Wednesday, October 18, 2017

“Hey, we’re boring old lawyers. Who would want our data? Encryption? Never heard of it.”
Joe Eskenazi reports:
Car break-ins in San Francisco have reached epidemic proportions, and city employees aren’t immune.
Now it’s the Office of the District Attorney’s turn. Thankfully, it wasn’t a gun stolen from a car this time. But the item lost to a burglar or burglars is tied to San Francisco homicides.
An alert sent to San Francisco police officers this week noted that a stolen work laptop left overnight in a DA employee’s car contained “sensitive information related to SFDA homicide cases.”
Read more on Mission Local.
And don’t you just love lines like, “DA spokesman Max Szabo said that his office was in the process of drafting policy regarding the stowing of work laptops in cars prior to the theft.” Right. I wish the reporter had filed under FOIA to see for how long they had presumably been drafting that policy. Because if the damned burglar had only waited a week or so, there would have been nothing to steal, right?
Why was the DA’s office years – and I do mean years – behind in having a firm policy in place already?




A huge theft that hasn’t been noticed yet? Or noticed and suppressed?
Andrew Fraser reports:
A huge trove of data, containing the personal information of millions of South Africans, including property ownership, employment history, income and company directorships, has been discovered by information security researcher Troy Hunt.
Hunt, the founder of HaveIbeenPwned.com, said the breach contains data of more than 30m unique South African ID numbers.
The data trove was discovered among a large dump of other breaches, and Hunt could identify it as South African source by the personal address details contained in it. He said that to date he hasn’t seen it offered for sale, but that “it is definitely floating around between traders”.
Read more on TechCentral.
[From the article:
The date of the database file indicates that the breach took place in March 2017, or perhaps before. The actual data includes information from at least as far back as the early 1990s.




Probably not the best message to send. The IRS seems to be saying that so many identities have already been stolen that a few million more won’t make a noticeable difference. (What’s an extra 45%?)
Many Equifax Hack Victims Had Info Stolen Prior to Breach: IRS
The U.S. Internal Revenue Service (IRS) believes the recent Equifax breach will not make a significant difference in terms of tax fraud considering that many victims already had their personal information stolen prior to the incident.
IRS Commissioner John Koskinen told the press on Tuesday that 100 million Americans have had their personally identifiable information (PII) stolen by hackers, according to The Hill. He also advised consumers to assume that their data has already been compromised and act accordingly.
The Equifax breach, which affected more than 145 million individuals, allowed cybercriminals to access social security numbers, dates of birth and other information. Despite this being one of the largest data breaches in history, Koskinen said it likely “won’t make any significantly or noticeable difference.”




Some interesting ideas, but I suspect many who might need this level of security won’t bother to implement it.
Google now offers special security program for high-risk users
Today, Google rolled out a new program called Advanced Protection for personal Google accounts, intended to provide much higher account security to users of services like Gmail and Drive who are at a high risk of being targeted by phishers, hackers, and others seeking their personal data. The opt-in program makes Google services much less convenient to use, but it's built to prevent the sorts of breaches that have been making recent headlines.
Examples of users who could benefit include journalists, politicians, and other public figures who may be running up against hostile actors with considerable resources—and also for private individuals in dangerous situations, like those escaping abusive relationships. In its blog post announcing this program, Google specifically named "political campaign managers," which harkens back to the breach of Hillary Clinton Presidential Campaign Chairman John Podesta's e-mails, which led to a release from WikiLeaks that may have played a significant role in the US presidential election last year.




You don’t need a “X9$$wordy” password.
NIST – Passphrases are the new way to protect your digital world
by Sabrina I. Pacifici on Oct 17, 2017
NIST Blog, Mike Garcia: “…First, I’m going to share the takeaways from our new password guidance. Simply put: Use passphrases, not passwords. Then, I’m going to explain the absolute most important thing to know about passwords: Try not to use them at all. And if you do, don’t rely on passwords, or even passphrases, alone. Over the years, our reliance on passwords, and the ease with which our adversaries can defeat those passwords, resulted in a negative feedback loop where users were subjected to increasingly complex, stressful and exhausting composition rules (upper, lower, and special characters, oh my!), increasing length requirements, password rotation requirements, and on and on. Like pounding out more and more miles faster and faster, these looked like gains on paper but undermined the outcome we wanted: a safer and more convenient online experience…”




Adding vulnerabilities to your home?
Common Internet of Things Devices May Expose Consumers to Cyber Exploitation
by Sabrina I. Pacifici on Oct 17, 2017
From FBI News Release, October 17, 2017: “In conjunction with National Cyber Security Awareness Month, the FBI is re-iterating the growing concern of cyber criminals targeting unsecure Internet of Things (IoT) devices. The number of IoT devices in use is expected to increase from 5 billion in 2016 to an estimated 20 to 50 billion by 2020. Once an IoT device is compromised, cyber criminals can facilitate attacks on other systems or networks, send spam e-mails, steal personal information, interfere with physical safety, and leverage compromised devices for participation in distributed denial of service (DDoS) attacks. [h/t Pete Weiss]
IoT refers to a network of physical devices, vehicles, buildings, and other items (often called “smart devices”) embedded with electronics, software, sensors, actuators, and network connectivity enabling these objects to collect and exchange data. Below are examples of IoT devices:
  • Home automation devices (e.g., devices which control lighting, heating and cooling, electricity, sprinklers, locks);
  • Security systems (e.g., alarm systems, surveillance cameras);
  • Medical devices (e.g., wireless heart monitors, insulin dispensers);
  • Wearables (e.g., fitness trackers, clothing, watches);
  • Smart appliances (e.g., refrigerators, vacuums, stoves);
  • Office equipment (e.g., wireless printers, computer mouse, outlets, interactive whiteboards);
  • Entertainment devices (e.g., DVRs, TVs, gaming systems, music players, toys); and
  • Hubs (devices that control other IoT devices through a single app)….”




I did not see this App coming. If I had done more than laugh at all those celebrity nude photos, I might have thought of this myself.
Nude is a next-generation photo vault that uses AI to hide your sensitive photos
Nudes are an inconvenient truth of the mobile era. The combination of ever-more-powerful cameras and ever-more-convenient sharing mechanisms has made the exchange of explicit pictures a fact of life for nearly everyone seeking romantic connections online.
… Private photo vault apps have existed for years. Nude, a new app from two 21-year-old entrepreneurs from UC Berkeley, attempts to create the most sophisticated one yet. Its key innovation is using machine learning libraries stored on the phone to scan your camera roll for nudes automatically and remove them to a private vault. The app is now available on iOS




Good news and bad news? Good for Mom and Dad, not so good if you are being stalked by that crazy ex-boyfriend.
WhatsApp’s Live Location feature lets friends track each other in real time
WhatsApp has announced a notable new feature today, one that may prove popular with millions of security-conscious, nosy, and impatient people globally.
Landing on both Android and iOS “in the coming weeks,” the new Live Location feature allows WhatsApp users to share their real-time location with friends and family. It’s worth noting here that WhatsApp already allows you to share your current location, however that feature is static — if you’re moving around, friends are not able to see where you’re going.
The new Live Location feature, on the other hand, lets people track where you are for a period of time stipulated by you.




With the same intent, Russia is bad but it’s okay for Google and Facebook?
Facebook and Google Helped Anti-Refugee Campaign in Swing States
In the final weeks of the 2016 election campaign, voters in swing states including Nevada and North Carolina saw ads appear in their Facebook feeds and on Google websites touting a pair of controversial faux-tourism videos, showing France and Germany overrun by Sharia law. French schoolchildren were being trained to fight for the caliphate, jihadi fighters were celebrated at the Arc de Triomphe, and the “Mona Lisa” was covered in a burka.


(Related).
Report: Google ran hoax news ads on fact-checking sites
Google has been running hoax news ads on fact-checking sites like Politifact and Snopes, The New York Times reported on Tuesday.
The newspaper found that the ads would often mislead readers with false headlines about celebrities, and the articles that the ads led to would invariably be about skin cream products.




Curious. Logic overcoming bias?
Facebook Executives Find A New Crisis Communications Tool: Twitter
As Facebook grapples with the unprecedented crisis that's arisen around its role in the 2016 US presidential election, some of the company's top executives have begun doing damage control on an unlikely platform — Twitter.
In recent weeks, these executives — Facebook Chief Security Officer Alex Stamos, VP of Augmented and Virtual Reality Andrew Bosworth, and News Feed chief Adam Mosseri — have been engaging in public and sometimes heated discussion on Twitter, sounding off in what has been a largely Facebook-antagonistic conversation about Russia's effort to use the company's platform to undermine American democracy.
Facebook's leadership has long ignored Twitter — Mark Zuckerberg last tweeted in 2012 and Sheryl Sandberg in 2013 — and its decision to do so has essentially freed reporters, academics, and the general public to criticize and lambast the company unchallenged by those who know it best. Now, with Facebook executives wading deep into a particularly fraught Twitter discussion, it's clear the company has begun to view it as a tool critical to shaping public perception. Facebook might prefer to ignore Twitter, but it can't afford to do so when a conversation shaping how people perceive its most grave crisis is unfolding there.




Boeing has only one rival, Airbus. Did they really not see this as driving Bombardier into their arms? Someone at Boeing needs to rethink their future!
Boeing’s future plans threatened by Airbus-Bombardier pact
Airbus’s surprise move to swallow Bombardier’s CSeries airplane program gives it a new small-jet family without spending the billions of dollars it would take to develop one itself.
Besides the likely impact of the deal on the Boeing-instigated U.S. trade case against Bombardier, that leg up for Airbus could trigger a serious strategy shift for Boeing.
The deal Airbus announced Monday, giving it control of Bombardier’s freshly introduced two-model family of small narrowbody jets — the 110-seat CS100 and the 130-seat CS300, — could ultimately force Boeing to redraw the road map of new airplane development that it had settled on.




Can we learn anything from developing countries? Please?
Intellectual Property for the Twenty-First-Century Economy
by Sabrina I. Pacifici on Oct 17, 2017
Intellectual Property for the Twenty-First-Century Economy, Joseph E. Stiglitz, Dean Baker, Arjun Jayadev. October 17, 2017.
“Developing countries are increasingly pushing back against the intellectual property regime foisted on them by the advanced economies over the last 30 years. They are right to do so, because what matters is not only the production of knowledge, but also that it is used in ways that put the health and wellbeing of people ahead of corporate profits… The IP standards advanced countries favor typically are designed not to maximize innovation and scientific progress, but to maximize the profits of big pharmaceutical companies and others able to sway trade negotiations. No surprise, then, that large developing countries with substantial industrial bases – such as South Africa, India, and Brazil – are leading the counterattack. These countries are mainly taking aim at the most visible manifestation of IP injustice: the accessibility of essential medicines. In India, a 2005 amendment created a unique mechanism to restore balance and fairness to patenting standards, thereby safeguarding access. Overcoming several challenges in domestic and international proceedings, the law has been found to comply with WTO standards. In Brazil, early action by the government to treat people with HIV/AIDS resulted in several successful negotiations, lowering drug prices considerably…”




Perspective. If you can’t come here, we’ll invest heavily in countries you can get to. Take that potential immigrants!
Mexico tech industry benefits from U.S. anti-immigration stance
Amazon, Facebook and other U.S. tech companies are expanding operations south of the border as Mexico works to capitalize on the Trump administration’s anti-immigration stance.




Clearly, we ain’t there yet. (Assuming that is where we want to go.)
Research – The enduring power of print for learning in a digital world
by Sabrina I. Pacifici on Oct 17, 2017
The Conversation: “Today’s students see themselves as digital natives, the first generation to grow up surrounded by technology like smartphones, tablets and e-readers. Teachers, parents and policymakers certainly acknowledge the growing influence of technology and have responded in kind. We’ve seen more investment in classroom technologies, with students now equipped with school-issued iPads and access to e-textbooks. In 2009, California passed a law requiring that all college textbooks be available in electronic form by 2020; in 2011, Florida lawmakers passed legislation requiring public schools to convert their textbooks to digital versions. Given this trend, teachers, students, parents and policymakers might assume that students’ familiarity and preference for technology translates into better learning outcomes. But we’ve found that’s not necessarily true. As researchers in learning and text comprehension, our recent work has focused on the differences between reading print and digital media. While new forms of classroom technology like digital textbooks are more accessible and portable, it would be wrong to assume that students will automatically be better served by digital reading simply because they prefer it… To explore these patterns further, we conducted three studies that explored college students’ ability to comprehend information on paper and from screens…”




For my geeks.
When Apple announced Swift way back in 2014, people were rightfully skeptical. Nobody knew if it would catch on, and many questioned the need for yet another programming language to learn.
But then Swift went open source in 2015, and though it didn’t explode overnight, the language has steadily grown. There’s never been a better time to learn! We’ve covered online Swift tutorials as well as mobile Swift tutorials, so start there if you’re brand new.
Once you’re comfortable with the language, consider testing your skills with these Swift coding challenges.


(Ditto).
With a virtual machine like VirtualBox you can virtually install multiple operating systems, without having to buy any new hardware.
Maybe you’ve heard of virtual machines (VM), but never tried one out yourself. You might be scared that you won’t set it up correctly or don’t know where to find a copy of your preferred operating system (OS). VirtualBox is the best virtual machine for home users, and you can use this virtualization software with our help.




Hey! It can’t hurt!
Writing is different from good writing. It is the difference between a dime novel and an NYT Bestseller. It can mean the difference between letting your ideas die or using them to sharpen your communication skills.
The good news is that you can hone your wordsmithery. The art can be mastered step-by-step. In our continuing series on the best Udemy classes, let’s see how we can take a step in that direction.




Sometimes I feel like Dilbert after class.


No comments: