Saturday, December 30, 2017

So that’s what a Nigerian Prince looks like!

Nigerian prince’ email scammer arrested in Slidell

A 67-year-old Slidell man who served as a go-between for an international team of scammers running a “Nigerian prince” email scheme has been arrested after an 18-month investigation.
Michael Neu, who is neither Nigerian nor a prince, has been charged with 269 counts of wire fraud and money laundering.
Neu helped shuttle fraudulently obtained money to his co-conspirators, some of whom actually do live in Nigeria, according to the Slidell Police Department.
The ubiquitous scheme, which begins when an email is sent to an unsuspecting recipient the scammers claim has been named as the beneficiary in a will, is designed to collect personal information that is then used to steal money and identities online.




There is some good stuff here. Not everyone responds this way.
Jason’s Deli (www.jasonsdeli.com) is a family owned business known for high-quality food and catering services for over 40 years. It is headquartered in Texas and operates or franchises 266 restaurants in 28 states, with a reputation for award-winning quality and a strong relationship with our customers.
On Friday, Dec. 22, 2017, our company was notified by payment processors – the organizations that manage the electronic connections between Jason’s Deli locations and payment card issuers – that MasterCard security personnel had informed it that a large quantity of payment card information had appeared for sale on the “dark web,” and that an analysis of the data indicated that at least a portion of the data may have come from various Jason’s Deli locations.
Jason’s Deli’s management immediately activated our response plan, [No one mentions that they actually have a plan, perhaps because they do not? Bob] including engagement of a leading threat response team, involvement of other forensic experts, and cooperation with law enforcement. Among the questions that investigators are working to determine is whether in fact a breach took place, and if so, to determine its scope, the method employed, and whether there is any continuing breach or vulnerability.
… Customers or financial institutions with any questions should contact customer.service@jasonsdeli.com or 409-838-1976.
… We appreciate the dedication of our employees and others who are working during their Christmas break to respond to this matter and protect our customers, and we thank them and their families for their sacrifice. Most importantly, we appreciate the trust our customers place in us, and we regret any inconvenience that some may experience, especially during the holidays. Thank you for your support and understanding.
Nice of them to thank the employees like that.
If this is confirmed as a breach of their system, this would not be the first time. In September, 2010, this site reported on a malware incident involving them.




A couple are new to me! But then, I haven’t taught websites in years.
… The best thing about online HTML editors is that they run directly in your web browser. Your web browser is the best and most relevant tool for processing and rendering HTML code. That is, after all, its entire purpose and reason for being.
Which means that your web browser is best-equipped for real-time previews of HTML. When you write web markup in a standalone editor like Notepad or TextEdit, you have to save changes to a file, then load the file in your web browser, then review it, then switch back to the editor for more changes, rinse and repeat. It’s a clunky and cumbersome process.
An online HTML editor can dynamically refresh itself as you write and change the markup. There is no need to flip back and forth between windows. You tweak the HTML on one side, the changes automatically occur on the other side.




Be careful what you Tweet for. If you make Jeff Bezos angry, he may initiate a hostile takeover bid for the Post Office.
Cheap Amazon shipping leaves the Postal Service ‘dumber and poorer,’ Trump says
President Trump on Friday called for the U.S. Postal Service to raise the shipping rates that it charges Amazon.com, the online retailer, in a deal that he said disadvantages the federal agency.
… It's just the latest in a series of digs by the president at Amazon, whose chief executive, Jeffrey P. Bezos, owns The Washington Post.




Coming soon to a supermarket near you?
Kroger’s mobile scanning tech will cut checkout lines in 2018
Kroger plans to expand use of technology that enables customers to scan products as they’re put into the shopping cart, eliminating the need to stand in traditional checkout lines.
… The customer then pays at a self-checkout destination, greatly reducing the wait time since the items have already been scanned (and potentially bagged).


Friday, December 29, 2017

Any election in any country (if connected to the Internet at any point) is hackable.
Why the 2018 Midterms Are So Vulnerable to Hackers
The first primary of the 2018 midterm elections, in Texas, is barely eight weeks away. It’s time to ask: Will the Russian government deploy “active measures” of the kind it used in 2016? Is it possible that a wave of disinformation on Facebook and Twitter could nudge the results of a tight congressional race in, say, Virginia or Nevada? Will hackers infiltrate low-budget campaigns in Pennsylvania and Nebraska, and leak their e-mails to the public? Will the news media and voters take the bait?
By most accounts, the answer is likely to be yes—and, for several reasons, the election may prove to be as vulnerable, or more so, than the 2016 race that brought Donald Trump to the White House.




The future, for my Computer Security students.
Key trends shaping technology in 2017




Oil just got a bit more expensive. Interesting that the Treasury released the satellite images. Didn’t know they had spy satellites. It was South Korean oil, which must have made the South even madder!
South Korea seizes ship it claims transferred oil to North Korea
South Korea has seized a Hong Kong-registered ship that allegedly transferred oil to a North Korean vessel in violation of United Nations sanctions.
The South Korean Foreign Ministry said the Lighthouse Winmore left the port of Yeosu in South Korea carrying refined oil which was then transferred to a North Korean ship in international waters on October 19.
The US Treasury Department released satellite imagery in November of two ships allegedly performing an illegal ship-to-ship transfer in international waters on the same day.




A good summary of the Statistical tools in Excel.




Global Warming! Global Warming! Perhaps it is not ‘settled science.’
Earth Might Go Through a Mini Ice Age During the Next Decades (Study)
At the moment, the main worry of the environmentalists is the constantly increasing temperatures. However, a team of researchers from Northumbria University discovered that a wave of coldness might soon hit our planet. This means it’s possible that Earth might pass through a mini ice age period, when main rivers could get frozen.
To reach this conclusion, the researchers have performed a simulation of how the magnetic waves of the Sun will evolve for the next decades. Judging from the results, it seems the global temperatures on our planet might start going down in 2021. It’s not the first time when something like this would happen, so researchers know what to expect.
The sudden drop of temperatures would lead to a mini ice age, also called the Maunder minimum. This is a reference to a previous cold period which occurred between 1646 and 1715, when famous rivers, like Thames flowing through London, ended up frozen.


Thursday, December 28, 2017

Wednesday, December 27, 2017

Something for my Computer Security students to ponder. How do you check third party source code?
FBI Software For Analyzing Fingerprints Contains Russian-Made Code, Whistleblowers Say
In a secret deal, a French company purchased code from a Kremlin-connected firm, incorporated it into its own software, and hid its existence from the FBI, according to documents and two whistleblowers. The allegations raise concerns that Russian hackers could compromise law enforcement computer systems.
… Cybersecurity experts said the danger of using the Russian-made code couldn’t be assessed without examining the code itself.




How will they do this? Lots of “fake news?”
Vietnam unveils 10,000-strong cyber unit to combat 'wrong views'
HANOI (Reuters) - Vietnam has unveiled a new, 10,000-strong military cyber warfare unit to counter “wrong” views on the Internet, media reported, amid a widening crackdown on critics of the one-party state.
… The number of staff compares with the 6,000 reportedly employed by North Korea. However, the general’s comments suggest its force may be focused largely on domestic internet users whereas North Korea is internationally focused because the internet is not available to the public at large.
… Cyber security firm FireEye Inc said Vietnam had “built up considerable cyber espionage capabilities in a region with relatively weak defenses”.
… “Cyber espionage is increasingly attractive to nation states, in part because it can provide access to a significant amount of information with a modest investment, plausible deniability and limited risk,” he added.




Interesting. Too much data?
The Library of Congress will no longer archive every tweet
The Library of Congress just announced some changes to its long-running plan to archive all of Twitter. On December 31st, 2017, it will stop archiving all tweets and instead choose certain tweets to archive on a “very selective basis,” Gizmodo reports. The decision was announced in a recently published white paper that reads “the tweets collected and archived will be thematic and event-based, including events such as elections, or themes of ongoing national interest, e.g. public policy.”
The LOC first announced its plans to create a single searchable archive of every public tweet more than seven years ago, but the project has stalled for a few years. In 2013, the organization published a white paper attributing the delay to budget issues and a lack of software. Twitter’s terms of agreement also prohibits “substantial proportions” of its website from being made downloadable.
By 2016, the archive still hadn’t launched. At the time, The Atlantic reported that no engineers had been assigned to the project, which was massive and messy. And as the number of tweets posted daily grew from 55 million in 2010 to 500 million in 2012, the project grew even more unwieldy, according to The Atlantic.
In this month’s white paper, the LOC attributes the decision to narrow the project’s scope to the fact that “the nature of Twitter has changed over time.” As Gizmodo points out, the LOC also had only been collecting text, which renders a large number of tweets with photo and video essentially worthless to the archive.




This is a joke, right? Please?
Seen on Twitter:
My aunt got a google home for Xmas & she already has “Alexa”. This morning we were messing around with the google home and asked, “okay google what do you think of Alexa” and it answered “I like her blue light” and from across the room Alexa turned on and said “thanks”. im scared
You can read more of the thread that tweet started here.




So, at some point, I may need a phone or one of those wrist band fitness thingies to pay?
Is it legal for a business in US to refuse cash as a form of payment?
Board of Governors of the Federal Reserve System: Is it legal for a business in the United States to refuse cash as a form of payment? [Useful information – I generally pay with cash and have increasingly encountered the response – we take credit/debit cards or you can use an app]
“Section 31 U.S.C. 5103, entitled “Legal tender,” states: “United States coins and currency [including Federal reserve notes and circulating notes of Federal reserve banks and national banks] are legal tender for all debts, public charges, taxes, and dues.” This statute means that all United States money as identified above is a valid and legal offer of payment for debts when tendered to a creditor. There is, however, no Federal statute mandating that a private business, a person, or an organization must accept currency or coins as payment for goods or services. Private businesses are free to develop their own policies on whether to accept cash unless there is a state law which says otherwise.”
See also The New York Times – Cash Might Be King, but They Don’t Care. [h/t Pete Weiss]




Another trend I’m not following. Not sure if that’s because I don’t care or just because I’m old. I’m going with “don’t care.”
The Echo Dot was the best-selling product on all of Amazon this holiday season




...and it looks like I’m still using another obsolete technology. Dang!
The Rise and Fall of the Blog
New York Times writer Nicholas Kristof was one of the first to start blogging for one of the most well-known media companies in the world. Yet on December 8th, he declared his blog was being shut down, writing, “we’ve decided that the world has moved on from blogs—so this is the last post here.”
The death knell of blogs might seem surprising to anyone who was around during their heyday. Back in 2008, Daniel W. Drezner and Henry Farrell wrote in Public Choice, Blogs appear to be a staple of political commentary, legal analysis, celebrity gossip, and high school angst.” A Mother Jones writer who “flat out declared, ‘I hate blogs’…also admitted, ‘I gorge myself on these hundreds of pieces of commentary like so much candy.'”
Blogs exploded in popularity fast. According to Drezner and Farrell, in 1999, there were an estimated 50 blogs dotted around the internet. By 2007, a blog tracker theorized there were around seventy million.


Tuesday, December 26, 2017

This is a Data Management issue that I find a bit confusing. Probably make for a good paper topic!
Europe’s banks brace for a huge overhaul that throws open the doors to their data
Banks have long been at an advantage when it comes to data on their customers.
From current accounts to credit cards, established lenders have access to vast amounts of information that financial technology (fintech) competitors could only dream of.
In Europe, that could all be about to change.
On January 8, banks operating in the European Union will be forced to open up their customer data to third party firms — that is, when customers give consent. [Is downloading an App proof of consent? Bob]
EU lawmakers hope that the introduction of the revised Payment Services Directive (PSD2) will give non-banking firms the chance to compete with banks in the payments business and give consumers more choice over financial products and services.
… Banks will be required to build application programming interfaces (APIs) — sets of code that give third parties secure access to their back-end data.
… Some believe that tech giants such as Facebook, Amazon and IBM could be primed to disrupt banking, especially once lenders are forced to open their data vaults to tech firms.
… "All financial services products are just data. So companies that are very good at managing data are advantaged in this space. I would also say that once you get into an open banking world, when you don't actually have to be a bank and you can manage a big balance sheet and have all the regulation that goes with it, it changes the game."




Another issue for my Data Management students. Can you play a VHS tape? What about a vinyl record? A wire recording?
Paper – Metadata Provenance and Vulnerability
Metadata Provenance and Vulnerability. Timothy Robert Hart and Denise de Vries, Information Technology and Libraries (ITAL). Vol 36, No 4 (2017). doi: 10.6017/ital.v36i4.10146
“The preservation of digital objects has become an urgent task in recent years as it has been realised that digital media have a short life span. The pace of technological change makes accessing these media increasingly difficult. Digital preservation is primarily accomplished by main methods, migration and emulation. Migration has been proven to be a lossy method for many types of digital objects. Emulation is much more complex; however, it allows preserved digital objects to be rendered in their original format, which is especially important for complex types such as those comprising multiple dynamic files. Both methods rely on good metadata to maintain change history or construct an accurate representation of the required system environment. In this paper, we present our findings that show the vulnerability of metadata and how easily they can be lost and corrupted by everyday use. Furthermore, this paper aspires to raise awareness and to emphasise the necessity of caution and expertise when handling digital data by highlighting the importance of provenance metadata.”


Monday, December 25, 2017

A question for my Data Management class. How could such an obvious error get out?
Erie woman receives $284 billion electric bill
… Her online statement was quickly fixed to the correct amount: $284.46.
Mark Durbin, a spokesman for Penelec’s parent company First Energy, said he doesn’t know how the error occurred but obviously a decimal point was accidentally moved.




Should cities be forbidden by law from denying me an alternative route?
Navigation Apps Are Turning Quiet Neighborhoods Into Traffic Nightmares
… With services like Google Maps, Waze and Apple Maps suggesting shortcuts for commuters through the narrow, hilly streets of Leonia, N.J., the borough has decided to fight back against congestion that its leaders say has reached crisis proportions.
In mid-January, the borough’s police force will close 60 streets to all drivers aside from residents and people employed in the borough during the morning and afternoon rush periods, effectively taking most of the town out of circulation for the popular traffic apps — and for everyone else, for that matter.




The truth emerges at last!
You'd better watch out,
You'd better not cry,
You'd better not pout;
I'm telling you why.
Santa Claus is tapping
Your phone.
He's bugging your room,
He's reading your mail,
He's keeping a file
And running a tail.
Santa Claus is tapping
Your phone.
He hears you in the bedroom,
Surveills you out of doors,
And if that doesn't get the goods,
Then he'll use provocateurs.
So–you mustn't assume
That you are secure.
On Christmas Eve
He'll kick in your door.
Santa Claus is tapping
Your phone.




You learn something new every day. And I grew up only a couple of miles upstream from Washington Crossing NJ.
How a painting of George Washington crossing the Delaware on Christmas went 19th-century viral
… After its German tour, the first version of “Washington Crossing the Delaware” ended up in the Bremen art museum. In an odd twist of fate, it was destroyed by Allied bombing during World War II.


Sunday, December 24, 2017

CPA’s in San Jose. Why so sneaky?
(I should have remembered to anticipate press releases after 3 pm on the Friday of a big holiday weekend. Here’s another one:)
On November 27, 2017, Veyna & Forschino (V&F) encountered suspicious activity on one company email account. V&F immediately began investigating the matter and contacted its local IT firm who disabled access. Further, V&F hired a specialized forensic IT firm to assist in the investigation.
On December 8, 2017, the specialized third party forensic IT firm determined that there was unauthorized access between November 6, 2017 and November 24, 2017 to one company computer workstation through a remote desktop application. In addition to the one email account, the specialized third party forensic IT firm determined that specific electronic files and V&F’s 2016 tax preparation software folder was accessed.
Information included individuals’ name, date of birth, telephone number(s), address, Social Security number, all employment (W-2) information, 1099 information (including account number if provided to V&F), and direct deposit bank account information (including account number and routing information if provided to V&F). Each individual may have been impacted differently.
… Protecting your information is incredibly important to V&F. In addition to the above, V&F notified all three consumer reporting bureaus, law enforcement, and the applicable state agencies, and they are reviewing security policies and procedures to ensure all appropriate steps are taken.
SOURCE Veyna & Forschino




Something to read over the holidays?
A New History of the Second World War
… temperance and Fascism do not mix, and the outsized ambitions of the Axis powers put them on a collision course with the massive geographical, managerial, and logistical advantages possessed by the Allies, which, Hanson suggests, they should have known would be insurmountable.
The Axis powers fell prey to their own mythmaking: they were adept at creating narratives that made exceedingly unlikely victories seem not just plausible but inevitable.