Saturday, November 17, 2012

There are Best Practices for anonymization too. One of which is “Don't put entry level staff in charge.”
UK: Anonymization – opportunities and risks
November 16, 2012 by Dissent
Steve Wood writes about the value and risks of anonymization on the Information Commissioner’s Office blog. He writes, in part:
Whilst the ICO supports the use of anonymisation techniques organisations must not be complacent. It may be simple to aggregate and anonymise some datasets but it is often not as easy as one might expect. For example while a piece of information may appear to be anonymised when looked at in isolation, this may not necessarily be the case when you look at this information in context with the other information already available in the public arena. With ever increasing amounts of data in the public domain this can be challenging. This is why it is so important that anonymisation is carried out correctly.
There have been some high profile examples of anonymised datasets being “broken” in the US. We believe these were examples of poor and complacent anonymisation. It is simply unrealistic, as some commentators have called for, to stop using anonymisation techniques because of the risks. It is a call to ensure anonymisation techniques are more effective and that organisations deploy the right expertise. The demands for open data, big data and information sharing in our information society will not disappear – there are often strong arguments on their favour. What we must do is address the privacy risks with the best privacy enhancing techniques available and make judgments on a case by case basis whether data can be disclosed publicly.
The ICO also stands by to take swift enforcement action against those who negligently or complacently place individuals’ privacy at risk through poor standards of anonymisation.
Read more on the ICO’s Blog.


I probably missed a few...
Post details: Congressional Research Service on electronic privacy


As I read this, any site that responded to your browser is a way not entirely consistent with its Privacy Policy would be vulnerable to a charge of “misleading users and rendering privacy protection tools ineffective.” I say, “Let the Class Actions begin!”
Amazon Settles Privacy Case
by Wendy Davis, Yesterday, 5:22 PM
Amazon has settled a lawsuit alleging that it circumvented the privacy settings of Internet Explorer users, according to court papers filed on Thursday. Details of the settlement, including any financial terms, have not been made public.
… Since 2001, Internet Explorer has allowed users to automatically reject certain cookies, including tracking cookies, but this feature only works when Web site operators provide accurate data about their privacy policies. (That feature is different from the new do-not-tracksetting in IE10).
But a Carnegie Mellon University study that came out before the lawsuit detailed how Web companies thwart privacy settings by providing incorrect data to Microsoft's Internet Explorer. That report stated that many operators "are misrepresenting their privacy practices, thus misleading users and rendering privacy protection tools ineffective." Amazon allegedly was among those operators. Rather than using a readable code, Amazon's compact policy was "gibberish," the lawsuit alleged.
… The case was filed as a class-action, but Amazon settled the lawsuit before it was certified as a class-action.

(Related)
"Judge Susan Illston has said she will approve a $22.5 million settlement deal between Google and the FTC over the company's practice of circumventing privacy protections in Apple's Safari browser to place tracking cookies on user's computers. Judge Illston also expressed concern about what will happen to the tracking data Google collected, since the settlement doesn't call for Google to destroy the data."


Ubiquitous Surveillance may require us to surveil ourselves. Be ready.
Surveillance companies will charge you a fortune if you want to get any type of surveillance system installed. Even a minor surveillance system will end up costing you a lot since not only do you want a straightforward video monitoring tool but you also want a way to store video archives. With a regular surveillance solution, you need to employ an extra hard drive for the video archiving task.
But there is a tool with which you can not only set up video surveillance using a camera and existing computers, but you can also extend the surveillance to iOS and Android smartphones. This tool is called Ivideon.


Think of it as tightly controlled anarchy...
Russia demands broad UN role in Net governance, leak reveals
The Russian Federation is calling on the United Nations to take over key aspects of Internet governance, including addressing and naming, according to documents leaked on Friday from an upcoming treaty conference.
The Russians made their proposal on November 13 in the lead-up to December's World Conference on International Communications in Dubai. The conference will consider revisions to the International Telecommunications Regulations (ITRs), a treaty overseen by the UN's International Telecommunications Union (ITU). The treaty has not been revised since 1988, before the emergence of the commercial Internet.
The treaty negotiations and its documents are secret, though many have been exposed through the Web site WCITLeaks, run by two researchers at George Mason University.
"The [proposed] additions to the ITRs...are aimed at formulating an approach that views the Internet as a global physical telecommunications infrastructure, and also as a part of the national telecommunications infrastructure of each Member State," the Russian proposal says.
… Currently, the ITRs cover only international telecommunications services (PDF). But the Russians propose adding a new section to the treaty to deal explicitly with "IP-based networks." Bringing the Internet into the treaty in any capacity would represent a major expansion of the scope of the ITU's authority.
The leaked proposal would strongly endorse national control over those parts of the Internet that reside within a country's borders, including ISPs, traffic, and engineering. One suggested change to the treaty, for example, declares that "Member States shall have the sovereign right to manage the Internet within their national territory, as well as to manage national Internet domain names."


What if Kim Dotcom is right? What if the only reason he was busted is that the RIAA wanted to make him an example. Or is this just aggressive lawyering?
U.S. judge in MegaUpload case partially unseals search warrant
A federal judge has partially unsealed the warrant he issued that allowed MegaUpload's domain names to be seized.
… The search warrant offers very little new information about what kind of evidence the U.S. government possesses to support its case. But Ira Rothken, the Silicon Valley attorney who oversees MegaUpload's worldwide defense, says the document shows that U.S. officials misled the judge when applying for the warrant...
In asking for the search warrant, prosecutors said in June 2010 they warned MegaUpload via a criminal search warrant that the company's servers housed more than 30 pirated video files and managers had not removed them even as late as November 2011. But Rothken said, the government omitted an important part of the story.
"In our view that's a misleading statement," Rothken said. "MegaUpload was served with a criminal search warrant for alleged third-party user conduct and was advised not to interfere with that criminal investigation or with the files -- as such disclosure, would jeopardize the ongoing investigation. To ask MegaUpload to cooperate and then use that cooperation against them, to us seems to be both unfair and misleading."
U.S. District Judge Liam O'Grady unsealed the documents at the request of Kyle Goodwin, a MegaUpload user who said he wants his personal videotapes of high school football games returned.


For my Students: Something to do before the e-Dog eats your homework...
How else can I say this? Actually, there is no other way more straightforward than this: you need to backup now.
Here are six reasons why you might be putting off creating a backup of your computer:
  1. No money for an external hard drive, online service or software
  2. You don’t know where to get an external hard drive or what kind to get
  3. You don’t know what software or online services you should use
  4. It takes too much time to set up, let alone, to backup your computer all the time
  5. You don’t have anything that matters if it’s lost
  6. You simply don’t have the know-how


For my Students, some of whom can read!
eBook popularity has been skyrocketing in the past few years and it doesn’t look like it will slow down anytime soon. First the Kindle, then the Nook, then smartphone apps like Aldiko and Mantano–there are so many ways to read eBooks now. If your eBook format of choice is .EPUB, then here’s some good news – you can read them straight from your browser now.
EPubReader is a Firefox addon that loads .EPUB files and presents them for viewing. It may not look like the prettiest addon out there, but it sure makes the whole reading experience easy and enjoyable.


The bits I find interesting...
The BBC reports that students in Denmark will be able to access the Internet when they sit their final school exams. They’ll be able to access any website they want, but just not communicate with others. [Contrast this with some of my fellow adjuncts who refuse to allow students the use of WolframAlpha. Bob]
… The digital music education platform Chromatik officially launched this week with an iPad and a Web-based application that stores digital sheet music, as well as helps you learn, practice, share, collaborate, and record music — with friends, band-mates and teachers alike. The app has been in private beta up ’til now, but with some fairly high profile early testers, including American Idol.
… The Gates Foundation is giving $1.4 million to the research group Ithaka S+R to study the impact of MOOCs at public universities in Maryland. (The same research group published a study earlier this year about students’ learning statistics from automated software — so I bet this research prove to be a big win for robo-teachers.)

Friday, November 16, 2012

Oh look, even “Rocket Scientists” can learn!
"After losing another laptop containing personal information, NASA wants to have all of its laptops encrypted within a month's time with an intermediate ban on laptops containing sensitive information leaving its facilities. Between April 2009 and April 2011 it lost or had stolen 48 'mobile computing devices.' I wonder how long it will be before other large organizations start following suit as a sensible precaution?" [Me too Bob]


But surely a computerized fire alarm can give instructions for exiting a crowded theater? “Fire! Run! You're all gonna die!”
"When is software, or content generated by software, 'speech' for First Amendment purposes? That is the question that Andrew Tutt seeks to answer in an article published today in the Stanford Law Review Online. He argues that the two approaches commentators and the Supreme Court have proposed are both incorrect. Software or software-generated content is not always speech simply because it conveys information. Nor is software only speech when it resembles traditional art forms. Instead, the courts should turn to the original purposes of the First Amendment to develop a new approach that answers this question more effectively."


So when TSA said, “We are certain...” what they really meant was, “Someone told us this is so and we trust them so much we don't need to check (not that we have anyone on staff that actually knows anything about this techy-knowlegdey thingie).”
"The Homeland Security Subcommittee on Transportation Security held a hearing on TSA's recent decision to move X-ray body scanners from major airports to smaller ones, which the subcommittee refers to as a 'Scanner Shuffle.' John Sanders, TSA's assistant administrator for security capabilities, testified that 91 scanners recently removed from major airports were now in storage due to 'privacy concerns.' Although TSA originally planned to relocate the scanners to smaller airports, those plans have been shelved because smaller airports don't have room for them. The subcommitteee is also investigating allegations that the machines' manufacturer, Rapiscan, 'may have falsified tests of software intended to stop the machines from recording graphic images of travelers' (VIDEO). Coincidentally, shares of Rapiscan's parent company, OSI Systems Inc., dropped in value almost 25% today, its biggest intraday decline in about 12 years. If wrongdoing is proven, Rapiscan could face fines, prison terms and a ban on government contracting, according to a former head of federal procurement."


If they succeed, the next step is even smaller Drones to fly through crowds...
"The Robotics Institute at CMU has been developing systems to learn from humans. Using a Machine Learning class of techniques called Imitation Learning our group has developed AI software for a small commercially available off-the-shelf ARdrone to autonomously fly through the dense trees for over 3.4 km in experimental runs. We are also developing methods to do longer range planning with such purely vision-guided UAVs. Such technology has a lot of potential impact for surveillance, search and rescue and allowing UAVs to safely share airspace with manned airspace."


Perhaps a helpful background guide to my “Etiquette of e-Communication”
November 15, 2012
51st issue of The Global Employer - The Social Media Issue
The Global Employer™ - The Social Media Issue, Paul Brown, Carlos A. Felce, Guenther H. Heckelmann, Cynthia L. Jackson. Baker & McKenzie
  • "Social media presents particular implications for managing employment relations within organizations. The use and abuse of social media can touch on all aspects of the employment relationship: from employers digging social media data as a recruitment tool, to the control of employees’ social media use, to monitoring and the private vs. public debate, to questions over the ownership of data, to disciplinary and termination issues and what an employer can lawfully do when it believes an employee has overstepped the social media mark, to post-termination competition issues. These are all issues that we are talking about with our clients on an increasingly frequent basis. So we thought that the time was ripe to address these questions within this publication. We are delighted to present a country by country guide to social media in the workplace with contributions from 17 of our offices across Asia Pacific, Europe, Latin America and North America. Each office has addressed the same set of questions covering employment issues from recruitment through to termination, through to post-termination competition, through to the use of social media in legal proceedings.


As Congress considers the “If it can happen to Petraeus it can happen to me” bill...
November 15, 2012
Privacy: An Overview of the Electronic Communications Privacy Act
Privacy: An Overview of the Electronic Communications Privacy Act, Charles Doyle - Senior Specialist in American Public Law - October 9, 2012
  • "This report provides an overview of federal law governing wiretapping and electronic eavesdropping under the Electronic Communications Privacy Act (ECPA). It also appends citations to state law in the area and the text of ECPA. It is a federal crime to wiretap or to use a machine to capture the communications of others without court approval, unless one of the parties has given his prior consent. It is likewise a federal crime to use or disclose any information acquired by illegal wiretapping or electronic eavesdropping. Violations can result in imprisonment for not more than five years; fines up to $250,000 (up to $500,000 for organizations); civil liability for damages, attorneys’ fees and possibly punitive damages; disciplinary action against any attorneys involved; and suppression of any derivative evidence. Congress has created separate, but comparable, protective schemes for electronic communications (e.g., email) and against the surreptitious use of telephone call monitoring practices such as pen registers and trap and trace devices. Each of these protective schemes comes with a procedural mechanism to afford limited law enforcement access to private communications and communications records under conditions consistent with the dictates of the Fourth Amendment. The government has been given narrowly confined authority to engage in electronic surveillance, conduct physical searches, and install and use pen registers and trap and trace devices for law enforcement purposes under ECPA and for purposes of foreign intelligence gathering under the Foreign Intelligence Surveillance Act."


Perspective Does Apple still make more than half the profits?
"Gartner's released a report on worldwide numbers of 2012 3Q phone sales and the staggering results posted from Android have caused people like IW's Eric Zeman to call for sanity. Keep in mind these are worldwide numbers, which might be less surprising when you realize that the biggest growth market of them all is China, which is more than 90% Android. It's time to face the facts and realize that Android now owns 73% of the worldwide smartphone market. While developers bicker over which platform is best for development and earnings, the people of the world may be making the choice based on just how inexpensive an Android smartphone can be. This same time last year, Gartner reported Android at 52.5% of market share and it now sits at 72.4% market share with over 122 million units sold worldwide."


For my geeks who can't wait...
Microsoft serves up 60-day trial version of Office 2013
People who want to take Office 2013 for a spin can download a 60-day evaluation edition.
The version available is the full Microsoft Office Professional Plus 2013 suite, which includes Word, PowerPoint, Excel, Outlook, OneNote, Access, Publisher, and Lync. The software contains all the features in the paid edition, so you won't miss out on anything.


Inevitable...
2U One-Ups MOOCs, Coursera, Now Offers Online Undergrad Courses From Top Schools For Credit
Four years after it launching its first graduate program with USC, 2U today has announced its foray into undergraduate education through a new program called Semester Online. The company will be powering a virtual classroom environment and interactive platform for a consortium of 10 top universities, including some it’s already been working with (Duke and UNC) — along with newcomers like Northwestern, Emory and Brandeis — to name a few.
Beginning in the fall of 2013, the program will be open to any student enrolled in an undergraduate program anywhere in the world, with courses set to debut next fall (along with a handful of new institutions). Semester Online’s courses will feature the same faculty and curricula as their brick-and-mortar counterparts.
… What’s so cool about 2U’s new platform is that it’s not a MOOC. As Inside Higher Ed’s Steve Kolowich wrote today, 2tor’s program really represents the next phase of this evolution and is the first real example of a collective of top higher ed institutions offering the same courses and teachers that a student would find in the physical classroom, yet in an online-only setting that actually offers credited courses to students who aren’t enrolled at the universities offering them.
That’s not to say there aren’t alternatives. StraighterLine offers a subscription-based (and relatively affordable) service that allows students to take a variety of accredited, general ed courses online, but it focuses on the first two-years of colleges, can’t offer you a diploma and hasn’t yet added course content from the cream of the crop.

Thursday, November 15, 2012

“We are completely incompetent when it comes to Computer Security and we always will be.” NOTE: I searched http://www.mandiant.com/ for information on “the Hand” but found none. Must be new or top secret or imaginary...
Haley: SCDOR hacking may not have been preventable
Gov. Nikki Haley says new layers of security are being added in the wake of a massive security breach, but she said at a news conference Wednesday that even with what is now known, there is "no way to say it could have been prevented."
The massive security breach at the South Carolina Department Revenue could earn the hackers as much as $360 million by using just 1 percent of the affected taxpayers returns, the State newspaper is reporting. [Equally fantastic... Bob]
… Investigators believe that a hacker tricked someone at the Department of Revenue into opening a file that gave the hacker access to the system. [the Password file? Bob]
At the news conference, Haley said that she has issued a second executive order that calls for cabinet agencies to be monitored 24-7. The monitoring will require the addition of four fulltime employees, with the cost of their salaries split by five cabinet agencies.
She said another layer of security will be provided by a piece of equipment called The Hand that is being purchased from the computer forensics and security company Mandiant at a cost of $160,300. She said the Hand will detect any movement of large files and will shut any effected machines down immediately and contact Department State Information Technology.
… DSIT will also monitor traffic patterns in real time to be sure no data is taken from the network.


This letter certainly comes with an abundance of something, but it doesn't smell like caution.
Delayed breach notification letter from law firm raises more questions than it answers
November 14, 2012 by admin
Here’s another notification letter submitted to the California Attorney General’s Office that left me scratching my head. It’s from the law firm of Sprechman & Associates, P.A. in Miami, a firm that specializes in collections. My comments and questions are inserted in italics:
Dear XXXXXX:
I am writing to advise you that your personally identifiable information (“Information”) may have been viewed by a former employee of Sprechman & Associates without permission. Specifically, the former employee may have viewed your name, address, date of birth, driver’s license number, and/or social security number.
“May have?” Why don’t you know? Don’t you maintain logs?
Sprechman & Associates learned of this incident in July 2012, but was unable to notify you until now because notification at that time may have interfered with a law enforcement investigation and the best known contact information for potentially affected individuals was not known until October 2012. [Why would that be? Bob]
How did you learn of it? And when did the improper access occur, if it occurred? How long was this problem going on for? Was there any indication of misuse of anyone’s information? Did law enforcement actually ask you not to disclose this sooner or did you just make that decision on your own? If they asked you to delay notification, when did they tell you that you could go ahead and notify?
Although we cannot be sure that your Information was in fact used in an inappropriate manner, in an abundance of caution we are informing you that such viewing of your information may have occurred.
What Information May Have Been Viewed, When and By Whom?
One of our employees may have performed unauthorized searches on you. This information may have included your name, address, date of birth, driver’s license number, and social security number. We are advising you of this matter in an abundance of caution, but we stress that we cannot be sure that your Information was in fact used in an inappropriate manner. In fact, we cannot even be sure that your Information was actually viewed, but we are providing this notice out of an abundance of caution.
You can’t be sure it was viewed and/or misused, but you can’t be sure it wasn’t viewed and/or misused, right? So why aren’t you offering free credit protection and restoration services?
How Have We Responded to This Issue
Nonetheless, we certainly understand that this may be cause for concern. Additional information and support resources are available through the non-profit Identity Theft Resource Center at www.idtheftcenter.org, by calling (858) 693-7935, or via e-mail at itrc@idtheftcenter.org.
Other Steps You Can Take:
[...]
So you haven’t actually done anything to respond to this issue other than notify law enforcement and send out this notification letter? How about hardening your security and access to records? How about improving auditing so you can tell who’s accessed what? How about offering affected individuals some services?
If the law firm would like to provide additional information, I’ll be happy to post it or update this entry, but overall, I find their notification and response inadequate. They do provide a phone number to call if recipients have questions, but the letter isn’t even signed by an individual – only by “Notice Department.”


For the new generation, it's not really war, it's a video game.
Israel Kills Hamas Leader, Instantly Posts It to YouTube
The Israel Defense Forces didn’t just kill Hamas military leader Ahmed al-Jabari on Wednesday as he was driving his car down the street in Gaza. They killed him and then instantly posted the strike to YouTube. Then they tweeted a warning to all of Jabari’s comrades: “We recommend that no Hamas operatives, whether low level or senior leaders, show their faces above ground in the days ahead.”
The Jabari hit is part of the biggest assault the IDF has launched in more than three years on Gaza, with more than 20 targets hit. And it’s being accompanied by one of the most aggressive social media offensives ever launched by any military. Several days before Jabari’s elimination, the IDF began liveblogging the rocket attacks on southern Israel coming from Gaza. Once “Operation Pillar of Defense” began, the IDF put up a Facebook page, a Flickr feed, and, of course, a stream of Twitter taunts — all relying on the same white-on-red English-language graphics. “Ahmed Jabari: Eliminated,” reads a tweet from 2:21 p.m. Eastern time on Wednesday.

(Related) What are the rules here? I can see keeping HOW we will respond secret, but we should be announcing (not leaking) that we WILL respond.
Obama signs secret directive to help thwart cyberattacks
President Obama has signed a secret directive that effectively enables the military to act more aggressively to thwart cyber attacks on the nation’s web of government and private computer networks.
Presidential Policy Directive 20 establishes a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace, according to several U.S. officials who have seen the classified document and are not authorized to speak on the record. The president signed it in mid-October.
… An example of a defensive cyber-operation that once would have been considered an offensive act, for instance, might include stopping a computer attack by severing the link between an overseas server and a targeted domestic computer. [That's nonsense, unless the severing is done with explosives on foreign soil. Bob]
“That was seen as something that was aggressive,” said one defense official, “particularly by some at the State Department” who often are wary of actions that might infringe on other countries’ sovereignty and undermine U.S. advocacy of Internet freedom. Intelligence agencies are wary of operations that may inhibit intelligence collection. The Pentagon, meanwhile, has defined cyberspace as another military domain — joining air, land, sea and space — and wants flexibility to operate in that realm.
… But repeated efforts by officials to ensure that the Cyber Command has that flexibility have met with resistance — sometimes from within the Pentagon itself — over concerns that enabling the military to move too freely outside its own networks could pose unacceptable risks. A major concern has always been that an action may have a harmful unintended consequence, such as shutting down a hospital generator.
… Officials say they expect the directive will spur more nuanced debate over how to respond to cyber-incidents. That might include a cyberattack that wipes data from tens of thousands of computers in a major industrial company, disrupting business operations, but doesn’t blow up a plant or kill people.
The new policy makes clear that the government will turn first to law enforcement or traditional network defense techniques before asking military cyberwarfare units for help or pursuing other alternatives, senior administration officials said.


Looks like things are back to normal in New Jersey for at least one group. I wonder what the “It fell off-a da truck” price will be?
Thieves Grab 3,600 iPad Minis Worth $1.5M In JFK Airport Heist
Apple’s iPad mini seems to be a success, and that has attracted the criminal element’s attention. According to the New York Post, a shipment of Apple’s iPad mini, numbering 3,600 devices and with a total value of $1.5 million, was taken from JFK airport from the same location that a group stole $5 million in cash and $900,000 in jewelry in 1978. [Now we can film “i-Goodfellas” the sequel Bob]


Probably not going to happen.
Investigate the FBI
November 15, 2012 by Dissent
Trevor Timm of EFF has a great commentary on the FBI investigation that mushroomed and mushroomed and mushroomed. Here’s a snippet:
Congress is now demanding to know why it wasn’t informed by the Justice Department about the details of the Petraeus affair earlier. Lawmakers should instead be worried about why the public was informed of these details at all, given that no crime was committed. And instead of investigating one man’s personal life, they should investigate how to strengthen our privacy laws so this does not happen to anyone else.
The U.S. government has so far been unable to keep its colossal surveillance state in check. Now that it is so bloated it is eating itself, one hopes more people will finally pay attention.
Read more on ForeignPolicy.com.
Not only does Congress need to investigate what happened, but the DOJ OIG needs to investigate this and issue a report to the public promptly. Did the FBI act lawfully at all times or did they misuse their tools and authority? How does a complaint by someone about a few mean emails – which may be protected speech and not criminal at all – result in an investigation that looks into the communications between a ranking general and others? If it’s not even clear any crime was committed, should our government be able to snoop so extensively without judicial oversight? If a court granted the FBI a warrant, well, to be blunt, what the hell was the judge thinking or what was the judge told to justify the privacy invasion?
Trevor emphasizes the fact that the public never should have been told about this investigation at all. It’s a fair point, but would we really rather not know that our government can do these things to us?
Some of us have been saying for years that ECPA needs to be updated and more privacy protections need to be incorporated. Some of us have also been saying for years that providers need to shorten their data retention periods. If you don’t retain it, the FBI can’t get it from you. NOW will you listen to us? How many more lives or careers will be ruined until Congress and providers take steps to genuinely protect the privacy of our electronic communications?


Reporting on their grasp of the obvious? I remember a Great Aunt telling me about soldiers guarding at each bridge along a minor spur railroad in central New Jersey. Perhaps this would be a job stimulus if we let the TSA provide similar security for pipelines and the power grid?
November 14, 2012
Terrorism and the Electric Power Delivery System
"The electric power delivery system that carries electricity from large central generators to customers could be severely damaged by a small number of well-informed attackers. The system is inherently vulnerable because transmission lines may span hundreds of miles, and many key facilities are unguarded. This vulnerability is exacerbated by the fact that the power grid, most of which was originally designed to meet the needs of individual vertically integrated utilities, is being used to move power between regions to support the needs of competitive markets for power generation. Primarily because of ambiguities introduced as a result of recent restricting the of the industry and cost pressures from consumers and regulators, investment to strengthen and upgrade the grid has lagged, with the result that many parts of the bulk high-voltage system are heavily stressed. Electric systems are not designed to withstand or quickly recover from damage inflicted simultaneously on multiple components. [New Jersey found that out recently... Bob] Such an attack could be carried out by knowledgeable attackers with little risk of detection or interdiction. Further well-planned and coordinated attacks by terrorists could leave the electric power system in a large region of the country at least partially disabled for a very long time. Although there are many examples of terrorist and military attacks on power systems elsewhere in the world, at the time of this study international terrorists have shown limited interest in attacking the U.S. power grid. However, that should not be a basis for complacency. Because all parts of the economy, as well as human health and welfare, depend on electricity, the results could be devastating. Terrorism and the Electric Power Delivery System focuses on measures that could make the power delivery system less vulnerable to attacks, restore power faster after an attack, and make critical services less vulnerable while the delivery of conventional electric power has been disrupted."


Anyone taking bets? I imagine each discovery request would want “each and every contact” with everyone involved. Should make for lots of jobs for my Data Mining students...
"The Salt Lake Police department will be much more transparent with their law enforcement. A program is being rolled out to require officers wear glasses equipped with a camera to record what they see. Of course, there are several officers opposed to this idea, who will resist the change. One of the biggest shockers to me is that the police chief is in strong support of this measure: 'If Chief Burbank gets his way, these tiny, weightless cameras will soon be on every police officer in the state.' With all the opposition of police officers being recorded by citizens that we are seeing throughout the country, it is quite a surprise that they would make a move like this. The officers would wear them when they are investigating crime scenes, serving warrants, and during patrols. Suddenly Utah isn't looking like such a bad place to be. Now we just need to hope other states and departments would follow suit. It sure will be nice when there is video evidence to show the real story."


It's not only the Air Force that trys to do everything is one “swell foop.” This is much too large a project to control. What do they actually need that could be developed in six months or less?
"The U.S. Air Force has decided to scrap a major ERP (enterprise resource planning) software project after spending $1 billion, concluding that finishing it would cost far too much more money for too little gain. Dubbed the Expeditionary Combat Support System (ECSS), the project has racked up $1.03 billion in costs since 2005, 'and has not yielded any significant military capability,' an Air Force spokesman said in a statement. 'We estimate it would require an additional $1.1B for about a quarter of the original scope to continue and fielding would not be until 2020. The Air Force has concluded the ECSS program is no longer a viable option for meeting the FY17 Financial Improvement and Audit Readiness (FIAR) statutory requirement. Therefore, we are canceling the program and moving forward with other options in order to meet both requirements.'"


Perspective
… Numbers wise, in the third quarter of this year, mobile phone owners sent an average of 678 texts per month, which is down from 696 texts a month in the previous quarter. This isn’t a huge decline, but it’s the first ever decline that has been recorded. And it’s not a big concern for users, and it’s also not a big deal for carriers, since a bulk of their revenue comes from data plans.


I use LightShot myself, but each App is slightly different so you have to try them to see which “feel” best...
ScreenSnag is a downloadable desktop application that lets you easily take a photo of your computer screen. You can capture an an entire screen, region of the screen, a window, or an element on the window with single hotkey or a click.
It has a Timer option to perform screen captures at your defined intervals. It has many configuration settings depending on the situation. Save different settings’ combinations into profiles for quicker access later on.
To see all the available features of the app, download it for free from their website.
Similar tools: ImageSnatcher, Snaggy and CloudShot.


Pinterest with a focus?
Wednesday, November 14, 2012
Learnist Now Allows You to Register With Email
Learnist, which I've described in the past as Pinterest for learning, announced today that you no longer have to use Facebook or Twitter to register and use their service. You can now register for and use Learnist with an email account. The service is still available only to people who request a beta invite, but it seems that beta invites come quickly.
… Learnist provides another professional learning community in which you collaborate on the collation of resources that are beneficial to you and your students.


One of my smarter friends (Dr. Michelle Post) just published a couple of eBooks. I expect she'll be writing one a week soon.
Heaven Has Tea Parties, http://www.amazon.com/dp/B00A78LD2E, is about the loss of my mother and God's healing in this loss. All proceeds from the sale of the book will be donated to the American Parkinson Disease Association in memory of my mother, Annie.
Building Your Adjunct Platform, http://www.amazon.com/dp/B00A7HDV6Q, is a "how to" book for anyone looking to become a college/university Adjunct Instructor.

Wednesday, November 14, 2012

Another example for my compilation of “Worst Practices” And I think I'll file this one under “It's not rocket science!”
Agencywide Message to All NASA Employees: Breach of Personally Identifiable Information
November 13, 2012 by admin
SpaceRef posted a breach notification from NASA, dated today:
On October 31, 2012, a NASA laptop and official NASA documents issued to a Headquarters employee were stolen from the employee’s locked vehicle. The laptop contained records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors, and others. Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals. We are thoroughly assessing and investigating the incident, and taking every possible action to mitigate the risk of harm or inconvenience to affected employees.
Read more on SpaceRef.


So, who tested this “Feature” and pronounced it secure?
A Skype security flaw could allow rogue users to seize control of your account using nothing more than your email address, thanks to subpar recovery policies that can be easily gamed. The exploit depends on Skype’s policy of reminding new sign-ups of any existing usernames they have previously registered, when they attempt to re-register using the same email address. According to The Next Web, with a minor amount of tinkering, it’s possible to reset another user’s password and thus grab hold of their account.
… Skype is apparently conducting an “internal investigation” into the loophole, though for now there’s no official comment on when it might be closed off. The hack was first reported on a Russian forum roughly two months ago, it’s said, with the person responsible for discovering the exploit claiming to have told Skype about it with no apparent change in recovery security.


So the 1.7 million voter database WAS exposed, but it's no big deal. (Unless it exposes all the dead or fictional voters?)
Chicago election site exposed personal information
November 13, 2012 by admin
John Byrne and Hal Dardick report:
Chicago election board officials confirmed Tuesday that sensitive personal information for about 1,200 people was exposed online but denied allegations by a computer security firm that the breach was much broader.
The firm, Forensicon, announced it uncovered the problem while researching voting patterns. It alleged that personal information of up to 1.7 million registered Chicago voters was exposed on the website of the Chicago Board of Elections Commissioners.
An election board spokesman accused the firm of overplaying the problem. James Allen said the database of 1.7 million registered voters included no personal information beyond what is already public record—name, address and voter registration number. “Anyone can request that information from us, and we have to produce it,” Allen said. “There’s absolutely no sensitive information there.”
However, Allen said due to a mistake by the election authority, another database was inadvertently exposed online with names, addresses, drivers license numbers and the last four digits of social security numbers for around 1,200 people who had applied to work for the board in Chicago polling places on Election Day.
Read more on Chicago Tribune.


For my Computer Security students. Attach articles like this (with appropriate highlighting) to your resume when you submit it...
"A chilling article by Darkreading's Kelly Jackson Higgins describes how the growing accessibility of hacking tools like RATs (Remote Access Trojans) have made cyber-espionage possible for more than just those financially backed by large nation-states, and speculates on what the implications of this may be: 'Researchers at Norman Security today revealed that they recently analyzed malware used in phishing emails targeting Israeli and Palestinian targets and found that attackers used malware based on the widely available Xtreme RAT crimeware kit. The attacks, which first hit Palestinian targets, this year began going after Israeli targets, including Israeli law enforcement agencies and embassies around the world. Norman says the same attacker is behind the attacks because the attacks use the same command-and-control (C&C) infrastructure, as well as the same phony digital certificates. This attack campaign just scratches the surface of the breadth and spread of these types of attacks around the world as more players have been turning to cyberspying. "We're just seeing the tip of the iceberg," says Einar Oftedal, deputy CTO at Norman.'"


Imagine what they could have found out if there had been a crime...
No one’s safe from unfettered domestic surveillance. No one.
November 13, 2012 by Dissent
As a privacy advocate, you might have expected me to blog about the Broadwell-Petraeus-Kelley-Allen scandal, with emphasis on the federal govt’s ability or legal authority to snoop through the records of people who seemingly have committed no crime.
So how did the FBI get authorization to snoop? Well, it turns out that they really didn’t much authorization, and what they did need is all too easy to acquire.
Kade Ellis has a great write-up on PrivacySOS about how unfettered access endangers all of us. She’s preaching to the privacy choir, though, as we already know that we want a probable cause warrant standard for a lot of things where no warrant is currently required.
Keep in mind that this whole sordid affair only came out because someone in the FBI did a friend a favor when there was no clear legal justification for the FBI to get involved at all.
So whom do you know who has a friend in the FBI who could start an investigation of you? Are you okay with the FBI accessing your email accounts when you’ve done nothing illegal?
Will Congress hear us now? Will they start to worry about the privacy of their own accounts? One can only hope, but frankly, I’m not particularly optimistic that this scandal will lead to more protective legislation. I’d love to be proven wrong.

(Related)
Google sees more government snooping in first half of 2012
November 13, 2012 by Dissent
Graeme McMillan reports:
You may not be having an affair with a high-ranking American Intelligence Official, but that doesn’t mean that Big Brother isn’t watching you nonetheless. Or, at least, that might be the impression that you’re left with upon discovering that Google has reported a significant jump in the amount of government surveillance of online activity in recent months, especially when compared with just a few years ago.
In its latest Transparency Report, which covers the first six months of 2012, government agencies around the world made a total of 20,938 requests for access to personal data of Google users, with 34,614 user accounts affected by the requests.
Read more on Digital Trends.


Text of most papers available, haven't found the link to recordings or videos yet.
Solove: Privacy regulation a failure
November 13, 2012 by Dissent
David Perera reports:
The current U.S. approach to privacy regulation fails to account for the effects of information sharing created by the ascendance of technologies that permit things such as Big Data or fusion centers, said Daniel Solove, a noted privacy law researcher and a professor at George Washington University. He spoke Nov. 9 during a symposium on privacy and technology held by the Harvard Law Review.
The current model, which Solove dubbed the “privacy self-management approach,” takes refuge in the notion of consent, he said.
Read more on FierceGovernmentIT
[From the article:
… For more: - listen to Solove's Nov. 9 talk at the Harvard Law Review symposium


“Let's go back tho the good old days of “Separate but equal!” only without that pesky equal part.” Or am I missing something?
According to a story at Northwest Public Radio, the state of Virginia's board of education has decided to institute different passing scores for standardized tests, based on the racial and cultural background of the students taking the test. Apparently the state has chosen to divide its student population into broad categories of black, white, Hispanic, and Asian — which takes painting with a rather broad brush, to put it mildly. From the article (there's an audio version linked as well):
"As part of Virginia's waiver to opt out of mandates set out in the No Child Left Behind law, the state has created a controversial new set of education goals that are higher for white and Asian kids than for blacks, Latinos and students with disabilities. ... Here's what the Virginia state board of education actually did. It looked at students' test scores in reading and math and then proposed new passing rates. In math it set an acceptable passing rate at 82 percent for Asian students, 68 percent for whites, 52 percent for Latinos, 45 percent for blacks and 33 percent for kids with disabilities."
(If officially determined group membership determines passing scores, why stop there?) Florida passed a similar measure last month.


“Do you think we should run this by the lawyers?” “Nah, they'll just complicate things and they might cost us as much as a couple of hundred dollars!”
Papa John's pizza up against $250M lawsuit for text spam
… "After I ordered from Papa John's, my telephone started beeping with text messages advertising pizza specials," one of the plaintiffs in the case Erin Chutich said in a statement. "Papa John's never asked permission to send me text message advertisements."
Apparently, in 2010, Papa John's hired a mass text messaging service called OnTime4U to text ads to its customers as a way to boost profits. According to the lawsuit (PDF), which was certified by U.S. District Court Judge John C. Coughenour on November 9 in Seattle, certain Papa John's franchisees gave OnTime4U lists of customers phone numbers without getting consent from those individuals first.
If the judge decides that Papa John's is guilty of willfully sending the spam messages, this case could become one of the largest damages awards ever given under the federal Telephone Consumer Protection Act, which deems it illegal to send ads via text without an opt-in option. The lawsuit claims that 500,000 unwanted messages were sent to customers nationwide and that the pizza chain should pay $500 for each text.


It's like “Double Secret Probation” and AT&T is Dean Wormer! (Interesting comments, but no solution – if they want to charge you extra they will and there is nothing you can do about it.)
"As many of you know, AT&T has implemented caps on DSL usage. When this was implemented, I started getting emails letting me know my usage as likely to exceed the cap. After consulting their Internet Usage web page, I felt the numbers just weren't right. With the help of Tomato on my router, I started measuring my usage, and ended up with numbers substantially below what AT&T was reporting on a day-to-day basis. Typically around 20-30% less. By the way, this usage is the sum of inbound and outbound. At this point, I decided to contact AT&T support to determine what exactly they were defining as usage, as their web pages never really define it. Boy, did I get a surprise. After several calls, they finally told me they consider the methodology by which they calculate bandwidth usage to be proprietary. Yes, you read that right; it's a secret. They left me with the option to contact their executive offices via snail mail. Email was not an option. So, I bring my questions to you, all-knowing Slashdotters: are there any laws that require AT&T to divulge how they are calculating data usage? Should I contact my state's commerce commission or the FCC to attempt to get an answer to this?"


Just a reminder...
Everyone has their set of favorite websites. No matter what your hobbies and interests are, I’m sure you can think of at least five websites you love and visit often just off the top of your head. But just like other habits, when we’re set in our ways and our websites, we don’t always remember to look elsewhere.
… Similar websites are a great way to discover new websites, while making sure you stay on track and find things you’re really interested in. It’s time to start a new Web journey: use the tools listed below to expand your horizons and find more of your favorites!
Google Similar Pages [Chrome extension ]


If you don't get it from reading the textbook and the “How to” video is gibberish, and My lectures are not adequate, there are still thousands of resources you can try before giving up and actually asking a question...
… a few websites have set out to provide decent education in the format of online universities. However, what makes it great is that these websites offer all of their material for free (well, for the most part).

Tuesday, November 13, 2012

I'll repeat my call for compilation of a “Worst Practices” list so any idiot can see what not to do. Meanwhile, I'll serve them up piecemeal.
"Hardcoded usernames and passwords have been discovered in a recent line of Telstra broadband routers that allow attackers access to customer networks. The flaws meant customer unique passwords could be bypassed to access the device administrative console and LAN."


“We have no idea how to make money off of those tweets, so we'll just forbid them.”
"GeekWire's Taylor Soper reports that the University of Washington has capped live sports coverage at 20 Tweets per basketball game (45 for football) and threatens to revoke the credentials of journalists who dare exceed the Twitter limits. Tacoma News Tribune reporter Todd Dybas was reportedly 'reprimanded' after drawing the ire of the UW Athletic Dept. for apparently Tweeting too much during UW's 85-63 Sunday win over Loyola."


This can't be good. If a Google search is returning Images as they do text how would they know that an Image is defaming any more than they would know an article was false/biased/sarcastic/etc.
"Should Google be held liable for images that appear in its search results? An Australian court has said yes. 'A Melbourne man who won a defamation case against search engine giant Google has been awarded $200,000 in damages. Milorad Trkulja, also known as Michael, sued the multinational over images of him alongside a well-known underworld figure that appeared in its search results. A six-person Supreme Court jury found last month that Mr Trkulja had been defamed by the images, which he first contacted Google about removing in 2009.'"


Interesting, if only to prove that lawyers are just like anyone else... (Shocking, I know)
November 12, 2012
White Paper - Thinking Like Your Client: Strategic Planning in Law Firms
Thinking Like Your Client: Strategic Planning in Law Firms - A report from ALM Legal Intelligence, October 2012. "LexisNexis has spent the past few years highlighting the difference between the practice of law and the business of law; and the lackluster economic conditions over that same time span have only served to reinforce how important those differences are. Without a doubt, law firms have a thorough and detailed understanding of the practice part; that’s their forte. It’s the business of law part where shortfalls occur.
  • Revenue is the top priority in most strategic plans. Yet, almost half of the respondents are remiss in building, tracking and measuring client loyalty and satisfaction. Are firms overlooking the direct link between revenue and satisfied customers?
  • Profitability is the second strategic plan priority. But, fewer than half are actively focused on a non-billable hour strategy, and more than half can’t yet tell if AFAs are more profitable than hourly rates. AFAs and various pricing models have been around for a few years; they are not going away. Isn’t it time to honestly reexamine the elements that make your firm profitable?
  • Talent acquisition/retention holds the third top spot for strategic priorities, although laterals dominate the discussions and, apparently, everyone’s plans. How sustainable are growth models tied to an on-going “musical chairs” game of lateral talent shifting from firm to firm? Is anyone focused on a plan for organic growth?"


“Ye olde technology is ye beste technology” I know a couple lawyers who won't use a computer until it's easier to press the keys with their quill pens...
November 11, 2012
New on LLRX - Litigation, trial and pre-trail iPad apps for lawyers
Via LLRX - Litigation, trial and pre-trail iPad apps for lawyers: One of the most popular and rapidly growing categories of apps for lawyers are those developed for litigation, during trials and during the pretrial discovery phase. In this article, attorney, legal blogger and legal tech expert Nicole Black recommends more than a dozen affordable, flexible and innovative iPad apps to assist attorneys in their work to develop, streamline, simplify and track critical litigation processes.


I have lots of vets in my classes, so this has a future...
Iraq Veterans Launch RallyPoint: A LinkedIn For The Military (And Life After)
According to The Bureau of Labor Statistics, while the unemployment rate among U.S. veterans has dropped to 8.3 percent, it still sits above the national average, and for younger vets, the rate is even higher. Taking up the cause of their fellow service men and women looking for a better way to find employment after life in the armed forces, two Iraq War veterans, Yinon Weiss and Aaron Kletzing, have launched RallyPoint — an online professional network that aims to empower American veterans to take greater control over their careers — both inside and outside the service.
… So, the co-founders have developed RallyPoint into a private online network accessible only by those currently on active duty, which extends to those in the National Guard, Active Reserves, ROTC or Service Academies. In the near future, Weiss says, the team will be opening the network up to former service members, retirees, Department of Defense employees, and so on. But for not, it’s focused purely on those currently serving in the armed forces.
RallyPoint is free for members and has no formal relationship with the military and doesn’t share its data with the military or chain of command, the co-founders said.


Free is good. Infinite is good. Free and Infinite is very good.
Many of us deeply value some of the tools that exist out there which make our lives so much easier. One of the best examples is Dropbox, the application which seamlessly synchronizes our files across all of our devices.
… The only real downside to Dropbox is the limited amount of storage space we can synchronize.
Bitcasa plans to change that. In short, Bitcasa is a synchronization tool which gives infinite space to whichever folders you’d like. Unlike Dropbox, Bitcasa’s main focus is actually expanding your folder’s available storage space to a virtually unlimited amount rather than synchronization. This is achieved by simply connecting the folder to Bitcasa’s cloud, where you aren’t limited to a quota.
However, the service does come with a good amount of additional features, including synchronization, easy sharing, encrypted storage, and access via their website.
While Android and iOS applications are still in the works, BitCasa is available for Windows, Mac OS X, and Linux to allow true access from any computer.


Automate everything?
Let the web do the work. A wide variety of tools are dedicated to saving you time. From email to social media to your own website, you could be wasting time doing things free services could do for you, automatically. Getting these services working takes a bit of knowledge, time and creativity, but they almost always pay off.
Interested? Then it’s time to read “Web Automation, Part 2“, by author Rahul Saigal. This manual picks up where Web Automation Part 1 left off. This time Rahul outlines ways to automate collecting citations, collecting reading material, your files on the cloud and even your website.
[In case you missed it:


Is Dilbert taking a shot at Mitt Romney? Sometimes the best thing you can say is, “I think I'll keep my mouth shut.”