiss web hosting company Hoststar, Tobasco.be, Z-Staffing.org, Easypay Group payroll company in Belgium, Webassur, Thomas Cook Belgium, Finalease Car Credit, Mensura, Drake International, Accord.nl, ECAAssurances, Mutuelle La Frontaliere, and Domino’s Pizza, among their targets.


...but you can't fool all of the people all of the time.
Debbie Kelley reports:
Are parents just being paranoid or are their concerns about the privacy of student data that’s collected during computerized testing and on surveys valid?
Perhaps some of both.
During a public hearing, the Colorado State Board of Education hosted Thursday, officials from the Colorado Department of Education and Pearson State Assessment Services tried to assuage fears and address rumors about what data is being collected and why.
But State Board members and parents who attended say the responses were not good enough. Some questions were not answered.
Read more on The Gazette.


I hope they aren't teaching their students to do it this way...
Maybe we should expect stupid behavior in response to apps with stupid names?
Tim Cushing writes:
Universities are still freaking out over the fact that some of their students are racists and assholes. But rather than deal with the inevitability that any decent-sized grouping of people will contain a percentage of both, they’ve opted to shoot the messenger: Yik Yak. Yik Yak provides a platform for anonymous postings that can only be seen by others within the same general location (1.5-10 miles). It also provides a voting system. With enough downvotes, a post is removed.
Despite these key ingredients, students and administrators are finding the app is to blame, rather than a portion of the people using it. So, they do ridiculous things like call for a ban of the app on campus — something almost completely unenforceable and ultimately futile.
In some cases, they opt for other unenforceable and futile efforts. The University of Rochester (NY) has discovered that local posts on Yik Yak contain a number of unsavory statements, including possible threats towards a student and racially-motivated activity. This has prompted a completely ridiculous response from the university’s legal team, which has “demanded” that Yik Yak do a number of things, including turn over a ton of information on users of the service.
Read more on TechDirt.


This is called, “Having a firm grasp of the obvious.”
Daily Report: New Rules for Net Neutrality May Set Stage for Legal Battles
… Opponents of the rules, including many of the leading Internet providers, spent Thursday poring over the document. It was not known who would file the first legal challenges, or exactly what legal arguments would be made. Many experts, though, said the document included plenty of opportunity for different interpretations.

(Related) The FCC saying, “Trust us?”
FCC Open Internet Order – Separating Fact From Fiction
The Open Internet Order: Preserving and Protecting the Internet for All AmericansThe Commission has released the full and final text of the Open Internet Order, which will preserve and protect the Internet as a platform for innovation, expression and economic growth. An Open Internet means consumers can go where they want, when they want. It means innovators can develop products and services without asking for permission. It means consumers will demand more and better broadband as they enjoy new Internet services, applications and content.
Separating Fact from Fiction
The Order uses every tool in the Commission’s toolbox to make sure the Internet stays fair, fast and open for all Americans, while ensuring investment and innovation can flourish. We encourage the public to read the Order, which reflects the input of millions of Americans and allows everyone to separate myths from fact, such as:
Myth: This is utility-style regulation.
Fact: The Order takes a modernized approach to Title II, tailored for the 21st Century.


Of course I'll still respect you in the morning!
“We frequently spend large amounts of money for no reason.”
Kashmir Hill writes:
This week I got an angry email from a friend who had just rented a car from Hertz: “Did you know Hertz is putting cameras in rental cars!? This is bullsh*t. I wonder if it says they can tape me in my Hertz contract.” He sent along this photo of a camera peeping at him from out of his “NeverLost,” a navigational device that the company has started putting in many of its cars:
Read more on Fusion


Reasonable, but very un-geek-like.
SXSW Declared a Drone-Free Zone
… In a press statement this week, the organizers behind the Austin, Texas-based conference set out a no-drones policy, citing a city ordinance. The group stressed concerns for safety should “airwaves and/or frequency spectrums generally used in the remote control of drones are too congested during the SXSW event to ensure operation safe from interference.”


Suggests a business opportunity: highly localized crime reporting.
Study finds racial, ethnic divide in attention to crime news
“Crime consistently ranks as one of the most followed and discussed topics by the public, and it receives more attention in local news media than almost any other subject. A recent Pew Research Center report reinforces these findings but also suggests that certain groups of residents pay closer attention to local crime than others in the three cities studied. A difference that particularly stands out is between racial and ethnic groups. A deep analysis of local news in Denver, Macon, Ga., and Sioux City, Iowa, finds that in each city at least three-in-ten people follow crime very closely and more than half of residents often discuss crime with others.”


For my Data Management and Business Intelligence students. Colorado isn't in their top 10. Clearly they screwed up.
Commerce reports on surge in data jobs
The majority of jobs that require the use of large amounts of data are relegated to about 10 states, according to a report released by the Commerce Department.
The report describing the importance of “data occupations” on the economy highlights the huge growth in these high-paying jobs over the past decade. The study defined the “somewhat amorphous” term to mean jobs where the use of data is very important.


For my students with kids in high school.
PrepFactory Offers SAT & ACT Practice Exercises and Tutorials
Last month PrepFactory launched a free service for high school students to use to prepare for the SAT and ACT. PrepFactory offers students a series of tutorial videos and written tips to help them prepare for both tests. After completing a tutorial students can test themselves in a series of practice questions. Each question set is timed and limited to chunks of ten questions at a time. Students can earn badges for completing tutorials or question sets. In the video embedded below I provide an overview of PrepFactory's features.


For my geeky students.
Pi Overdose? Here’s 5 Raspberry Pi Alternatives
… Put simply, you feel as though you have mastered the Raspberry Pi, that there is nowhere else left to go.
You’re wrong: take a look at these five alternatives, each of which can open a whole new world of DIY technology to you.


Every Saturday, education laughs!
Hack Education Weekly News
… Florida’s problems with its online testing last week were partly caused by “cyber attacks,” which is definitely the new “dog ate my homework” excuse.
… Colorado also faced technical problems administering its PARCC assessments.
Via The Register: “Toymaker Mattel has unveiled a high-tech Barbie that will listen to your child, record its words, send them over the internet for processing, and talk back to your kid. It will email you, as a parent, highlights of your youngster’s conversations with the toy.” What could go wrong?
… The Gates Foundation has a new higher ed agenda, according to Inside Higher Ed, including to “create a national data infrastructure that enables consistent collection and reporting of key performance metrics for all students in all institutions that are essential for promoting the change needed to reform the higher education system to produce more career-relevant credential” – which hopefully isn’t too inBloom-y, eh? [If at first you don't succeed, rename and try again. Bob]
… McGraw-Hill has surveyed college students about their technology usage. 81% said they studied via a mobile device; 66% said it was important to be able to do so.


Perspective. ...and I touched my first computer in 1965. Wow, am I old or what?
The Dot-Com as You Know It Is 30. This Is How It’s Changed the World
Exactly 30 years ago, on Sunday, March 15, 1985, a computer company in Massachusetts registered the world’s first dot-com domain: Symbolics.com. And with that, the dot-com era officially began.

Friday, March 13, 2015

For my Ethical Hackers.
Know What Hackers Know: HP Cyber Risk Report 2015
Hackers build attacks on a huge treasure-trove of existing vulnerabilities, and they find new ways to exploit new technologies like mobile and the Internet of Things.
To fight back, you need to know what they know. HP Cyber Risk Report 2015, a comprehensive report from HP Security Research, contains more than 70 pages jam packed with data and analysis detailing the threat landscape and how hackers exploit it.


Local. This camera is looking for bad guys. “Since the crime hasn't actually happened yet, we need to take videos of everyone so we're sure to have a video of the bad guy we can find by searching through the thousands of hours we collect, once we know who the bad guy is.”
Chris Halsne reports:
Within an hour of FOX31 Denver discovering a hidden camera, which was positioned to capture and record the license plates and facial features of customers leaving a Golden Post Office, the device was ripped from the ground and disappeared.
FOX31 Denver investigative reporter Chris Halsne confirmed the hidden camera and recorder is owned and operated by the United State Postal Inspection Service, the law enforcement branch of the U.S. Postal Service.
Read more on KDVR.


Apple wants to improve Siri's ability to recognize your commands. Third parties may help with that. What happens when Apple records more than simple commands?
Wang Wei writes:
It has been known from year 2013 that commands we have been whispering to Siri are being stored on Apple servers for up to two years for analysis, but this news might be the most shocking development yet.
Apple admits that its Siri — an intelligent personal assistant for iPhone, iPad and iPod Touch devices — is collecting and also transmitting users voice data to 3rd party companies, which was disclosed in an unsurprising revelation two weeks back on Reddit.
[…]
If you use text-to-speech to send intimate messages, discuss confidential material, or say things that you don’t want anyone to hear, Just Beware!, because everything you say to your phone is liable to being listened by bored stranger later.
Read more on The Hacker News.


Now this cold be interesting. Imagine a bunch of smart lawyers from all 50 states (perhaps with mentors from the local law school) holding a running dialog (via Twitter?) about Privacy concerns.
March 11, 2015 – Attorney General George Jepsen today announced the creation of a new department within the Connecticut Office of the Attorney General – the Privacy and Data Security Department – that will work exclusively on investigations and litigation related to privacy and data security.
… Assistant Attorney General Matthew Fitzsimmons, who has served as chair of the Privacy Task Force since its creation, has been named to head the new Privacy and Data Security Department. In addition to having its own dedicated attorneys, the department will continue to address matters with a cross-disciplinary team with subject matter experts in health, finance and other disciplines from other departments as appropriate. The department will also continue to be supported by a technical consultant under contract with the Office of the Attorney General.
… Like the Task Force before it, the new department will be responsible for all investigations involving consumer privacy and data security. It will also help to educate the public and business community about their responsibilities, which include protecting personally identifiable and sensitive data and promptly notifying affected individuals and the Office of the Attorney General when breaches do occur.


Once again I'm going to show my ignorance of the law. I had assumed that you had to assert some crime (libel?) and then the court would let you find the perpetrator. These folks seem to want to court to help them prove their suspicions as to who did it without showing that what they did was wrong. Oh wait! The judge said almost the same thing. Perhaps I'm not that ignorant. (Yea me!)
Rosie Mullaley reports:
Rob King may think he knows who created parody accounts of him on Facebook and Twitter.
But without solid proof, the court can’t compel the social media giants to reveal subscriber information about the accounts, a Newfoundland Supreme Court judge has ruled.
“It is insufficient for the plaintiffs to demand production simply on the basis of bare, unsupported suspicions that the information sought might trace back to the defendant,” Justice William Goodridge stated in his written decision released Tuesday.
Read more on The Telegram.


Let the screaming begin!
FCC Posts 400-Page Rulebook For Protecting Net Neutrality
The Federal Communications Commission (FCC) today made available the full text of its Open Internet Order following the reclassification of broadband Internet as a utility in a recent 3-2 vote. It's a long read -- exactly 400 pages from start to finish, and it includes dissenting opinions from Republican commissioners.
… Grab yourself a drink, get comfortable, and give the document a read here.


I don't think this is the future of phones, but like true audiophiles have known since the 1960's, you can build a great system if each component can be swapped for a “newer and better” technology. In other words, this is a tool for true geeks.
How Modular Smartphones Will Change Mobile Computing
… With Project Ara, you’ll be able to truly make your device your own and customize it to meet your needs on the fly.


For my students. Do it for yourself! (Article 4)
EdX Offers Microsoft Courses
Microsoft has teamed up with online educator edX to offer a series of free IT development courses. Each of the MOOCs (Massive Open Online Course) on offer will be taught by Microsoft experts, offering budding students the option of boosting their IT skills.
Anyone from around the world is welcome to enroll for free on the courses, which include Programming with C#, Introduction To TypeScript, and Windows PowerShell Fundamentals. However, obtaining a verified certificate upon completion will require payment of a fee.


Won't my students be surprised!
You Can Literally Play With Fire Thanks to This Hot New Gadget
… Meet Pyro, literally the hottest wearable on the market right now. It’s a wrist-worn gadget that lets you shoot fireballs from your hand.
We repeat: It lets you shoot balls of fire from your hand. Real, hot, dangerous -- and dangerously magnificent -- burning balls of fire. The kind Mom said never to play with.
Strapped onto your mere mortal wrist, Pyro blasts balls of fire up to 30-feet into the air
… pro illusionists are who this $174 wearable is specifically targeted to.

Thursday, March 12, 2015

Journalists are supposed to report the facts. What do you call the people who write for the “infotainment” shows they try to pass off as the evening news?
Sue Marquette Paremba takes the media out to the wood shed for reporting on breaches in ways that repeat false claims of “sophisticated” attacks and that may leave us thinking that there’s nothing we can do to protect ourselves or better secure data we are responsible for:
Some media outlets called last month’s data breach at health-insurance company Anthem, which resulted in the theft of highly sensitive personal information pertaining to up to 80 million people, a “sophisticated attack.” However, later reports showed that weak authentication had let hackers into the database, and that a lack of proper encryption had allowed the personal information to be shared.
In a similar breach in 2014 at Community Health Systems, the company said the attackers “used highly sophisticated malware and technology.” It turned out the hackers had actually exploited the simple, very fixable Heartbleed bug, which had been widely known for months.
Read more on Tom’s Guide.
I hope more journalists covering breaches in the mainstream media read Sue’s article.


Spinoff from the Hillary Email story. Interesting timing on this one.
IG report: Problems with State email records

(Related) ...and the Quill Pen Award for refusing to learn new technologies goes to... (No doubt Hillary will claim this proves she is more tech savvy than most.)
A brief history of Congress and email

(Related) You should have known this was inevitable since Hillary assured us there was no classified information in her emails.
AP sues State Dept. over Clinton emails
… The AP said the lawsuit to force the government to act came only after multiple requests under the Freedom of Information Act (FOIA) went unfulfilled.

(Related) Hillary also told us it was perfectly secure.
Clinton Email Server Vulnerable for 3 Months: Venafi
Access to the personal email server used by former U.S. Secretary of State Hillary Clinton was not encrypted or authenticated by a digital certificate for the first three months of her term, research from security firm Venafi has found.


This has potential. Researchers will need to be careful.
Apple Announces 'ResearchKit' Aimed at Medical Research
Apple SVP of Operations, Jeff Williams, today announced "ResearchKit", a new open source software framework in the vein of HomeKit and HealthKit that will turn an iPhone into "powerful diagnostic tools for medical research." The new software aims to assist doctors and scientist gather data at a faster and more accurate rate via the accessibility of the iPhone.
Williams mentioned multiple conditions that ResearchKit will be aimed at, including: Parkinson's, Diabetes, Cardiovascular disease, Asthma and Breast cancer. Apple also promised it "will not see your data" when reiterating on Privacy of the new ResearchKit app.

(Related) The iPhone is subject to all the downsides of “old fashioned” research. Can we avoid that by making the App smarter?
Apple ResearchKit has thousands sign up amid bias criticism
Stanford researchers were stunned when they awoke Tuesday to find that 11,000 people had signed up for a cardiovascular study using Apple Inc.’s ResearchKit, less than 24 hours after the iPhone tool was introduced.
“To get 10,000 people enrolled in a medical study normally, it would take a year and 50 medical centers around the country,” said Alan Yeung, medical director of Stanford Cardiovascular Health. “That’s the power of the phone.”
… “Just collecting lots of information about people — who may or may not have a particular disease, and may or may not represent the typical patient — could just add noise and distraction,” said Lisa Schwartz, professor at the Dartmouth Institute for Health Policy and Clinical Practice, in an e-mail. “Bias times a million is still bias.”
For starters, the average iPhone user is more likely to have graduate and doctoral degrees than the average Android user, and has a higher income as well, according to polling company CivicScience Inc. Those sort of demographic differences could skew the findings from a study.
Misleading data can also come from a user accidentally hitting a button or giving her phone to someone else, said C. Michael Gibson, a professor at Harvard Medical School and an interventional cardiologist.
And apps may be more restricted in the types of questions they can ask than standard trials, which allow researchers to ask open-ended questions in face-to-face encounters. Asking about specific side effects — “Mrs. Jones, are your teeth itching?” — may prompt false memories and make people more apt to report them, a problem that an open-ended question wouldn’t have triggered, Gibson said.
Yet the iPhone also helps address a problem that standard trials often encounter: People enrolled in studies often falsely report their activity to researchers. By using its internal components or secondary devices connected wirelessly via Bluetooth, the iPhone can silently measure users’ behavior, without relying on them to keep track or be honest about what they’re doing.

(Related) As I tell my Statistics students, some unknown percentage of respondents lie to survey takers.
Elizabeth Earl reports:
The national attention on the risk of data breaches may be keeping patients from sharing information with physicians.
A survey from Austin, Texas-based software advising firm Software Advice of 243 people found that 45 percent of respondents were moderately or very concerned about security breaches involving personal health information. Nearly a quarter, 21 percent, withholds personal information from their physicians for fear of a data breach.


All that is not forbidden is mandatory.
All that is not mandatory is forbidden. “The Once and Future King
“We changed our privacy policy so this is no longer our responsibility.” Head Twit
Charlie Warzel reports:
Twitter is cracking down on the scourge of revenge porn with a series of updated rules in its privacy policy designed to make sure users don’t publish nude photos or post pictures of users engaging in sexual acts without the subject’s consent.
[…]
As of 6 p.m. ET, Twitter has changed its rules to reflect the following (all changes are in italics):
Private information: You may not publish or post other people’s private and confidential information, such as credit card numbers, street address or Social Security/National Identity numbers, without their express authorization and permission. You may not post intimate photos or videos that were taken or distributed without the subject’s consent.
The company also modified its abusive behavior policy page to include the following:
Threats and abuse: Users may not make direct, specific threats of violence against others, including threats against a person or group on the basis of race, ethnicity, national origin, religion, sexual orientation, gender, gender identity, age, or disability. In addition, users may not post intimate photos or videos that were taken or distributed without the subject’s consent.
Read more on BuzzFeed.


As the non-lawyer, statements like this always confuse me. Does this mean state courts are a Federal-Law-Free Zone? “We're concentrating on a crook, sometimes innocent folk will get trampled.”
Mike Cason reports:
Prosecutors in House Speaker Mike Hubbard’s ethics case responded to an accusation that they might have violated federal law by revealing bank account numbers in a recent court filing in Hubbard’s ethics case.
Prosecutors said a federal law and federal court filing rules cited by Hubbard’s defense don’t apply in state court cases.
Read more on AL.com.
[From AL.com:
On Feb. 27, prosecutors filed a response opposing the request for a more definite statement and saying that the 23-count indictment was sufficient.
They said that a vast number of emails, bank records and other documents provided to Hubbard's defense removed any doubt about the nature of the charges. They included more than 300 pages of exhibits in that Feb. 27 filing as examples of those documents.
Hubbard's lawyers complained that the documents included six bank account numbers (not Hubbard's), as well as cell phone numbers and other personal information. They said two people had their bank accounts changed as a result and said the content of the documents violated rights of privacy.


My library will lend you a GoPro camera or an iPad. These articles suggest more technology may be coming soon.
Forecasting the Future of Libraries 2015
This special section focuses on some of the key trends shaping libraries. It pairs with American Libraries’ annual coverage of the ALA Emerging Leaders. These librarians are, after all, representative of a new wave of library leaders who will help shape our futures—and likely have already contributed to, influenced, or led the trends that we will cover. The first piece, “Trending Now,” is a quick introduction to the Center for the Future of Libraries’ “trend library.” The trend library is designed to provide the library community with a centralized and regularly updated source for trends—including how they are developing; why they matter for libraries; and links to the reports, articles, and resources that can further explain their significance. As a collection, it will grow to include changes and trends across society, technology, education, the environment, politics, the economy, and demographics. Makerspaces are playing an increasingly important role in libraries. Four librarians from three library makerspaces—Tampa–Hillsborough County (Fla.) Public Library System’s The Hive, the Free Library of Philadelphia’s Maker Jawn, and the Innisfil (Ont.) Public Library’s ideaLAB—talk about how maker culture is transforming their libraries and share ideas about this important trend’s direction, in “Making Room for Informal Learning.” Keeping up to date with changes in education is important for all of us but especially for those of us working in academic and school libraries. Joan K. Lippincott shares her thoughts in “The Future for Teaching and Learning” on how academic libraries can leverage growing interest in active learning, new media and information formats, and technology-rich collaborative spaces within the higher education environment. Natalie Greene Taylor, Mega Subramaniam, and Amanda Waugh, all of the University of Maryland’s College of Information Studies, look at how school librarians can integrate three trends—the mobility of information, connected learning, and learning in the wild—to keep up with the future of K–12 education in “The School Librarian as Learning Alchemist.” There is news from two library science programs’ initiatives exploring what’s ahead in library education, in “The Future of the MLIS.” This focus on the education of librarians is important for all of us.”


There's not just AN App for that, there are lots of Apps for that. Find the one that works best for you.
Time To Ditch Evernote? Letterspace & Fetch Are Compelling Alternatives
Evernote is the world’s most widely used notebook application, but that doesn’t mean there isn’t room for improvement. Letterspace and Fetchnotes are two alternative iOS notebooks that focus on quickly adding and accessing notes.


For all my students.
How to Upgrade to Windows 10 via Windows Update
… Here’s all you need to know to upgrade to Windows 10 directly from Windows 7 or 8.1 and start getting to grips with the future of Windows.
Ever since it was officially unveiled last year, Windows 10 has been an intriguing prospect for PC users. Given that Microsoft is set to make the upgrade free for its first year of availability,


Gee, mentoring sounds a lot like teaching.

Wednesday, March 11, 2015

The Privacy Foundation's http://www.law.du.edu/index.php/privacy-foundation next seminar (April 3rd) will discuss “Privacy Law and Data Brokers” (details should be on the website this week) Amazing how quickly congress jumps on the topics they select.
Senators Edward J. Markey, Richard Blumenthal (D-Conn.), Sheldon Whitehouse (D-R.I.) and Al Franken (D-Minn.) introduced legislation to require accountability and transparency for data brokers who are collecting and selling personal and sensitive information about consumers. The Data Broker Accountability and Transparency Act (S. 668) will allow consumers to access and correct their information to help ensure maximum accuracy. The bill also provides consumers with the right to stop data brokers from using, sharing, or selling their personal information for marketing purposes. The legislation also empowers the Federal Trade Commission (FTC) to enforce the law and promulgate rules within one year, including rules necessary to establish a centralized website for consumers to view a list of covered data brokers and information regarding consumer rights.
Data brokers seem to believe that there is no such thing as privacy,” said Senator Markey, a member of the Commerce, Science and Transportation Committee.
… A copy of the legislation can be found HERE.


Small but (unfortunately) typical. Size isn't too important, the bad guys can do this hundreds of times each year. The question is, would your employees know they were being phished?
Jim Schoettler reports that employees falling for a phishing scheme nearly cost the town almost $500,000:
A cyber hack last month at Orange Park City Hall cleared nearly $500,000 from the city’s bank account, but the theft was caught in time for a wire transfer to be reversed and security measures have been installed to prevent future thefts, [Also typical. Why are these being added now rather than before the breach? Bob] City Manager Jim Hanson said Tuesday.
Read more on Jacksonville.com


An interesting breach question. If PII is disclosed, should everyone be notified? That could be difficult if the only address they have is the primary insured.
Yesterday, my husband received a notification letter from Anthem about their massive data breach. I had forgotten that at one time, we had coverage through his employer. Our children and I were covered as his dependents.
And as I read what they sent him and looked at the AllClear ID signup web page, it dawned on me that Anthem does not appear to be directly notifying individuals whose SSN and DOB were in their database as dependents. In fact, if the former member of Anthem cannot or does not notify the formerly covered dependents, they may have no idea that they are at risk of identity theft.
[Much more follows Bob]

(Related) What is required?
If you’ve been meaning to get caught up with changes in state data breach notification laws, check out this article by Cynthia J. Larose of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
The article covers developments in New Jersey, Montana, Connecticut, Washington State, and New Mexico (where they’re still trying to get their first data breach notification law).


For my Ethical Hackers.
Tool Hijacks Accounts on Sites Using Facebook Login
The tool is called Reconnect, and was developed by Egor Homakov, a researcher with security auditing firm Sakurity. Reconnect works by exploiting cross-site request forgery (CSRF) issues impacting Facebook Login, which enables users to log-in to third-party websites via their Facebook accounts.
Essentially, the attack works by creating a link that when clicked on logs the victim out of their legitimate account and into a Facebook account under the control of the attacker.


An interesting question from my Business Intelligence students: Could someone “suggest” something negative (or positive) about a company that could significantly impact the stock price? Could that someone remain anonymous? (Think social media like my students did.)
Lumber Liquidators Blames Short-Sellers for Damning Expose
Lumber Liquidators (LL), the embattled hardwood flooring retailer, is going on the offensive, lashing out at Wall Street traders and the news show "60 Minutes" for spreading "inaccurate allegations" about the safety of the company’s products, the FOX Business Network has learned.
In recent days, the company's sales representatives have been armed with scripts to address concerns from customers about a "60 Minutes" report that said the company’s products contain cancer-causing toxins. The Toano, Va.-based company denies the charge, and its scripts, read by customer service representatives, blame "hedge-fund short-sellers” with “trying to scare [their] customers with inaccurate allegations." Lumber Liquidators in these scripts also says "60 Minutes" has aired those allegations while ignoring data that shows the company’s products to be safe.


I wish I was teaching Computer Security this quarter. This would have been an excellent case study for a paper. Should “high government officials” determine what practices should be followed? Where was the IG during all this?
I suspect the 50,000 plus pages (Hardcopy? Really?) will never be released without massive redaction. Think of the Secretary of State in talks with Country A while making repeated calls to various people in Country B, their avowed enemy.
Hillary: Just Trust Me on This One
In her first public comments on a controversy involving her emails, former Secretary of State Hillary Clinton answered questions from the press for 20 minutes, but her response amounted to this: You've just got to trust me.
Clinton revealed that she had sent and received more than 62,320 emails from her private account. Of those, 30,490 she deemed work-related and turned over to the State Department. The other 31,830 she apparently deleted. The central question of the jousting match between Clinton and reporters was how she distinguished the personal emails from those relating to her official duties. Her explanation was simple: She decided.
… She said that even if she had used two devices or only a state.gov email address, she would still have made that decision. But that legalistic defense doesn't necessarily do much to quash her political problem. The question at the heart of the scandal is what might have been hiding in the emails that were not put in the public record—dealings with corporations, with aides, and with foreign heads of state, for example—that may be relevant to her duties as secretary or her presumed presidential bid.
… "I feel that I’ve taken unprecedented steps to provide these work-related emails," she added. [Never equate “legally required” with “unprecedented” Bob]
… "Looking back, it would’ve been better if I’d simply used a second email account and carried a second phone." Yet as recently as two weeks ago, she told journalist Kara Swisher that she carried two phones during at least part of her tenure as secretary of state. [I wonder where those emails are? Bob]
… On two questions, Clinton offered surprisingly blunt and unequivocal answers: She said there were no security breaches on her email server, and she said she did not email any classified information.
But seldom were Clinton's answers so straightforward and simple. Far from putting an end to questions, the press conference seemed to raise a whole new set of concerns.


If doctor-patient relationships become public record, can lawyer-client be far behind?
Marion Renault reports:
The patient who walked into Laraine Kurisko’s office had been to psychotherapy before, but hadn’t expected it to come up at a subsequent job interview. Fearing that a potential employer had seen her mental health records electronically, she came to Kurisko, an Edina psychologist who doesn’t use electronic records for patient data.
“She was shocked,” said Kurisko. “That’s why she came to see me.”
Kurisko is one in a coalition of Minnesota psychologists and social workers who are challenging a state mandate that, as of January, requires medical professionals to adopt computerized health records that are “interoperable,” that is, tied into a wider state medical database.
Going digital, they say, could not only expose sensitive patient information to a data breach, but also erode the patient-therapist trust integral to their work.
Read more on the Star Tribune.


I love it! “I have nothing to hide but my hide.”
Some dismiss #privacy saying they have nothing to hide
I don’t accept that argument from anyone wearing clothes


It's good to be the biggest. Until the cry of “monopoly”
Google could be about to do a $1 billion deal that would solidify its domination of mobile advertising for years
Many people in the West will wake up this morning and scratch their heads in bewilderment at the news that Google may be about to pay $1 billion for India's InMobi.
They have never heard of InMobi.
That's a shame, because it is probably the single biggest mobile ad network company on the planet.
If Google bought it, it would solidify the search giant's domination of mobile advertising in an almost unassailable way. It would make Google No.1 for mobile ad revenues for years to come. Google's mobile ad business is already twice as big as its nearest competitor, Facebook, for instance.
It would probably attract the attention of regulators — and the complaints of Google's competitors — because Google's massive market share for mobile ads would be so overwhelming. Google already has 90% market share for search in some areas such as Europe. It is already the biggest mobile ad company on the planet, with revenues in the billions (the company doesn't break out its mobile sales numbers).


For my students.
11 Takeaways: 2014 State of Enterprise Social Marketing Report
In 2014, Forrester Consulting conducted research with the goal of uncovering how the world’s largest companies organize, plan, and execute social marketing efforts.
For the 2014 State of Enterprise Social Marketing Report, Forrester Consulting surveyed 160 senior leaders managing or overseeing digital or social marketing – Director, Vice-President or C-Level executive – at companies with revenue of $1 billion or more.
… Seventy-eight percent of companies place the responsibility of social marketing under a CMO, C-Level executive or an Executive/Vice President, and 69 percent of organizations are prioritizing social marketing based on the way it is organized and executed within their organization.
… With that, 69 percent of large companies are increasing staffing for social marketing in 2014.
… Social tactics are also growing! Nearly all, 98 percent of companies market on at least one major social network!
… At least 58 percent have plans to use a social network that they were not utilizing previously.

(Related) Good news for about 60% of my students, who are multilingual.
In multinational companies, social media may call for a multilingual approach.
One key positive of social media and social networking is that it encourages communication — whether seeking positive interactions with current or future customers or helping employees to work collaboratively in different departments or even different business units. But particularly among international organizations, there is one key drawback: language.
MIT Sloan Management Review's 2014 social business report identified an interesting paradox: While respondents from multinational companies indicated that social media often enabled their organizations to work more effectively across global boundaries, they indicated that it also introduced new problems. As it became easier to communicate with people using social media, the obstacles imposed by differing languages became more pronounced.


For the toolkit. Free and open source.
5 Clever Things You Can Do with HandBrake
Want to turn your DVDs and Blu-rays into media files you can watch on your computer? HandBrake can do just that — plus plenty more.
Rip a DVD or Blu-ray
Convert Videos for Use with iTunes and iOS Devices
Convert a Batch of Video Files at Once
Add Subtitles to a Movie File
Denoise a Video


Talk like Captain Kirk? Might help some of my students.
How Skype’s Star Trek Translator Works
Skype has been breaking down geographical barriers since its inception, but the new Skype Translator is set to break down language barriers, and fundamentally change the way people communicate across national borders. Imagine having a real-time conversation with someone on the other side of the planet who doesn’t speak a word of your language. For the first time ever, Skype Translator makes that possible.


For all my students and everyone else. Very handy!
A Guide to Google Tools – Tips & Tricks You Can’t Live Without
… The following is a comprehensive guide of tips, tricks and hacks that’ll help you make better use of Google services you use. Whether you’re a novice or a seasoned expert, you’re likely to find something here that you can add to your own productivity toolbox.