Saturday, December 17, 2016

The tool that moves the world’s money is vulnerable.  Is this the best an alert bank’s security procedures could do?  If so, lots of banks are in serious trouble.
Reuters reports:
Hackers targeted Turkey’s Akbank via the SWIFT global money transfer system in an attack which the bank said had not compromised customer data but would cost it up to $4 million.
Banks globally face a growing threat from cyber attacks, more of which have succeeded since February’s $81 million heist from the Bangladesh central bank.  It was not immediately clear how much, if any, money had been stolen from Akbank, Turkey’s third-largest listed bank by assets and it would not give any further details beyond confirming it had been targeted in a SWIFT attack on Dec. 8.
Read more on The Fiscal Times.


Am I right to assume that compromised accounts could result in pizzas delivered to people who never ordered them? 
So Domino’s says it hasn’t been hacked, but it wants its customers to use better security hygiene because so many other companies have been hacked.  Michael Moore reports:
The pizza delivery chain emailed customers today urging them to change the password linked to their My Domino’s account as soon as possible.
Although Domino’s says that the company has not been hacked, the company says it is simply advising customers to up their security practices to boost their own protection.
Read more on The Express.
[From the article:
The email told customers that "a small handful" of its customers had been the victim of cyber-scams that stole the password used not just for their Domino's account, but on other websites as well.


For my Computer Security class.  What really happened.  The hacker got userids and passwords for employee emails, the emails had county resident information, nothing got out, but LA will provide “free identity monitoring” for victims, but denies there were any victims. 
On a single day in May, 108 Los Angeles County employees fell for a phishing attack that affected approximately 756,000 individuals.  Here is the press release issued Dec. 16 from the County of Los Angeles Chief Executive Office:
The County of Los Angeles today disclosed that it was the victim of a phishing email attack that potentially affected hundreds of thousands of individuals and has resulted in felony charges against a Nigerian national.
Based on intensive investigation and monitoring, there is no evidence that confidential information from any members of the public has been released because of the breach.
The phishing incident occurred May 13, 2016, when 108 County employees were tricked into providing their usernames and passwords through an email designed to look legitimate.  Some of those employees had confidential client/patient information in their email accounts because of their County responsibilities.
   An exhaustive forensic examination by the County has concluded that approximately 756,000 individuals were potentially impacted…
   At the direction of the District Attorney’s Office, notification of the potentially affected individuals was delayed to protect the confidentiality of the sensitive, ongoing investigation and prevent broader public harm.
   The County of Los Angeles is committed to assisting any individuals whose personal information may have been compromised in this phishing incident.
That information may have included first and last names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card information, bank account information, home addresses, phone numbers, and/or medical information, such as Medi-Cal or insurance carrier identification numbers, diagnosis, treatment history, or medical record numbers.


What would satisfy the Secretary of State?  How about your BoD?
DHS responds to hacking accusations from Georgia
Department of Homeland Security (DHS) officials said Friday they have identified the cause of an incident that led the state of Georgia to accuse the agency of attempting to hack its network. 
Last week, Georgia Secretary of State Brian Kemp sent a letter DHS head Jeh Johnson asking why the state’s systems had logged what he called an attempt to breach its network coming from a DHS internet address.  Kemp said an attacker had tried to scan his systems.
DHS officials told reporters on a conference call Friday that the attempted entry came from an employee at the state's Federal Law Enforcement Training Center who was accessing Georgia's database of licensed security personnel.  The training center regularly accesses that database to verify that potential employees are licensed.
Based on the data provided by Kemp, the DHS was able to identify why the alarm was triggered, it said: The center employee cut and pasted data from the website into Microsoft Excel.  Excel sent out what’s known as an HTTP option command, a request for server information.
   Johnson sent Kemp a reply to this affect Monday, but the secretary of State was not satisfied with his answer.
On Wednesday, he wrote to Donald Trump to ask the president-elect to investigate.


Interesting.  As recently as Sunday the FBI said that Russia’s motives were “fuzzy.”  Who changed their mind?
FBI in agreement with CIA that Russia aimed to help Trump win White House
FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. are in agreement with a CIA assessment that Russia intervened in the 2016 election in part to help Donald Trump win the White House, officials disclosed Friday, as President Obama issued a public warning to Moscow that it could face retaliation.

(Related).  It was anyone’s fault but mine? 
Clinton blames FBI director & Russia for her defeat
Democratic presidential candidate Hillary Clinton told her donors that FBI Director James Comey and Russian President Vladimir Putin were the chief culprits for her loss to Donald Trump in November, ignoring problems that were revealed about her campaign.


Here’s my idea: Presidential pardons for my Ethical Hacking students.
Will Obama Order American Hackers to Dox Putin?


Would you rather be first or right? 
The First Reply to a Trump Tweet Is Prime Media Space
Donald Trump tweeted again this morning.
I mean, of course he did.  The president-elect can’t seem to stay away from the platform, where he spouts off about everything from the television programs he dislikes to the conspiracy theories he’s heard.  He has more than 17 million followers.
The ability to broadcast a message directly and immediately to that many people—and the many more who then see his messages, which are inevitably amplified by retweets and news reports—represents a profound kind of power.  Tweeting is also a way for Trump to leapfrog the press as traditional informational gatekeepers.  
   In this media microcosm, Trump’s tweet is something like the headline on the front page.  (Perhaps a more apt comparison is the text screaming across the bottom of the cable news screen.)  Meanwhile, the rest of the action unfolds in the reply field.  Being the first to reply to a Trump tweet promises someone an enormous audience.
   “So the reply space is a media channel unto itself,” said Justin Hendrix, the executive director of NYC Media Lab, a public-private partnership that connects universities and technology companies. “You see various people, including professional journalists, taking advantage of it.

(Related).  A tool to get your reply there firstest with the mostest?  
Now you can fact-check Trump’s tweets — in the tweets themselves
   people who just click through to the link see only Trump's claim, and none of the context.
Unless, of course, they've installed our extension for Google Chrome.
We made a tool that slips a bit more context into Trump's tweets.  It's still in the early stages, but our goal is to provide additional context where needed for Trump's tweets moving forward (and a few golden oldies).
   Sometimes, we just add more context, like when Trump announced his pick of Rex Tillerson to serve as secretary of state.  Curious for more info?  It's right there in the tweet now.
It takes a little while for the Chrome extension to update, so we'll try to stay up to speed on fact-checking what Trump is tweeting, but it may take a few minutes.  This is a work in progress, so don't hesitate to offer feedback and thoughts.
And don't hesitate to point to Trump tweets that could use a little explication.  That's the goal, after all.


Anything to get rid of my students. my wonderful students jobs! 
BLS online resource center for Jobseekers or Workers
by Sabrina I. Pacifici on Dec 16, 2016

Friday, December 16, 2016

Interesting.  Can you insure against a breach that happened three years ago?  Don’t be silly.
Yahoo and Other Breaches Drive Surge in Corporate Hacking Insurance
Cyberinsurance is the fastest-growing insurance product in America, fueled by a slate of recent corporate and government hackings.


A very clever illustration of growing breaches.
How data breaches grew to massive proportions in 11 years|


It signals the era in which journalist caught up with security experts.  We have been hacking into individual voting machines for many election cycles.  It is still difficult to “hack an election” because there is still not voting machine standard and a large percentage of the vote is still on paper ballots.  If you want to hack the whole thing, wait until Internet voting is the rule.
Does Russia’s Election Hacking Signal a New Era in Espionage?
This weekend, Michael Morell, the former acting director of the CIA, was asked about the intelligence community’s findings that Russia interfered in the presidential election.  His answer was unequivocal: The country isn’t grasping the magnitude of the story, he told The Cipher Brief.  “To me, and this is to me not an overstatement, this is the political equivalent of 9/11.”
   In spite of the distinctive 21st-century flavor of the digital intrusions, the data breaches that affected Democrats are just a modern example of routine country-on-country spying.  What sets them apart, though, is the high profile of their mark—an American presidential election—and the hackers’ willingness to leak stolen information to influence voters’ opinions.  Altogether, it’s perhaps one of the greatest examples of a successful espionage operation in history.

(Related).  Perhaps this was intended to be an ‘equal opportunity hack’ but the hackers concentrated on their first success?  I find it hard to believe that Republican security was significantly better than Democratic security. 
Republican National Committee Security Foiled Russian Hackers
Russian hackers tried to penetrate the computer networks of the Republican National Committee, using the same techniques that allowed them to infiltrate its Democratic counterpart, according to U.S. officials who have been briefed on the attempted intrusion.
But the intruders failed to get past security defenses on the RNC’s computer networks, the officials said.  And people close to the investigation said it indicated a less aggressive and much less persistent effort by Russian intelligence to hack the Republican group than the Democratic National Committee.  Only a single email account linked to a long-departed RNC staffer was targeted.  


Was no one thinking like a customer?  More likely, they never asked for that type of review. 
Evernote Ditches Privacy Policy Allowing Note Access, Says Sorry To Furious Customers
After many of its customers promised to quit Evernote over an update to its privacy policy that allowed its employees to access user notes, the cloud software provider has decided to backtrack.
FORBES was the first to report the updates to the policy, one described by some customers as "disgusting" and "hard to believe."  Evernote justified the update saying it wanted to test new machine learning features and only vetted staff would e able to see unspecified portions of those notes.  The updated policy was due to go into force in late January, but it'll no longer be implemented.


A casual “we can ignore our policy for the time being?” 
Twitter Cuts Off Fusion Spy Centers’ Access to Social Media Surveillance Tool
   After the ACLU of California discovered the domestic spy centers had access to this tool, provided by Dataminr (a company partly owned by Twitter), Dataminr was forced to comply with Twitter’s clear rule prohibiting use of data for surveillance.
Twitter sent a letter to the ACLU of California this week confirming that Dataminr has terminated access for all fusion center accounts.  The letter also makes clear that Dataminr will no longer provide social media surveillance tools to any local, state, or federal government customer.
   This Twitter and Dataminr announcement applies to all seventy-seven fusion centers (six in California alone) that are currently operating in states across the country.
   Through a public records request, the ACLU of California discovered that the Los Angeles area fusion center, JRIC, was using Dataminr and had access to the company’s powerful Geospatial Analysis Application that enables keyword searches and location-based tracking.


We will won’t will!
Verizon changes its mind and will kill Samsung’s Galaxy Note 7 on January 5th
Verizon has just announced that it plans to roll out Samsung’s upcoming Note 7 update, which permanently stops the recalled smartphone from charging and disables its wireless radios, on January 5th.  Only last week, the leading US carrier took a controversial stance when it said it would “not be taking part in this update because of the added risk this could pose to Galaxy Note 7 users that do not have another device to switch to.”


Always an interesting topic.
Risk and Anxiety: A Theory of Data Breach Harms
by Sabrina I. Pacifici on Dec 15, 2016
Solove, Daniel J. and Citron, Danielle Keats, Risk and Anxiety: A Theory of Data Breach Harms (December 14, 2016). Available for download at SSRN: https://ssrn.com/abstract=2885638
“In lawsuits about data breaches, the issue of harm has confounded courts.  Harm is central to whether plaintiffs have standing to sue in federal court and whether their claims are viable.  Plaintiffs have argued that data breaches create a risk of future injury from identity theft or fraud and that breaches cause them to experience anxiety about this risk.  Courts have been reaching wildly inconsistent conclusions on the issue of harm, with most courts dismissing data breach lawsuits for failure to allege harm.  A sound and principled approach to harm has yet to emerge, resulting in a lack of consensus among courts and an incoherent jurisprudence.  In the past five years, the U.S. Supreme Court has contributed to this confounding state of affairs.  In 2013, the Court in Clapper v. Amnesty International concluded that fear and anxiety about surveillance – and the cost of taking measures to protect against it – were too speculative to constitute “injury in fact” for standing.  The Court emphasized that injury must be “certainly impending” to warrant recognition.  This past term, the U.S. Supreme Court in Spokeo v. Robins issued an opinion aimed at clarifying the harm required for standing in a case involving personal data.  But far from providing guidance, the opinion fostered greater confusion.  What the Court made clear, however, was that “intangible” injury, including the “risk” of injury, could be sufficient to establish harm.  In cases involving informational injuries, when is intangible injury like increased risk and anxiety “certainly impending” or “substantially likely to occur” to warrant standing?  The answer is unclear.  Little progress has been made to harmonize this troubled body of law, and there is no coherent theory or approach.  In this essay, we examine why courts have struggled when dealing with harms caused by data breaches.  The difficulty largely stems from the fact that data breach harms are intangible, risk-oriented, and diffuse.  Harms with these characteristics need not confound courts; the judicial system has, been recognizing intangible, risk-oriented, and diffuse injuries in other areas of law.  We argue that courts are far too dismissive of certain forms of data breach harm.  In many instances, courts should find that data breaches cause cognizable harm.  We explore how existing legal foundations support the recognition of such harm.  We demonstrate how courts can assess risk and anxiety in a concrete and coherent way.”


Twit-in-Chief?
Poll: Most say Trump’s Twitter use ‘reckless and distracting’
Sixty-six percent of registered voters say they find President-elect Donald Trump’s handling of his Twitter account “reckless and distracting,” according to a poll released Thursday
Twenty-one percent in the McClatchy/Marist survey consider it “effective and informative,” while 13 percent remain uncertain.


I haven’t seen a good summary of this meeting.  Still haven’t.
Who said what inside the Trump tech meeting: Immigration, paid maternity leave and becoming the ‘software president’
The leaders of tech were closemouthed about their meeting with President-elect Donald Trump yesterday in New York, saying little about it — before and after, in public and online.  Amazon CEO Jeff Bezos called the confab “very productive” — the verbal equivalent of dead air — but execs including Facebook COO Sheryl Sandberg, Alphabet CEO Larry Page, Apple CEO Tim Cook and SpaceX and Tesla CEO Elon Musk did not comment about what was said in the room, and most of the press reports afterward were very vague.  
   Trump’s three eldest kids were present, which most sources close to the execs (no, I am not saying which ones) thought was inappropriate on a number of levels.
   Microsoft CEO Satya Nadella brought up perhaps the most thorny issue: Immigration and how the government can help tech with things like H-1B visas to keep and bring in more talent.  Nadella pointed out that much of the company’s spending on research and development was in the U.S., even if 50 percent of the sales were elsewhere, so that immigration would benefit those here.
Surprisingly to the group, Trump apparently responded favorably, “Let’s fix that,” he said, without a specific promise, and then asked, “What can I do to make it better?”
Apple CEO Cook brought up a related issue, that of science, technology engineering and math education, which has been a big initiative of President Barack Obama, and also was pushed by Trump’s campaign rival Hillary Clinton.  
   One of the most interesting exchanges was with Alphabet executive chairman Eric Schmidt, who briefly noted that he pondered what he would do if he were president, and then made the point that governmental information-technology programs were antiquated and unsafe, and needed to be upgraded.  
   Amazon CEO Jeff Bezos was apparently very voluble, and aimed many of his points at how U.S. companies had a hard time succeeding in China, and what the government could do about it.  Oracle CEO Safra Catz talked about the cloud, which she characterized as a little hyped (not a surprise from a database company).  IBM CEO Ginni Rometty talked about job creation, having earlier penned an op-ed promising that the company would bring 25,000 more jobs to the U.S.
   Also brought up — but no one would say by whom — was the tax treatment of the repatriation of tech company profits from abroad, which would be a windfall for them.  (And which is why they were all there, IMHO.)

Thursday, December 15, 2016

I do like to start my Computer Security classes by discussing epic failures.  Thanks again Yahoo.
Yahoo’s new billion-account data breach could threaten $4.8 billion sale to Verizon
Yahoo on Wednesday said it had discovered a new data breach of more than a billion accounts, dwarfing the hack it revealed three months ago and threatening the company’s $4.8 billion sale to Verizon.
And security experts are warning of potential far-reaching damage to Yahoo users from the just-announced breach.
The fresh disclosure gives Yahoo the unfortunate distinction of being the victim of the two largest hacks in history.


Where should we fit this in the spectrum of international relations?  More than a speech to the Duma, less than an invasion of the Crimea?  Should we view it differently if Russia only hacked one party? 
NBC reports U.S. Intel Directly Links President Putin to Campaign to Disrupt U.S. Election
by Sabrina I. Pacifici on Dec 14, 2016
Follow up to multiple postings included in NYT details how Russian Cyberpower Invaded the U.S., today’s NBC News report – U.S. Officials: Putin Personally Involved in U.S. Election Hack: “U.S. intelligence officials now believe with “a high level of confidence” that Russian President Vladimir Putin became personally involved in the covert Russian campaign to interfere in the U.S. presidential election, senior U.S. intelligence officials told NBC News.  Two senior officials with direct access to the information say new intelligence shows that Putin personally directed how hacked material from Democrats was leaked and otherwise used.  The intelligence came from diplomatic sources and spies working for U.S. allies, the officials said…”


Are some products taxed at a different rate?  Why would government want to know anything beyond “the sales tax has been paid?” 
Kieren McCarthy reports:
Online retailers in America will soon be required by law to disclose to state governments what purchases their customers – meaning, you – have made.
That extraordinary situation is the result of a long-running legal case that the US Supreme Court this week refused to hear.  This means a decision by the Tenth Circuit [PDF] requiring out-of-state retailers to report to the Colorado state government the details of all purchases – including what that purchase was and who bought it – stands.
So if you bought a dildo in Denver, some bureaucrat is going to be informed about it.
Read more on The Register.


Perspective.
Financial regulators use AWS’s cloud to analyze 75 billion trades daily
   FINRA records every order and quote in the New York Stock Exchange daily.  That’s about 75 billion individual events per day.  FINRA processes in one day the magnitude of data that Visa and Mastercard process in six months, Randich says.

FINRA stores this information so that it can analyze trends over days, weeks and months.  That amounts to trillions of records and about 20 petabytes of storage. FINRA’s IT “center of gravity” is now in Amazon Web Services, he says.
   FINRA evaluated many providers. Legacy infrastructure vendors tried to convince him that a database of this scale could not run in the public cloud.  After an evaluation and proof of concept process FINRA found AWS to be “several years ahead of the closest competitor,” a gap that Randich says is increasing.
   Using the cloud has reduced costs, allowed FINRA to get rid of proprietary infrastructure and has allowed the organization to leverage massive processing and storage at large scale and commodity costs, Randich says.  The system has a 400X improvement in interactive queries compared to the previous platform, he added.  “It (was like) researching something and only being able to do a few Google searches a day, it’s impossible,” he says.  “Now we can do these things in seconds and subseconds.”
FINRA can better absorb “flash-crashes” and other extreme market events by automatically spinning up tens of thousands of nodes momentarily and then taking them offline, “without generally being aware of it until after it's happened and we review the logs.”

Wednesday, December 14, 2016

A new record?  
Steve Ragan reports:
Full data enrichment profiles for more than 200 million people have been placed up for sale on the Darknet.  The person offering the files claims the data is from Experian, and is looking to get $600 for everything.
Details of this incident came to Salted Hash via the secure drop at Peerlyst, where someone uploaded details surrounding the sale and the data.  The data was first vetted by the technical review board at Peerlyst, who confirmed its legitimacy.  Once it was cleared by the technical team, a sample of the data was passed over to Salted Hash for additional verification and disclosure.
Read more on Salted Hash.  Note that this is the same database/situation that DataBreaches.net reported on last week, after it was first reported by HackRead. DataBreaches.net’s report had included Experian’s denial that the data were hacked from their system.  They apparently have sent Steve the same statement.
Attribution aside (and yes, figuring out who got compromised is important), the fact that so much information about over 200 million people is in the wild should concern everyone.  Not all of the data will be accurate, but much of it will be, and that poses a variety of risks, as Steve appropriately notes.  Do read his article to find out more about the more than 80 types of information in this database.
[From the article:
Moreover, the data holds enough information to develop a sustained Phishing campaign, which could open the door to numerous other crimes.
“This data set alone (and there are many more) tells us who makes more than $100,000 a year in a given zip code and address; what allergies each member may have; how many home loans they have taken out in 15 years; how many pets; how often they shop; and about 80 other attributes.
Data enrichment is a value adding process, where external data from multiple sources is added to the existing data set to enhance the quality and richness of the data. This process provides more information of the product to the customer.


Now that’s amusing!  Okay, not really, but what happened to their backups?
Fleur Anderson and Paul Smith report:
The Australian Taxation Office has restored access to some of its online services, but concerns remain that large amounts of data have been lost after it suffered a “world-first” technical glitch to equipment from Hewlett Packard Enterprise more than 24 hours earlier.
Tax officials were reportedly told to work from home for the second successive day, due to inability to access some key internal systems, and citizens were unable to access its website after a failure in the hardware that stores the ATO’s data.
The systems went down on Monday after a failure of the HPE storage network, which was upgraded in November 2015 with technology news website ITNews reporting the loss of 1 petabyte of data, which it is still attempting to recover.
Read more on AFR.


I like it!  Suggests they will need to plan this before the breach.  Note that there is no time limit on detecting the breach.
From PayBefore:
The European Banking Authority (EBA) working with the European Central Bank (ECB) recently released a consultation paper on guidelines for payment service providers (PSPs) to follow in the event of security breaches.  Among the suggested mandates is notifying authorities of an incident within two hours from the moment the breach is detected—that’s significantly faster than the breach notification requirements set to go into force next year under the General Data Protection Regulation (GDPR), which requires notice within 72 hours of breach detection.
Read more on PayBefore.


Minor?  At least it shows what kind of “tools” sell.
Joe Cadillic writes:
A recent article in the News Gazette, reveals how the University of Illinois police tracked a stolen cell phone to a specific classroom.
How did the police, track a stolen cell phone to a specific classroom, you ask?
Police across the country are using cell phone detectors, like the ‘Wolfhound-Pro‘ or the “PocketHound” that can track cell phones from 150 feet away indoors and up to one mile outdoors (line-of-sight).
Read more on MassPrivateI.
[From the Wolfhound-Pro website:
Wolfhound-Pro’s passive receiver technology does NOT intercept or “listen-in” on any phones calls making it fully legal and the tool of choice for law enforcement trying to avoid sluggish court orders and search warrants.


I’ll add this to my Computer Security handouts.
IEEE puts out a first draft guide for how tech can achieve ethical AI design
The document, called Ethically Aligned Design, includes a series of detailed recommendations based on the input of more than 100 “thought leaders” working in academia, science, government and corporate sectors, in the fields of AI, law and ethics, philosophy and policy.

(Related)
How AI can bring on a second Industrial Revolution
"The actual path of a raindrop as it goes down the valley is unpredictable, but the general direction is inevitable," says digital visionary Kevin Kelly — and technology is much the same, driven by patterns that are surprising but inevitable.  Over the next 20 years, he says, our penchant for making things smarter and smarter will have a profound impact on nearly everything we do.  Kelly explores three trends in AI we need to understand in order to embrace it and steer its development.


The world we live in…
US privacy rules stir confusion
The United States has a uniquely convoluted way of regulating privacy.
In the European Union, for example, all private information is treated the same, whether it’s collected by Facebook or by a doctor in a hospital.
But things are murkier in the U.S., thanks to an overlapping structure involving an alphabet soup of federal agencies.
The Federal Trade Commission (FTC) regulates privacy, but so does the Food and Drug Administration (FDA), the Federal Communications Commission (FCC) and the Department of Health and Human Services (HHS), just for starters.
“We are more or less the only country approaching privacy in a sectoral fashion,” said Sharon Klein, who heads the privacy, security and data protection practice at the law firm Pepper Klein.  “And it’s getting harder to be sectoral.”


Maybe I will allow my students to comment on my blog.
Backpage.com CEO and co-founders cleared of pimping charges
The executives of classified listings site Backpage.com have been cleared of criminal charges relating to adult services advertised on the site.
   Last Friday, though, Sacramento County Superior Court Judge Michael Bowman found in favor of the defendant, with Bowman’s ruling (which can be seen here, courtesy of Ars Technica) stating that Backpage’s business is shielded by the Communications Decency Act.


I wondered how the government would keep older cars off the highways, this is it.  If your car can not ask the highway to open the gate at the on-ramp, you won’t be allowed to drive on the highway.
New Cars Could Be Required To 'Talk' To Each Other As Soon As 2020
More than two years after the National Highway Traffic Safety Administration first issued an advanced notice of proposed rulemaking to mandate vehicle-to-vehicle (V2V) communications in the U.S., the agency is finally ready to move forward.  Following an extended comment and testing period, NHTSA today published the notice of proposed rulemaking (NPRM) for what is expected to become Federal Motor Vehicle Safety Standard (FMVSS) 150.
If the NPRM makes it to the FMVSS stage without significant changes, all manufacturers would be required to install dedicated short-range communication (DSRC) radios into new vehicles, probably starting in about 2020.


Does this strike anyone else as being a bit too much?
Microsoft’s latest AI powered service aims to help you with your busy schedule
Setting up a meeting with someone outside your company can be a time-consuming process since you can’t see other’s calendars and free/busy information.  Generally, we email them to know their free timings and try to work out the meeting time.  To solve this issue, Microsoft has started an incubation project code-named “Calendar.help.”  This project gives Cortana the ability to arrange meetings on your behalf.  By delegating scheduling tasks to Cortana, you can focus on getting things done rather than wasting time emailing back and forth.  This service is based on Genee, a scheduling AI startup that Microsoft acquired in August.


Think of it as a lack of standards?
Here’s your first tech buzzword of 2017: ‘Brownfield’
There’s a lot of hype and activity surrounding IoT, which is very positive and can help expedite its growth and proliferation.  However, the approach being embraced by most newcomers and early adopters leaves a lot to be desired.  Usually, designers and manufacturers are inclined to hop on the IoT bandwagon through “greenfield development” — creating products from scratch — rather than “brownfield development” — connecting existing devices, systems and infrastructure to the cloud.
   Meanwhile, we’re seeing manufacturers “reinvent the wheel” by creating proprietary hardware and software to power their IoT devices.  They face, and fail to deal with, the multitude of IoT development challenges — often simultaneously.
The unintended consequence is a fragmented IoT landscape plagued by an endemic lack of standards, creating products that are insecure, unreliable, unmanageable and weak at communicating with one another.  Interoperability is a huge issue, since the future of IoT is not devices that can be remotely controlled and send data back to the cloud, but rather devices and systems that can autonomously communicate between each other and reliably coordinate their actions.


New data centers everywhere as each country wants to control (or at least hold) its own data.
Amazon Opens Data Centers to Boost U.K. Cloud Services
Amazon Web Services, the cloud-hosting arm of Amazon.com Inc., opened new data centers in the U.K. as it seeks to stay abreast of competitors in offering cloud computing services to government and health-care customers.
   The U.K. data region, which comprises two zones, each consisting of multiple data centers, is the 16th Amazon Web Services operates worldwide and its third in Europe.  A fourth in France has already been announced and will open next year.
Governments are increasingly moving computing functions into the cloud.  But they are often required for regulatory and security purposes to hold data within their national borders.  The same applies for sensitive health-care information.


I’ll have to ask Indian students what is really happening.
India is in the throes of an unprecedented social experiment in enforced digital disruption, and the world has much to learn from it.
Prime Minister Narendra Modi launched a surprise in early November, demonetizing 500 and 1,000 rupee bank notes.  Modi’s war on cash is not without international precedent: Singapore, for example, withdrew its largest currency recently; the European Central Bank eliminated the 500-euro bank note; South Korea plans to eliminate at least all coins by 2020.
And yet India’s initiative had the potential for chaos.  Here’s why: the government effectively took 86% of cash out of circulation in an economy that is close to 90% cash-reliant.

Tuesday, December 13, 2016

The joys of academic research.
Zack Whittaker reports:
A security research firm has released details of a “critical” flaw in a security tool, despite being threatened with legal threats.
Munich-based ESNC published a security advisory last week detailing how a remotely exploitable bug in a security tool, developed by auditing and tax giant PwC, could allow an attacker to gain unauthorized access to an affected SAP system.
[…]
The corporate giant argued that ESNC shouldn’t have had access to the software in the first place, as it wasn’t a licensed partner.
“ESNC did not receive authorized access or a license to use this software.  The software is not publicly available and was only properly accessed by those with licenses, such as PwC clients working with trained PwC staff,” said the spokesperson.
Read more on ZDNet.
This is yet another reminder of why the federal statute, CFAA, needs to be updated and to include protection for researchers.


Interesting, if true.  I would wager that the courts would not be amused. 
Uber encrypts its computers from afar when the government raids its offices, a lawsuit claims
When government agents raid Uber's offices, the company springs into action with an immediate response: it shuts everything down and encrypt all its computers. 
That's according to a court declaration by former employee Ward Spangenberg, who served as Uber's forensic investigator until last February.  Spangenberg was fired by Uber and is now suing the ride-hailing startup for age discrimination, whistleblower retaliation, and defamation. 


WWTD: What will Trump do?
Google Signs Deal With Cuba to Speed Services
Alphabet Inc.’s Google completed a deal with Cuba to place computer servers on the island to speed Google services there, a pact that officials hurried to complete before President Barack Obama leaves office next month.
   The Google servers in Cuba will store content such as popular YouTube videos, allowing the content to be delivered more quickly to Cuban users.  The move is the latest to improve internet access for the country of 11.2 million people, which has long been one of the world’s most isolated nations.
   Google, which has long had an obsession with the speed of its internet services, operates servers around the globe to accelerate speeds for local users, including in Greenland, Somalia, Yemen and the Gaza Strip, said Doug Madory, an internet-infrastructure analyst at Dynamic Network Services Inc.  The shortlist of countries without Google servers includes China, Iran, Syria and North Korea, among others, Mr. Madory said.


An amusing question, but I don’t think it’s a very serious threat.
Is Trump's Twitter account a national security threat?
Intelligence and defense specialists believe the president-elect's use of the popular and powerful social media network is already being used by foreign agencies to analyze his personality, track his habits and detect clues about what to expect from a Trump-led American government.


I’ll tuck this one away for my Computer Security students.
Careers in security, ethical hacking and advice on where to get started


Not sure I want my toaster talking back to me. 
Microsoft is bringing Cortana to fridges, toasters, and thermostats
Microsoft is planning to allow fridges, toasters, thermostats, and other Internet of Things (IoT) devices to access Cortana.
   “This will enable you to build devices with displays, so you get that immersive Cortana experience,” explains Microsoft program manager Carla Forester.  Any kind of smart device with a screen can now take advantage of Cortana.”  Microsoft wants device makers to use a screen to get the full Cortana UI, and the company is providing fridges, thermostats, and toasters as example devices that we’ll likely see in the future.


Short answer?  No.
Bulletproofing America
According to a recent poll by the Associated Press, 60 percent of Americans worry that they or a family member might die in a mass shooting.  Statistically speaking, we’d do better to fret about septicemia and car accidents, but it’s not hard to find the source of the outsize concern: From 2000 to 2006, an average of six “active-shooter incidents” took place in the United States each year; in the following seven years, that number nearly tripled—with one occurring, on average, every three weeks.


Am I reading this right?  “We can tell you’re a crook just by looking at you?”  Will they be looking at members of Congress? 
Automated Inference on Criminality using Face Images
by Sabrina I. Pacifici on Dec 12, 2016
Automated Inference on Criminality using Face Images, Xiaolin Wu, Xi Zhang (Submitted on 13 Nov 2016 (v1), last revised 21 Nov 2016 (this version, v2)) arXiv:1611.04135 [cs.CV] (or arXiv:1611.04135v2 [cs.CV] for this version)
“We study, for the first time, automated inference on criminality based solely on still face images.  Via supervised machine learning, we build four classifiers (logistic regression, KNN, SVM, CNN) using facial images of 1856 real persons controlled for race, gender, age and facial expressions, nearly half of whom were convicted criminals, for discriminating between criminals and non-criminals.  All four classifiers perform consistently well and produce evidence for the validity of automated face-induced inference on criminality, despite the historical controversy surrounding the topic.  Also, we find some discriminating structural features for predicting criminality, such as lip curvature, eye inner corner distance, and the so-called nose-mouth angle.  Above all, the most important discovery of this research is that criminal and non-criminal face images populate two quite distinctive manifolds.  The variation among criminal faces is significantly greater than that of the non-criminal faces.  The two manifolds consisting of criminal and non-criminal faces appear to be concentric, with the non-criminal manifold lying in the kernel with a smaller span, exhibiting a law of normality for faces of non-criminals.  In other words, the faces of general law-biding public have a greater degree of resemblance compared with the faces of criminals, or criminals have a higher degree of dissimilarity in facial appearance than normal people.”  [If you don’t look like us, you’re a criminal?  Bob]


A resource for us non-lawyers too.  Good on ya, Sabrina!
BeSpacific joins ABA Top 100 Blawgs 2016
by Sabrina I. Pacifici on Dec 12, 2016
BeSpacific NEW: “No one better has her finger on the pulse of the legal information world than Sabrina Pacifici, law librarian and author of the blog BeSpacific,” writes blogger Robert Ambrogi.  “Launched in 2002, BeSpacific is one of the longest-running legal blogs and, remarkably, Sabrina seems more prolific today than ever.  She posts multiple items every day, covering the gamut of law, technology and knowledge discovery and topics ranging from cybersecurity to legal research to government regulation to civil liberties to IP and more.  For me, BeSpacific is one of my daily must-reads and has been for 14 years straight.”  
Many thanks to the American Bar Association, to master legal tech blogger Bob Ambrogi, and to the readers of beSpacific.  I look forward to sharing another 14 years of research through my site.  And I hope to hear from you as well –  – please send me your news, idea, links and information that will help us contribute positive impact on issues the encompass law and technology during these most turbulent and challenging of times.


Yep, that’s just how the Martians do it!
The Map That Lets You Listen to the Radio Everywhere
   Radio Garden, which launched today, is a similar concept—a way to know humanity through its sounds, through its music.  It’s an interactive map that lets you tune into any one of thousands of radio stations all over the world in real time.  Exploring the site is both immersive and a bit disorienting—it offers the sense of lurking near Earth as an outsider.  In an instant, you can click to any dot on the map and hear what’s playing on the radio there, from Miami to Lahore to Berlin to Sulaymaniyah and beyond.


My students will probably love this.  Not sure I will.
New Wikipedia mobile and desktop reader
by Sabrina I. Pacifici on Dec 12, 2016
Yes everyone uses Wikipedia, so try this: “An award-winning beautiful interface for Wikipedia.  Used by over 100,000 people worldwide, Wikiwand overhauls Wikipedia’s interface, making it more convenient, powerful and beautiful.”  It will surprise you – try it – available for iPhone, Android, Firefox, Chrome and Safari.


Future employment for my students?  Only if they do better at math!  A Jersey boy makes good?
A hot $1 billion hedge fund is building computers to predict how human traders will act
   Quant funds have historically analyzed data using mathematical techniques to search for patterns of trends.  The idea here is that quants can pick up on relationships between financial assets that human traders miss out on.
That model is outdated, according to Narang.  Quants funds don't generate returns by being smarter, and picking out trends before everyone else, but by predicting what everyone else is going to do.

Monday, December 12, 2016

Training children to love Big Brother?  
If you’re a parent, there’s a chance you’ll want to track your child when they’re not home.  There are physical devices for doing this, but there are also a bunch of apps that make it really simple.


An article for my students to consider. 
Automation Can Actually Create More Jobs
Since the 1970s, when automated teller machines arrived, the number of bank tellers in America has more than doubled.  James Bessen, an economist who teaches at Boston University School of Law, points to that seeming paradox amid new concerns that automation is “stealing” human jobs.  To the contrary, he says, jobs and automation often grow hand in hand.
Sometimes, of course, machines really do replace humans, as in agriculture and manufacturing, says Massachusetts Institute of Technology labor economist David Autor in a succinct and illuminating TED talk, which could have served as the headline for this column.  Across an entire economy, however, Dr. Autor says that’s never happened.


Change the law to reflect new technology?  Good luck with that!
Google’s antitrust battle with the European Union seems to be heating up.  In recent weeks, the company has rebutted the European Commission’s charges that it uses its internet search engine to give its shopping services an unfair advantage over rivals, improperly uses its AdSense ad-placement service to restrict third-party websites from displaying search advertisements from Google’s competitors, and unfairly exploits the dominant position of its Android operating system with smartphone manufacturers and mobile network operators (see its November 3 and November 10 blog posts.)
We think Google’s rebuttal of the charges against its shopping and ad-placement services are effective, and it has even made some changes to its products to address issues raised by the European Union.  But we think it is unlikely that Google will be able to prevail in the Android case unless it abandons its contention that E.U. authorities should adopt a U.S. perspective.  Instead, it should try to persuade them that competition in the mobile space is radically different from that in traditional markets and consequently, the European Union — and the United States, for that matter — should revamp their antitrust laws.


Watching a country self-destruct?  (Google says 100 Venezuelan Bolívars equals 10.05 US Dollars)
Venezuela pulls highest-value banknote 'to strike against mafia'
The Venezuelan government has announced it will remove the country's highest-denomination banknote from circulation within 72 hours to combat contraband.
Central bank data suggests there are more than six billion 100-bolivar notes in circulation, making up almost half of all currency.
   President Nicolas Maduro said the move would stop gangs hoarding the notes.
But in India, a similar move to scrap high-value bank notes last month has caused major disruption.
   He said the gangs held more than 300bn bolivares worth of currency, most of it in 100-bolivar notes.
President Maduro said there were "entire warehouses full of 100-bolivar notes in the [Colombian cities of] Cucuta, Cartagena, Maicao and Buaramanga".
   Analysts say the move is likely to worsen the cash crunch in Venezuela, where people have already been limited in the amount of cash they can take out at automated teller machines.
Venezuelans have only been given 10 days to exchange their 100-bolivar notes for new coins and bills ranging from 500 to 20,000 bolivars due to be introduced from 15 December.
Critics of Mr Maduro have predicted chaos and doubt that the facilities will be in place for people to exchange all their 100-bolivar notes.


An interesting business model.
Opendoor: A Startup Worth Emulating
I suppose I appreciate the efficiency with which Techcrunch expressed its skepticism for tech’s latest unicorn, Opendoor; it’s right there in the headline: Online real estate service Opendoor raises $210M Series D despite risky financing model.  And, to be fair, Opendoor’s approach is risky.  Here’s a summary from a feature in Forbes magazine:
Opendoor is betting that there are hundreds of thousands of Americans who value the certainty of a sale over getting the highest price.  The company makes money by taking a service fee of 6%, similar to the standard real estate commission, plus an additional fee that varies with its assessment of the riskiness of the transaction and brings the total charge to an average of 8%.  It then makes fixes recommended by inspectors and tries to sell the homes for a small premium.


A challenge for my Data management students: Name three more “things.”
5 enterprise-related things you can do with blockchain technology today


Where my students should look for work and what they should avoid?
24/7 Wall St – America’s 25 dying industries – America’s 25 thriving industries
by Sabrina I. Pacifici on Dec 11, 2016
“Valued at nearly $20 trillion, the U.S. economy is the largest in the world.  Maintaining a competitive edge necessitates remaining diversified and dynamic.  While this means that some U.S. industries thrive, others inevitably decline or are rendered obsolete.  As certain industries fade, so do hundreds of thousands of American jobs.  24/7 Wall St. analyzed employment figures from 2006 to 2015 from the Bureau of Labor Statistics to determine the 25 fastest dying industries.  Employment in each industry on this list declined by at least 43%, and in the top two by at least 80%…”