Thursday, June 22, 2017

Reports are still dribbling in. 
Honda Halts Production at Japan Plant After Cyber Attacks
Honda said Wednesday it had temporarily halted production at a plant in Japan after it suffered a cyberattack from the same ransomware that struck hundreds of thousands of computers worldwide last month.
The Japanese automaker said it had shut its plant in Sayama, near Tokyo, on Monday after discovering its computer system was infected with the so-called WannaCry virus.
The virus encrypts computer files, making them inaccessible until users pay a ransom.
"The malware affected the production of about 1,000 cars," a Honda spokeswoman told AFP, adding that production restarted on Tuesday.
   In May, French auto giant Renault was hit, forcing it to halt production at sites in France, Slovenia and Romania as part of measures to stop the spread of the virus.
Nissan's British unit in Sunderland was also hit in the attack.
   Japanese conglomerate Hitachi was also affected, saying its computer networks were "unstable", crippling its email systems.


I’m surprised it took so long.
Natasha Bertrand reports:
A data-analytics firm hired by the Republican National Committee last year to gather political information about US voters accidentally leaked the sensitive personal details of roughly 198 million citizens earlier this month.  And it’s now facing its first class-action lawsuit.
Deep Root Analytics, a data firm contracted by the RNC, stored details of about 61% of the US population on an Amazon cloud server without password protection for roughly two weeks before it was discovered by security researcher Chris Vickery on June 12.
The class-action lawsuit, filed by James and Linda McAleer of Florida and all others similarly situated, alleges Deep Root failed to “secure and safeguard the public’s personally identifiable information such as names, addresses, email addresses, telephone numbers, dates of birth, reddit.com browsing history, and voter ID number, which Deep Root collected from many sources, including the Republican National Committee.”
Read more on Business Insider.
So here’s the thing, again.  Where’s the demonstrate of injury?  Spoiler alert: there doesn’t seem to be any.  According to Bertrand, the complaint says that those exposed in the data breach may be vulnerable to identity theft and “a loss of privacy,” and argue that the “actual damages” exceed $5 million.
Well, a lot of courts have already held that increased probability of possible harm does not confer standing.  And “loss of privacy?”  Well, that should be a cognizable harm or injury, but is it?
As bad as this misconfiguration/exposure seems, is this a case of “what might have been” or a case of “what happened?”  And either way, is what happened anything much more than publicly available information being made more conveniently publicly available? 


Keeping up with the e-criminals?
IC3 Issues Internet Crime Report for 2016
by Sabrina I. Pacifici on Jun 21, 2017
“The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3.  Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world. US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat.” [thanks Pete Weiss]


Another perspective.
Average Cost of Data Breach Drops Globally, Rises to $7.35 Million in U.S.
The 2017 IBM Security and Ponemon Institute annual report on the cost of a breach shows that the cost of stolen records and the total cost of a breach continues to rise -- at least in America.  The lost- or stolen-record cost rose from $221 to $225 each, while the average total cost of a breach increased from $7.01 million to $7.35 million for organizations in the United States.
In the European countries included in the study -- France, Germany Italy and the United Kingdom -- these costs actually fell.  For example, in the UK, the average per capita cost of a data breach decreased from £102 to £98 and the average total organizational cost decreased from £2.53 million in 2016 to £2.48 million in 2017.
The annual Cost of Data Breach Study (PDF) is one of security's yearly benchmark reports.


Some thoughts on propaganda.  Also useful for political campaigns? 
Computational Propaganda Worldwide: Executive Summary
by Sabrina I. Pacifici on Jun 21, 2017
Oxford Internet Institute, University of Oxford: “The Computational Propaganda Research Project at the Oxford Internet Institute, University of Oxford, has researched the use of social media for public opinion manipulation.  The team involved 12 researchers across nine countries who, altogether, interviewed 65 experts, analyzed tens of millions posts on seven different social media platforms during scores of elections, political crises, and national security incidents.  Each case study analyzes qualitative, quantitative, and computational evidence collected between 2015 and 2017 from Brazil, Canada, China, Germany, Poland, Taiwan, Russia, Ukraine, and the United States.”
The reports can be found at the following links:


The upside (downside) of the connected home? 
Joe Cadillic writes:
According to an article in the Telegraph, Houston County’s $46.5 million dollar 911 center allows police to spy inside homes and businesses:
“If the alarm goes off at your business, 911 operators will be able to view a live video stream from the security surveillance system and tell law enforcement what’s happening.”
“.. we’ll be able to have video streaming like if a burglar alarm goes off at a store … We can see inside of the store and see who’s in there,” Houston County sheriff’s Capt. Ricky Harlowe said.
FirstNet or Next Generation 911 allows police to spy inside people’s homes, and businesses without a warrant.
Police don’t need a warrant because citizens and business owners have given their alarm companies permission to spy on their homes.
Read more on MassPrivateI.


Simple surveillance tools marketed as friendly?
Snapchat acquires social map app Zenly for $250M to $350M
Snapchat’s newest feature, Snap Map, is based on its latest acquisition, social mapping startup Zenly.  TechCrunch has learned that Snapchat has bought Zenly for between $250 million and $350 million in mostly cash and some stock in a deal that closed in late May.  Snapchat will keep Zenly running independently, similar to how Facebook lets Instagram run independently.
Zenly’s app lets users see where their friends currently are on a map using constant GPS in the background.  People can then message these friends in the app to make plans to hang out.


Trying to get our heads around the future.
Regulation of Big Data: Perspectives on Strategy, Policy, Law and Privacy
by Sabrina I. Pacifici on Jun 21, 2017
Casanovas, Pompeu and de Koker, Louis and Mendelson, Danuta and Watts, David, Regulation of Big Data: Perspectives on Strategy, Policy, Law and Privacy (June 1, 2017).  Health and Technology (2017) DOI 10.1007/s12553-017-0190-6. Available at SSRN: https://ssrn.com/abstract=2989689
“This article encapsulates selected themes from the Australian Data to Decisions Cooperative Research Centre’s Law and Policy program.  It is the result of a discussion on the regulation of Big Data, especially focusing on privacy and data protection strategies.  It presents four complementary perspectives stemming from governance, law, ethics, and computer science.  Big, Linked, and Open Data constitute complex phenomena whose economic and political dimensions require a plurality of instruments to enhance and protect citizens’ rights.  Some conclusions are offered in the end to foster a more general discussion.  This article contends that the effective regulation of Big Data requires a combination of legal tools and other instruments of a semantic and algorithmic nature.  It commences with a brief discussion of the concept of Big Data and views expressed by Australian and UK participants in a study of Big Data use in a law enforcement and national security perspective.  The second part of the article highlights the UN’s Special Rapporteur on the Right to Privacy interest in the themes and the focus of their new program on Big Data.  UK law reforms regarding authorisation of warrants for the exercise of bulk data powers is discussed in the third part.  Reflecting on these developments, the paper closes with an exploration of the complex relationship between law and Big Data and the implications for regulation and governance of Big Data.”


I imagine there are many new things to consider when flying in places planes and helicopters don’t go.  Clothesline?  Dogs?  Sprinklers? 
Precise weather forecasting critical for product deliveries by drones
by Sabrina I. Pacifici on Jun 21, 2017

Wednesday, June 21, 2017

Picking a victim that can’t fight back?  I wouldn’t be so sure.  Definitely a place to watch. 
How An Entire Nation Became Russia's Test Lab for Cyberwar
   The Cyber-Cassandras said this would happen.  For decades they warned that hackers would soon make the leap beyond purely digital mayhem and start to cause real, physical damage to the world.  In 2009, when the NSA’s Stuxnet malware silently accelerated a few hundred Iranian nuclear centrifuges until they destroyed themselves, it seemed to offer a preview of this new era.  “This has a whiff of August 1945,” Michael Hayden, former director of the NSA and the CIA, said in a speech.  “Somebody just used a new weapon, and this weapon will not be put back in the box.”
Now, in Ukraine, the quintessential cyberwar scenario has come to life.  Twice.  On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people.  Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again.  But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality.


Another attack against a state, but probably not state sponsored?  
Spear Phishing Campaign Targets Palestinian Law Enforcement
Palestinian law enforcement agencies and other targets within Palestine were targeted in a spear phishing campaign delivering malware to remotely control infected systems, Talos researchers reveal.
The actor behind this campaign “has appeared to have used genuine documents stolen from Palestinian sources as well as a controversial music video as part of the attack,” Talos says.  The attacker also referenced TV show characters and included German language words within the attack, researchers discovered.
Information on these attacks initially emerged in March from Chinese security firm Qihoo 360, and in early April, when researchers at Palo Alto Networks and ClearSky revealed four malware families being used in targeted campaigns in the Middle East: Windows-based Kasperagent and Micropsia, and Android-focused SecureUpdate and Vamp.
Last week, ThreatConnect shared some additional information on Kasperagent, sayung the threat was mainly used as a reconnaissance tool and downloader, but that newer samples can also steal passwords from browsers, take screenshots, log keystrokes, execute arbitrary commands, and exfiltrate files. 


A security heads-up!
Microsoft admits to disabling third-party antivirus code if Win 10 doesn't like it
Windows 10 does disable some third-party security software, Microsoft has admitted, but because of compatibility – not competitive – issues.
Redmond is currently being sued by security house Kaspersky Lab in the EU, Germany and Russia over alleged anti-competitive behavior because it bundles the Windows Defender security suite into its latest operating system.  Kaspersky (and others) claim Microsoft is up to its Internet Explorer shenanigans again, but that’s not so, said the operating system giant.


Be careful with your facts.
Deep Root Analytics Downplays Giant Voter Data 'Oops'
A data contractor working on behalf of the Republican National Committee earlier this month allowed the personal data of 198 million voters to be exposed online, marking the largest ever leak of voter data in history, according to the cybersecurity firm that discovered the incident.
Deep Root Analytics left 1.1 terabytes of sensitive information -- including names, home addresses, dates of birth, phone numbers and voter registration information -- on a publicly accessible Amazon Web Server, according to UpGuard.
   The previous record for a voter data leak was the exposure of 100 million records in Mexico, UpGuard reported.
Deep Root acknowledged that "a number of files" within its storage system had been accessed but claimed that the exposed database had not been built for any specific client.  Rather, it was the firm's "proprietary analysis" meant for television advertising purposes.
The information accessed consisted of voter data that already was publicly available and readily provided by state government offices, Deep Root maintained.
   Based on information made available about the leak, it appears that Amazon Web Services is not responsible for the incident, said Mark Nunnikhoven, vice president for cloud research at Trend Micro.
"From the little technical detail that is available, it appears as if the company managing the data left it exposed to the public," he told the E-Commerce Times.  "This is not the default setting for the service they used.  Making data publicly available is a feature of this service, but one that requires explicit configuration."


Good news. Bad news. 
Time to Detect Compromise Improves, While Detection to Containment Worsens: Report
Throughout 2016, Trustwave investigated hundreds of data breaches in 21 different countries, and conducted thousands of penetration tests across databases, networks and applications.  An analysis of key findings from this activity is presented in the 2017 Trustwave Global Security Report published Tuesday (PDF).
The result is a mixed bag.  Overall, security defenses have slightly improved, but attacks continue to evolve.  Detection is improving.  Trustwave says the median time to detect a compromise has decreased from 80.5 days in 2015 to 49 days in 2016.  The difference between self-detected and third-party detections is, however, dramatic: just 16 days for self-detected and 65 days for externally detected.


Golly gee willikers!  Could this be happening here too?
Jordan Pearson reports:
For over a year, Canadian military, intelligence, police, and border agencies have been meeting to develop and coordinate their biometric capabilities, which use biological markers like facial recognition and iris scanning to identify individuals.
This initiative—details of which were revealed to Motherboard in documents obtained through an access to information request—shows that the Canadian government is reigniting its focus on biometrics after a similar attempt a decade ago fizzled out.  According to these documents, which include emails, meeting agendas, and briefing reports, the meetings are an effort to coordinate the critical mass of biometrics programs that exist across many government agencies, particularly those relating to national security.
Read more on Motherboard.


For all me smartphone-packing students.


This could get nasty.
Walmart Gears Up Anti-Amazon Stance in Wake of Whole Foods Deal
Days after arch-rival Amazon announced plans to buy Whole Foods for $13.7 billion, Walmart is apparently ramping up its defense.
That acquisition takes square aim at Walmart's bread-and-butter grocery business by giving the online retailer 465 new retail locations—thus a much bigger brick-and-mortar presence.
Now, Walmart is telling some partners and suppliers that their software services should not run on Amazon Web Services cloud infrastructure, according to the Wall Street Journal.
   A Walmart spokesman told the Journal that some suppliers do use AWS services, but that in some cases, the retailer is wary of putting sensitive data on a competitor's servers.


Open is good.
Librarian highlights open access document discovery services
by Sabrina I. Pacifici on Jun 20, 2017
Getting serious about open access discovery — Is open access getting too big to ignore? – “…Still for whatever reason, suddenly services built around helping users find free full text began to emerge all at the same time..”
[From the article:
With all the intense interest Unpaywall is getting (See coverage in academic sites like Nature, Science, Chronicle of Higher education, as well as more mainstream tech sites like Techcruch, Gimzo), you might be surprised to know that Unpaywall isn’t in fact the first tool that promises to help users unlock paywalls by finding free versions.
Predecessors like Open Access button (3K users), Lazy Scholar button (7k Users), Google Scholar button (1.2 million users) all existed before Unpaywall (70k users) and are arguably every bit as capable as Unpaywall and yet remained a niche service for years.


I think some of my students are a bit over-prepared.
Want to Work for Jaguar Land Rover? Start Playing Phone Games
The carmaker announced on Monday that it would be recruiting 5,000 people this year, including 1,000 electronics and software engineers.  The catch?  It wants potential employees to download an app with a series of puzzles that it says will test for the engineering skills it hopes to bring in.
While traditional applicants will still be considered, people who successfully complete the app’s puzzles will “fast-track their way into employment,” said Jaguar Land Rover, which is owned by Tata Motors of India.

(Related).  Have I detected a trend?
Good at Texting? It Might Land You a Job
Your next job interview might happen via text message.  Srsly.
Claiming that prospective hires are too slow to pick up the phone or respond to emails, employers are trying out apps that allow them to screen candidates and conduct early-stage interviews with texts. 


Not sure I want to share this with my students.
Microsoft’s Dictate uses Cortana’s speech recognition to enable dictation in Office
Dictate, a new project from Microsoft’s experimental R&D group, Microsoft Garage, is launching today to offer a way to type using your voice in Office programs including Outlook, Word and PowerPoint.  Available as an add-in for Microsoft’s software, Dictate is powered by the same speech recognition technology that Cortana uses in order to convert your speech to text.
This is also same speech recognition and A.I. used in Microsoft Cognitive Services, including Microsoft Translator, the company says in an announcement about the new add-in.
   An introductory video posted this morning to YouTube offers a preview of how the software works in Word, PowerPoint, and Outlook.
   It also at launch supports more than 20 languages for dictation, and can translate in real-time into 60 languages.  This is perhaps its most clever trick, as that means you can speak in your language, while Dictate types it out in another.

(Related).  However, it is clear this is coming.
When AI Can Transcribe Everything
Two companies—Trint, a start-up in London, and SwiftScribe, a subsidiary of Baidu based out of its U.S. headquarters in Silicon Valley—have begun to offer browser-based tools that can convert recordings of up to an hour into text with a word-error rate of 5 percent or less.


Interesting.
Nextdoor, now in 160,000 neighborhoods globally, expands to Germany
Nextdoor, the social network that connects you with people in your neighborhood, is taking another step up in its global growth, after launching in the Netherlands and the UK last year.  Today, the company is opening for business in Germany, the largest internet market in Europe.
The move comes as Nextdoor says it is now used in 160,000 neighborhoods across the US, UK and Netherlands, with about 145,000 of those in its home market of the US, and the company continues to grow at a steady pace.
We are growing 100 percent year over year have done that since inception,” said co-founder and CEO Nirav Tolia in an interview.  This works out to adding around 100 new neighborhoods every day.


For the toolkit!
this simple one-page site holds 19 PDF tools and converters that can save you a lot of work.  Think of it as a Swiss Army knife for your PDF workflow.
  1. Convert PDF to any document format.
  2. Convert from Word, Excel, PowerPoint, or from popular image formats to PDF.
  3. A collection of free PDF utility tools to edit a PDF document.
The interface is neat and there are no annoying advertisements.  You don’t need to register and sign-in to use the site.


Another toolkit item.

Tuesday, June 20, 2017

An interesting case for my Computer Security students.  Why were unencrypted medical records attached to emails? 
City News Service reports:
Torrance Memorial Medical Center began notifying some patients Monday that email accounts containing “work-related reports” and personal data were breached at the hospital.  The so-called phishing attack occurred on April 18 and 19, according to medical center spokesman Ed Finn, who said facility personnel, working with third-party forensic investigators, launched an investigation “to determine the nature and scope of the incident.”  “The investigation determined that personal information for certain individuals was present in some impacted emails, but it remains unclear whether emails or attachments containing the information were accessed by an unauthorized person or persons,” Finn said.
Read more on Daily Breeze.


Toward a global ID card?  Will this become a default ID for everyone? 
Microsoft and Accenture Unveil Global ID System for Refugees
Americans can show all sorts of documents, such as Social Security cards and diplomas, to show who they are.  But for those from countries torn apart by war or political chaos, it's much harder to prove their identities.
That's why a new software tool, unveiled on Monday at the United Nations, is a big deal.  It will let millions of refugees and other without documents whip out a phone to quickly show who they are and where they came from.
The tool, developed in part by Microsoft and Accenture, combines biometric data (like a fingerprint or an iris scan) and a new form of record-keeping technology, known as the blockchain, to create a permanent identity.
In practice, this means someone arriving at a border crossing could prove he or she had come from a refugee camp and qualify for aid.  Or a displaced person in a new country could use the ID system to call up his or her school records.  The tool doesn't have a name yet since it's at the prototype stage but will get one soon.


A simple introduction for my students.
Facial recognition has been an important part of science fiction for the past 50 years.  In most of those works it is painted as a means of oppression — part of a surveillance state and a form of control.
A combination of circumstances — the low cost of computing, improvements in machine learning, proliferation of internet connected devices — has once again turned science fiction into reality.  With facial recognition starting to be used in the mainstream for security and safety purposes, will it eventually turn into the dystopian future many imagined?


Will this impact Facebook’s promise to remove “terrorist” posts?
Supreme Court strikes down state law barring sex offenders from Facebook
The Supreme Court struck down a North Carolina law Monday that bans registered sex offenders from accessing Facebook and other social media.
The court ruled 8-0 that the law impermissibly restricts lawful speech in violation of the First Amendment.
In delivering the opinion of the court, Justice Anthony Kennedy said a fundamental principle of the First Amendment is that all persons have access to places where they can speak and listen, and then, after reflection, respond.
“While in the past there may have been difficulty in identifying the most important places (in a spatial sense) for the exchange of views, today the answer is clear,” he said.  “It is cyberspace — the ‘vast democratic forums of the Internet’ in general and social media in particular.”

(Related).  Is Google also impacted?  Or, is this the social media equivalent of shouting “Fire” in a crowded theater? 
Google Steps Up Efforts to Block Extremism, Following Facebook
Google is stepping up its efforts to block "extremist and terrorism-related videos" over its platforms, using a combination of technology and human monitors.
The measures announced Sunday come on the heels of similar efforts unveiled by Facebook last week, and follow a call by the Group of Seven leaders last month for the online giants to do more to curb online extremist content.


Undue reliance?
Tesla found 'not guilty' in fatal May 2016 crash, says NTSB
Tesla was found not at fault in the May 2016 fatal crash in which former Navy SEAL Joshua Brown collided with a truck while driving the Model S in autopilot mode, according to a 538-page National Transportation Safety Board report issued Monday.  The cause of the crash hasn't been determined.  The luxury electric-car maker has advised drivers to "maintain control and responsibility" for their vehicles even when the autopilot feature is enabled.  The NTSB report found that Brown had kept his hands off the wheel "for the vast majority of the trip," despite repeated automated warnings in the vehicle to maintain control.


Where else could this technique be applied?
Goldman Set Out to Automate IPOs and It Has Come Far, Really Fast
A few years ago, Goldman Sachs Group Inc.’s leaders took a hard look at how the bank carries out initial public offerings.  They mapped 127 steps in every deal, then set out to see how many could be done by computers instead of people.
The answer so far: about half.
Just 21 months after the firm disclosed its plan to re-engineer one of Wall Street’s most lucrative businesses, the project has found ways to eliminate thousands of hours of work long performed by humans.


Or, we could go to “self-flying” planes.
CAE Says Pilot Training Must Grow To Meet Demand
The world’s airlines will need 255,000 new airline pilots over the next 10 years, according to Canadian company CAE, which bills itself as the industry’s leading training organization for commercial aviation with a market share of about 25%.
“Rapid fleet expansion and high pilot retirement rates create a further need to develop 180,000 first officers into new airline captains, more than in any previous decade,” it says in its first Airline Pilot Training Demand Outlook, released today.
These numbers mean that over 50% of the pilots who will fly the world’s commercial aircraft in 10 years have not yet started to train.


Too late for this Quarters class, but I’ll save it for the next one.


And for my Geeks.


Since all my students have smartpjones…


For my students.  (I hope they will hire thousands!)  Also, knowing how listings are structured should make job searches more effective. 
Google’s job listings search is now open to all job search sites & developers
It’s now official: Job listings are coming to Google’s search results in a much more prominent way.  And the company is now offering a formal path for outsiders to add job listings to the new feature in Google search.
Google announced this morning that they are now opening up job listings within Google search to all developers and site owners.  The new jobs display within Google search doesn’t have a formal name.  However, it’s part of the overall Google for Jobs initiative that Google previewed last month at the Google I/O conference.


For my students who had better be researching!
An academic search engine is a must for every student or researcher, and now there’s an alternative to Google Scholar: Semantic Scholar, a new academic search engine that caters to researchers.
While Google Scholar is best for deep web research, Semantic Scholar runs on a sophisticated technology that will only improve with every year it runs: artificial intelligence.


It’s how I stay current.  Perhaps my students could use it too.  (That’s a hint, people.)
The trick is to use RSS (no, the technology isn’t dead).  If you combine RSS outputs with a couple of third-party tools, you can create a single customized news feed which only contains legitimate stories you care about.
In this article, I’m going to briefly explain how RSS works, show you how to use Zapier to create a custom RSS feed, and finally introduce you to a few alternatives.

Monday, June 19, 2017

Steal ‘em while they’re young! 
Kyra Gurney reports:
Two months before the U.S. presidential election, international hackers slipped into the computer systems of at least four Florida school district networks in the hopes of stealing the personal data of hundreds of thousands of students.
They infected the systems with malware — malicious software — that turned off the logs recording who accessed the systems, according to United Data Technologies, the Doral-based cybersecurity company that investigated the incidents.  For three months, the hackers probed the systems, mapping them out and testing their defenses.  At one point, they even posted photos of someone dressed as an ISIS fighter on two school district websites.
Read more on Sacramento Bee.
[From the article: 
A large school district like Miami-Dade, which was one of the districts targeted in the attempted hack last fall, handles the personal information, including Social Security numbers, of hundreds of thousands of current and former students, along with data on thousands of employees and parents.
   “High school kids, almost all of them have a very clean slate when it comes to credit scoring.  So they’re trying to gain access to a large volume of teenagers’ [information] that can help them down the road,” he said.  “These guys have time. They’re willing to wait a year, two years before they can actually monetize that data.”


Apparently, Russian hackers are redundant.  Note that only about 60 million people actually voted in the last Presidential election. 
It’s somewhat unbelievable how this keeps happening and Congress continues to sit on its hands when it comes to voter registration data.  The Russians don’t need to hack anything.  They just need to look for leaky servers or buckets.
Joe UChill reports:
A data analytics contractor employed by the Republican National Committee (RNC) left databases containing information on nearly 200 million potential voters exposed to the internet without security, allowing anyone who knew where to look to download it without a password.
“We take full responsibility for this situation,” said the contractor, Deep Root Analytics, in a statement.
The databases were part of 25 terabytes of files contained in an Amazon cloud account that could be browsed without logging in.  The leaky account was discovered by researcher Chris Vickery of the security firm UpGuard.  The files have since been secured.
Read more on The Hill.


A nice crossover between my Computer Security and Spreadsheet classes.
Deep Mukherjee reports:
Confidential information of customers who booked flats in Noida, postpaid mobile customers, credit card holders and insurance policy subscribers were in possession of the gang that was running a fake call centre in Uttar Pradesh’s Noida, police said.
Such was the gang’s methodical approach that it had a detailed list of people who own luxury cars in the National Capital Region which covers the territorial jurisdictions of National Capital Territory of Delhi, Haryana, Uttar Pradesh and Rajasthan.
“The gang maintained a precise database of crores of people across India. We found personal information of 6 lakh people in just one Excel sheet from the laptops that we seized,” Deputy Commissioner of Police (crime) Vikas Pathak told Hindustan Times.
Read more on Hindustan Times.


I find it amusing that one vendor (Ross) claims they can help you, “Do more than humanly possible.”  Sounds like real, human lawyers are on the way out,
Innovations in legal technology leverage search and discovery
by Sabrina I. Pacifici on Jun 18, 2017
If you had to pick the most staid area of legal technology, you might choose legal research.  After all, Westlaw and LexisNexis pretty much set the standard for online legal research long ago, and many of the smaller research services that have come along since are essentially less-comprehensive variations on the same theme.  Yet within a few days of each other earlier this month, there were three major developments pertaining to legal research, each of which suggests interesting new directions for legal research.  In fact, after I wrote about the three developments on my Lawsites blog, it prompted Ed Walters, the CEO of legal research service Fastcase, to tweet, “Might we be entering a golden age of legal research innovation?  Sure feels like it.”  Of course, innovation in legal research has been going on for a while now.  Middle-tier services such as Fastcase and Casemaker are frequently refining their platforms and adding new features.  Startups such as Casetext and Ravel Law have introduced innovations that even the big players have emulated.  Startup ROSS is bringing IBM Watson’s artificial intelligence to legal research.  Still, all three of these recent developments signal possible new directions in legal research.  Let me review them briefly…”


Perspective.  Rather than pay for 199 channels when you only watch three or four, pay for the content (even single events) you want to watch.  
Nearly Half of Broadband Consumers Subscribe to a Video OTT Service: Study
Reflecting the surge in consumer adoption and volume of subscription VOD services, almost half of U.S. broadband customers pay for at least one OTT video service, according to a survey from IBB Consulting.
The study, based on a survey of 2,007 U.S. online consumers, found that about one-third subscribe to two OTT services and 18% take three or more.
Millennials are the group most likely to take more than three paid OTT services.  Notably, some 63% of paid OTT subscribers also get a traditional pay TV service. 


“Because I don’t understand technology…”  More likely, because parents can’t say “no.” 
Colorado man seeks smartphone ban for kids
   The proposal would require retailers to submit reports to the state government verifying that they had inquired about who each sold smartphone was intended to be used by, and fine those that repeatedly sell phones to be used by young children and preteens. 
   Farnum said he was inspired to make the push after watching his own kids struggle with the psychological effects of always having device in hand.


President Trump likes walls.  Suppose we tell him the Mexicans hacked the election…
Germany Builds an Election Firewall to Fight Russian Hackers
In March and April hackers tried to infiltrate computers of think tanks associated with Germany’s top two political parties.  A year earlier, scammers set up a fake server in Latvia to flood German lawmakers with phishing emails.  And in 2015 criminals breached the network of the German Parliament, stealing 16 gigabytes of data.  Although there’s no definitive proof, the attacks have been linked to Pawn Storm, a shadowy group with ties to Russian intelligence agencies—raising the possibility that the Kremlin might disrupt a September vote in which Chancellor Angela Merkel, Russian President Vladimir Putin’s strongest critic in Europe, is seeking a fourth term.
   Merkel’s Christian Democratic Union (CDU) is calling for a law that would allow the country to “hack back” and wipe out attacking servers.
   Germany’s education ministry is backing a new cybersecurity school where politicians and IT officials are taught to spot and react to hacking.


As long as you are in the neighborhood…
Historical Marker Database
by Sabrina I. Pacifici on Jun 18, 2017
“This website, The Historical Marker Database, is an illustrated searchable online catalog of historical information viewed through the filter of roadside and other permanent outdoor markers, monuments, and plaques.  It contains photographs, inscription transcriptions, marker locations, maps, additional information and commentary, and links to more information.  Anyone can add new markers to the database and update existing marker pages with new photographs, links, information and commentary.”

Sunday, June 18, 2017

So certain that Vegas probably would not take your bet.
Canada: Hackers Targeted Country's 2015 Election, May Try Again
Canada's electronic eavesdropping agency warned Friday that hackers and foreign states may try to sway its elections in 2019, after so-called hacktivists tried but failed to influence the 2015 ballot that brought Justin Trudeau's Liberals to power.
In a report, the Communications Security Establishment (CSE) said hacktivists and cybercriminals had leaked sensitive government documents, and attempted to smear candidates and spread disinformation and propaganda ahead of the 2015 vote.  
These "low sophistication" attacks "did not impact the outcome of the election," the CSE concluded.  
But it added that hacktivists are likely to try again when Canadians return to the polls in 2019.


Immediate feedback!  Sometimes it’s more useful before you screw up.  Think Walmart considered this before the deal? 
Men's Fashion Startup Bonobos Sells To Walmart; Consumers Revolt
Here’s an interesting aspect of making a major company announcement on Facebook—the reactions to and comments on postings make it stunningly easy to gauge consumer response.  This week’s announcement by men's online clothing line Bonobos is a case in point.  On Friday, June 16, the company announced an agreement to be purchased by Walmart for $310M, citing Walmart’s intent to energize its e-commerce channel in an attempt to mirror Amazon, according to the New York Times.
   Audience reaction to the post and explanation: Anger, shock, sadness and laughter outnumbered “likes” by a factor of 2 to 1.
This remark articulated the feelings of the majority well: “We all get that this was a move based on economies of scale.  But it's also a move that your loyal customer base sees as the ends justifying the means.  You're joining an organization that millennials, your core consumers, loath and vilify as destructive, unethical, and cheap - essentially the polar opposite when previously thinking about Bonobos.
   The market’s response was daunting as well.  Walmart stock plunged 4.6% to 75.26, although it is important to note that in a move that can only be described as bad timing, the acquisition news fell on the same day as Amazon’s acquisition of Whole Foods, sending grocery stocks into a spin.


Paranoia?  In order to spin, these have to be small enough to rotate while pinched between your thumb and finger.  So, these would be under the 3” blade regulation – or is any blade now too dangerous to allow on a plane?
'Satan's fidget spinner' gets grounded by the TSA
   "Satan's fidget spinner was discovered in a carry-on bag at the Savannah/Hilton Head International Airport (SAV)," the TSA caption reads.  "While normal #FidgetSpinners are permitted, this one is a weapon."


Something to share with our new students.
12 Sites and Apps for Learning to Code