Saturday, July 21, 2018

Apparently a really boring day on the World Wide Web.


I wouldn’t give this a passing grade. Note that they address topics similar to those being debated by the US Congress.
Scott Ikeda reports:
On June 12th the Vietnamese National Assembly voted in a new cybersecurity law. The legislation did not come easily having gone through more than 12 drafts and much debate in government and the business sector. The claimed purposes of the legislation are to increase Vietnam’s Internet sovereignty, that is the data of Vietnamese people should remain within and under the control of Vietnam, and to improve the cybersecurity of the country by controlling what and how people communicate online.
The Law on Cybersecurity regulates all companies, both domestic and foreign with online activities used by customers in Vietnam.

Highlights of the new cybersecurity law

  1. Website owners, no matter what their type, must not allow people to post any material that might be considered ‘anti-state’, inciting opposition or offensive. Owners must have mechanisms for monitoring, verifying, and removing such content from their sites.
  2. Vietnamese or foreign businesses that offer service over the Internet or other telecom networks must:
    • authenticate user information when they register
    • keep that user information confidential
    • cooperate with the Vietnamese authorities and share user information during investigations or users breach cybersecurity law
Read more on CPO Magazine.
[From the article:
    • foreign service providers are required to set up representative offices or branches within Vietnam


Friday, July 20, 2018

Just so you know I’m not always about the doom and gloom. On occasion I like to point to people who get it right!
https://hotforsecurity.bitdefender.com/blog/us-clinical-lab-recovers-within-50-minutes-of-getting-hit-by-samsam-ransomware-20118.html
US clinical lab recovers within 50 minutes of getting hit by SamSam ransomware
LabCorp, a clinical lab based in Burlington, North Carolina, fell victim to a ransomware attack last week, in the latest in a long string of hacker attacks on the healthcare sector.
The healthcare testing & diagnostics company reportedly noticed suspicious activity on its information technology network during the weekend of July 14. According to CSO Online, the company made the attack public in an 8K filing with the Securities and Exchange Commission. It later released an advisory to all parties concerned, saying:
“The activity was subsequently determined to be a new variant of ransomware.
… This particular strain was also used recently to infect the Colorado Department of Transportation, as well as the City of Atlanta.
LabCorp estimated it was able to contain the attack within 50 minutes. The lab is currently at 90 percent capacity and expects to fully recover soon, suggesting it had some solid backups on hand as part of an internal anti-breach program.






Imaging how much more damage a deliberate attack could cause…
https://www.yahoo.com/news/belgian-airspace-closed-over-computer-glitch-154450396.html
Belgian airspace closed over computer glitch
Belgium on Thursday closed its airspace following a computer glitch linked to problems downloading data related to flight plans, said Belgocontrol, the company tasked with controlling the country's skies.
… "The airspace was closed for security reasons, in what we refer to as a 'clear the sky' (procedure)," Belgocontrol's spokesman Alain Kniebs told AFP, describing the incident as "very exceptional."






I was just explaining to my students how fake news and shorting a stock could make hackers a lot of money. I don’t think this has anything to do with my highly detailed purely hypothetical lecture.
http://www.foxnews.com/auto/2018/07/20/fake-cnn-website-claimed-elon-musk-was-leaving-tesla.html
Fake CNN website claimed Elon Musk was leaving Tesla
Elon Musk has not announced plans to leave Tesla to start a digital currency company despite a false report circulating online.
The report, carried on a webpage made to look like the CNN Tech site, claims that Musk is leaving his job as CEO of the company so he can focus on "Bitcoin Profit," which is described as "a new company that he thinks will change the world." Links in the story for Bitcoin Profit redirect the user to advertisements or video streaming sites. A similar report made headlines in September and has circulated since then, sometimes with slightly different details.






An amazing statistic. I wonder if it’s true?
https://qz.com/1329961/hackers-account-for-90-of-login-attempts-at-online-retailers/
Hackers account for 90% of login attempts at online retailers
… Online retailers are hit the most by these attacks, according to a report by cyber security firm Shape Security. Hackers use programs to apply stolen data in a flood of login attempts, called “credential stuffing.” These days, more than 90% of e-commerce sites’ global login traffic comes from these attacks. The airline and consumer banking industries are also under siege, with about 60% of login attempts coming from criminals.






Ignore the fact that it looks like a giant conspiracy.
https://www.politico.com/story/2018/07/18/hackers-states-elections-upgrades-729054
States slow to prepare for hacking threats
Most states aren’t planning to use federal funds to make major election upgrades before November.
U.S. intelligence officials and security experts have spent years urging states to shore up their elections’ digital defenses, and the latest indictments from special counsel Robert Mueller drew fresh attention to Russia’s cyberattacks on the 2016 presidential election.
But less than four months before the midterm elections that will shape the rest of Donald Trump’s presidency, most states’ election offices have failed to fix their most glaring security weaknesses, according to a POLITICO survey of all 50 states.
And few states are planning steps that would improve their safeguards before November, even after they receive their shares of the $380 million in election security funding that Congress approved in March.
Only 13 states said they intend to use the federal dollars to buy new voting machines. At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.
In addition, almost no states conduct robust, statistic-based post-election audits to look for evidence of tampering after the fact.



(Related) No doubt they’ll ignore this too.
https://thenextweb.com/security/2018/07/19/cloudflare-launches-free-protection-for-election-websites/
Cloudflare launches free protection for election websites
Cloudflare has launched a new initiative, called the Athenian Project, to protect electoral websites from online attacks.
The service is available free of charge to state and local governments, and offers Cloudflare’s enterprise-level security and reliability services.



(Related) I wonder if even this will work.
https://www.securityweek.com/doj-cybersecurity-task-force-outlines-plans-protecting-elections
DOJ Cybersecurity Task Force Outlines Plans for Protecting Elections
The U.S. Justice Department’s Cyber-Digital Task Force made public its first report on Thursday, covering the threat to elections, cybercrime schemes, and various other topics.
The first chapter of the 156-page report focuses on what the Attorney General describes as “one of the most pressing cyber-enabled threats” confronting the U.S., specifically “malign foreign influence operations” and their impact on elections and other democratic institutions.
The types of threats described in the report include operations targeting voting machines, voter registration databases and other election infrastructure; operations targeting political entities; and covert influence operations whose goal is to harm political organizations and public officials.
The complete report is available from the DOJ in PDF format.





Oh yeah, them guys again.
https://www.securityweek.com/cyber-axis-evil-rewriting-cyber-kill-chain
A Cyber Axis of Evil is Rewriting the Cyber Kill Chain
The cyber kill chain employed by advanced adversaries is changing. Defenders need to evolve their defensive strategies to meet the new challenge; and they need to develop silent hunting skills.
A new study from Carbon Black queried 37 incident response firms that use its threat hunting tool to gain insight into what is happening after an attacker has breached the network.
Key statistics from the report picked out by Kellerman include the predominance of Russia and China as adversaries. Eighty-one percent of respondents highlighted Russia, and 76% highlighted China. Thirty-five percent say that the end goal is espionage.
… "This evolution coincides with mounting geopolitical tensions," suggests the report. "Nation-states such as Russia, China, Iran and North Korea are actively operationalizing and supporting technologically advanced cyber militias."





Great management and great technology and still the unexpected can happen.
https://www.cnbc.com/2018/07/19/amazon-internal-documents-what-caused-prime-day-crash-company-scramble.html
Internal documents show how Amazon scrambled to fix Prime Day glitches
Amazon failed to secure enough servers to handle the traffic surge on Prime Day, causing it to launch a scaled-down backup front page and temporarily kill off all international traffic, according to internal Amazon documents obtained by CNBC.
And that took place within 15 minutes of the start of Prime Day — one of Amazon's biggest sales days every year.
The e-commerce giant also had to add servers manually to meet the traffic demand, indicating its auto-scaling feature may have failed to work properly leading up to the crash, according to external experts who reviewed the documents. “Currently out of capacity for scaling,” one of the updates said about the status of Amazon’s servers, roughly an hour after Prime Day’s launch. “Looking at scavenging hardware.”
A breakdown in an internal system called Sable, which Amazon uses to provide computation and storage services to its retail and digital businesses, caused a series of glitches across other services that depend on it, including Prime, authentication and video playback, the documents show.
Other teams, including Alexa, Prime Now and Twitch, also reported problems, while some warehouses said they weren’t even able to scan products or pack orders for a period of time.






Perspective. Apparently not even the NYT has the answers.
https://www.nytimes.com/2018/07/19/technology/facebook-misinformation.html
What Stays on Facebook and What Goes? The Social Network Cannot Answer
… it’s been two years since an American presidential campaign in which the company was a primary vector for misinformation and state-sponsored political interference — and Facebook still seems paralyzed over how to respond.
… Presented with straightforward queries about real-world harm caused by misinformation on their service, Facebook’s executives express their pain, ask for patience, proclaim their unwavering commitment to political neutrality and insist they are as surprised as anyone that they are even in the position of having to come up with speech rules for billions of people.
… So to recap: Facebook is deeply committed to free expression and will allow people to post just about anything, including even denying the Holocaust. Unless, that is, if a Holocaust denial constitutes hate speech, in which case the company may take it down. But if a post contains a factual inaccuracy, it would not be removed, but it may be shown to very few people, reducing its impact.
On the other hand, if the misinformation has been determined to be inciting imminent violence, Facebook will remove it — even if it’s not hate speech. On the other other hand, if a site lies repeatedly, spouts conspiracy theories or even incites violence, it can maintain a presence on the site, because ultimately, there’s no falsehood that will get you kicked off Facebook.
All of this fails a basic test: It’s not even coherent. It is a hodgepodge of declarations and exceptions and exceptions to the exceptions.






Simple is too often ignored. This actually looks useful.
https://thenextweb.com/apps/2018/07/19/amazons-new-tool-tracks-down-odd-parts-to-avoid-dreaded-trips-to-the-hardware-store/
Amazon's new Part Finder scans your nuts and bolts to find odd parts
A new Amazon feature first spotted by TechCrunch helps anyone with an iPhone find odd parts that might otherwise involve a trip to the hardware store.
Called “Part Finder,” Amazon‘s new tool is one of the more useful computer vision tools to date. It takes advantage of the iPhone‘s excellent optics to scan, measure, and identify all types of fasteners or other pieces of small hardware. Once found, the app asks for some additional information — screw type, head style, and drive type: Phillips, flathead, etc. — before leading you to the appropriate product on Amazon
To get to the tool, just click the camera from the home screen.
From there it’ll take you to the scanner tool, the same instrument you’d use for scanning barcodes to reorder laundry detergent, for example. Once there, click the bottom of the screen where it says “See more” and the Part Finder tool is hiding in that menu.






For my geeks.
https://analyticsindiamag.com/top-10-free-books-and-resources-for-learning-tensorflow/
Top 10 Free Books And Resources For Learning TensorFlow
TensorFlow, the open source software library developed by the Google Brain team, is a framework for building deep learning neural networks. It is also considered one of the best ways to build deep learning models by machine learning practitioners across the globe. In deep learning models, which rely on a lot of data and computing resources, TensorFlow is used significantly.
While there are many tutorials, books, projects, videos, white papers, and other resources available, we bring you these 10 free resources to get started with TensorFlow and get your concepts clear.






We need a signing App…
https://www.cbsnews.com/news/starbucks-signing-store-washington-dc-set-to-open-in-fall-gallaudet-university/
Starbucks first ever U.S. "Signing Store" will allow customers to order in sign language
Starbucks announced Thursday that they will open its first American "Signing Store," in Washington D.C. this fall, which will be designed with the deaf community in mind. The cafe plans to hire 20-25 employees, from across the United States, who will be proficient in American Sign Language (ASL), meaning deaf individuals will be able to step up to the counter knowing they can communicate easily and effectively.






For some reason, not many of my students have Kindles.
How to Check Out and Read Library Ebooks on Your Phone or Tablet
If your library offers ebooks, one of the easiest ways to search for and check out ebooks is through Overdrive, the leading digital reading platform for libraries and schools worldwide.
But you’re probably not thinking about reading those ebooks on your computer are you? Enter Libby, a mobile app (Android, iOS, Microsoft) meant precisely for reading library ebooks, particularly if you don’t have a Kindle.



Thursday, July 19, 2018

Because when people fail to secure their data, “breaching” that data is really really simple. I can see it as a Audit tool. I’ll ask my students to debate the ethics.
New tool helps you find 48,000+ open Amazon S3 buckets
The Daily Swig: “Hundreds of thousands of potentially sensitive files are publically available through open Amazon buckets, a new online tool can reveal. The free tool, created by software engineer GrayhatWarfare, is a searchable database where a current list of 48,623 open S3 buckets can be found. Amazon’s S3 cloud storage, or Simple Storage Service, is used by the private and public sector alike as a popular way to cache content. Files are allocated buckets, which are secured and private by default, but can easily be set for public access. While it is perfectly acceptable to set S3 buckets as available for all to read, numerous data breaches have been the result of an administrator’s misconfiguration. In March of this year, for example, an unsecured bucket at a US-based jewelry company resulted in the exposure of the personal details of over 1.3 million people, including addresses, emails, and IP identifiers. Bob Diachenko of Kromtech Security was the first to report the incident, and has helped create a tool aimed at detecting bucket permissions, similar to the one created by GrayhatWarefare.
“On the one hand, it [GrayhatWarfare’s tool] follows the same path as Shodan does,” Diachenko told The Daily Swig. “It gives researchers and the general audience a possibility to check if their infrastructure is safe. At the same time, it opens doors for ‘passwords-seekers’ and people with malicious intents to leverage upon data found in this ‘Semsem’ cave…”


(Related) We have access to many tools that are so easy to use we don’t bother to learn how to use them securely.
Thousands of US voters' data exposed by robocall firm
… A Virginia-based political campaign and robocalling company, which claims it can "reach thousands of voters instantly," left a huge batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password.




One way to secure the November election?
Suing South Carolina Because Its Election Machines Are Insecure
A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote.
Note: I am an advisor to Protect Democracy on its work related to election cybersecurity, and submitted a declaration in litigation it filed, challenging President Trump's now-defunct "election integrity" commission.
[From the ‘effectively’ link:
South Carolina's thousands of digital voting machines are antiquated, break down, leave no paper trail of votes that can be audited, and have "deep security flaws" that make them vulnerable to hacking by Russians and others, the 45-page lawsuit alleges.




Security standards can become obsolete. Back in the mainframe days, “Close the door” was a universal standard.
NIST to Withdraw 11 Outdated Cybersecurity Publications
The U.S. National Institute of Standards and Technology (NIST) announced on Tuesday that its Computer Security Division has decided to withdraw eleven outdated SP 800 publications.
NIST’s website currently lists over 180 SP 800 publications, including drafts and final versions. Eleven of them, which are now considered out of date, will be withdrawn on August 1, 2018, and will not be revised or superseded.
The documents will still be available for historical reference, but their status will be changed from “final” to “withdrawn.”




Perspective. And here I thought Congress had to confirm Kavanaugh…
The Biggest Spender of Political Ads on Facebook? President Trump
President Trump’s operation has run dozens of ads on Facebook recently that seek to rally support to confirm Judge Brett M. Kavanaugh to the vacant spot on the Supreme Court.
… Facebook in May began an archive of political ads, which is a publicly searchable database that catalogs the ads and identifies which groups or individuals paid for them. Facebook hopes the database will include any ad that has political content and that was aimed at Americans. The researchers conducted their study by scraping all of that raw data.
Their work provides one of the most comprehensive pictures so far of who is placing political ads on the world’s biggest social network and how much they are spending ahead of the midterm elections in November. Reaching voters through social media has become one of the most effective ways to get a message out, but up until now, the transparency around the practice has been limited.




Perspective. Who’s afraid of the big bad Bezos?
The False Tale of Amazon's Industry-Conquering Juggernaut
Amazon is one of the largest and most formidable companies in the world. It’s run with brutal efficiency, a keen focus on keeping its customers happy, and a deep thirst for innovation. Its $50 billion of revenue per quarter makes the company worth more than $850 billion, which is enough to buy Walmart three times over and still have more than $100 billion in change. (It’s also enough to make founder Jeff Bezos the richest man in modern history.) There’s no industry that Amazon feels incapable of taking on — not even the Google and Facebook fief of advertising, where Amazon is already bringing in some $2 billion in revenues every quarter.
Still, it’s really nothing to be scared of.
… It’s a testament to the cultural salience of the publishing industry that the books precedent looms so large in the mind of the public and stock traders, because today, 24 years after Amazon was founded, the company has failed to achieve similar market power in any other sector. Quite the opposite, in fact. By opening up its platform to third-party sellers, Amazon has ensured that it will nearly always face competition, even on its own website. And as Amazon has become one of the most valuable companies in the world, it has taken increasing pains to avoid doing anything that antitrust authorities might disapprove of. Amazon’s book monopsony is valuable, but it also comes at significant reputational cost; it’s not at all clear that building a similar monopsony in some other market would be a net positive for the company.
Not that it’s threatening to do so. When Amazon bought Whole Foods, it gained no particular control over the food industry: it merely went from having 0.2 percent of the groceries market to having 1.4 percent. When it bought PillPack, for all that it wiped $11 billion off the market capitalization of the likes of CVS and Walgreens, it still acquired a company that only has $100 million in revenue. (Walgreens, by contrast, has over $100 billion.) However Amazon intends to compete in such markets, it’s not going to do so by being the dominant player.




No more “double secret probation!”
Court Vacates Injunction Against Publishing the Law
EFF – Win for Public Right to Know: Court Vacates Injunction Against Publishing the Law – Industry Groups Want to Control Access to Legal Rules and Regulation: “San Francisco – A federal appeals court today ruled that industry groups cannot control publication of binding laws and standards. This decision protects the work of Public.Resource.org (PRO), a nonprofit organization that works to improve access to government documents. PRO is represented by the Electronic Frontier Foundation (EFF), the law firm of Fenwick & West, and attorney David Halperin. Six large industry groups that work on building and product safety, energy efficiency, and educational testing filed suit against PRO in 2013. These groups publish thousands of standards that are developed by industry and government employees. Some of those standards are incorporated into federal and state regulations, becoming binding law. As part of helping the public access the law, PRO posts those binding standards on its website. The industry groups, known as standards development organizations, accused PRO of copyright and trademark infringement for posting those standards online. In effect, they claimed the right to decide who can copy, share, and speak the law. The federal district court for the District of Columbia ruled in favor of the standards organizations in 2017, and ordered PRO not to post the standards…”




For my friends who live/camp/fish in the mountains.
This Twitterbot keeps you up-to-date on fires burning near you
FastCompany: “As fire seasons in the U.S. gets hotter and drier, a new Twitterbot will show you if a wildfire is burning near your house, where the fire is headed, and if a plume of smoke is traveling in your direction by posting an updated time-lapse video and infrared images every six hours. The tool, called @WildfireSignal, went live on Twitter on July 18. Scientists and programmers at Descartes Labs, a startup that processes images from satellites, designed the tool to pull a list of active fires from a government database, then clean up near-real-time images from the GOES-16 satellite at each fire’s location. Using the massive amount of data generated by the satellite, it automatically builds a time-lapse video of each fire and embeds it in a tweet with a hashtag of the fire’s name…”




For my geeks.




For my students. It seems to work!
Formatically Offers a New Instant Citation Tool
Formatically is a service that was designed by college students to help other students create properly formatted works cited pages. Last year I published a tutorial about how to use it. This week Formatically introduced a new instant citation tool. The instant citation tool can be used by anyone to format an APA, MLA, Chicago, or Harvard citation for a book or web page.
To use Formatically's instant citation tool just paste the URL of the page that you want to cite into the instant citation tool. Once pasted into the tool you can choose the format that you want to use for your citation. If there is an error in the citation, you can correct it by clicking the edit icon at the end of the written citation. The system works the same way for books except that rather than entering a web page URL you enter a book title. Watch the video embedded below to learn more about Formatically's instant citation tool.


Wednesday, July 18, 2018

Who would you like to win and by how much? Perhaps now some election districts will ask for independent verification? (Probably not)
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.
In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.
The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold.




A parallel guide for Computer Security students. (Only 232 pages, about 20% of your textbook)
Updating Government Auditing Standards – The 2018 Yellow Book
GAO WatchBlog: “Today we issued a new revision of the Generally Accepted Government Auditing Standards, also known as the “Yellow Book,” which supersedes the 2011 revision of the standards. What kind of training and experience make a competent auditor? How is audit quality control to be maintained? How can an auditor tell if he or she has come across material waste and abuse? The Yellow Book has answers to these questions. Government auditors are required to objectively evaluate government operations, gather sufficient, appropriate evidence, and report the result. To do this, auditors rely on these standards to provide a framework for conducting high-quality audits with competence, integrity, objectivity, and independence…”




I wonder what insurance will cost now in the EU GDPR, big fine era?
Google fined a record $5B for breaking EU antitrust laws
It’s been confirmed: the EU has fined Google a record €4.34 billion ($5 billion). This is in response to the technology giant’s mobile operating software, Android, breaking European antitrust laws.
Announced at 1pm in Brussels by the EU’s Competition Commissioner Margrethe Vestager, she declared that Google must “put an effective end to this conduct in 90 days” or face penalties.




I would imaging some costs will go down as the insurance companies see healthy lifestyles. More granular than simple actuarial tables, but has to average out the same.
Health Insurers Increasing Data Collection on Patients and Rates are Rising
Joint reporting – ProPublica and NPR: “Without any public scrutiny, insurers and data brokers are predicting your health costs based on data about things like race, marital status, how much TV you watch, whether you pay your bills on time or even buy plus-size clothing… With little public scrutiny, the health insurance industry has joined forces with data brokers to vacuum up personal details about hundreds of millions of Americans, including, odds are, many readers of this story. The companies are tracking your race, education level, TV habits, marital status, net worth. They’re collecting what you post on social media, whether you’re behind on your bills, what you order online. Then they feed this information into complicated computer algorithms that spit out predictions about how much your health care could cost them…”




Perspective. I was taught to play to my strengths. Just saying…
Walmart is reportedly building a video streaming service to take on Netflix
The Information reports that retail giant Walmart is thinking about getting into the streaming video business with a new platform – and edge out the likes of Netflix and Amazon Prime Video with cheaper subscriptions.
The company is said to be considering offering plans at under $8 a month, along with an ad-supported free tier. That’d come in at less than Netflix’s cheapest plan in the US ($8 a month) and Amazon Prime Video ($8.99 a month).
That’s all well and good, but it’s worth noting that Walmart already has a video streaming service: Vudu. It acquired the platform back in March 2010, but hasn’t really been able to capitalize on its investment in the past eight years. In March, Bloomberg cited comScore research that saw Vudu users spending less than two hours a month on the platform, while folks spent about 25 hours a month on Netflix.
There’s also the question of catching up to the heavy hitters. Both Netflix and Amazon are busy expanding worldwide and spending billions of dollars producing original content (Netflix intends to burn through $8 billion in 2018 alone). Meanwhile, Facebook and Apple are dipping their toes into the water too – and both have tremendous clout with their users.


(Related) You can see why everyone wants to get into this market.
I’ve been following Netflix since 2005, when I first visited its headquarters in Silicon Valley and interviewed Reed Hastings, its founder and CEO. I don’t think I’ve learned more about strategy, technology, and culture from any other company I’ve studied. It’s a stretch to claim that everything I know about business I learned from watching Netflix, but there’s no doubt that many leaders can see glimpses of the future of competition and innovation by looking at how the company does business.
Despite this week’s news that the company had added fewer new subscribers than expected, if there were an Academy Awards show for business performance, Netflix would still sweep this year’s categories — the corporate equivalent of “Titanic” or “Lord of the Rings.” Wealth creation? The company, which is barely 20 years old, has a stock-market value of nearly $165 billion, more than Disney. Cultural sway? Netflix recently got 112 Emmy nominations, the most of any network or streaming service, toppling HBO, which had received the most nominations for 17 years. Management cred? Its reputation is so strong that a simple PowerPoint slideshow about its culture and HR policies has been viewed more than 18 million times.
Here are three lessons from the rise of Netflix that apply to every company:
Big data is powerful, but big data plus big ideas is transformational.
If you aim to disrupt an industry, you must be willing to disrupt yourself.
Strategy is culture, culture is strategy.




We’re going to be hip deep in lawyer-robots!
AI To Create More Legal Jobs Than Losses’ – Landmark PwC Report
Artificial Lawyer: “AI will create more jobs than it displaces by boosting economic growth, and in particular more legal jobs will be created than lost in the long run, says a major report by Big Four firm, PwC. The study was focused on the UK, which is a useful standard model to compare to other large, highly developed economies. The key finding was that over the next 20 years AI and automation will radically impact the economy ‘displacing’ 7 million roles nationally, but also creating 7.2 million new roles, i.e. a net boost to employment. The main area of losses will be manufacturing, which will see a quarter of jobs disappear in the next 20 years. But, for lawyers it’s an interesting picture (see table below for full details of different employment types). Artificial Lawyer spoke to PwC about the results and they stated that lawyers would be classed in the ‘Professional, scientific and technical’ segment of the economy. Though an amalgamated group, PwC therefore suggests that some legal roles will see a 33% increase, while other types of role decline by 18%, giving a net increase of 16% (when figures are rounded). The AI data, which is contained in the new edition of PwC’s regular UK Economic Outlook, does not get into granular reasons for why or how AI will change the legal jobs outlook. But here are some thoughts from Artificial Lawyer…”




Things my students will need to study. (10 minute Video)
Whiteboard Session: Why Every Organization Needs an AR Strategy
Michael Porter and Jim Heppelman explain how augmented reality will change how we work. For more, read "A Manager's Guide to Augmented Reality."




Perspective. Looks like it needs a bot of work…
Hearing – Facebook, Google and Twitter: Examining the Content Filtering Practice
“House Judiciary Committee Chairman Bob Goodlatte (R-Va.) today delivered the following statement during the House Judiciary Committee’s hearing on “Facebook, Google, and Twitter: Examining the Content Filtering Practices of Social Media Giants.” …Today, we continue to examine how social media companies filter content on their platforms. At our last hearing, which we held April, this Committee heard from Members of Congress, social media personalities, legal experts, and a representative of the news media industry to better understand the concerns surrounding content filtering. Despite our invitations, Facebook, Google, and Twitter declined to send witnesses. Today, we finally have them here. Since our last hearing, we’ve seen numerous efforts by these companies to improve transparency. Conversely, we’ve also seen numerous stories in the news of content that’s still being unfairly restricted. Just before July Fourth, for example, Facebook automatically blocked a post from a Texas newspaper that it claimed contained hate speech. Facebook then asked the paper to “review the contents of its page and remove anything that does not comply with Facebook’s policies.” The text at issue was the Declaration of Independence…”
Witness Statements:


(Related)
Twitter says it doesn’t ‘have the bandwidth’ to fix verification right now
Twitter doesn’t presently “have the bandwidth” to overhaul its verification system, the company’s new head of product announced today. This comes despite Twitter’s continued acknowledgement that it must bring transparency and a clear process to verification and the blue checkmark, which has been stamped on accounts belonging to an erratic mix of world leaders, celebrities, athletes, business executives, journalists, and also alt-right nationalists. The company maintains that verification is fundamentally intended to confirm an account’s authenticity — not signal any sort of endorsement.
… But this afternoon, product lead Kayvon Beykpour said that his team is pausing work on retooling verification and the task “isn’t a top priority for us right now.” Instead, Twitter’s “health” team is focused on election integrity and combatting disinformation ahead of the coming US midterm elections this November and political contests elsewhere.


Tuesday, July 17, 2018

Hacking the self-driving world. (Clear military application!)
Researchers Stealthily Manipulate Road Navigation Systems
A team of researchers from Virginia Tech, the University of Electronic Science and Technology of China, and Microsoft Research has discovered a new and stealthy GPS spoofing method that has been proven to be highly effective against road navigation systems.
GPS spoofing has been around for many years. This attack method can in theory be used to trick drivers into going to an arbitrary location, but in practice the instructions provided by the targeted navigation system often contradict the physical road (e.g. make a left turn on a highway), making it less likely to work in a real-world scenario.
Researchers now claim to have discovered a more efficient method that is less likely to raise suspicion. Using this technique an attacker could trick the victim into following an incorrect route (e.g. cause ambulances and police cars to enter a loop route), deviate a targeted vehicle to a specific location, or cause the target to enter a dangerous situation (e.g. enter a highway the wrong way).
For the attack to work, the attacker needs to know the target’s approximate destination and the most likely victim of this technique would be an individual who is not familiar with the area.




Timely course. Not free, but there is a free trial.
New Pluralsight Course: The State of GDPR - Common Questions and Misperceptions
… We wanted to produce this course now – after GDPR was in action – so that we could have a narrative on what we're learning since it's come into effect. There's a million resources telling everyone all the things they should and should not do (and a good whack of those disagreeing with each other too), this course is a fresh take on things and is far more focused on what's actually happening than it is speculating how the regs will be enforced.




The future for all those transportation services?
How Helsinki Arrived at the Future of Urban Travel First
Harri Nieminen decided it was time to replace his car with an app.
He had owned a car in Helsinki for the past nine years but recently found he’d lost the patience for parking on crowded city-center streets, especially in snowy months. His almost-new Opel Astra had been sitting mostly idle, so he decided to get rid of it. This lifestyle shift came about with the help of an app offering unlimited rides on public transit, access to city bikes, cheap short-distance taxis and rental cars—all for one monthly fee.
… The concept that reshaped Nieminen’s transportation life has an unwieldy name in the industry: mobility as a service, or MaaS. It may become the biggest revolution in personal travel since Ford Motor Co.’s Model T popularized private ownership of motor vehicles a century ago.
The elements of mobility-as-a-service products are already familiar digital services—trip planning, ride hailing, car sharing—alongside the seamless booking, ticketing and payment common to every kind of mobile app. Instead of using one app for rides and local government apps for public transport, Whim offers a single app with a single fee. Users get to pick the most efficient way to get between any two places.
The aim is to eventually make personal cars obsolete by offering people a superior experience. “Your mobile operator can get you all your calls and all the mobile data you need,” said Sampo Hietanen, chief executive officer of MaaS Global Oy, the company behind Whim. “We’re trying to solve the big question in transportation: What do we need to offer to compete with car ownership?”
The cost of cars accounts for as much as 85 percent of personal transportation spending, according to Hietanen, even though the average car is used only 4 percent of the time. That implies a great potential for more efficient allocation: fewer cars shared by a larger group of part-time users.




The roots of privacy are rather tangled. An interesting read.
What Roe v. Wade Means for Internet Privacy
Roe v. Wade left Americans with the idea that privacy is something we can expect as citizens. But does the SCOTUS consider privacy a constitutional right?




Trying to legitimize Bitcoins or at least make it understandable?
IBM Is Helping Launch a Price-Stable Cryptocurrency Insured By the FDIC
The latest attempt to create a cryptocurrency pegged to the U.S. dollar, or "stablecoin," combines 21st-century technology with an invention from the Great Depression.
Announced Tuesday, a startup called Stronghold is launching USD Anchor, which will run on the rails of the Stellar blockchain and use its consensus mechanism to verify transactions. The token will be backed one-for-one with U.S. dollars held at a Nevada-charted trust company called Prime Trust, which in turn will deposit the cash at banks insured by the Federal Deposit Insurance Corp.
IBM is partnering on the initiative with Stronghold, and said it will explore various use cases for the token with its financial institution clients.




Perspective.
Why Bank of America branches are disappearing
Bank of America (BAC) announced on Monday that deposits made on mobile devices like smartphones and tablets are outpacing those made at branches for the first time.
Customers logged into Bank of America's mobile app 1.4 billion times last quarter.
… Bank of America's vast network of branches fell to 4,411 at the end of June, compared with 4,542 a year ago. The company has 1,720 fewer branches than it did in June 2008. That's a 28% drop.




Something for my students to play with? Can we do it right?
FBI Wish List: An App That Can Recognize the Meaning of Your Tattoos
EFF: “We’ve long known that the FBI is heavily invested in developing face recognition technology as a key component in its criminal investigations. But new records, obtained by EFF through a Freedom of Information Act (FOIA) lawsuit, show that’s not the only biometric marker the agency has its eyes on. The FBI’s wish list also includes image recognition technology and mobile devices to attempt to use tattoos to map out people’s relationships and identify their beliefs. EFF began looking at tattoo recognition technology in 2015, after discovering that the National Institute for Standards & Technology (NIST), in collaboration with the FBI, was promoting experiments using tattoo images gathered involuntarily from prison inmates and arrestees. The agencies had provided a dataset of thousands of prisoner tattoos to some 19 outside groups, including companies and academic institutions, that are developing image recognition and biometric technology. Government officials instructed the groups to demonstrate how the technology could be used to identify people by their tattoos and match tattoos with similar imagery. Our investigation found that NIST was targeting people who shared common beliefs, with a heavy emphasis on religious imagery. NIST researchers, we discovered, had also bypassed basic oversight measures. Despite rigid requirements designed to protect prisoners who might be used as subjects in government research, the researchers failed to seek sign-off from the in-house watchdog before embarking on the project…”




I might use this when my handouts reach critical mass. Hardcover, paperback or ebook…


Monday, July 16, 2018

How large a part it played is open for debate. Still, plenty of lessons for my Computer Security students.
Death by leaks: Russian hacking helped sink Clinton 2016 campaign
In September 2015 an FBI cybersecurity agent called up the Democratic National Committee, just gearing up for the coming presidential election, to report that Russia-linked hackers had penetrated their network.
The agent was passed on to the help desk, where his message died.
… in March 2016 hackers from the military intelligence agency, the GRU, broke into computers of the DNC and the Democratic Congressional Campaign Committee, using phishing techniques against staffer emails – including the account of campaign chairman John Podesta – and inserting malware to keep the access open.
And they began sweeping up gigabytes worth of materials.
- Hacking ignored until too late -




Is this Instagram’s fault or did users fail to RTFM.
Instagram users mistakenly believe new question feature is anonymous
Instagram’s constant kamikaze launch of new features, in which they desperately try to hold on to their sizeable but fickle user-base by throwing new story modes and face filters at them, installed an interesting new question and answer function this week.
The feature is similar to sites like Ask.fm and the now-defunct Formspring, where users could ask anonymous questions of each other, with the answers made public. Some people used these sites to secretly tell someone they had a crush on them, or ask something they’d be too frightened to say in public, but they also became hotbeds of high school bullying and were blamed for a spate of suicides.
The big difference with Instagram’s version of the feature, is that the questions aren’t anonymous, you can see which of your followers asked it – although this isn’t made explicit. In fact Instagram confuses users by telling them that if their question is shared, their username won’t be displayed.
It’s true that if the person you’re sending a question to decides to share your question publicly, your username is removed. However, what is not made clear is that the recipient is still able to see your username.




Good use, bad use; can you tell them apart?
Facial Recognition Cameras Challenged in Britain
Police in Britain are testing cameras that scan faces in public spaces and match them in real-time to the faces of wanted criminals. On Friday, Big Brother Watch, a London-based civil liberties group, said it would seek to stop the use of these cameras, lest Britain become a surveillance state, like China.
As early as next week, Silkie Carlo, the director of Big Brother Watch, said the group’s attorneys will challenge the use of the cameras in a process known as judicial review in Britain’s High Court.
“Our legal challenge will be the first in the world against the police use of automated facial recognition,” Carlo said in a telephone interview.
… The plaintiffs say that police use of the technology is unlawful and a violation of human rights. They say the technology has a chilling effect on democracy and freedom of expression and erodes the right to privacy.
… “There is no legal basis for it,” Carlo said.




Perspective. So my Computer Security class is learning to secure smartphones.
The PC Industry (Barely) Grew for the First Time in 6 Years
Both Gartner and IDC agree that the PC industry grew—if very slightly—in the quarter ending June 30, the first that’s happened in years.
I’ll have a deeper analysis of this situation for Premium members soon. But to be clear, this does not mean that the PC industry is “back,” or that we will now see growth in subsequent quarters, let alone this or future calendar years.
“PC shipment growth in the second quarter of 2018 was driven by demand in the business market, which was offset by declining shipments in the consumer segment,” Gartner’s Mikako Kitagawa wrote, noting that consumer PC market is still shrinking at an alarming rate thanks to smartphones.




A national health system. What could possibly go wrong?
My Health Record: privacy, cybersecurity and the hacking risk
From Monday, Australians will have three months to opt out of a new digital medical record that can hold on to information for up to 30 years after they die.
The digital record, called My Health Record, will be automatically set up for every Australian unless they opt out before 15 October.
It will track Australians’ allergies, medical conditions, previous or current medication, test results and anything else that is uploaded by your doctor – and share it between medical providers.
Doctors say it will improve the quality of care but others are urging people to opt out due to privacy and cybersecurity concerns.


(Related)
My Health Record systems collapse under more opt-outs than expected
Australians attempting to opt out of the government's new centralised health records system online have been met with an unreliable website. Those phoning in have faced horrendous wait times, sometimes more than two hours, often to find that call centre systems were down as well, and staff unable to help.
The Australian Digital Health Agency (ADHA), which runs the My Health Record system, is reportedly telling callers that they weren't expecting the volume of opt-outs.
… Cannold, a research ethicist and health regulator, said she'd like to see government prove the value of My Health Record, as well as their capacity to keep it secure, before she opts in to have one. The system should also be designed to allow users to withdraw their record at any time. Currently, opting out merely marks your data as "unavailable", while actually keeping it on the system until 30 years after your death.
… "I can absolutely categorically state that none of the apps and none of the use of the My Health Record data will be able to be sold to third parties – that's absolutely prohibited," he said.
And yet earlier this month, the My Health Record partner app HealthEngine was caught doing exactly that.
We know full well that prohibiting something doesn't mean it won't happen.




Perspective. Is China at or near a tipping point? Will the rest of the world follow?
As China goes increasingly cashless, PBOC says cash payment is still alive
The banking regulator reminds businesses to accept cash payments even as mobile payment transactions reached a record US$12.8 trillion




Perspective.
In about 20 years, half the population will live in eight states
… The Weldon Cooper Center for Public Service of the University of Virginia analyzed Census Bureau population projections to estimate each state’s likely population in 2040, including the expected breakdown of the population by age and gender.
… Eight states will have just under half of the total population of the country, 49.5 percent, according to the Weldon Cooper Center’s estimate. The next eight most populous states will account for an additional fifth of the population, up to 69.2 percent — meaning that the 16 most populous states will be home to about 70 percent of Americans.
… 30 percent of the population of the country will control 68 percent of the seats in the U.S. Senate. Or, more starkly, half the population of the country will control 84 percent of those seats.




A resource for my students.
NIH NNLM Gov Doc/Database: Data Thesaurus
Data Thesaurus: All – Welcome to the Data Thesaurus, a resource connecting and defining concepts, services, and tools relevant to librarians working in data-driven discovery. A definition, relevant literature, and web resources accompany each term along with links to related terms. Search by term or keyword on the right or browse the 70 terms below.”




Did I remember that quote correctly? Often I add my own interpretation.
The Open Library – Search Full-Text within 4M+ Books
The Open Library Blog: “Open Library now lets you search inside the text contents of over 4M books. Many book websites, like Amazon and Goodreads, give you the ability to search for books by title and author, but they don’t make it easy to find books based on their contents. This type of searching is called “Full-Text Search”… When you search across 40M documents, it can be a challenge to find the one you’re looking for. One feature which Open Library has been missing is a way to limit Internet Archive’s full-text search to only include results from books on Open Library. So for the last two years, Open Library has patiently waited to take full advantage of full-text search for its users. Earlier this week, Giovanni Damiola (@giovannidamiola) released an improvement to our full-text search engine which lets us get around this historical limitation — and so we jumped on this opportunity to improve our search on openlibrary.org! With the help of Razzi Abuissa, Open Library volunteer, and Mek, Open Library’s project lead, you can now search inside more than 4M Open Library books…”


Sunday, July 15, 2018

Why does it take so long for the bank to determine what it did? Do they have no records? Does management not bother to look?
Wells Fargo Finds Even More Customers That It Overcharged
Wells Fargo keeps finding new parts of its vast banking empire that overcharged innocent customers.
On Friday, Wells Fargo disclosed it’s setting aside another $285 million to refund foreign-exchange and wealth-management clients
That’s on top of Wells Fargo’s infamous consumer scandals. The bank has already paid out rebates to customers for opening fake accounts in their names, forcing them into car insurance they didn’t need and charging them mortgage fees they didn’t deserve.




“We need to vacuum up more data!”
Walmart patents audio technology to record customers and employees
Walmart wants to listen to its workers and shoppers more. A lot more.
America’s largest retailer has patented surveillance technology that could essentially spy on cashiers and customers by collecting audio data in stores. The proposal raises questions about how recordings of conversations would be used and whether the practice would even be legal in some Walmart stores.
“This is a very bad idea,” Sam Lester, consumer privacy counsel of the Electronic Privacy Information Center in Washington, D.C., told CBS News. “If they do decide to implement this technology, the first thing we would want and expect is to know which privacy expectations are in place.”
… According to the patent filed Tuesday, the sensors would be “distributed through at least a portion of a shopping facility” and collect data that will create a “performance metric” for Walmart workers. For example, the sensors would pick up on how many items are scanned, how many bags are used, how long shoppers wait in line and how employees greet customers.




For our Business Continuity discussion.
Timing
In addition to longitude, latitude, and altitude, the Global Positioning System (GPS) provides a critical fourth dimension – time. Each GPS satellite contains multiple atomic clocks that contribute very precise time data to the GPS signals. GPS receivers decode these signals, effectively synchronizing each receiver to the atomic clocks. This enables users to determine the time to within 100 billionths of a second, without the cost of owning and operating atomic clocks.
Precise time is crucial to a variety of economic activities around the world. Communication systems, electrical power grids, and financial networks all rely on precision timing for synchronization and operational efficiency.




No similar precedent in the US?
A German court ruled you can inherit Facebook content like a letter or a diary
Germany’s highest court ruled Thursday (July 12) that the parents of a teenager who died in 2012 after being hit by a train should be allowed to access her Facebook account, including her private messages.
The court argued that digital content should be passed onto heirs like letters, books, or diaries. The girl’s parents wanted to look into her account to determine whether she committed suicide. This would also help determine whether the driver of the train should be entitled to compensation.
Over the course of the legal battle, Facebook refused to give parents access to the account to protect the privacy of the people she was connected to on the platform, the BBC reported.
Currently, Facebook’s policy is to “memorialize” an account when the site is informed of someone’s death. If a user has a “legacy contact” (here are instructions on how to set one up), Facebook grants them limited access to the user’s account, allowing them change the user’s profile picture, accept friend requests, or pin posts to the top of the user’s profile. They can also ask the platform to delete the account. Recently, Facebook told Quartz, the company revised its policy to allow parents or guardians of minors to become legacy contacts after their child has died.