Saturday, September 17, 2016

What makes Johnny stupid? 
Jon Marino reports:
A big Wall Street technology firm is being sued after allegedly falling for a run-of-the-mill email scam and wiring client funds to hackers.
SS&C Technologies, a $6 billion market capitalization company that bills itself as “the most comprehensive powerhouse of software technology in the financial services industry,” was duped by China-based hackers who sent sloppy emails to company staffers in order to trick them into releasing client money, according to a complaint.
Read more on CNBC.
[From the article:
The complaint from Tillage, a commodities investor, alleges SS&C Technologies, its fund administrator, ignored its own protocol, resulting in the lost funds.


Is there is a huge penalty for screwing up disclosure?  No.  But there should be.
Discussing an incident disclosed by Troy Hunt this week, Jeremy Kirk reports:
The handling of a recent data breach – the details of which are still unfolding – by Oakland, Calif.-based web services company Regpack provides a look into how the discovery and disclosure of a breach can turn into a real train wreck.
Read Jeremy’s article on BankInfoSecurity.


Ask them when they actually cracked the phone.  I’m guessing it was much earlier than they admit. 
FBI faces lawsuit for silence on iPhone 5c hack
The FBI’s refusal to reveal how it accessed an iPhone 5c from a San Bernardino mass shooter will face scrutiny in court.  USA Today’s parent company and two other news groups have filed a lawsuit against the agency, demanding it turn over the details.

In March, the FBI unlocked the passcode-protected iPhone through an unknown third party, for a reportedly large sum that the agency hasn’t officially disclosed.
The lack of details prompted USA Today to submit a Freedom of Information Act request to the FBI, regarding the costs paid to the third-party contractor.  But in June, the FBI denied the request, claiming that the disclosure could interfere with law enforcement.
The agency denied similar FOIA requests from the Associated Press and Vice Media.  However, on Friday, the three news organizations filed a lawsuit, arguing the FBI had “no lawful basis” to reject the FOIA requests.
The news companies claim the public is entitled to know how much was spent to unlock the iPhone, and who the third-party contractor is.
   Friday’s lawsuit claims that the FBI effectively sanctioned a party to retain potentially dangerous technology.


When Michael Porter talks, people should be listening. 
Study – Political Dysfunction Makes America Less Competitive
by Sabrina I. Pacifici on Sep 16, 2016
Dina Gerdeman – “The American economy is a mess, and our broken political system is largely to blame, according to a Harvard Business School US Competitiveness Project report released today.  Harvard’s Michael E. Porter, Jan W. Rivkin, and Mihir A. Desai say American economic performance peaked in the late 1990s and since then has experienced a lingering period of weakness, with slower than usual productivity growth, job growth, and investment growth.  The report, Problems Unsolved and a Nation Divided: The State of US Competitiveness in 2016, which contains an in-depth analysis of the American economy and the results of surveys of global business leaders and the general public, says the US is “failing the test of competitiveness.”  


Naturally this comes out right as my Data Management class ends.  Oh well, there are always more students to torture.
Accurately measuring enterprise value (EV) has never been more important or challenging. Even more so because firms are confronted by growing volumes of data, and the stakes implied in misinterpreting the value of that data have risen to new heights.
   For example, at the end of its 2015 fiscal year, Apple’s balance sheet stated tangible assets of $290 billion as a contribution to its annual revenues, with approximately $141 billion worth of intangible assets — a combination of intellectual capital, brand equity, and (investor and consumer) goodwill.  Using the same formula, Apple’s intangible assets in 2014 were $280 billion — or almost twice the value of its 2015 calculation.  By its own estimation, Apple had lost 50% of its intangible value over the previous 12 months, revealing the limits of using a simple intangible value calculation.


Perspective. I did not see this coming.
Microsoft just edged out Facebook and proved that it's changed in an important way
Since Satya Nadella took the CEO job at Microsoft in 2014, the company's views towards open source have evolved.  Microsoft has embraced open source, and even supports the open source Linux operating system on its Microsoft Azure cloud computing platform. 
And if you didn't believe the love is real, GitHub — the so-called "Facebook for programmers," and the hub of the open source world — released new stats today about which companies have the most people contributing code to their open source projects.
And Microsoft weighs in at #1, with 16,419 contributors, edging out Facebook with 15,682. 


Death by Pokémon – a whole new statistical category? 
Pokémon GO—A New Distraction for Drivers and Pedestrians
Pokémon GO, an augmented reality game, has swept the nation.  As players move, their avatar moves within the game, and players are then rewarded for collecting Pokémon placed in real-world locations.  By rewarding movement, the game incentivizes physical activity.  However, if players use their cars to search for Pokémon they negate any health benefit and incur serious risk.


Gee, they could have raised Trillions!
A Two-Mile Beer Pipeline Carries Belgium’s Lifeblood to Be Bottled
   The turn of a tap on Friday propelled the Belgian city into the future — and sent its citizens to the bar — as dignitaries and drinkers celebrated a momentous innovation: the world’s first beer pipeline.
   The project cost about 4 million euros, or $4.5 million.  But the brewery discovered an innovative way to raise the funds: promise donors free beer for life.


Perspective.  My students have already cut the cable.  Is this the new ‘favorite’ source for all forms of entertainment?
More than two million people watched Twitter’s NFL stream on Thursday night
   That was smaller than the digital audience Yahoo saw when it streamed an NFL game, also for free, last October (though Yahoo autoplayed that game on its homepage and most of its properties, including mail and Tumblr, so the comparison isn't clean at all).  It’s also well below the 48.1 million who tuned in to watch the game on TV, according to Nielsen.
Here are more relevant numbers, if you really want to compare Twitter’s reach vs. traditional TV: An average of 243,000 people were watching the game on Twitter at any given time, while CBS and the NFL network, which simulcast the game, reached an average of 15.4 million.


Something for my international students?
English forums
Learn English on the world's largest community of English teachers and students.


Something for those of us with skills?  Worth reading the article.
   Steemit is a new blockchain-based social media initiative that is challenging everything about the way we communicate ideas on social media.
   Steemit wants to change the dialogue around how content is created and shared online by paying the content creators (people like you and me) for posts on the platform.  Their theory is that decentralizing the platform by paying content creators and curators rewards good content — encouraging discussion and quality while keeping the focus and direction of the platform within the control of the users.


Why I love Saturday.
Hack Education Weekly News
   Los Angeles Mayor Eric Garcetti has reiterated his promise for free community college tuition for eligible high school graduates.
   Via Education Week’s Market Brief: “Closely Watched Lawsuit Has Implications for Open Ed. Resources Market.”  Great Minds is suing FedEx, contending that FedEx stores are in violation of the Creative Commons non-commercial licensing of its materials when they charge for photocopies of Great Minds’ curriculum.
   Via The New York Times: “As Amazon Arrives, the Campus Bookstore Is a Books Store No More.”
   Inside Higher Ed’s Carl Straumsheim looks at Indiana University’s eText initiative, which he says is “rapidly becoming the go-to way for students there to buy textbooks and other course materials.”
   UC San Francisco says it plans to outsource its IT operations to India.  But oh yes, kids, “everyone should learn to code” for job security.

Friday, September 16, 2016

For my Ethical Hacking students: “Told ya!” 
Researcher Shows Simple iPhone Hack FBI Said Couldn't Be Done
Earlier this year, the FBI sparked a major controversy by seeking to force Apple to develop hacking tools for breaking into iPhones.  Ultimately, the bureau backed down and found another, rather expensive way to hack into the particular iPhone in question, which had been used by one of the San Bernardino terrorists.
At the time, some security experts suggested an easier way for the FBI to bypass the iPhone’s security measures.  The FBI said the technique, which involved removing the phone’s memory chip that stored user data, wouldn’t work.
But now one of those experts has written a paper demonstrating just how easily the technique could have been used.  University of Cambridge researcher Sergei Skorobogatov says he was able to bypass the security measures that bedeviled the FBI, including the phone’s limit of 10 incorrect PIN code guesses that, if reached, would cause all data on it to be deleted.
“The process does not require any expensive and sophisticated equipment,” Skorobogatov writes.  “All needed parts are low-cost and were obtained from local electronics distributors.”

(Related) Next time: How to hack the evidence!  
How a hacker discovered that Tesla’s in-car camera retains accident footage
   Jason Hughes, a Tesla owner and a programmer by trade, became curious to find out how much data — if any — the Model S saves after his car’s automatic emergency braking system turned on to prevent a crash.  Much to his surprise, he found that basic information was stored on-board.  To dig deeper, he bought the center display unit from a wrecked Tesla Model S and began tearing it down.
   Tesla has often enumerated the features of its Autopilot suite of electronic driving aids, but it has never talked about the recording function.  Hughes points out accessing the footage isn’t a straight-forward task that the average owner can replicate.
“I kind of knew what I was looking for, since I had messed with it on my own car.  It’s not too terribly difficult.  You have to basically gain root access to the Media Control Unit (MCU), and such.  Tesla’s likely going to make that more difficult.  I won’t say it’s simple, but it’s not impossible,” he explained in an interview with Inverse.
The programmer believes that the camera’s footage is transferred to the MCU when the airbags deploy, and he adds that it’s not salvageable if the car is badly damaged.  That means footage wasn’t sent from the camera to the MCU when a Model S hit a truck in Florida last May.


Very interesting.
   It stands to reason that governments with access to vast pools of knowledge, colossal funding, and an insurmountable desire to be one step ahead of both ally and enemy would realize the value in deploying incredible sophisticated spyware and malware variants.
Let’s take a look at some of the most famous nation-state threats we’re aware of.


I’ve been working with the Privacy Foundation at the University of Denver Sturm College of Law for years.  Google never offered me an unrestricted gift. 
Great reporting by Sam Biddle on Google’s entrenchment in privacy scholarship.  Why isn’t there more transparency and disclosure by the researchers, though?  Sam reports:
In January, academic-turned-regulator Lorrie Cranor gave a presentation and provided the closing remarks at PrivacyCon, a Federal Trade Commission event intended to “inform policymaking with research,” as she put it.  Cranor, the FTC’s chief technologist, neglected to mention that over half of the researchers who presented that day had received financial support from Google — hardly a neutral figure in the debate over privacy.  Cranor herself got an “unrestricted gift” of roughly $350,000 from the company, according to her CV.
Virtually none of these ties were disclosed, so Google’s entanglements at PrivacyCon were not just extensive, they were also invisible.
Read more on The Intercept.


Serious disruption for Western Union?
Fintech Firm Ripple Gets $55 Million In Funding
Ripple, the San Francisco-based startup building a bitcoin-like payments platform aimed at banks, announced a $55 million Series B funding round on Tuesday, bringing its total capital to about $93 million.
The move makes it one of the best capitalized startups in the blockchain industry, where firms use so-called open ledgers to solve a wide variety of technology challenges.
   At $93 million, Ripple trails only Circle Internet Financial ($136 million), 21 Inc. ($121 million), and Coinbase ($116 million) in terms of capital raised among bitcoin and blockchain firms, according to news and research site Coindesk.  Funding in the sector appears to have slowed down recently.
   “The banks don’t like showing their aggregate data to the world,” he said.  What Ripple has developed is a system, which it calls interledger, that allows banks to transact with each other directly, without any public ledger that would record and transmit the data.
The immediate focus is on cross-border transfers, a process that is currently cumbersome and generally expensive, and what Ripple describes as high-volume, low-value transactions, in other words, generally smaller transactions like, for example, payments on Amazon and other online platforms, or rides in Uber cars.
Mr. Larsen said the firm currently has 10 of its clients using the product commercially, with another 30 working on integrating Ripple into their systems.  He expects more of these banks to go live on the platform this year, and start marketing their new, Ripple-based products in 2017.
“I think the tipping point has been reached,” Mr. Larsen said.


I’m not surprised they want to do it.  I am surprised it is so cheap!  (Or am I misreading this article?)
EU’s digital market rules land vowing free Wi-Fi, 5G tech, and copyright overhaul
The European Commission has promised free Wi-Fi in every town, village, and city in the European Union, in the next four years.
A new grant, with a total budget of €120 million, will allow public authorities to purchase state-of-the art equipment, for example a local wireless access point.  If approved by the European Parliament and national ministers the cash could be available before the end of next year.
The commission has also set a target for all European households to have access to download speeds of at least 100Mbps by 2025, and has redefined Internet access as a so-called universal service, while removing obligations for old universal services such as payphones.
It also envisions fully deploying 5G, the fifth generation of mobile communication systems, across the European Union by 2025.


Why my IT Architects need to “think mobile.”
How Mobile Has Changed How People Get Things Done: New Consumer Behavior Data
   To get a better understanding of how people meet their needs in a world of limitless online and offline options, we collaborated with the research firm, Purchased.  All of the findings presented here are from this research study.
   we learned how consumers choose—both online and offline—to navigate their I-want-to-know, I-want-to-go, I-want-to-do, and I-want-to-buy moments.

Thursday, September 15, 2016

We don’t need to hack every voting machine to impact the election.  What if there is a major data leak shortly before the election that includes some carefully falsified emails, could it influence the election?  Have these early leaks been setting the stage? 
Hackers are already shaping U.S. election coverage with data leaks
   Case in point: On Tuesday, stolen emails from former secretary of state Colin Powell became headline news after a mysterious site with possible ties to Russian cyber spies gave them to the press.  Since then, media outlets have been pointing out juicy details found in the emails.  For example, Powell called Clinton “greedy” and her rival Donald Trump a “national disgrace.”

(Related) Because, hey…
Email Is Forever - and It's Not Private
"Dance like no one is watching; email like it may one day be read aloud in a deposition." - @Olivianuzzi, December 13, 2014
This “post-Sony attack” tweet from Olivia Nuzzi of The Daily Beast should have been framed and hung as motivational artwork on every office wall.  Instead, a year and a half and numerous publicized email hacks later, it stands to remind us that people will continue to get caught with their pants down because they refuse to accept two simple certainties: Email is forever; and forever is a long time to keep anything truly secure.


Goes to both Governance and Architecture.
Supply Chain Cyber Risk: Your Digital Shadow is Getting Longer
Many of the most high-profile breaches have been a result of weak links in an organization’s supply chain.  The cyber attacks on Target, Home Depot and the U.S. Office of Personnel Management (OPM) are just a few examples.
In an era when organizations are sharing increasing volumes of digital information with suppliers and providing them access to their networks, this shouldn’t come as a surprise.  Sophisticated adversaries are finding vulnerabilities wherever they can, and often that means looking to an organization’s partners for weaknesses in defenses.  Using the partner as a ‘stepping stone,’ they gain access to their ultimate target.


Inevitable, I suppose.  
Justin Huggler reports:
woman in Austria is suing her parents to force them to remove childhood pictures of her from Facebook, in the first case of its kind in the country.
The 18-year-old woman, who has not been named under Austrian privacy laws, said the pictures were embarrassing and a violation of her privacy.
“They knew no shame and no limits,” she told Austria’s Heute newspaper.  “They didn’t care if I was sitting on the toilet or lying naked in the cot, every moment was photographed and made public.”
Read more on The Telegraph.


This is how a large portion of America uses the Internet.  What did they expect?
After Users Watch Porn, New York City Removes Web Browsing from LinkNYC Kiosks
New York City hadn’t even finished setting up all its kiosks by the time people started using them to watch pornography in public.
To date, the city’s Department of Information Technology and Telecommunications (DOITT) has set up about 400 — short of the 500 it originally wanted to have installed by the end of July, en route to an eventual fleet of 7,500.  The kiosks spread free gigabit-speed WiFi, helping to connect the unconnected.
They also have tablets that people were able to use for various functions, including surfing the Internet.  And therein lay the problem.  According to the New York Post, some people were using the feature for purposes the late U.S. Supreme Court Justice William Brennan might have described as “appealing to prurient interest.”

(Related) Maybe they were just looking for some privacy.  (Actually, an interesting read.)


How could they pass up so much blood in the water?
Wells Fargo reportedly being investigated by federal prosecutors


For my students, who should begin thinking like CIOs.   
Bonuses, stocks, perks lift CIO compensation
   The median pay among the 25 CIOs is $2.3 million. 
Browse the highlights of CIO pay in our sortable chart.  For specific details on each CIO’s pay package, see our slideshow.


You are hereby encouraged to learn.
The Research Process – Government Sources
by Sabrina I. Pacifici on Sep 14, 2016
Rob Lopresti, Western Washington University – “At Western Washington University, librarians take turns teaching Library 201, Introduction to Research Strategies.  It is a 4 credit GUR course (General University Requirement; each student must take some GURs, but not all of them.)  We just created a free electronic textbook for the course.  It is very much geared to Western’s students and resources, but any school is welcome to borrow/build/steal the contents.  I wrote Chapter 7, Government Information: http://cedar.wwu.edu/research_process/7/


For a few geeks I know.
Configure Your Raspberry Pi Installation With PiBakery


Well, I find it amusing.

Wednesday, September 14, 2016

Hear this, Computer Security students?
   Liability for data breaches that affect customers leads directly to the C-suite.  Executives need to personally know how strong their company’s cyber defenses are, as well as the expected responses for attacks or breaches.  But according to the survey, 40% admitted that they lacked a clear understanding of the cybersecurity protocols within their organizations.  This should be an urgent wake-up call to executives that cybersecurity needs to be taken seriously throughout the organization.


Something for my IT Governance students to debate.  When Cyber War comes, you need to know what your Cyber Weapons can do.  Should you have extra Cyber Defenses on hand, ready to install?   
Someone Is Learning How to Take Down the Internet
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet.  These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down.  We don't know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.
   What can we do about this?  Nothing, really.  We don't know where the attacks come from.  The data I see suggests China, an assessment shared by the people I spoke with.  On the other hand, it's possible to disguise the country of origin for these sorts of attacks.  The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the U.S. decides to make an international incident over this, we won't see any attribution.
But this is happening. And people should know.

(Related) If we assume that politicians are not the only ones looking for backdoors, who might want this information and what could they do with it? 
Joel Connelly reports:
A yawning back-end pathway into the state’s voter registration database, through which private information could have been accessed, has been closed, thanks to the candidate challenging Secretary of State Kim Wyman.
“Anyone with basic programming skills and knowledge about these weaknesses could conceivably (access) this data, look up and harvest private data from millions of Washingtonians,” Tina Podlodowski wrote Wednesday to the state’s chief information security officer (CISO).
The information accessible via the back-end pathway included voters’ personal cell phone numbers, personal email addresses, ballot delivery types, and the coding used to message military and overseas voters.
Read more on Seattle PI.


Why Computer Security is a frustrating field: Even when they get something right, they get it wrong.
U.S. Healthwork has notified HHS and 1400 patients after a laptop with protected health information was stolen from an employee.  Although the laptop was encrypted, the password was stolen with the laptop.

(Related) And some don’t even make the effort.
Clinton email server company warned about security
   Last summer, as the FBI was beginning what would become a yearlong investigation into the private server Clinton used while secretary of State, a Connecticut company in charge of backing up her server sent a warning to Platte River Networks, the Colorado-based firm that had managed her primary machine since 2013.
“[W]e have some concerns relative to data security,” the Connecticut storage firm, Datto, told Platte River Networks in an August 2015, email
Platte has not enabled encryption at the local device.  Given the sensitive, high-profile nature of the data which is alleged in press reports to potentially reside on the Datto device, it may be the target of cyber attack from a multitude of highly sophisticated and capable entities or individuals,” it added.  “We believe such an event could place the unencrypted data itself at risk, as well as expose both Datto and Platte River systems to collateral damage.


Is all wholesale crime by definition organized crime?
State consumer protection officials warn about card skimmers
Consumer protection officials have issued a warning about card skimmers that have shown up at gas pumps across Wisconsin.
Thieves that have attached the skimmers at the pumps are stealing credit or debit card information.  The Department of Agriculture, Trade and Consumer Protection says state investigators found at least 15 skimmers during inspections of gas pumps over the past five weeks.
The devices were found at stations in Edgerton, Janesville, Milton, Random Lake, Camp Douglas, Madison, Lake Delton, Franklin, Brookfield, Appleton and Oshkosh.


Was this deliberate or were they just not thinking at all? 
Hasbro, Mattel and others pay $835,000 settlement for tracking children online
Four media companies agreed to a $835,000 settlement for knowingly tracking children online, which is illegal in the United States.
Viacom, Mattel, Hasbro, and JumpStart Games all settled with New York Attorney General Eric T. Schneiderman today, after an investigation called “Operation Child Tracker”.  Schneiderman, in a statement:
Operation Child Tracker revealed that some of our nation’s biggest companies failed to protect kids’ privacy and shield them from illegal online tracking.


So, buy it.
NSA Chief 'Perplexed' that Twitter Won't Share Key Data
   McCain queried Rogers about a Wall Street Journal report in May that Twitter had blocked intelligence agencies from using Dataminr, which uses algorithms and location tools to reveal patterns among tweets.
The veteran senator said the report indicated that Dataminr had alerted its clients minutes before this year's Brussels attacks and at the time the November Paris attacks began to unfold.
"So we have a situation where we have the ability to detect terror attacks...  Yet in order to for us to anticipate these attacks we have to have certain information, and Twitter is refusing to allow them to have certain information which literally could prevent attacks?" the senator who heads the Armed Services Committee asked.
Rogers replied: "Yes sir, and at the same time (Twitter is) still willing to provide that information to others for business, for sale, for revenue."


Oh no!  Now China will know what our eyes look like!  
Alibaba Pays $100 Million For Eye-Scan Firm Used by U.S. Banks
Alibaba’s payments arm, Ant Financial, has acquired EyeVerify, a maker of optical recognition technology used by Wells Fargo along with dozens of regional banks and credit unions across the country.
Bloomberg reported the purchase price as around $70 million, but a person close to EyeVerify says this is incorrect and that the actual amount was $100 million, and that it was an all-cash transaction.


Seems improbable that no one has regulated bank cybersecurity before… 
New York Proposes Cybersecurity Regulations for Banks
New York Gov. Andrew Cuomo and the state’s top banking regulator proposed regulations Tuesday that would be among the first in the U.S. to require banks to establish cybersecurity programs.
If implemented, the regulations would increase the onus on some of the world’s largest banks to invest in cyber protections that could cost them and insurers millions of dollars, according to experts.  Banks would be required to hire a chief information security officer and implement measures that detect and deter cyber intrusions and protect consumer data.


For my IT Governance students.
McAfee Labs Threats Report: September 2016
Analysis of recent threat topics and trends
Read Report             View Infographic


For my IT Architecture students.  As goes IBM, so goes IT?
IBM cloud chief: The next phase of cloud is a race to add value
   In an interview with Network World Senior Editor Brandon Butler and IDG Chief Content Officer John Gallant, LeBlanc talked about how IBM is tailoring its cloud services to specific vertical industries and what Big Blue is doing to enhance its Platform- and Infrastructure-as-a-Service capabilities.  He also discussed why partnerships with companies ranging from VMware, Box, SAP and Workday are strengthening IBM’s cloud play.

(Related) Because some new hardware is going to be connected to Cloud services by default.  Like this one.
Got a flat surface? Lampix can turn it into a display
Lampix looks like a regular lamp, but using a Raspberry Pi, camera, and projector, it can make most flat surfaces interactive.


For our Criminal Justice students.
Managing a police department is a tough job, and the legitimacy crisis currently facing American policing has made it even tougher.  Today’s police managers — from chiefs and sheriffs to sergeants and watch commanders — risk losing officer morale and productivity in the form of de-policing (withdrawing from their duties), and are beginning to witness recruitment and retention problems.


Even if it’s “not quite a war,” listening to the war fighters makes sense.
Details of Syria Pact Widen Rift Between John Kerry and Pentagon
The agreement that Secretary of State John Kerry announced with Russia to reduce the killing in Syria has widened an increasingly public divide between Mr. Kerry and Defense Secretary Ashton B. Carter, who has deep reservations about the plan for American and Russian forces to jointly target terrorist groups.

Tuesday, September 13, 2016

New technology breeds new hacks. 
Music Industry’s Latest Piracy Threat: Stream Ripping
Earlier this year, a federal judge shut down the free music-download site Mp3skull.com and awarded $22 million to the record companies that had sued it for copyright infringement.  But Mp3skull.onl, which has surfaced in its place, is touting a service even more worrisome to the music industry: stream ripping.
That practice, which involves turning a song or music video played on a streaming service into a permanent download, is growing fast among young music fans, even as other forms of music piracy wane.


Stop thinking of it as a cheap laptop, think of it as 20,000 clients!  
Matthew Kish reports:
One of Oregon’s largest financial firms has warned clients of a possible data breach.
Portland-based M Holdings Securities Inc., a subsidiary of M Financial Holdings Inc., has informed California’s attorney general of a stolen laptop with client information, including social security numbers.
The theft occurred July 29 in Salem.
[…]
O’Connor said the laptop held social security numbers for roughly 2,000 clients.  Another 18,000 clients had account information on the computer, but no social security information.


We’ve been telling lawyers this for years!
Randy Evans and Shari Klevens write:
This year has shown that law firms are not immune from infiltration by international hackers.  This spring, a Russian hacker targeted 48 top law firms, seeking to obtain confidential insider information regarding mergers and acquisitions that would be very valuable and could impact global markets.
[…]
These are not isolated incidents.  The American Bar Association confirmed that, in 2015, approximately one quarter of all U.S. law firms with 100 or more lawyers had experienced a data breach through hacker or website attacks, break-ins, or lost or stolen computers or phones.  In that same year, 15 percent of all law firms overall, regardless of size, had reported an unauthorized intrusion into the firm’s computer files, up from 10 percent in 2012.
Read more on The Recorder.


For my Ethical Hacking students?  Denial of Service by Screaming? 
A Loud Sound Just Shut Down a Bank's Data Center for 10 Hours
ING Bank’s main data center in Bucharest, Romania, was severely damaged over the weekend during a fire extinguishing test.  In what is a very rare but known phenomenon, it was the loud sound of inert gas being released that destroyed dozens of hard drives.


New surveillance tools need user’s manuals.
   The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet.
Harris has fought to keep its surveillance equipment, which carries price tags in the low six figures, hidden from both privacy activists and the general public, arguing that information about the gear could help criminals.


For my IT Architecture and IT Governance classes. 
Why Apple Needed 10 Days to Fix a Scary iPhone Hack
Apple has a terrific reputation when it comes to security.  That’s why it was such a shock to learn last month that hackers found a way to break in to the company’s famous iPhones, and even take over the camera and microphone features without a user even knowing it.
Apple released a software patch on Aug. 25 that users could download to protect their iPhones from the sinister spyware known as “Pegasus.”  The patch process, however, took the company a full 10 days to finish after security researchers tipped off the company about the problem.  Given the gravity of the situation, did Apple drag its feet?
Based on conversations with those familiar with the events, Apple did exactly what it should have done.  But the Pegasus scare shows how hard it is for companies to respond when their software is compromised, and why Apple and mobile computing may never be safe again.


How do you re-Architect a company? 
Ford CEO: Ride-hailing apps forced us to rethink business model
   Ford CEO Mark Fields said Monday that the automaker is no longer solely focused on how many vehicles it can sell.  Instead, Ford is increasingly focused on what other mobility services it can provide, such as ride-hailing, bike-sharing and shuttle services.


Probably worth discussing in my next Statistics class.  Sounds a lot like the company Paul Samuelson built years ago to trade commodities.  
Wall Street’s Insatiable Lust: Data, Data, Data
A new species is prowling America’s most obscure industry conferences: the data hunter.
Erik Haines, head of data and analytics at New York-based Guidepoint Global LLC, trawls the globe for meaningful data to sell to hedge-fund clients.  One of his best strategies is to attend the most seemingly mundane gatherings, such as the Association for Healthcare Resource & Materials Management conference in San Diego last year, and the National Industrial Transportation League event in New Orleans.
“I walk the floor, try to talk to companies and get a sense within an industry of who collects data that could provide a unique insight into that industry,” he said.


“Everything you ever wanted to know about _______.”
Google teams with dozens of natural history museums to bring long-gone worlds online
Google is boosting its cultural credentials today with the news that it has partnered with around 60 natural history institutions to bring long-extinct worlds to life online through interactive exhibitions.
For the uninitiated, the Google Cultural Institute is the Google arm responsible for working with cultural bodies to help bring offline exhibits to the internet — in the past, this has included documenting the history of cinema, Nelson Mandela’s time in prison, the fall of the Iron Curtain, and more.  Now the company has teamed up with the Natural History Museum (London), the American Museum of Natural History (New York), the Museum für Naturkunde (Berlin), and dozens more to showcase interactive stories, hundreds of thousands of photos and videos, and more than 30 virtual tours.

(Related) About time they figured this out!
Please Turn On Your Phone in the Museum
   Museum directors are grappling with how technology has changed the ways people engage with exhibits.  But instead of fighting it, some institutions are using technology to convince the public that, far from becoming obsolete, museums are more vital than ever before.  Here’s what those efforts look like.


How do I design games for my students? 
Yale News – Video games can have lasting impact on learning
by Sabrina I. Pacifici on Sep 12, 2016
YaleNews: “A computer-based brain training program developed at Yale University helps improve student performance in reading and math — in some cases even more than individualized tutoring, according to a new study published Sept. 12 in Scientific Reports.  In a study of more than 500 second graders, math and reading scores on school- administered tests increased significantly more in children who used the brain training program Activate during the school year than in control classes.  The effect on math achievement scores was greater than what has been reported for one-on-one tutoring and the effect on reading scores was greater than what has been reported for summer reading programs.  The findings illustrate that the benefits of the training, conducted three times a week for a four-month period, extend beyond getting better on the training games themselves and lead to improved learning of material that is very different from that in the games…”


Interesting articles.
MIT Sloan Management Review
This article is one of a special series of 14 commissioned essays MIT Sloan Management Review is publishing to celebrate the launch of our new Frontiers initiative.  Each essay gives the author’s response to this question: “Within the next five years, how will technology change the practice of management in a way we have not yet witnessed?”


The majority of my international students are from India and they probably already know about this.
LinkedIn courts users in India with LinkedIn Lite, online job placement tests, business tools


For my Math students.
Symbolab - An Online Graphing Calculator and More

Monday, September 12, 2016

I told you this wasn’t going to be easy.  Stop thinking of terrorist as a bunch of ignorant barbarians!
New Tricks Make ISIS, Once Easily Tracked, a Sophisticated Opponent
   Drawing from a growing bag of tricks, Islamic State accomplices located in Syria likely used phones and WhatsApp accounts belonging to Abaaoud and other attackers to mask the group’s travel to Europe, said a Western security official: “We relied too much on technology. And we lost track.”
   Islamic State is a militant group of the internet age, its followers steeped in Facebook, smartphones and text messaging.  These tools, which helped spread the terror group’s message around the world, also helped authorities foil plots, capture suspects and win convictions in the group’s early years.


So, you have to be there?  Could I send the search software to a local computer?  
From FourthAmendment.com:
There is no reasonable expectation of privacy in IP addresses, but planting software on a computer to cause it to transmit its address is “unquestionably a search.”  Recognizing the split of authority, Rule 41 was violated, but the court declines to suppress because of the good faith exception.  United States v. Torres\, 2016 U.S. Dist. LEXIS 122086 (W.D.Tex. Sept. 9, 2016)
Read more on FourthAmendment.com.
[From ForthAmaedment:
This Court disagrees with the reasoning in Darby and Matish, and instead finds persuasive the reasoning in Michaud, a case from the Western District of Washington, addressing the NIT Warrant. 2016 WL 337263.  The court in Michaud reasoned that the installation of the NIT “occurred on the government-controlled computer, located in the Eastern District of Virginia,” because the activating computer in Michaud, like the “activating computer” at issue in the instant case, never physically entered the Eastern District of Virginia. Id. at *6.  The Michaud court concluded that “even applying flexibility to Rule 41(b) … the NIT Warrant technically violates the letter, but not the spirit, of Rule 41(b).” Id. at *6.  Likewise, this Court finds that the “activating computer” was never physically present within the Eastern District of Virginia, and that any digital presence of the “activating computer” was insufficient to convey jurisdiction under Rule 41(b)(4).


My IT Architecture students will be debating this. 
5 ways artificial intelligence will change enterprise IT
   you might have heard of Apple spending $200 million to acquire machine learning and A.I. startup Turi.  A smart drone defeated an experienced Air Force pilot in flight simulation tests.  IBM’s Watson diagnosed a 60-year-old woman’s rare form of leukemia within 10 minutes, after doctors had been stumped for months.
But believe it or not, enterprise IT is also a fertile ground for A.I.  In fact, some of the most immediate and profound use cases for A.I. will come as companies increasingly integrate it into their data centers and development organizations to automate processes that have been done manually for decades.
Here are five examples:

(Related) Artificially intelligent lawyers? 
New on LLRX – Mecha Justice: When Machines Think Like Lawyers
by Sabrina I. Pacifici on Sep 11, 2016
Via LLRX.comMecha Justice: When Machines Think Like Lawyers – Most workplaces, whether public, private, academic – within the government, legal, education, news, or advocacy sectors – are increasingly focused on how to define, implement and position the use of ‘Big Data,’ data analytics, artificial intelligence (AI), and even robotics, into respective organizational missions that are under increasing pressure to innovate faster.  Ken Strutin’s comprehensive, insightful and expertly documented article is a critical read to assist all of us in the legal environment, regardless of our role, in understanding key cases, issues, science, technology and applications, and potential as well as actual outcomes.  As Strutin writes, the term “Mecha” envisions a futuristic artificial intelligence wrapped in human likeness and seamlessly woven into the activities of society.  It represents a time when the aggrandizement of our species will depend on technology that looks and thinks like us.  Today, the prototype of attorney mechas are emerging from advances in computer reasoning and big data.  The demands of increasingly complex legal transactions, sophisticated consumers, and the momentum of technology are putting pressures on the practice of law that only computer assistance can relieve.  This compilation of notable news articles, scientific studies and legal scholarship highlights the progress of rights, responsibilities and roles of legal professionals and thinking machines.


Incentive pay with no disincentive downside.  What could possibly go wrong?  (Is this a deal to keep the blame from going higher?)
Wells Fargo Exec Who Headed Phony Accounts Unit Collected $125 Million
Wells Fargo & Co’s “sandbagger”-in-chief is leaving the giant bank with an enormous pay day—$124.6 million.
In fact, despite beefed-up “clawback” provisions instituted by the bank shortly after the financial crisis, and the recent revelations of massive misconduct, it does not appear that Wells Fargo is requiring Carrie Tolstedt, the Wells Fargo executive who was in charge of the unit where employees opened more than 2 million largely unauthorized customer accounts—a seemingly routine practice that employees internally referred to as “sandbagging”—to give back any of her nine-figure pay.

(Related)  Most places don’t even ask this question.


For my Trekkies.
Star Trek ComBadge Replica Gives One-Touch Access To Cortana, Siri, Google Now
ThinkGeek’s website states, “We've had a screen-accurate prop replica ST:TNG badge in our closet for a while.  The only thing it was missing was the ability to emit the classic communicator chirp sound effect when we pressed it.  And then we found out an audio company is making a fully-functioning officially-licensed communicator badge.”
The Star Trek TNG ComBadge hooks up to smartphones through Bluetooth.  It has a built-in microphone for hands-free calling and users can touch it once to answer or finish calls; play or pause audio; or access Siri, Google Now, or Cortana.  One touch also plays the classic Star Trek communicator sound effect.  Users can also sign-off “[Their name] out,” like a Starfleet captain.