Thursday, July 20, 2017

This is either a very strange hacker or some really poor reporting.  Somehow, much of the detail seems to be missing from this story.  For instance, what was a “Homeland Security Agent” doing here? 
Montco man tells feds he stole $40M in bitcoin
Police on the trail of two missing laptops and a gold necklace followed it to the Montgomery County home of a self-described computer hacker who claims responsibility for what could be one of the largest virtual currency heists of all time, court documents say.
Theodore Price of Hatfield told a local detective and a Homeland Security agent investigating a burglary at the Holland Township, Bucks County, home of his girlfriend’s parents that he wrote software to steal between $40 million and $50 million in the online currency bitcoin, the documents say.
When the officers arrived at his door last week, he told them he had been preparing to flee to London on a chartered jet using a fake passport in the name of “Avengers” movie star Jeremy Renner, a complaint filed in federal court Wednesday says.
   A court document filed last week that charged Price with unauthorized access to a computer to commit a federal crime for personal financial gain listed the value of the stolen bitcoin at between $40 million and $50 million.
Assistant U.S. Attorney Lesley Bonney said the unauthorized access charge has since been withdrawn, but would not say why Price was not charged with the bitcoin theft he admitted to the agent.


Imagine overriding a self-driving car…  This is like that.
Segway miniPRO Flaws Put Riders at Risk of Injury
   IOActive researchers analyzed the miniPRO application and determined that an attacker could have intercepted unencrypted Bluetooth communications between the scooter and the mobile app.
While the app did require a PIN when launched, experts determined that the Bluetooth interface was unprotected at the protocol level, allowing an attacker to access it and remotely conduct various actions.


A warning for my students.
   LeakerLocker … locks your home screen but doesn’t encrypt everything you’ve got on your device.  It’s still ransomware, however, because it warns that it’s gathering your browser data, text messages, call history, location information, emails, social media messages, and photos.  It states that, without paying up, it will leak all this private data to your contacts.


“If it costs money or takes time, we’re against it!”  The DHS report is a “must read” for my Ethical Hacking students.
Telecom Lobbyists Downplayed ‘Theoretical’ Security Flaws in Mobile Data Backbone
   In May, the DHS published an in-depth, 125-page report on government mobile device security, which noted that SS7 "vulnerabilities can be exploited by criminals, terrorists, and nation-state actors/foreign intelligence organizations."  DHS noted that it currently doesn't have the authority to require carriers to perform security audits on their network infrastructure, or the authority to compel mobile carrier network owners to provide information to assess the security of these communication networks.
CTIA took several issues with the report.  In its own white paper responding to the DHS, CTIA told US politicians in May that focusing on some SS7 attacks is "unhelpful," said the report "focuses on perceived shortcomings" in the protocol, and claimed that talking about the issues may help hackers, according to the white paper obtained by Motherboard.  Specifics from the paper were discussed by Motherboard with CTIA officials.  


I’ve been discussing this with my students.  Does your organization know what CPU is in each machine?  Will security suffer if some of your computers can’t be updated? 
Confirmed: Windows 10 will cut off devices with older CPUs
After stories arose of failed attempts to upgrade such hardware to the Creators Update, Microsoft confirmed late Wednesday that any hardware device that falls out of the manufacturer’s support cycle may be ineligible for future Windows 10 updates.
   “Recognizing that a combination of hardware, driver and firmware support is required to have a good Windows 10 experience, we updated our support lifecycle policy to align with the hardware support period for a given device,” Microsoft said in a statement.  “If a hardware partner stops supporting a given device or one of its key components and stops providing driver updates, firmware updates, or fixes, it may mean that device will not be able to properly run a future Windows 10 feature update.”


Perhaps we do have a problem of “reading for comprehension.”  I assume the managers in this company could have read the law, or their lawyers warning about the law?  By the way, that fine is way too small.  Shouldn’t they get hit for at least 10 cents per email?  (£80,000 is $103,757.60 according to Google, which works out to .015 cents per email.) 
Price comparison website Moneysupermarket.com Ltd has been fined £80,000 by the Information Commissioner’s Office (ICO) for sending millions of emails to customers who had made it clear they didn’t want to be contacted in that way.
The company sent 7.1 million emails over 10 days updating customers with its Terms and Conditions. But all the recipients had previously opted out of direct marketing.
Moneysupermarket’s email included a section entitled ‘Preference Centre Update’ which read:
“We hold an e-mail address for you which means we could be sending you personalised news, products and promot¡ons.  You’ve told us in the past you prefer not to receive these.  If you’d like to reconsider, simply click the following link to start receiving our e-mails.”
Asking people to consent to future marketing messages when they have already opted out is against the law.


Legal exceptions to constitutional rights? 
From the ACLU:
Records obtained by the ACLU of Massachusetts reveal extensive, warrantless surveillance of Massachusetts residents’ communications records.  Under a law passed in 2008, prosecutors in Massachusetts may demand IP address logs, subscriber information, banking and credit card records, and call records revealing sensitive details about a person’s life—all without any judicial oversight or external accountability.  The Boston Globe reports:
“It’s a sanctioned fishing expedition tool,” said Kade Crockford, director of the Technology for Liberty Program at the ACLU of Massachusetts.  “It shouldn’t be easy for law enforcement to dig around in our communications records, and find out who we’re talking to, and for how long, and be able to strip us of our anonymity online, simply by signing a piece of paper.” …
Read more on The ACLU.


Would you cut of the President?  Imagine the downside! 
Twitter Crackdown on Abuse Raises Question: Do the Rules Apply to Trump?
Twitter Inc. said it has clamped down on harassment on its service, a campaign that is forcing the company to confront tricky questions about how it applies its standards.


A nightmare: Think of a Big Brother-like world where all devices switch to any appearance of President Trump to ensure that we never miss a second of his brilliance.  (I bet we could sell it to Kim Jung Un.)
Internet Archive Blogs: “Working with Matroid, a California-based start up specializing in identifying people and objects in images and video, the Internet Archive’s TV News Archive today releases Face-O-Matic, an experimental public service that alerts users via a Slack app whenever the faces of President Donald Trump and congressional leaders appear on major TV news cable channels: CNN, Fox News, MSNBC, and the BBC.  The alerts include hyperlinks to the actual TV news footage on the TV News Archive website, where the viewer can see the appearances in context of the entire broadcast, what comes before and what after.  The new public Slack app, which can be installed on any Slack account by the team’s administrator, marks a milestone in our experiments using machine learning to create prototypes of ways to turn our public, free, searchable library of 1.3 million+ TV news broadcasts into data that will be useful for journalists, researchers, and the public in understanding the messages that bombard all of us day-to-day and even minute-to-minute on TV news broadcasts.  This information could provide a way to quantify “face time”–literally–on TV news broadcasts.  Researchers could use it to show how TV material is recycled online and on social media, and how editorial decisions by networks help set the terms of public debate…”


Colorado will give only “data not shielded by law.”
States bristled but at least 30 will give personal voter data to Trump
Despite criticism from most states about the Trump administration’s request for voters’ personal information, half have said they will deliver some or all of that data to the White House election commission.
   According to the Brennan Center for Justice, which has collected public statements from all 50 states, 17 stateshave agreed to provide the commission with data allowable by state law —that includes Florida, North Carolina and Washington.  Another eight states have indicated they would release the information, if certain conditions are met, primarily paying a fee.
Most, if not all, will withhold Social Security numbers.


An interesting article.  How do we keep AI from repeating the flaws of our biased “intelligence?”
Technology Is Biased Too. How Do We Fix It?
Whether it’s done consciously or subconsciously, racial discrimination continues to have a serious, measurable impact on the choices our society makes about criminal justice, law enforcement, hiring and financial lending.  It might be tempting, then, to feel encouraged as more and more companies and government agencies turn to seemingly dispassionate technologies for help with some of these complicated decisions, which are often influenced by bias.  Rather than relying on human judgment alone, organizations are increasingly asking algorithms to weigh in on questions that have profound social ramifications, like whether to recruit someone for a job, give them a loan, identify them as a suspect in a crime, send them to prison or grant them parole.
But an increasing body of research and criticism suggests that algorithms and artificial intelligence aren’t necessarily a panacea for ending prejudice, and they can have disproportionate impacts on groups that are already socially disadvantaged, particularly people of color.  Instead of offering a workaround for human biases, the tools we designed to help us predict the future may be dooming us to repeat the past by replicating and even amplifying societal inequalities that already exist.


We do this to ourselves, and never correct our mistake.
The Myth and the Cost of Drug Expiration Dates
by on
Investigative research and report by PrpPublica and NPR’s Shots Blog: “Hospitals and pharmacies are required to toss expired drugs, no matter how expensive or vital.  Meanwhile the FDA has long known that many remain safe and potent for years longer…  The dates on drug labels are simply the point up to which the Food and Drug Administration and pharmaceutical companies guarantee their effectiveness, typically at two or three years.  But the dates don’t necessarily mean they’re ineffective immediately after they “expire” — just that there’s no incentive for drugmakers to study whether they could still be usable.  ProPublica has been researching why the U.S. health care system is the most expensive in the world.  One answer, broadly, is waste — some of it buried in practices that the medical establishment and the rest of us take for granted.  We’ve documented how hospitals often discard pricey new supplies, how nursing homes trash valuable medications after patients pass away or move out, and how drug companies create expensive combinations of cheap drugs.  Experts estimate such squandering eats up about $765 billion a year — as much as a quarter of all the country’s health care spending…”


Helping students pick a major/specialization?
In the simplest of terms, computer science is the study of information (“data”) and how it can be manipulated (“algorithms”) to solve problems, mostly in theory but also in practice.
Computer science is not the study of computers, nor does it strictly require the use of computers.  Data and algorithms are possible to compute using pen and paper, which makes “computer science” a misnomer.  Computer science is more akin to mathematics, which is why some now prefer to use the term “informatics” instead.
   Here’s a non-exhaustive list of the most common “types” of computer science you may encounter and what each one specializes in.  As you’ll see, computer science is one of the broadest fields today:
  • Artificial Intelligence — The development of machines that can display cognitive functions like thinking, speaking, reasoning, and solving problems. Incorporates other fields, including linguistics, psychology, and neuroscience. Machine learning is a subset that explores the ability of machines to learn, evolve, and recognize patterns in data on their own.
  • Bioinformatics — The use of computer science to measure, analyze, model, and understand the complexities of biology. Involves the large-scale analysis of data, high-performance computations, data simulations, molecular models, and more.
  • Computational Theory — The study of algorithms and mathematical proofs. Not only concerned with the creation of new algorithms or the improvement of existing algorithms, but also the methods and provability of theorems.
  • Computer Graphics — The study of how data can be manipulated and transformed in a way that’s intuitive for humans to view. Includes topics like photorealistic images, dynamic image generation, 3D modeling and animations, and data visualizations.
  • Game Development — The creation of PC, mobile, and web games for entertainment. Game engines are designed differently from business and research applications, and often involve unique algorithms and data structures optimized for real-time interaction.
  • Networking — The study of distributed computer systems and how communications can be improved within and between networks.
  • Robotics — The creation and development of algorithms used by robotic machines. Includes improvements to robotic kinematics, the interface between robots and humans, environmental interactions, robot-to-robot interactions, virtual agents, etc.
  • Security — The development of algorithms, methods, and software to protect computer systems against intruders, malware, and abuse. Includes cloud and network security, PC security, mobile security, email security, anti-virus software, and cryptography (the study of encryption and decryption).


Might become useful.
Apple launches machine learning research site
Apple just launched a blog focused on machine learning research papers and sharing the company’s findings.  The Apple Machine Learning Journal is a bit empty right now as the company only shared one post about turning synthetic images into realistic ones in order to train neural networks.


Helping my students find current articles?
Google’s new Feed will offer content Google thinks you want to see.  This will be based on your interactions with Google, as well as what’s trending in your area and beyond.  While Google will do most of the heavy lifting, you’ll be able to customize your feed by following certain topics after you’ve searched for them.
Google outlines the thinking behind the Feed in a blog post on The Keyword.  The company states that the Feed is designed to make it “easier than ever to discover, explore and stay connected to what matters to you, even when you don’t have a query in mind”.  And that last part of the sentence is key.
   U.S. readers should be able to access the Feed from today (July 19) just by updating the Google app on Android or on iOS.  It will then roll out internationally over the next couple of weeks.


Our bookstore will hate this.
For books that you have no desire to buy and keep forever, these sites can help.  They offer great rental prices and flexible terms, making them ideal for college students on a budget.


Is there a market for free, ad-sponsored apps?  How about birds, flowers, fish, etc.?
Tree Identification Field Guide
by on
Tree Identification Field Guide (this app has a small fee): “Our illustrated, step-by-step process makes it easy to identify a tree simply by the kinds of leaves it produces.  Begin identifying your tree by choosing the appropriate region…”

Wednesday, July 19, 2017

Be sure to read ALL the documentation, especially that bit about default settings. 
Kelly Sheridan reports:
A data leak at Dow Jones & Co. exposed the personal information of millions of customers after a public cloud configuration error.  This marks the fifth major public cloud leak in the past several months after similar incidents affected Verizon, the WWE, US voter records, and Scottrade.
This mistake compromised millions of customers’ names, account information, physical and email addresses, and last four digits of credit card numbers.  It also affected 1.6 million entries in Dow Jones Risk and Compliance, a collection of databases used by financial companies for compliance with anti-money laundering regulations.
Read more on Dark Reading.
[From the article:  
All of this information was left exposed in an Amazon Web Services S3 bucket, which had its permission settings configured to let any AWS Authenticated User download data using the bucket's URL.  Amazon defines "authenticated user" as anyone who has a free AWS account, meaning the data was available to more than one million users.


Kind of generic warning, unless they know something specific they don’t want to reveal. 
UK Spy Agency Warns of State-sponsored Hackers Targeting Critical Infrastructure
The U.K. Government Communications Headquarters (GCHQ), Britain's secret eavesdropping agency, warns that 'a number of [UK] Industrial Control System engineering and services organisations are likely to have been compromised' following the discovery of 'connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors.'
The warning comes from a National Cyber Security Centre (NCSC) memo obtained by Motherboard and confirmed by the BBC.  NCSC is part of the UK's primary cyber intelligence agency, GCHQ.
From the little information available, it doesn't appear as if there are any specifically known compromises -- NCSC might simply be working from the statistical probability that if enough phishing attacks are launched, at least some will inevitably succeed. 


I read this as, “We’re gonna do something as soon as we figure out what that might be.”  Looks like they will reiterate basic security guidelines.  Nothing on “Fake News?” 
Former Clinton and Romney campaign chiefs join forces to fight election hacking
   The bipartisan project aims to develop ways to share key threat information with political campaigns and state and local election offices; create “playbooks” for election officials to improve cybersecurity; and forge strategies for the United States to deter adversaries from engaging in hacks and information operations, among other things. 
   “This project will find practical solutions to help both parties and civic institutions that are critical to our elections better secure themselves.”


Attacking more subtly than with nukes. 
AI Could Revolutionize War as Much as Nukes
In 1899, the world’s most powerful nations signed a treaty at The Hague that banned military use of aircraft, fearing the emerging technology’s destructive power.  Five years later the moratorium was allowed to expire, and before long aircraft were helping to enable the slaughter of World War I.  “Some technologies are so powerful as to be irresistible,” says Greg Allen, a fellow at the Center for New American Security, a non-partisan Washington DC think tank.  “Militaries around the world have essentially come to the same conclusion with respect to artificial intelligence.”
Allen is coauthor of a 132-page new report on the effect of artificial intelligence on national security.
   The report also says that the US should soon be able to significantly expand its powers of attack and defense in cyberwar by automating work like probing and targeting enemy networks or crafting fake information.

(Related).  And zombies!  Don’t forget the zombies! 
Top US general warns against rogue killer robots
The second highest-ranking general in the U.S. military on Tuesday warned lawmakers against equipping the military with autonomous weapons systems that humans could lose control of and advocated for keeping the "ethical rules of war" in place.
   "I don't think it's reasonable for us to put robots in charge of whether or not we take a human life," Selva told the committee.
Peters mentioned that the directive expires later this year, and told Selva that America's enemies would not hesitate to employ such technology.


Social Media as a tool…
How Brands Can Engineer Social Media Content
In the world of social media advertising, the biggest win for firms is when consumers are delighted by the content they see, want to engage with it and eventually buy something.  Kartik Hosanagar, Wharton professor of operations, information and decisions, has co-authored research that takes a closer look at brand posts on Facebook to determine the type and mix of content advertisers should aim for to get results.  The paper, “Advertising Content and Consumer Engagement on Social Media: Evidence from Facebook,” which was co-authored with Dokyun Lee of Carnegie Mellon University and Stanford University’s Harikesh Nair, is forthcoming in the journal Management Science.  Hosanagar recently joined Knowledge@Wharton to discuss his findings.


We knew this, right?
Study: 1 in 4 U.S. Jobs At Risk of Offshoring
Researchers at Muncie, Indiana's Ball State University recently published an illuminating – and concerning – dive into expectations for the future health of the U.S. labor market in a paper titled "How Vulnerable Are American Communities to Automation, Trade and Urbanization?"
The answer: Pretty vulnerable.
Drawing on new and existing research focused on job movement and potential displacement in the U.S., the researchers indicated as many as 25 percent of American jobs could be offshored in the years ahead, at risk of replacement by foreign competition.  And half of all low-skill jobs could eventually be automated, potentially displacing millions of U.S. workers.
   Since the recession that ended in 2009, researchers estimate "half the net establishment growth [or business formation] in the United States … occurred in just 0.64 percent of the more than 3,100 U.S. counties."  [Okay, that I didn’t know.  Bob] 


Interesting.  Perhaps we should change our Presentation course?
Does a presentation’s medium affect its message? PowerPoint, Prezi, and oral presentations
by on
“Despite the prevalence of PowerPoint in professional and educational presentations, surprisingly little is known about how effective such presentations are.  All else being equal, are PowerPoint presentations better than purely oral presentations or those that use alternative software tools?  To address this question we recreated a real-world business scenario in which individuals presented to a corporate board.  Participants (playing the role of the presenter) were randomly assigned to create PowerPoint, Prezi, or oral presentations, and then actually delivered the presentation live to other participants (playing the role of corporate executives).  Across two experiments and on a variety of dimensions, participants evaluated PowerPoint presentations comparably to oral presentations, but evaluated Prezi presentations more favorably than both PowerPoint and oral presentations.  There was some evidence that participants who viewed different types of presentations came to different conclusions about the business scenario, but no evidence that they remembered or comprehended the scenario differently.  We conclude that the observed effects of presentation format are not merely the result of novelty, bias, experimenter-, or software-specific characteristics, but instead reveal a communication preference for using the panning-and-zooming animations that characterize Prezi presentations.” 

Tuesday, July 18, 2017

The Internet version of Willie Sutton?  Hack “where the money’s at!” 
Hacker Steals $7 Million in Ethereum From CoinDash
An actor managed to hack the CoinDash official website during the company's ICO (Initial Coin Offering) and diverted over $7 million worth of Ethereum by replacing the official wallet address with their own.
The incident took place on Monday, just minutes after the company launched its ICO in an attempt to raise funds in the form of Ethereum crypto-currency.  Similar to an (IPO) Initial Public Offering, an ICO happens when a company is looking to gather funds and issue tokens in return.
According to CoinDash, the hacker managed to take over the official website only three minutes after the ICO started.  They replaced the official Ethereum wallet address with their own, which resulted in people sending over $7 million to the fradulent address.


How do you get the attention of someone who gives a damn? 
Myspace let you hijack any account just by knowing the person’s birthday
If you haven’t deleted your decade-plus old Myspace account yet, now may be the time to do it.  As it turns out, it’s been embarrassingly easy for someone to break into and steal any account on the site.
Security researcher Leigh-Anne Galloway posted details of the flaw on her blog this morning after months of trying to get Myspace to fix it — and hearing nothing back from the company.  Only today, after the issue became widely publicized, did Myspace finally remove the flaw.


Security incidents can be expensive.  FedEx bought TNT last year and apparently did not fully upgrade their systems.  That might have kept the virus out. 
FedEx says cyber attack to hurt full-year results
Package delivery company FedEx Corp (FDX.N) said a disruption in services in its TNT Express unit following a cyber attack last month would hurt its full-year results.
FedEx's shares fell as much as 3.4 percent to $211.53 in early trading as the company said the financial impact of the disruption on its results was likely to be "material".
The Netherlands-based TNT Express is still experiencing widespread service delays following the attack, caused by the Petya cyber virus that spread through a Ukrainian tax software product, FedEx said.
FedEx said it lost revenue due to decreased volumes at TNT Express and incurred incremental costs from contingency plans and remediation of affected systems.
The company said it did not have an insurance in place that covered the impact from the cyber attack.  


If this was the Russians, they are much worse at hacking than I thought.  Note that success would not change a single vote, but it might allow them to register a few million new voters for the next election. 
Nearly 150,000 attempts to hack SC voter registration system on Election Day: report
Hackers tried to infiltrate South Carolina’s voter registration system nearly 150,000 times on Election Day 2016, according to a South Carolina State Election Commission report detailed in The Wall Street Journal.
South Carolina, which President Trump won by a wide margin during the election, did not find evidence that would suggest the attempted breaches were successful, the paper reported.

(Related).  Looks like everyone is trying to manipulate someone via social media.
Paper – Troops, Trolls and Troublemakers: A Global Inventory of Organized Social Media Manipulation
by on
Samantha Bradshaw & Philip N. Howard, Troops, Trolls and Troublemakers: A Global Inventory of Organized Social Media Manipulation. Samuel Woolley and Philip N. Howard, Eds. Working Paper 2017.12. Oxford, UK: Project on Computational Propaganda.  comprop.oii.ox.ac.uk http://comprop.oii.ox.ac.uk/. 37 pp.
“Cyber troops are government, military or political party teams committed to manipulating public opinion over social media.  In this working paper, we report on specific organizations created, often with public money, to help define and manage what is in the best interest of the public.  We compare such organizations across 28 countries, and inventory them according to the kinds of messages, valences and communication strategies used.  We catalogue their organizational forms and evaluate their capacities in terms of budgets and staffing.  This working paper summarizes the findings of the first comprehensive inventory of the major organizations behind social media manipulation.  We find that cyber troops are a pervasive and global phenomenon.  Many different countries employ significant numbers of people and resources to manage and manipulate public opinion online, sometimes targeting domestic audiences and sometimes targeting foreign publics.  The earliest reports of organized social media manipulation emerged in 2010, and by 2017 there are details on such organizations in 28 countries.  Looking across the 28 countries, every authoritarian regime has social media campaigns targeting their own populations, while only a few of them target foreign publics.  In contrast, almost every democracy in this sample has organized social media campaigns that target foreign publics, while political-party-supported campaigns target domestic voters.  Authoritarian regimes are not the only or even the best at organized social media manipulation.  The earliest reports of government involvement in nudging public opinion involve democracies, and new innovations in political communication technologies often come from political parties and arise during high-profile elections.  Over time, the primary mode for organizing cyber troops has gone from involving military units that experiment with manipulating public opinion over social media networks to strategic communication firms that take contracts from governments for social media campaigns.”


Hacking is hot (even if misunderstood) in Washington.
Intel, Defense Bills Amended to Include Russian Hacking
Intelligence and defense policy legislation passed last week shows that the United States government is increasingly concerned about cyberattacks, particularly attacks coming from Russia.
The National Defense Authorization Act (NDAA), which the House of Representatives passed on Friday, specifies the budget and expenditures of the U.S. Department of Defense (DoD).
The list of amendments for the fiscal year 2018 includes several issues related to cyber capabilities.  One of the adopted amendments requires the DoD to update its cyber strategy, to require the president to create a strategy for using offensive cyber capabilities, and providing technical assistance to NATO members.
   The Intelligence Authorization Act for Fiscal Year 2018, which the House Permanent Select Committee on Intelligence unanimously advanced on Thursday, also references Russia.
The Intelligence Authorization Act, which authorizes funding for the U.S. intelligence community, requires the Director of National Intelligence to submit a report assessing the most significant Russian influence campaigns aimed at foreign elections.
Without specifically naming Russia, the bill also requires an unclassified advisory report on foreign counterintelligence and cybersecurity threats to federal election campaigns.  This comes after the U.S. officially accused Russia of attempting to interfere with last year’s presidential election.


Secret is good? 
Federal court rejects challenge to national security data requests
The Federal 9th Circuit Court of Appeals ruled Monday that gag orders issued with warrant-like national security letters do not violate the First Amendment.
National security letters serve the same functions as a warrant but do not require judicial oversight.


The FBI is keeping us safe!
Consumer Notice: Internet-Connected Toys Could Present Privacy and Contact Concerns for Children
The FBI encourages consumers to consider cyber security prior to introducing smart, interactive, internet-connected toys into their homes or trusted environments.  Smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors based on user interactions.  These toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options.  These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.


Interesting discussion.
Video: The Impact of Machine Learning on Work Is Bigger Than You Think
Despite much hype about artificial intelligence, we’re actually underestimating what’s coming, said MIT researcher Andrew McAfee in a fireside chat with his long-time MIT collaborator, Erik Brynjolfsson.  This discussion, moderated by former MIT Technology Review editor in chief Jason Pontin, offers insights about the impact of technology-based innovations on business and society from two of the most influential thinkers in this area.


No doubt some will claim this is a monopoly crushing the competition.  On the other hand, must Amazon stay out of markets just because they are large? 
Amazon tanks Blue Apron’s stock with one trademark filing
Blue Apron shares fell as much as 12 percent Monday following an ominous sign that Amazon is preparing a move into its niche market for meal-kit deliveries.
On July 6, about a week after Blue Apron priced its IPO, Amazon applied to register a trademark with the U.S. Patent and Trademark Office for the slogan “We do the prep.  You be the chef.” The phrase could be a stand-in slogan for Blue Apron, which has registered “A better way to cook.”

Monday, July 17, 2017

It’s not just Russia v. Ukraine and North Korea v. everyone.  It’s now something to consider in any interaction with other countries.  (Because it’s cheap and it works!) 
UAE orchestrated hacking of Qatari government sites, sparking regional upheaval, according to U.S. intelligence officials
The United Arab Emirates orchestrated the hacking of Qatari government news and social media sites in order to post incendiary false quotes attributed to Qatar’s emir, Sheikh Tamim Bin Hamad al-Thani, in late May that sparked the ongoing upheaval between Qatar and its neighbors, according to U.S. intelligence officials.


The real tragedy, they don’t even know who to sue!  (Yes, Logicforce is trying to sell you something.  That does not mean they are wrong.) 
Report – 66% of US law firms reported a breach in 2016
by on
NetSecurity – “The majority of US-based law firms are not only exposed in a wide variety of areas, but in many cases, unaware of intrusion attempts.  These findings were based on Logicforce survey data from over 200 law firms, anonymous system monitoring data and results from their on-site assessments.  The degree of preparation and vigilance within the industry at large will continue to place many law firms at unnecessary risk of losing valuable client data such as trade secrets and intellectual property.  Such breakdowns in security could result in financial losses for the targeted firms and their clients.  Approximately 40% of law firms in the study underwent at least one client data security audit, and Logicforce predicts this will rise to 60% by the end of 2018…”
  • Jordan McQuown: “CIO Law firms today face more cyber security threats than ever before and the threat landscape is evolving rapidly.  If you don’t understand where you are at risk and what to do about it, it’s nearly impossible to defend your clients’ data and your firm’s reputation.  I want to help you understand where you are at risk right now by sharing my list of top 10 cyber security threats.  As the CIO of LOGICFORCE, I see law firms being subjected to a wide variety of cyber threats.  Any one of these threats might cause irreparable damage to your law firm.  Yet each one of these can also be addressed effectively with the right technologies and right approach.  Here are my top 10 cyber security threats for law firms and what you can do about them.
  •  
    1. Lack of Pervasive Security Mindset
    2. Security Issues With Third Party Providers And Cloud Systems
    3. Ransomware
    4. Rogue Employees
    5. Hactivists
    6. Nation-State Espionage
    7. Accidental Exposure By Well-Intentioned Employees
    8. Technology Obsolescence
    9. Password Management Being Weak Or Non-Existent
    10. Reduced Security Standards For Remote Workers…”


Apparently, IBM thinks it’s time.  i.e. They think there is a market. 
IBM Z mainframe brings end-to-end encryption to all your data
Big Blue announced that its latest IBM Z mainframe computer will be able to encrypt all of the data in an enterprise all of the time, bringing encryption to everything from cloud services to databases.  The IBM Z can run more than 12 billion encrypted transactions per day.
This kind of encryption makes sense for security, but it wasn’t done in the past because it is very expensive and takes a lot of computing cycles.
   Until now, companies have had to selectively encrypt small chunks of data at a time, which is a time- and labor-intensive task
   Encryption is largely absent in corporate data centers, and even in cloud data centers, because current solutions for data encryption in the x86 environment dramatically degrade performance and user experience and are too complex and expensive to manage for regulatory compliance, IBM said.  As a result, only about 2 percent of corporate data is encrypted today.  By contrast, more than 80 percent of mobile device data is encrypted.
The recent IBM study found that extensive use of encryption is a top factor in reducing the cost of a data breach, resulting in a $16 reduction in cost per lost or stolen record.


If you have a legal requirement to keep records of your communication with clients, this could be a real problem.
NYT As Elites Switch to Texting Watchdogs Fear Loss of Transparency
by on
As Elites Switch to Texting, Watchdogs Fear Loss of Transparency, Kevin Roose – “Lawmakers, executives and other leaders are turning to encrypted chat apps to keep their communications under wraps, causing problems in industries where careful record-keeping is standard procedure…  Secure messaging apps like WhatsApp, Signal and Confide are making inroads among lawmakers, corporate executives and other prominent communicators.  Spooked by surveillance and wary of being exposed by hackers, they are switching from phone calls and emails to apps that allow them to send encrypted and self-destructing texts.  These apps have obvious benefits, but their use is causing problems in heavily regulated industries, where careful record-keeping is standard procedure.  “By and large, email is still used for formal conversations, said Juleanna Glover, a corporate consultant based in Washington.  But for quick shots…texting is the medium of choice.’”


Ignorance is no excuse, but it is common.
I’m not sure if this gets filed under the “what-the-hell”  or “no-one-connected-to-the-WH-should-have-security-clearance”  department, but Daniel Politi reports:
People who spoke up about their concerns over privacy suddenly found key private details, including their email and sometimes even home addresses, released by none other than President Donald Trump’s administration.  The presidential commission charged with investigating alleged fraud that has been plagued by controversy from the start published a 112-page document of unredacted emails of public comment on its work, which to no surprise are largely negative of the Presidential Advisory Commission on Election Integrity.  When it published the comments, the White House didn’t remove any of the personal information, meaning many of the comments are accompanied by personal details of the person who wrote it.
Read more on Slate.


Something for my Software Assurance and Data Management students. 
Sensor-studded Kansas City is like a giant smartphone. Now it just needs apps
Your city is dumb.  The potholed streets, coin-operated parking meters, and drafty brick buildings many of us interact with every day haven’t changed much in a century.  But it’s finally happening.  From Oslo to San Diego, cities across the globe are installing technology to gather data in the hopes of saving money, becoming cleaner, reducing traffic, and improving urban life.  In Digital Trends’ Smart Cities series, we’ll examine how smart cities deal with everything from energy management, to disaster preparedness, to public safety, and what it all means for you.


Maybe Watson isn’t the ultimate solution, even if it does play a wicked game of Jeopardy.
Jefferies gives IBM Watson a Wall Street reality check
IBM’s Watson unit is receiving heat today in the form of a scathing equity research report from Jefferies’ James Kisner.  The group believes that IBM’s investment into Watson will struggle to return value to shareholders.  In recent years, IBM has increasingly leaned on Watson as one of its core growth units — a unit that sits as a proxy for projecting IBM’s future value.
   If job postings are any indication, IBM is not keeping pace with other technology companies in hiring machine learning developers.  Things seem particularly lifeless in the field of deep learning, where IBM’s hiring appears anemic with respect to Apple and Amazon — and let’s be real, things would look much worse if Google, Microsoft and Facebook were added to this table.
   It seems perfectly reasonable that IBM shot out of the gates like a rocket in a mostly sterile AI market selling to CTOs and newly minted chief data officers with just enough anxiety to open check books


How many of these did not exist 30, 20, or even 10 years ago?
50 Marketing Channels to Use to Reach Customers
There are endless marketing channels available to small businesses.  These channels range in cost, from nothing to a lot.  Small Biz Trends takes a look at 50 of the most effective marketing channels small businesses can use to reach customers.


For my students and fellow professors.
Thanks to Microsoft, you can now download hundreds of useful ebooks for free.  No catch!  And these aren’t old copyright-free classics from way back in history — we’re talking about up-to-date copies of tech books related to Microsoft’s most-used products.
Grab the free ebooks here.
   The only downside is that you cannot download all of the books as a single ZIP file.  As Eric points out, it’s because of intellectual property rights.  The solution is to use a PowerShell script to grab all available copies at once.

Sunday, July 16, 2017

Something for my students to kick around.  Did they have a massive breach?  How do you determine the facts, and would that impact their stock price? 
Jio breach prompts calls for new cyber law
Fears that Indian telecom upstart Reliance Jio suffered a major data breach, compromising the personal data of over 100 million customers, have prompted calls for India to adopt more robust laws to protect consumers.
Jio has repeatedly denied that any breach took place and said that names, telephone numbers and email addresses of Jio users on a website called “Magicapk” appeared to be “unauthentic.” The website was later shut down.
   In contrast to companies in the European Union, which has stringent data protection standards, companies in India do not have to disclose data breaches to clients, information security professionals said.

(Related)  Do they start their inquiry with a presumption of a coverup? 
Telecom department to seek detail over data breach from Jio
The Department of Telecom (DoT) will soon seek details of alleged subscriber data breach of Reliance Jio, a top official said today.
   A Maharashtra Cyber Police senior officer confirmed that some leak had occurred but declined to share details about the quantum of the breach.


Failure to disclose even before President Trump.
So what did we miss because the Veterans Administration stopped posting their monthly breach reports to Congress on their web site?  DataBreaches.net filed a Freedom of Information request on June 7, and the VA has responded by providing all of the requested monthly reports for the period May, 2016 – June 7, 2017.  As an overview: there appears to be no major shift in the number of breaches reported each month by the VA.
The monthly reports generally contain descriptions of incidents in which numbers of veterans were either sent HIPAA notifications or offers of credit protection services.  In addition, the VA provides a summary of how many mishandling incidents, mismailing incidents, and mismailed  Consolidated Mail Outpatient Pharmacy (CMOP) incidents there were.  For comparison purposes, in June 2016, there were 186 mismailing incidents, 6 mismailed CMOP incidents, and 117 mishandling incidents.  In May, 2017, there were 199 mismailing incidents, 7 mismailed CMOP incidents, and 111 mishandling incidents.  To keep these in perspective, however, it is important to note that these are a tiny percentage of all of the incidents VA facilities handle on a monthly basis.
But here are 22 breach incidents I found in the reports, below.  Only one resulted in any press release or media coverage at the time – at least as far as DataBreaches.net can determine – which is why we need the VA to be transparent and make these reports publicly available.
In chronological order, beginning with May, 2016: [Omitted.  Bob]


Unlikely to find a home in Washington…
(14 July 2017) The Privacy Commissioner for Personal Data, Hong Kong (“Privacy Commissioner”) Mr Stephen Kai-yi WONG welcomed the passing of the Apology Bill by the Legislative Council yesterday (13 July).
Mr Wong said, “The enactment of the Apology Ordinance will generally help to protect persons who wish to make an apology without fear of attracting legal liability.  In the handling of complaints involving personal data privacy, the parties being complained against (“PCAs”) may become more willing to make an apology on, which helps ease the tension between the affected data subjects and the PCAs, and hence mitigate the damage to the data subjects.  The legislation also generally facilitates and promotes conciliation of disputes by other means such as mediation.  By making apologies, the PCAs are usually more co-operative and willing to accept the PCPD’s recommendations and take appropriate remedial measures in a positive manner.”
Having regard to past data breach cases involving government departments or public bodies, for those that made apologies, they also took prompt actions to mitigate the damages and took proactive steps toward data protection without delay.
The Privacy Commissioner believed that the enforcement of the Apology Ordinance will encourage the PCAs to become more willing to make apologies to the data subjects involved for infringement of their privacy rights, which generally facilitates and promotes conciliation of disputes.


Less than complete re-engineering, but still may work.  Perhaps the smaller battery won’t be as likely to short out? 
iFixit teardown confirms Note 7 Fan Edition is just a Note 7 with a new, smaller battery
Like a phoenix from the ashes, Samsung’s ill-fated Galaxy Note 7 has emerged from the fires of its battery woes reborn as the Samsung Galaxy Note 7 Fan Edition, a refurbished Note 7 that, hopefully, won’t explode.


So I guess that was “Fake News?” 
An Amazon Echo Can't Call the Police—But Maybe It Should
Despite what you may have heard, an Amazon Echo did not call the police earlier this week, when it heard a husband threatening his wife with a gun in New Mexico.
   Someone called the police that day.  It just wasn't Alexa.
   Alexa's current calling limitations won't last forever.  The Echo's biggest competitor, Google’s Home, will soon allow you to call any number in the US using the device–except for 911, or 1-900 numbers.
The holdup seems to be largely regulatory; according to Federal Communications Commission spokesman Mark Wigfield, providing 911 services means adhering to a host of technical regulations, everything from making sure all 911 calls route through the right call center, to making sure each one transmits the correct location of the caller.  Additionally, devices that make 911 calls must also be able to receive incoming calls, so police can call back.  Those hurdles currently prevent Google and Amazon from offering a direct emergency line.  But they can, and likely will, be overcome at some point.


How Facebook makes money.
Facebook is putting ads everywhere in hopes of finding the next News Feed
Facebook has a cash cow.  It’s called News Feed, and for the past five years, it has been the company’s core money maker and source of revenue growth.
But there is a problem looming: Facebook has been saying for the past year that it is running out of places to put ads in News Feed.  The company has determined that it can’t put more ads into users’ feeds without harming their experience.


Perhaps a life size T-Rex? 
View and Print 3D Models of Smithsonian Artifacts
Smithsonian X 3D (SIx3D) offers a neat way for students to learn about artifacts from the Smithsonian museums.  The site is the result of a collaboration between Autodesk and the Smithsonian Institution.  More than artifacts are currently featured on Smithsonian X 3D.  The artifacts can be viewed as 3D models that you can virtually manipulate.  Many of the artifacts have accompanying fact sheets through which you can learn about the artifact's history and significance.  A screenshot of the fact sheet accompanying the model of the Philadelphia (a gunboat) is included below.