Saturday, February 11, 2017

Is everyone blaming Russia because that’s the fad or is Russia really so bad at hacking that they are easily identified?  (If so, even my Ethical Hacking students could disguise themselves to look Russian.) 
Hackers Targeted Italy Foreign Ministry, Russia Accused
Italy's foreign ministry was attacked by hackers last year, a diplomatic source told AFP on Friday, amid reports that Russia could be to blame.
"After the first attack the system was immediately strengthened," said the source, who asked not to be named, after Britain's Guardian newspaper said the ministry had come under a sustained cyber offensive -- and officials suspected Russia.
   The malware attack lasted over four months but did not affect then foreign minister Paolo Gentiloni -- Italy's current prime minister -- because he avoided using email during his mandate, the Guardian said. [Someone learned from Hillary?  Bob] 
   There have been concerns in recent weeks that Moscow has stepped up a cyber campaign against several European countries including Germany, France, Norway and the Netherlands.


This raises interesting questions.  Would Congress care at all about smaller breaches? 
GOP senators demand more answers on Yahoo hacks
In a letter sent Friday, Sens. John Thune (R-S.D.), chairman of the Senate Commerce Committee, and Jerry Moran (R-Kan.), chairman of the panel's consumer protection and data security subcommittee, hammered Yahoo for not providing enough information to lawmakers on the matter.
   “Moreover, Yahoo!’s recent, last-minute cancellation of a planned congressional staff briefing, originally scheduled for January 31, 2017, has prompted concerns about the company’s willingness to deal with Congress with complete candor about these recent events,” the senators wrote.


For my Data Management students.  Connect to your devices or the sensors in your customer’s devices, or anything anywhere. 
On land and in space, IoT networks can now cover the planet
At Mobile World Congress later this month, Nokia will show off what it calls WING (worldwide IoT network grid), a virtual global infrastructure that may include multiple private and carrier networks and satellite systems, depending on what an enterprise needs to connect and how it intends to use the data that’s collected.
   Nokia announced WING on Friday, just days after Inmarsat started talking about its own foray into global IoT.  The venerable satellite operator is linking low-power, unlicensed LoRaWAN networks with its worldwide fleet of spacecraft.  Real-world use cases for that setup, including cattle-tracking in Australia and water monitoring on a remote plantation in Malaysia, hint at what’s possible with that combination.  

(Related)
How IoT hackers turned a university's network against itself
   cybersecurity researchers have now detailed how a network of hacked IoT devices were turned around to attack the very network they were hosted on.
The case in question, as reported in Verizon's Data Breach Digest 2017, occurred within the last year and involved the computer network at an unspecified university.
Analysis of the university firewall identified over 5,000 devices making hundreds of Domain Name Service (DNS) look-ups every 15 minutes, slowing the institution's entire network and restricting access to the majority of internet services.  
In this instance, all of the DNS requests were attempting to look up seafood restaurants -- and it wasn't because thousands of students all had an overwhelming urge to eat fish -- but because devices on the network had been instructed to repeatedly carry out this request.
"We identified that this was coming from their IoT network, their vending machines and their light sensors were actually looking for seafood domains; 5,000 discreet systems and they were nearly all in the IoT infrastructure," says Laurance Dine, managing principal of investigative response at Verizon.


For all my students.  Become an entrepreneur, get rich quick and remember to tip your professor.
Ford Invests $1 Billion In Artificial Intelligence Startup Argo AI And Here’s Why
Ford has announced it's investing $1 billion over the next five years in Pittsburgh-based artificial intelligence startup Argo AI.
   "The next decade will be defined by the automation of the automobile, and autonomous vehicles will have as significant an impact on society as Ford's moving assembly line did 100 years ago," said Ford President and CEO Mark Fields in a statement.  "As Ford expands to be an auto and a mobility company, we believe that investing in Argo AI will create significant value for our shareholders by strengthening Ford's leadership in bringing self-driving vehicles to market in the near term and by creating technology that could be licensed to others in the future."
   Spending $1 billion is as good as acquiring another big company but the big money bag is just making Ford a majority stakeholder in Argo AI.  The remaining portion of Argo AI will still be owned by its founders Bryan Salesky and Peter Rander.  Other team members of Argo AI, including some engineers that will jump from Ford will also be part owners.
   Argo is a relatively very young company.  Consider it a baby as it was just founded last year.


A legal argument for my students to chew on.
Privacy groups say FBI hacking operation went too far
Privacy advocates are claiming in court that an FBI hacking operation to take down a child pornography site was unconstitutional and violated international law.
That’s because the operation involved the FBI hacking 8,700 computers in 120 countries, based on a single warrant, they said.
   According to Privacy International, the case also raises important questions:  What if a foreign country had carried out a similar hacking operation that affected U.S. citizens?  Would the U.S. welcome this?
   “Here, on the basis of a single warrant, the FBI searched 8,000 computers located all over the world,” EFF attorney Mark Rumold wrote in a blog post.  “If the FBI tried to get a single warrant to search 8,000 houses, such a request would unquestionably be denied.”


My first thought: Cook agrees with Trump?  That’s got to be fake.  Especially since he didn’t have a solution in mind. 
Apple CEO: Fake news ‘one of today’s chief problems’
Apple CEO Tim Cook called out fake news as a top concern in a Friday interview in the United Kingdom.
   Cook didn’t elaborate on what action Apple might take to combat fake news. 


Global Warming!  Global Warming!  (I have been remiss in my Gore bashing.)
NY Metro Weather‏
With today's snowfall, the 15-season average snowfall at New York City rose over 35.00" for the first time since observations began.
This is the fifth straight and 17th of 25 winter seasons with an 8"+ snowfall in NYC.  The previous 25 year period had 9 such storms - total.

Friday, February 10, 2017

Another widespread, long lasting, high volume attack on credit card systems?  I thought they were completely safe now that cards have chips. 
Fast Food Chain Arby’s Acknowledges Breach
Sources at nearly a half-dozen banks and credit unions independently reached out over the past 48 hours to inquire if I’d heard anything about a data breach at Arby’s fast-food restaurants.  Asked about the rumors, Arby’s told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide.
A spokesperson for Atlanta, Ga.-based Arby’s said the company was first notified by industry partners in mid-January about a breach at some stores, but that it had not gone public about the incident at the request of the FBI.
   Arby’s said the breach involved malware placed on payment systems inside Arby’s corporate stores, and that Arby’s franchised restaurant locations were not impacted.
Arby’s has more than 3,330 stores in the United States, and roughly one-third of those are corporate-owned.
   The first clues about a possible breach at the sandwich chain came in a non-public alert issued by PSCU, a service organization that serves more than 800 credit unions.
The alert sent to PSCU member banks advised that PSCU had just received very long lists of compromised card numbers from both Visa and MasterCard.  The alerts stated that a breach at an unnamed retailer compromised more than 355,000 credit and debit cards issued by PCSU member banks.
“PSCU believes the alerts are associated with a large fast food restaurant chain, yet to be announced to the public,” reads the alert, which was sent only to PSCU member banks.
Arby’s declined to say how long the malware was thought to have stolen credit and debit card data from infected corporate payment systems.  But the PSCU notice said the breach is estimated to have occurred between Oct. 25, 2016 and January 19, 2017.


For my Computer Security students.  Who is responsible for finding and acting on these warnings?
Thomas Claburn reports:
Administrators of Hadoop Distributed File System (HDFS) clusters have evidently not heeded warnings that surfaced last month about securing software with insecure default settings.
Attacks on Hadoop clusters have wiped the data of at least 165 installations, according to GDI Foundation security researchers Victor Gevers, Niall Merrigan, and Matt Bromiley.  The trio report that 5,300 Hadoop clusters are presently exposed to the internet, some of which may be vulnerable.
Read more on The Register.


I told you this was inevitable.  (So is regulation before comprehension?) 
Lawmakers introduce the Blockchain Caucus
Reps. Jared Polis (D-Colo.) and David Schweikert (R-Ariz.) officially launched the Blockchain Caucus on Thursday.
The caucus will be focused on advocating for “sound public policy toward blockchain-based technologies and digital currencies.”


Irrational, thy name is politician?  What is really going on? 
N.C. wind farm goes live despite legislators' claims it's a national security threat
   Ten North Carolina legislators, including state House Speaker Tim Moore and Senate leader Phil Berger, however, asked the Trump administration to kill the project because of its proximity to the Navy's long-distance surveillance radar installation in Chesapeake, Va., according to an Associated Press report.
Last month, the Pentagon said the wind farm and radar station can operate without detriment to either.  For its part, Avangrid Renewables culled the size of the project, repositioned the turbines and worked with the military to avoid affecting the radar array.


Something for my fellow professors?
Tutorials to Help You Get Started Creating Apps in Your Classroom
The MIT App Inventor is a fantastic tool for any teacher who would like to have his or her students try their hands at creating a working Android app.
The MIT App Inventor works in your web browser (Chrome is recommended).  The only download that is required for App Inventor 2 is the optional emulator.  The emulator allows people who don't have Android devices to text their apps on their desktops.  If you have an Android device then the emulator is not required and you don't need to worry about installing it.  MIT provides excellent support documentation and curriculum for classroom use for new users of App Inventor.  Tutorials are available as videos and as written PDFs.  A couple of the videos are embedded below.

Thursday, February 09, 2017

These failures could drive an auditor to drink.  (Okay, it’s more like a putt.) 
The 2017 W-2 Phishing Victims List continues to grow, and I’m not posting most of them as individual reports, but one news story involving Monarch Beverage Company in Indianapolis deserves special mention because as CBS reports:
While investigating this incident, the company discovered the same thing happened in April 2016.  A scammer posing as the CEO asked for the 2015 forms on April 4, 2016.  Those forms were provided by the employee.
So yes, I went back to the 2016 W-2 Phishing Victims list and added the company to that list, too, bringing the 2016 list to 146 entries.  The 2017 list stands at 30 entries as of the time of this posting, but given that this is only the beginning of February, that number will undoubtedly grow.

(Related).  Whatever process was in place to detect data moving out of secure areas was clearly a failure.  Why?  If he was allowed to take data out, was there a check to ensure he brought it back?  Did anyone care? 
NSA contractor indicted over mammoth theft of classified data
A former National Security Agency contractor was indicted on Wednesday by a federal grand jury on charges he willfully retained national defense information, in what U.S. officials have said may have been the largest heist of classified government information in history.
The indictment alleges that Harold Thomas Martin, 52, spent up to 20 years stealing highly sensitive government material from the U.S. intelligence community related to national defense, collecting a trove of secrets he hoarded at his home in Glen Burnie, Maryland.

(Related).  A very simple way to take information like customer details. 
From Multnomah County, Oregon:
January 20, 2017
On August 24, 2012, a Health Department employee began automatically forwarding all emails received in the employee’s county email account to a personal Google email account not maintained by the county.  Some of these emails included protected health information (PHI) subject to the Health Insurance Portability and Accountability Act (HIPAA) were forwarded.
Multnomah County personnel discovered the incident on Nov. 22, 2016 during a random audit.  
[ … ]
The incident was reported to HHS as impacting 1,700 patients.


A benchmark for my Ethical hacking students?
Two-thirds of Enterprises Usually Breached by White Hat Hackers
Analysis of 128 penetration tests conducted in the fourth quarter of 2016 shows that approximately two-thirds of tested companies were successfully breached.  This is despite the limited time -- in 89% of cases, less than two weeks -- available to the pentesters compared to the effectively unlimited time available to blackhat attackers.
   The report highlights the value of protecting credentials.  "The number one method of obtaining account access," it states, "starts with very simple password guessing


I’m still not convinced that this is just due to poor IT management. 
United Airlines Experiences Another Technology Glitch
United Continental Holdings Inc. said it suffered its second technology glitch in just over two weeks on Wednesday, resulting in delays to about 500 flights, or about 10% of its daily schedule.
The Chicago-based airline said that early Wednesday morning it began experiencing slowness with the system that creates flight plans.


A major Privacy initiative.
Millions of apps could soon be purged from Google Play Store
Over the last 24 hours, Google has been sending notices to developers worldwide stating its intention to “limit visibility” or remove apps from the Play Store that violate the company’s User Data policy.  For most devs, the violation seems to be a simple one: lack of a privacy policy.


A major anti-Privacy initiative?
Biometric ticketing is one of several innovations identified by the Rail Delivery Group (RDG) in its digital blueprint for Britain’s railway.
The blueprint, which has been published on the same day as the RDG annual conference, suggests that Bluetooth and biometric ticketing could eventually replace the magnetic strip tickets that have been around since the 1980s.
RDG pointed to the development of a mobile app that uses Bluetooth to automatically open ticket barrier gates.  This technology is being trialled by Chiltern Railways between Oxford Parkway and London Marylebone this year.
A further development of ticketing technology could see biometric systems, which use fingerprints and eye scanning, implemented.
Read more on Global Rail News.
“Could see?”  What if passengers don’t want to have to give up their biometric data just to take a train?  And what security and privacy would be in place?  For how long would data be stored?  With whom could it be shared?
Look, if people want to speed up processing and are happy using their fingerprints or iris scans to do so, let them – after they’re fully informed of the potential consequences down the tracks.  But just imposing this makes the rail system part of a national surveillance system, which is a horrible idea.


Perspective.  They have more drivers than cars?  
Uber Taps Zipcar to Put More Drivers on the Road
Uber Technologies Inc. is turning to rental-car firm Zipcar in its relentless drive to hook more drivers up to its ride-hailing network.
In Uber’s deal with Zipcar, a unit of Avis Budget Group Inc., drivers in Boston can rent vehicles for $12 an hour, on top of a $7 monthly rental fee, roughly in line with what Zipcar offers cars for in the city.  Based on a search of Zipcar’s website on Wednesday, vehicles ranged from $6 per hour to as much as $13 per hour, depending on vehicle type.
At the special rental rates, it could be tricky for Uber drivers to bring in much of a profit.  Rates vary, but Uber drivers say they can make $15 to $20 an hour when there is strong demand.  That doesn’t include expenses that Uber passes to drivers, such as fuel, tolls and insurance, though Zipcar’s membership covers those.


Modifying Apps for countries with users in countries with limited infrastructure?  South Korea? 
Facebook Lite hits 200M users as low-bandwidth world revenue skyrockets
Facebook’s stripped-down but speedy Lite app is growing fast and adding countries so it can keep connecting people and building the company’s business in the low-bandwidth world where revenue increased 52% this year.
Facebook Lite launched in June 2015, it rocketed to 100 million monthly users by March 2016, and now it’s doubled in size to 200 million users, Mark Zuckerberg says.  And that’s just in a limited set of countries which today expands to include Israel, Italy, United Arab Emirates, and South Korea.
   Facebook Lite is partly why the social giant has managed to boost its business in the Rest Of World region.  Average revenue per user is up 28% this year from $1.10 to $1.41.  And that pushed its Rest Of World revenue up 52% this year to $839 million per quarter.
   But rather than wait for the developing world’s network infrastructure to increase bandwidth, Facebook shrunk its app into a Lite version.


For my Forensics students.
   The art of war necessitates the importance of knowing who your ‘attacker’ is.  Being able to trace an IP address to a PC is a direct way to remove the cloak of anonymity from a computer communicating with your own.


Tools for my starving students?
Remember, there are always security issues with public WiFi, which can leave you susceptible to hackers.  Karl teaches you how to protect your personal information while enjoying free WiFi connectivity.  It’s also worth keeping in mind that you get what you pay for – so, in many instances, free WiFi can be slow and frustrating.


If you don’t already use an RSS reader, this might be worth a look.
Flipboard 4.0 completely redesigned for a more personalized experience
Flipboard, one of the most popular news aggregator apps on the market, has received a major update that brings a whole new design along with a few interesting features to the table.  The biggest change is the introduction of the “Smart Magazine”, which changes the way you organize stories and topics you’re interested in.
In an official blog post, Flipboard gave us an example of how the new feature works.  When you open up the app, simply swipe left to add your passion.  If you pick a broad topic like photography, you can then dig a little deeper and choose what kind of photography you are most interested in (for example: street photography).  After you have made your selection, simply press “Done” and Flipboard will automatically create a Smart Magazine just for you with stories relating to the topic you have chosen.
You can also create and build your own Custom Magazines by adding content from any source, person, or publication you want to follow.


The next time someone tells me they don’t like Trump/Congress/’that law’/etc. I’ll give them this.
Obtain contact info for your senators, representatives (state and federal) via text message
by on Feb 8, 2017
Via Mary Rumsey – “If your senators and reps (State & Federal) aren’t saved in your phone yet, text your zip code to 520-200-2223 (no subject line, just your zip in the message).  You’ll get a text back with everyone’s contact info.”

Wednesday, February 08, 2017

A bad example for my Computer Security students.  You have to tell the government, but not the victims? 
On October 21, 2016, Singh & Arora Oncology Hematology PC in Michigan notified HHS of a hacking incident that they reported impacted 16,000 patients.  Today, we learn that 22,000 patients are first getting notification letters this week.  Why has it taken more than three months since HHS was notified for patients to be notified? 
Jessica Dupnack reports:
According to the letter, one of the practice’s servers was being accessed by an unauthorized user for nearly seven months between February and July of last year.
It wasn’t until August 2016 that they were notified of a problem.
So unauthorized access went on for almost five months (from February 27 – July 14), they learned of the problem on August 22, 2016, and they reported it two months later to HHS, but didn’t notify the patients until February of 2017?  Why the long gap to notifying patients?
The files accessed contain names, insurance information and social security numbers.
The letter from Singn and Arora says the hackers were apparently not after this personal information.  There is no indication it was used for identity theft, but they can’t say with total certainty that the information wasn’t compromised.
I wonder what makes them think the hackers were not after the PII or PHI.  Although the reporter says “an unauthorized user” accessed the server, the letter (pieces of which were shown in the video of the news report) indicates that during those months, it was accessed by “unauthorized users” (plural).  The letter also indicates that addresses, telephone number, date of birth, and CPT codes were in the accessed files.
So how can they know the information wasn’t used for identity theft when no one had been notified or might know to report any identity theft to them?
Michigan media outlets might want to pursue the question of why the delay in notification.


A sure method for capturing really stupid terrorists and insulting everyone else.  What would they do to someone like me that uses no social media? 
DHS mulls password collection at borders
by on
FCW.com – “John Kelly, the new secretary of the Department of Homeland Security, testified that foreign travelers coming to the United States could be required to give up social media passwords to border officials as a condition of entry.  “We want to say, for instance, which websites do you visit, and give us your passwords, so we can see what they do on the internet,” he said at a Feb. 7 House Homeland Security hearing, his first congressional hearing since his Senate confirmation.  “If they don’t want to give us that information, they don’t come in.”  Kelly noted that while this was “still a work in progress” and not necessarily “what we’re going to do right now,” he added that President Donald Trump’s freeze on entry to the U.S. by citizens of seven countries, “is giving us an opportunity… to get more serious than we have been about how we look at people coming into the United States.”


I hate fax machines.  I write a request in my word processor, then print it, fax it, the FBI gets it and re-enters it into their computer system?  How is that more efficient?  We need a law that says you can’t go back to pre-Civil War technology.  (Patented in France in 1858.)
Is the FBI Really Going Back to the Fax Machine for FOIA Requests?
The FBI quietly announced a new policy starting next month that requires all Freedom of Information Act (FOIA) requests to be sent via fax or through regular U.S. Mail and it is a move that seems to have made some government transparency advocates a little frustrated.  A small number of requests can still me made through an online portal, but that will reportedly require users to provide personal information to the FBI to access the system.
   According to the Daily Dot, the policy is part of a larger government agency effort that they say seems to “intentionally rely on archaic technologies to process public records requests.”  The CIA and the Defense Advanced Research Projects Agency (DARPA), which handles secret government technologies, also requires fax requests, according to the report.


You can’t eat analytics, so why add them to the menu?
More Data, Better Dining?
In order for a restaurant to be successful, it has to focus on more than just food and beverages.  The industry is known for its tight profit margins, and without savvy owners, it’s really hard for even the best and most beloved restaurants to survive.
Damian Mogavero, a dining-industry consultant, has analyzed the data behind thousands of restaurants—which dishes get ordered, which servers bring in the highest bills, and even what the weather’s like—and found that these metrics can help inform the decisions and practices of restaurateurs.  Ultimately, Mogavero believes that the data he collects is really a way to learn how to make customers happy


Perspective.  As computers evolve from calculator to thinking machine… 
What to Expect From Artificial Intelligence
   The task that AI makes abundant and inexpensive is prediction — in other words, the ability to take information you have and generate information you didn’t previously have.  In this article, we will demonstrate how improvement in AI is linked to advances in prediction.  We will explore how AI can help us solve problems that were not previously prediction oriented, how the value of some human skills will rise while others fall, and what the implications are for managers.  Our speculations are informed by how technological change has affected the cost of previous tasks, allowing us to anticipate how AI may affect what workers and managers do.


Sounds simple.  My Data Management students will find out that it is not.
Retale acquires shopping list app Out of Milk
Retale, a technology company that develops mobile-first shopping experiences, today announced the acquisition of Out of Milk, the biggest shopping list app on Android in North America.
Out of Milk has had more than 10 million downloads, and it fits with Retale’s core mission of providing mobile products and services that meet shoppers’ needs at every stage of the customer journey.
   Out of Milk also makes it easy to share lists with family and friends on mobile, desktop, and email; shopping lists are instantly synced as changes are made across devices and platforms, eliminating any confusion.


Perspective.  For all my students.  So much data that one cloud isn’t enough?
The future isn't cloud. It's multi-cloud
Cloud computing was supposed to simplify IT environments.  Now, according to a recent study by Microsoft and 451 Research, nearly a third of organizations work with four or more cloud vendors.  It would seem multi-cloud is the future of cloud computing.


That and few dollars will get you a cup of coffee.  Wouldn’t this be better if they partnered with a law firm? 
Starbucks Is Giving Employees Free Legal Advice on Immigration
After pledging to hire thousands of refugees, Starbucks is now offering its employees free legal advice on immigration.
The coffee giant sent a letter to workers Monday, saying that the company had partnered with Ernest & Young to offer free legal advice to "help navigate immigration issues and get answers in these uncertain times," CNNMoney reported.

Tuesday, February 07, 2017

First thought, don’t tell my wife!  Second, what are these people thinking? 
Another reason to use a cafetiere to make coffee.
Simone Margaritelli writes:
After hearing so much discussion about IoT security risks, I was curious to see firsthand just how easy it is to hack into an internet-connected device.  As a whitehat hacker, I tested my hacking skills on my Smarter Coffee machine, which is connected to my home wifi network.
But why should you care about some guy who figured out how to hack his coffee machine?  Because it was too easy.  If I’m willing to spend a couple of hours automating my coffee intake, there are countless cyber criminals out there willing to put in the time for a much higher-stakes reward.
Read more on Quartz.


For my Computer Security students.
Your Browsing History Alone Can Give Away Your Identity
   Dozens of trackers embedded in nearly every website collect information about how you interact with the page, and cookies stored in your browser tell advertisers how often you’ve visited the site before.  But the holy grail is the ability to string all this information together to create profiles that corresponds to each individual user—that is, creating a complete picture of each person on the internet, beyond just scattered data points.
Companies that compile user profiles generally do so pseudonymously: They may know a lot of demographic details about you, but they don’t usually connect your behavior to your individual identity.  But a group of researchers at Stanford and Princeton developed a system that can connect your profile to your name and identity, just by examining your browsing history.

(Related).
The Evolution of Ransomware: Part 1
Public understanding and concern about cybersecurity has historically been pretty low, the domain of experts and large organizations on the lookout for sophisticated, targeted attacks.  Ransomware is changing that, creating a rising tide of successful attacks that are forcing a re-examination of protection in organizations of all sizes.  Businesses, numbed by constant warnings about threats, breaches, and the hopelessness of protection, are getting a serious wake-up call.  A surge in ransomware, caused by the ease of staging widespread attacks, extending even to automated ransomware attack services, has made fast, broad, and anonymous attacks commonplace.  From humble roots in the AIDS Trojan of 1989 to its current myriad forms, ransomware growth is only accelerating.  These attacks have come a long way in the last 27 years, and for those looking to protect themselves in 2017, it is time to understand and address the modern ransomware threat.

(Ditto).  Would it be cruel to use this as a midterm exam? 
Can you spot the phish?
Cloud collaboration software provider Diligent recently conducted an online survey of 2,000 U.S. internet users to test their security savvy.  76% of survey respondents passed the phishing test, but that isn't the whole story.  Here are some of Diligent's other findings:
  • Over 68% of respondents were tricked by emails that looked like they were from a coworker.
  • Messages from social media companies with the phrase, “Did you see this pic of you? LOL” fooled nearly 61% of participants.
  • Fewer than 3% of respondents fell for an email claiming they won a big cash prize from a soft drink company.
Following are the emails Diligent used in its survey.  Can you spot the phish?


Perhaps not so spontaneous after all.  You have to keep up a constant stream of bamboozlement to convince the gullible to do your bidding.  Fortunately(?), the Internet makes it easy,
Not ‘Lone Wolves’ After All: How ISIS Guides World’s Terror Plots From Afar
   Until just moments before the arrest of the Indian cell, here last June, the Islamic State’s cyberplanners kept in near-constant touch with the men, according to the interrogation records of three of the eight suspects obtained by The New York Times.
As officials around the world have faced a confusing barrage of attacks dedicated to the Islamic State, cases like Mr. Yazdani’s offer troubling examples of what counterterrorism experts are calling enabled or remote-controlled attacks: violence conceived and guided by operatives in areas controlled by the Islamic State whose only connection to the would-be attacker is the internet.


The country we might become?  Or are we already there?
Papers, Please! has a wonderful recap of the work they’ve been doing for decades and how it relates to the current uproar over Trump’s executive order.  The issues and risks, they want you to know, are much bigger than you may realize.  Here’s a snippet of their piece:
Here are some key things we’ve learned from our work over the last 20 years that people — including those just now beginning to think about the right to fly, especially as it relates to immigrants, refugees, and asylum seekers — need to understand about what is happening, who is responsible, what will happen next, and what can be done:
It’s about government control of movement, not just surveillance of travelers.
“Watchlist” is a euphemism.  The list of countries whose citizens are barred from the US is a blacklist, not just a watchlist.
Extreme vetting” means not just searching and interrogating people before allowing them to enter the US, or surveilling them while they are in the US, but not allowing them to enter the US at all.  That’s one of the reasons we have never seen this as an issue that can be completely encompassed in a rubric of “privacy”.
Tools put in place and data collected by any government will be available for use and misuse by any future government.
Read more on Papers, Please!
Related to this, see Joe Cadillic’s new post, Passengers to be arrested for not showing their ID’s.  As one example, Joe writes:
Arizona’s House Bill 2305 would make it a crime for passengers to decline to provide a photo ID to police.  Passengers who fail to provide an ID could be sentenced to four months in jail and a $750.00 fine.


This would be a silly law.  If the government does a really poor job of anonymization, it would be illegal to prove it by re-identifying people?  Sounds like the Emperor wants to keep wearing those new clothes without anyone pointing out the obvious. 
Rohan Pearce reports:
Passage of a government bill that would criminalise the re-identification of public sector datasets released under open data policies looks uncertain.
The Senate Legal and Constitutional Affairs Legislation Committee tonight tabled its report on the government’s Privacy Amendment (Re-identification Offence) Bill 2016.  Although the committee’s majority recommends that the bill be passed, a dissenting report by its Labor and Greens members calls for parliament to reject the proposed legislation.
Read more on Computerworld.


Maybe Amazon has smarter lawyers?  
Amazon’s Antitrust Paradox
by on
Khan, Lina, Amazon’s Antitrust Paradox (January 31, 2017). Yale Law Journal, Vol. 126, 2017.  Available for download at SSRN: https://ssrn.com/abstract=2911742
“Amazon is the titan of twenty-first century commerce.  In addition to being a retailer, it is now a marketing platform, a delivery and logistics network, a payment service, a credit lender, an auction house, a major book publisher, a producer of television and films, a fashion designer, a hardware manufacturer, and a leading host of cloud server space.  Although Amazon has clocked staggering growth, it generates meager profits, choosing to price below-cost and expand widely instead.  Through this strategy, the company has positioned itself at the center of e-commerce and now serves as essential infrastructure for a host of other businesses that depend upon it.  Elements of the firm’s structure and conduct pose anticompetitive concerns—yet it has escaped antitrust scrutiny.  This Note argues that the current framework in antitrust—specifically its pegging competition to “consumer welfare,” defined as short-term price effects—is unequipped to capture the architecture of market power in the modern economy.  We cannot cognize the potential harms to competition posed by Amazon’s dominance if we measure competition primarily through price and output.  Specifically, current doctrine underappreciates the risk of predatory pricing and how integration across distinct business lines may prove anticompetitive.  These concerns are heightened in the context of online platforms for two reasons.  First, the economics of platform markets create incentives for a company to pursue growth over profits, a strategy that investors have rewarded.  Under these conditions, predatory pricing becomes highly rational—even as existing doctrine treats it as irrational and therefore implausible.  Second, because online platforms serve as critical intermediaries, integrating across business lines positions these platforms to control the essential infrastructure on which their rivals depend.  This dual role also enables a platform to exploit information collected on companies using its services to undermine them as competitors.  This Note maps out facets of Amazon’s dominance.  Doing so enables us to make sense of its business strategy, illuminates anticompetitive aspects of Amazon’s structure and conduct, and underscores deficiencies in current doctrine.  The Note closes by considering two potential regimes for addressing Amazon’s power: restoring traditional antitrust and competition policy principles or applying common carrier obligations and duties.”


The world my students will program.
Amazon's supermarket of the future could operate with just 3 staff — and lots of robots
Amazon's high-tech supermarkets of the future could be operated by just three humans, according to The New York Post.
The ecommerce giant is reportedly considering two-storey supermarkets that span between 10,000 square feet and 40,000 square feet and rely heavily on a fleet of robots, sources told The New York Post.
   In Amazon's planned supermarkets, robots would reportedly be based upstairs and used to find and pack items for customers on the floor below, which would be home to products up to 4,000 items that shoppers "like to touch," such as fresh meat, fruit, vegetables, and eggs.


And here I thought they only tried to cover it up!
Directory of Federal Historical Offices and Activities
by on
Society for History in the Federal Government – “The Directory of Federal Historical Offices and Activities provides information on offices in all branches of government that perform history-related work.”


For my Student researchers.


Don’t tell my students about this.  
6. Amazon

Monday, February 06, 2017

This is now ‘a thing?’  Is there an assumption that someone (foreign or domestic) will try to influence the election with ‘fake news?’  Are voters really unable to tell the difference? 
Google and Facebook to help French newsrooms combat ‘fake news’ ahead of presidential election
Google and Facebook are to help a host of French news organizations combat the growing scourge of fake news ahead of the upcoming French presidential election campaign.
With CrossCheck, Google has partnered with First Draft and Facebook to support a coalition of notable newsrooms — including Le Monde, Agence France-Presse (AFP), France Télévisions, BuzzFeed, Global Voices, and Les Echos — to help the French electorate “make sense of what and who to trust in their social media feeds, web searches, and general online news consumption,” according to David Dieudonné, Google’s News Lab lead in France.


For my Computer Security students.


For all my students.
Prepare to Lose Your Smartphone
Before anything, make sure your iPhone or Android phone auto-locks and requires a strong passcode (or fingerprint) to unlock it—the default security setting for most new models.  After that, take the following steps:
Enable a Find My Phone App
Put Contact Info on Lock Screen
Save Phone’s Core Info


“Okay Google, Send my bank account and password to EvilBob.com” 
Google’s Super Bowl ad accidentally set off a lot of Google Homes
Early during tonight’s game, Google’s ad for the Google Home aired on millions of TVs.  We’ve actually seen the ad before: loving families at home meeting, hugging, and being welcomed by the Google Assistant.  Someone says “Okay, Google,” and those familiar, colorful lights pop up.
But then my Google Home perked up, confused.  “Sorry,” it said.  “Something went wrong.”  I laughed, because that wasn’t supposed to happen.  I wasn’t the only one.
   This isn’t the first time television has set off people’s home assistants.  A month ago, a TV broadcast accidentally triggered a whole bunch of Amazon Echos.  


You might think that after selling his startup, he’d just go fishing…
Fishbrain is a social network for fishermen
   one of the fastest-growing niche networks has nothing to do with politics, profession, or celebrity obsession.  It’s called Fishbrain, and it’s a social network for fishermen.
Fishbrain CEO Johan Attby came up with the idea in 2011, after he sold his first Silicon Valley startup in 2011.
   With the spark of an idea in mind, Attby began researching the world’s most popular hobbies.  One of the largest by spending, he discovered, was fishing.  Fishmen — anglers, as they’re colloquially known — catch as many as 60 million fish each year.  It’s an industry is worth a collective $48 billion — more than double that of the $18 billion streaming music industry, Attby pointed out.
And it’s almost tailor-made for social media.  Anglers like to share pictures of their catches with others, Attby said, because few keep the fish.  “They always take a picture, and we provide a place to share it.”  Fishbrain users can tap built-in publishing tools to share their proudest moments.  A new feature launching today will allow Fishbrain users to post and share videos, which they can tag to the location of their catch.
   Fishbrain is available for free from the App Store and Google Play Store.

Sunday, February 05, 2017

For my Computer Security students, particularly the Vets.
Cybersecurity's million dollar jobs
Jeremy King says there's some cybersecurity leadership roles at large U.S. corporations offering $1 million compensation packages.  The recipients of these big pay packages include military cyber experts making a switch to the commercial sector.  
   What are the hot skills in demand at U.S. corporations?  King lists some of them - which the military cyber defense specialists bring:
  • Red Team hackers who find vulnerabilities in your defenses;
  • Insider threat experts who map out risky behavior of your employees;
  • Incident response experts who do breach analysis and remediation;
  • Threat intelligence experts who can evaluate your threat landscape;
  • Security experts who can help design and manage security operations centers.
For more information read the quarterly "Ask The Recruiter" report featuring King.


Okay, if this was the final exam in a law school class, I’d flunk.  Is this because the emails were out of the US only because Google was balancing it’s usage/storage at centers around the world? 
Google, unlike Microsoft, must turn over foreign emails: U.S. judge
A U.S. judge has ordered Google to comply with search warrants seeking customer emails stored outside the United States, diverging from a federal appeals court that reached the opposite conclusion in a similar case involving Microsoft Corp.
U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.
The judge said this was because there was "no meaningful interference" with the account holder's "possessory interest" in the data sought.
"Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States," Rueter wrote.


On the other hand, it’s Google that moved into their space. 
Google Warns of New Rivals in Corporate Computing, Digital Assistants, Hardware
Alphabet Inc. warned investors about a slew of new competitors, highlighting the company's broad expansion beyond its original Google search business. 
"Providers of digital video services, such as Facebook, Netflix, Amazon, and Hulu."
"Digital assistant providers, such as Apple, Amazon, Facebook, and Microsoft."
"Providers of enterprise cloud services, including Amazon and Microsoft.
"Companies that design, manufacture, and market consumer electronics products."