Saturday, October 14, 2017

Someone in government listens? Brilliant!
It’s gratifying when advocacy efforts have an impact. Last week, this blogger spent a good amount of time talking with Kathleen Styles, Chief Privacy Officer of the U.S. Education Department. We discussed the TheDarkOverlord attacks on the education sector and I had urged the Department to try to warn schools how to better protect themselves.
I am pleased to see that they have now sent out the following advisory (yes, even though they don’t link to any of my reporting on this issue):
Cyber Advisory – New Type of Cyber Extortion / Threat Attack
Note that despite what the cyber advisory suggests, this threat is not confined to K12, as TheDarkOverlord’s recent tweets suggest that they are also busy attacking institutions of higher education.




For my Computer Security (and other) students.
… Two-factor authentication (also known as 2FA or two-step verification) is a security method that uses two different ways to verify your identity. Instead of only entering a password to log in, you’ll be asked to enter a code which is sent via text message to your phone or generated via an app. This verification helps make sure that only you can access your account.
We’ve previously pointed out several internet services where you should enable 2FA. Today, let’s see which social media platforms support it and how you can enable them.




Convergence. Soon, every tool will be able to do everything.
Facebook’s ‘Order Food’ feature officially launches across the US
Facebook today formally announced its new feature that allows users to order food from local restaurants using its app. Instead of competing directly with other food ordering services, Facebook is partnering with several industry players on this effort, including EatStreet, Delivery.com, DoorDash, ChowNow, Olo, Zuppler and Slice. It’s also working with restaurant chains directly, like Jack in the Box, Five Guys, Papa John’s, Wingstop, TGI Friday’s, Denny’s, El Pollo Loco, Chipotle, Jimmy John’s and Panera.
Users can find the new option “Order Food” in the Explore menu in the Facebook app, where you can then browse area restaurants and click “Start Order” when you know what you want.




Perspective.
Uber, Surging Outside Manhattan, Tops Taxis in New York City
… the ride-hail app has increasingly shifted its focus to the city’s other four boroughs, where frustration over subway overcrowding and delays and fewer taxi options have made it the ride of choice for many.
As a result, Uber is booming in the other boroughs, with half of all Uber rides now starting outside Manhattan — up from one-fourth just two years ago — not including pickups at the city’s two airports in Queens. The growth has been so explosive that it has helped produce a milestone moment — for the first time, more people are using Uber in New York than the city’s fabled yellow cabs. In July, Uber recorded an average of 289,000 rides each day compared with 277,000 taxi trips.


Friday, October 13, 2017

I guess the IRS finally noticed what was going on.
IRS temporarily suspends contract with Equifax
The IRS has temporarily suspended the $7.2 million, no-bid contract it awarded to Equifax to verify the identities of taxpayers when they create accounts on its website, the agency said today.
… The decision comes after media reports earlier today that the Equifax website may have been compromised a second time.




Makes you think, “Fake News!” doesn’t it?
Russia reportedly used Pokémon Go in an effort to inflame racial tensions
Russia’s far-ranging campaign to promote dissension in the United States reportedly included an effort to weaponize Pokémon Go. CNN reported today that in July 2016, a Tumblr page linked to Russia’s now-notorious Internet Research Agency promoted a contest encouraging people sympathetic to the Black Lives Matter movement to play the game near famous sites of police brutality. Players were told to change their characters’ names to the victims of those incidents — an apparent effort to inflame racial tensions.




Perhaps we need to automate trials? Remove the human factor. Eliminate bias.
Is a Fair Trial Possible in the Age of Social Media?
Is there any more satisfying reading than the transcripts of “Pharma Bro” Martin Shkreli’s disastrous jury selection? A seeming cherry on the top of the schadenfreude sundae of Shkreli’s legal disgrace, the transcripts also illuminate how social media, which spread news of the defendant’s price-jacking and unapologetic comments about his pharma business well ahead of the trial, influenced his jury selection. It raises the question: Is it possible to have a fair trial or an impartial jury in an age when anyone is just a viral tweet or a Facebook search away?
Frank J. Mastro wonders, too. He examines how social media and other online behavior caused mistrials as far back as 2009. From the moment smartphones first began to transform social behavior, they were disrupting trials, too.




There must be a demand for this stuff, right?
Apple cofounder Steve Wozniak launches Woz U institute to train people for tech jobs
Steve Wozniak, one of Apple’s three original founders, has launched a new training initiative designed to get people ready for “high-paying technology” jobs.
The Woz U digital institute is initially launching as an online-only affair and promises to deliver a “new approach” to education for tech industry jobs. For now, the curriculum focuses on training for computer support specialists and software developers (.Net, JavaScript, Ruby, Java, and Python), but it will later expand into other facets of the STEM realm, including cybersecurity, mobile apps, and data science.


(Related).
Google commits $1 billion in grants to train U.S. workers for high-tech jobs




Perspective.




Because I like lists (and because I’m teaching #1 right now!)
15 Top Data Analytics Tools
Data analytics tools are, to be sure, in great demand. A May 2017 story in The Economist declared that data is now more valuable than oil. While it can’t run your car, data nonetheless is a key commodity that many of the world’s biggest businesses run on and is the life blood of many corporations.
In treating data as an asset, that means the tools to perform data analytics are just as vital to the business, because without analytics you have no context, no knowledge. You just have data, which, like raw petroleum, is useless unless it is refined.
… What follows is a list by no means complete, but a comprehensive list of the different data analytics tools available. Some are free, others with a fee. They are in no particular order.

Leading Data Analytics Tools

Probably not the first thing that comes to mind, but Excel is one of the most widely used analytics tools in the world given its massive installed base. You won’t use it for advanced analytics to be sure, but Excel is a great way to start learning the basics of analytics not to mention a useful tool for basic grunt work. It supports all the important features like summarizing data, visualizing data, and basic data manipulation. It has a huge user community with plenty of support, tutorials and free resources.




Because they might be useful…
35 Artificial Intelligence Courses
It's no surprise there's great interest in artificial intelligence courses: artificial intelligence (AI) seems to be making its way into literally every aspect of technology.
In fact, according to Gartner, "By 2020, AI technologies will be virtually pervasive in almost every new software product and service." And IDC has predicted that worldwide spending on AI will reach $12.5 billion this year, 59.3 percent more than in 2016. By 2020, revenues could skyrocket to more than $46 billion.
This growing focus on AI has many IT pros scrambling to update their knowledge. Courses on artificial intelligence, machine learning, neural networks, natural language processing and related topics are attracting huge numbers of students.




This could be useful…
Guide on How to Transcribe YouTube Videos Automatically
by Sabrina I. Pacifici on Oct 12, 2017
Karrar Haider via Hongkiat: “A lot of us may not know but YouTube comes with many useful features like translation for titles and description and YouTube keyboard shortcuts etc. Similarly, there are ways with which you can transcribe YouTube videos. As nowadays, the speech recognition software have improved a lot, you can get a reliable automatic transcription that can be easily edited to perfection with little to no effort. It’s quite easy to transcribe YouTube videos as YouTube automatically transcribes most of the videos as soon as they are uploaded. In this post, I’ll show you 3 ways to get YouTube video transcriptions for free…


Thursday, October 12, 2017

Looks like they need to improve that security they just got done “improving.”
Equifax Website Hacked Again
Credit reporting agency Equifax already earned its place in the history books for a "cybersecurity incident" that impacted more than half of all adult Americans. Names, Social Security numbers, birth dates, addresses, and driver's license numbers were all exposed through the company's website.
Equifax responded to the breach with "supreme arrogance," but it seems the company failed to learn anything from its security failings. Proof of that appeared yesterday when the Equifax website was compromised yet again.
As Arstechnica reports, for several hours yesterday, October 11, anyone visiting the Equifax website may have been presented with a Flash Player update prompt. It was fake, and opting to install the update saw your PC infected with adware (specifically Adware.Eorezo).




I haven’t reported on this industry that uses a variety of cutting edge technology in some time. Clearly they are staying up with (if not ahead of) the crowd.
Pornhub Now Uses Machine Learning To Make Searching For Porn Easier, But There’s A Big Problem
Porn is going to get a lot smarter. Well, not porn exactly, but ID-ing it and identifying the performers in it, all for better and improved indexing so searching for specific types and categories of porn will be easier.
Pornhub is at the forefront of this porn searching evolution, announcing on Wednesday, Oct. 11, that it's using machine learning to automatically catalog its huge library of adult videos.
… Pornhub plans to scan all 5 million videos "within the next year" and then shift toward more complex methods of identification, like determining where videos should be categorized in, tagging them as "public" or "blonde," for instance. This is presumably more complicated because Pornhub's machine learning technology has to actually figure out what the context is apart from who the performers starring in a video are.
Corey Price, Pronhub's VP, said in a press statement that the company is jumping on the artificial intelligence bandwagon to "expedite antiquated processes."


(Related). There are more similarities than you might guess.
ROSS Intelligence lands $8.7M Series A to speed up legal research with AI
Armed with an understanding of machine learning, ROSS Intelligence is going after LexisNexis and Thomson Reuters for ownership of legal research.
… At its core, ROSS is a platform that helps legal teams sort through case law to find details relevant to new cases. This process takes days and even weeks with standard keyword search, so ROSS is augmenting keyword search with machine learning to simultaneously speed up the research process and improve relevancy of items found.
“Bluehill benchmarks Lexis’s tech and they are finding 30 percent more relevant info with ROSS in less time,” Andrew Arruda, co-founder and CEO of ROSS, explained to me in an interview.




Another vision of the future.
Deloitte – The legal department of the future
by Sabrina I. Pacifici on Oct 11, 2017
The legal department of the future – How disruptive trends are creating a new business model for in-house legal – “Over the past 10 years, unprecedented disruptions—including the deregulation of the practice of law and advancements in technology—have been changing the face of the legal sector. Rigid silos are being replaced by more fluid structures. And in-house lawyers are becoming business partners, embedded and able to work across units and specializations. So what will corporate legal look like over the next 10 years? Consider the following potential scenarios in technology, service delivery, and operations…”




Perspective.
Irish court gives $1 billion Apple data center green light
Apple may proceed to build a 850 million euro ($1 billion) data center in Ireland, the High Court ruled on Thursday, bringing relief for the government after a two-year planning delay which it feared could hurt its reputation with investors.




Interesting idea. Not much in Denver yet.
Taste ranks the top restaurants in a bunch of categories: coffee, burgers, drinks, pizza, sushi, breakfast, dinner, dessert, and lunch, with more categories coming soon.
The app relies on its users to determine what locations will be listed. Each Taste user can cast just one vote for their favorite restaurant for each category.


Looks like they need to improve that security they just got done “improving.”
Equifax Website Hacked Again
Credit reporting agency Equifax already earned its place in the history books for a "cybersecurity incident" that impacted more than half of all adult Americans. Names, Social Security numbers, birth dates, addresses, and driver's license numbers were all exposed through the company's website.
Equifax responded to the breach with "supreme arrogance," but it seems the company failed to learn anything from its security failings. Proof of that appeared yesterday when the Equifax website was compromised yet again.
As Arstechnica reports, for several hours yesterday, October 11, anyone visiting the Equifax website may have been presented with a Flash Player update prompt. It was fake, and opting to install the update saw your PC infected with adware (specifically Adware.Eorezo).




I haven’t reported on this industry that uses a variety of cutting edge technology in some time. Clearly they are staying up with (if not ahead of) the crowd.
Pornhub Now Uses Machine Learning To Make Searching For Porn Easier, But There’s A Big Problem
Porn is going to get a lot smarter. Well, not porn exactly, but ID-ing it and identifying the performers in it, all for better and improved indexing so searching for specific types and categories of porn will be easier.
Pornhub is at the forefront of this porn searching evolution, announcing on Wednesday, Oct. 11, that it's using machine learning to automatically catalog its huge library of adult videos.
… Pornhub plans to scan all 5 million videos "within the next year" and then shift toward more complex methods of identification, like determining where videos should be categorized in, tagging them as "public" or "blonde," for instance. This is presumably more complicated because Pornhub's machine learning technology has to actually figure out what the context is apart from who the performers starring in a video are.
Corey Price, Pronhub's VP, said in a press statement that the company is jumping on the artificial intelligence bandwagon to "expedite antiquated processes."


(Related). There are more similarities than you might guess.
ROSS Intelligence lands $8.7M Series A to speed up legal research with AI
Armed with an understanding of machine learning, ROSS Intelligence is going after LexisNexis and Thomson Reuters for ownership of legal research.
… At its core, ROSS is a platform that helps legal teams sort through case law to find details relevant to new cases. This process takes days and even weeks with standard keyword search, so ROSS is augmenting keyword search with machine learning to simultaneously speed up the research process and improve relevancy of items found.
“Bluehill benchmarks Lexis’s tech and they are finding 30 percent more relevant info with ROSS in less time,” Andrew Arruda, co-founder and CEO of ROSS, explained to me in an interview.




Another vision of the future.
Deloitte – The legal department of the future
by Sabrina I. Pacifici on Oct 11, 2017
The legal department of the future – How disruptive trends are creating a new business model for in-house legal – “Over the past 10 years, unprecedented disruptions—including the deregulation of the practice of law and advancements in technology—have been changing the face of the legal sector. Rigid silos are being replaced by more fluid structures. And in-house lawyers are becoming business partners, embedded and able to work across units and specializations. So what will corporate legal look like over the next 10 years? Consider the following potential scenarios in technology, service delivery, and operations…”




Perspective.
Irish court gives $1 billion Apple data center green light
Apple may proceed to build a 850 million euro ($1 billion) data center in Ireland, the High Court ruled on Thursday, bringing relief for the government after a two-year planning delay which it feared could hurt its reputation with investors.




Interesting idea. Not much in Denver yet.
Taste ranks the top restaurants in a bunch of categories: coffee, burgers, drinks, pizza, sushi, breakfast, dinner, dessert, and lunch, with more categories coming soon.
The app relies on its users to determine what locations will be listed. Each Taste user can cast just one vote for their favorite restaurant for each category.


Wednesday, October 11, 2017

Designed to be hacked?
T-Mobile website bug let hackers steal data with a phone number
Up until last week, a T-Mobile website had a serious security hole that let hackers access user's email addresses, accounts and a phone's IMSI network code, according to a report from Motherboard. Attackers only needed your phone number to obtain the information, which could be used in social engineering attacks to commandeer your line, or worse.
The security research who discovered the hole, Karan Saini from startup Secure7, notes that anyone could have run a script to scrape the data of all 76 million T-Mobile users and create a searchable database.
… T-Mobile said in a statement that "we were alerted to an issue that we investigated and fully resolved in less than 24 hours. There is no indication that it was shared more broadly."
… However, an anonymous hacker disputes T-Mobile's claim that the bug wasn't shared broadly, telling Motherboard that "a bunch of SIM swapping kids had [the hack] and used it for quite a while." They could have exploited the data to "socially engineer," or basically con, T-Mobile technicians into handing over replacement SIMs by pretending they're the owners of the line. Motherboard also discovered a YouTube video dated August 6th that describes exactly how to execute the hack.




Beware of any system that defaults to “No Protection!”
Accenture Exposed Data via Unprotected Cloud Storage Bucket
Consulting and technology services giant Accenture inadvertently exposed potentially sensitive information by leaving it unprotected in four Amazon Web Services (AWS) S3 buckets.
The cloud storage containers were discovered on September 17 by Chris Vickery of cyber resilience company UpGuard and they were secured a couple of days later after Vickery notified Accenture of his findings.




An Equifax update. Seems like a lot of disputes to me.
Equifax breach included 10 million US driving licenses
10.9 million US driver's licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers' records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver's licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency's system.




Security concerns and a few potential solutions.
IoT and the Effects of Other Emerging Tech in the Workplace
Technology professionals are gathered here at Spiceworld in Austin, Texas, Spiceworks' annual conference, to share their tips and tricks on making their CIOs happy, ensuring their end-users satisfied, and more importantly, keeping their IT operations up and running. But these days, no discussion about IT is complete without mentioning effects that the Internet of Things (IoT), artificial intelligence (AI) and other emerging technologies are having on the workplace.
The industry has high hopes for these next-generation technologies.
In June, IDC forecast that spending on IoT devices and services would balloon to nearly $1.4 trillion in 2021. Recently, technology research firm Tractica predicted that the AI market will reach $43.5 billion by 2024.
… But first, IT professionals are laser-focused on the security implications of adding IoT, AI and augmented and virtual reality (AR, VR) solutions to their IT environments. Expecting to get hacked, William Brown, information security officer at Engaging Solutions, an Indianapolis, Ind. IT consulting firm, takes zero chances.
As a precautionary measure, Brown's team places IoT devices on a guest network, preventing attackers from reaching deep into the main network and accessing sensitive data. Additionally, he advises his fellow IT professionals to make sure their IoT vendors stick to their patch schedules. "If you don't patch, there's a bot waiting out there waiting," he warned.




An update.
A judge ordered the web hosting company DreamHost to redact identifying information about visitors to a website used to coordinate a protest during President Trump’s inauguration, imposing further limits on an extensive warrant obtained by the Justice Department that initially aimed to collect visitors’ IP addresses.
Chief Judge Robert E. Morin of the Superior Court of D.C. had previously ordered DreamHost to turn over information about the operators of the website, disruptj20.org. The Justice Department alleged that the site was used to privately communicate plans for a riot, and that it needed the IP addresses of the millions of visitors to the site in order to discover who had incited the violence. After resistance from DreamHost, the Justice Department narrowed the scope of its request.
In an order issued today, Morin said that the government would need to submit a report explaining the minimization procedures it would use when searching DreamHost’s data—in short the government would need to explain why it needs everything it needs. Only then would Morin allow the DoJ to review redacted data, and the government would again have to provide the court with its justification for removing any redactions.




Similar thinking to the “Walmart puts groceries in your ‘fridge” idea. Is this just a small extension of the “we trade privacy for convenience” trend?
Report: Amazon Testing In-Trunk Deliveries
Don't have a front porch or a doorman? In the future, you may be able to receive packages from Amazon inside your home or the trunk of your car.
CNBC on Tuesday reported that the online retail giant is "in advanced talks" with the smart license plate maker Phrame about a new trunk delivery idea.
Phrame makes a device that fits around your license plate and turns it into a "military strength lockbox for your keys" that can be accessed with your permission using an accompanying app, according to the company's website. [Would there be a lot of call for this other than Amazon, Walmart, et. al.? Bob]


(Related). Of course, Amazon wants to enter your home too.
Amazon to develop a smart doorbell to deliver packages inside your home




An update you might have missed.
Footage ‘tells the truth,’ Utah nurse says after the SLC officer who arrested her was fired
Salt Lake City Police Chief Mike Brown has fired one officer and demoted another in response to the July 26 arrest of University Hospital nurse Alex Wubbels, according to records obtained by The Salt Lake Tribune.
Detective Jeff Payne, who arrested Wubbels, was fired Tuesday. Payne’s watch commander the day of the confrontation, Lt. James Tracy, was demoted to police officer III effective Wednesday, according to the documents signed by Brown and sent to the men.
Brown’s decision is the culmination of an internal affairs investigation that began a day after the confrontation between Wubbels and Payne. The probe ultimately found that both officers had violated a number of department policies.




This would be a rather significant change.
Britain considers regulating Facebook and Google as news publishers
Britain is considering classifying and regulating Facebook and Google as news publishers, rather than platforms.
… Consultancy group Enders Analysis says 6.5M British internet users get most of their news from Facebook.




For my students.
Amazon launches $5.49 monthly Prime Student subscription in the U.S
… For students, however, Amazon has offered a 50 percent discount on the annual subscription, meaning those in an eligible two- or four-year program in the U.S. would only pay $49 for the year.
… Amazon is attempting to lure more students on board with a $5.49 monthly subscription plan bundled into a free six-month trial offer. So basically anyone with an .edu email address can get Amazon Prime totally free for six months, after which they can elect to remain on the plan without committing to a full year’s subscription.




For my Spreadsheet students.
Working in Excel spreadsheets is all about saving time. You don’t want to have any slowdowns in your workflow that decrease your productivity. To that end, you’ve hopefully set up your own Excel keyboard shortcuts and know the best ways around the software.
There’s a small but useful change you can make to how the Enter button functions. Out of the box, pressing Enter will move the highlighted box down by one cell. But if you prefer, you can change this so Enter moves the selected box one cell to the right instead.
Though it’s a bit unnatural, you can also set this to Up or Left if you prefer. In fact, if you uncheck the After pressing Enter box, you can completely disable Enter‘s functionality. With this unchecked, pressing Enter does nothing.




For my students who enter the Great Pumpkin contest.

Tuesday, October 10, 2017

Another Oops gets bigger.
Deloitte hack hit server containing emails from across US government
The hack into the accountancy giant Deloitte compromised a server that contained the emails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals, the Guardian has been told.
Sources with knowledge of the hack say the incident was potentially more widespread than Deloitte has been prepared to acknowledge and that the company cannot be 100% sure what was taken.
… The Guardian has established that a host of clients had material that was made vulnerable by the hack, including:
• The US departments of state, energy, homeland security and defence.
• The US Postal Service.
• The National Institutes of Health.
• “Fannie Mae” and “Freddie Mac”, the housing giants that fund and guarantee mortgages in the US.




Imagine a North Korean leader who was largely ignorant of US and South Korean capabilities discovering that he is in fact a primary target.
Jamie Seidel reports:
Top secret war plans are among a host of classified military documents reportedly stolen by North Korean hackers in a ‘raid’ on a secure defence data centre last year.
South Korea’s Yonhap news agency reports Operational Plan 5015 — the most up-to-date blueprint for a US/South Korean war with Pynongyang, including a ‘decapitation strike’ against Kim Jong-un — was among the classified material seized by Pyongyang.
If true, this represents a serious blow to diplomatic and military efforts to counter the heretic state’s increasingly hostile posture.
Read more on News.com.au




An interesting idea for a world that can’t handle geography.
what3words – free online map service uses unique 3 word address
by Sabrina I. Pacifici on Oct 9, 2017
“Addressing the world – what3words is a really simple way to talk about location. We have divided the world into a grid of 3m x 3m squares and assigned each one a unique 3 word address. It means anyone can accurately find any location and share it more quickly, easily and with less ambiguity than any other system. The service can be used via the free mobile app or online map. It can also be built into any other app, platform or website, with just a few lines of code…. what3words is the simplest way to talk about any precise location. Our system has divided the world into a grid of 3m x 3m squares and assigned each one a unique address made of just 3 words. Now everyone and everywhere has a reliable address.”




Amusing and useful?
Schedule a Phone Call to Yourself and Politely Escape any Boring Situation




For my Spreadsheet students.
Having to hunt through menus for everything is no fun. Keyboard shortcuts help you access your most-used functions instantly, and you can even make your own.


Monday, October 09, 2017

A short “How to fail my computer security class” look at Equifax.
Five takeaways from Equifax's brutal week
… The company took more than two weeks to publicly disclose the breach, Smith said, because Equifax’s outside counsel, King & Spaulding, and cybersecurity firm Mandiant advised the company to first have a plan in place to protect consumers affected by the breach. [So much for thinking ahead. Breaches WILL happen, so why not do at least some planning (or thinking) in advance? Bob]
… Hackers exploited a vulnerability in a version of Apache Struts software that was used by Equifax but had not been patched, despite a March alert from the Department of Homeland Security (DHS) directing companies to apply the patch.
… The individual designated to notify personnel to apply the patch failed to do so, Smith said. [Why not share DHS notices with more than one person? Bob]
… Smith also revealed that the personal data accessed was not encrypted at the time it was accessed, prompting further scrutiny. [That would have been their ‘Get Out of Jail’ card! Bob]
… Smith offered up little information on the hackers behind the breach, repeatedly referring to an FBI investigation. When questioned, Smith would not rule out that the hackers were sponsored by a nation state.
“We've engaged the FBI at this point, that's all I'll say,” he said Tuesday.
Bloomberg reported last week that hackers used techniques that have been previously linked to state-sponsored hackers.
While Smith said that investigators tracked the IP addresses of the criminals, he said their identities and whereabouts remain unknown.
Smith did, however, acknowledge the sophistication with which the criminals moved through the company’s system, evading the company’s security personnel for more than a month. [139 days by my count. Bob]


(Related). Compare and contrast.
Disqus Demonstrates How to Do Breach Disclosure Right
… I first saw the Disqus data first thing Friday morning my time in Australia. Verification wasn't difficult because my own record was in there (there's nothing like finding your own data in a breach to help expedite verification!) I reached out to an existing contact I had at Disqus via email as soon as I had a reasonable degree of confidence that the data was accurate (a couple of hours after I received it). From that moment, the timeline in their public disclosure began which I highlighted in this tweet:



(Related).
U.S. Banking Regulator Hit by 54 Breaches in 2015, 2016
The report, made public last week, focuses on the FDIC’s processes for responding to data breaches, and it’s based on an audit conducted in response to concerns raised by the chairman of the Senate Committee on Banking, Housing, and Urban Affairs.
The OIG’s audit focused on 18 of 54 suspected or confirmed breaches discovered by FDIC between January 1, 2015 and December 1, 2016. The 18 incidents reviewed by auditors affected more than 113,000 individuals.
The audit found that in 13 of the 18 cases the FDIC did not complete some key breach investigation activities, such as assessing impact and convening the data breach management team, within the timeframe established in the agency’s Data Breach Handling Guide (DBHG). [Something every organization should have? Bob]
It took the organization, on average, more than 9 months to notify affected individuals after discovering a breach. It took between 145 days and 215 days to send out notifications to impacted people after the decision was made to notify victims. In one incident that affected nearly 34,000 people, the FDIC sent out the notifications exactly one year after the breach was discovered.
A report published last year by the House of Representatives Science, Space and Technology Committee revealed that threat actors believed to be from China breached the systems of the FDIC in 2010, 2011 and 2013, and planted malware on a significant number of servers and workstations. The committee concluded that the agency’s CIO had attempted to cover up the incident.




Can the Internet use broadcast radio and TV rules?
Democrat senator pushes for transparency on social media political ads
Sen. Amy Klobuchar (D-Minn.) said Sunday that she is working on legislation that would mandate online political advertisements be subject to the same rules as broadcast ads.
“And the rules that apply for ads when they’re put on TV or radio, where you have to register them and say how much you paid, that doesn’t apply to these online ads. And so our laws need to catch up with what’s going on with our campaigns,” Klobuchar told CNN’s “Reliable Sources.”
The effort comes amid the growing controversy over Facebook’s political advertising during the 2016 election.




Perspective. A look at our future?
Cash is already pretty much dead in China as the country lives the future with mobile pay
  • Mainland Chinese stores and services are increasingly centered around mobile pay apps like WeChat Pay and Alipay.
  • Chinese mobile payment volume more than doubled to $5 trillion in 2016, according to Analysys data cited by Hillhouse Capital.
  • Mobile pay is growing so rapidly in mainland China that as a foreigner, I sometimes found it difficult to complete basic transactions without it.
  • The dominance of mobile transactions lends itself to greater data collection by the Chinese government.




Perspective. A bit rambling, but quite interesting.
The secret lives of children and their phones




For my Spreadsheet students.
Excel’s Custom View setting makes it easy to view specific information on a crowded spreadsheet or to create different layouts for your data. You can use it to create custom headers or footers, create a print-friendly version of your spreadsheet, or you can create a view in which freeze panes or split rows are activated.