Saturday, July 30, 2016

As my Computer Security students start running for elective office, they will look back at this and laugh.  The FBI is looking into speculation by the media?  If the Democrats thought they were being hacked, why not call someone in law enforcement? 
Computer Systems Used by Clinton Campaign Are Said to Be Hacked, Apparently by Russians
Computer systems used by Hillary Clinton’s presidential campaign were hacked in an attack that appears to have come from Russia’s intelligence services, a federal law enforcement official said on Friday.
   Mrs. Clinton’s campaign said in a statement that intruders had gained access to an analytics program used by the campaign and maintained by the national committee, but it said that it did not believe that the campaign’s own internal computer systems had been compromised.
   The F.B.I. said on Friday that it was examining reports of “cyberintrusions involving multiple political entities” but did not identify the targets of the attacks. [See below.  Bob]
   American intelligence agencies have told the White House they have “high confidence” that the Russian government was behind the theft of emails and documents from the Democratic National Committee.  But it is unclear whether the break-in was fairly routine espionage or part of an effort to manipulate the election.
   In a statement, the F.B.I. said that it “is aware of media reporting on cyberintrusions involving multiple political entities, and is working to determine the accuracy, nature and scope of these matters.”

(Related) Turnabout is fair play?  A guide Russia could follow to influence an election? 
British Spies Used a URL Shortener to Honeypot Arab Spring Dissidents
A shadowy unit of the British intelligence agency GCHQ tried to influence online activists during the 2009 Iranian presidential election protests and the 2011 democratic uprisings largely known as the Arab Spring, as new evidence gathered from documents leaked by Edward Snowden shows.
The GCHQ’s special unit, known as the Joint Threat Research Intelligence Group or JTRIG, was first revealed in 2014, when leaked top secret documents showed it tried to infiltrate and manipulate—using “dirty trick” tactics such as honeypots—online communities including those of Anonymous hacktivists, among others.


Bruce raises an interesting question.
The Security of Our Election Systems
   If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response.  This is difficult because the attacks are politically partisan, but it is essential.  If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don't see.


Didn’t see the truck or thought it was a bridge? 
Tesla is reportedly considering 2 theories to explain ‘Autopilot’ crash
   Tesla is considering whether the radar and camera input for the vehicle’s automatic emergency braking system failed to detect the truck trailer or the automatic braking system’s radar may have detected the trailer but discounted this input as part of a design to “tune out” structures such as bridges to avoid triggering false braking, the source said.


The pendulum swings back or never moved in the first place?
From the no-surprise dept., this press release on an opinion by the FTC finding totally in their own favor:
Commission Finds LabMD Liable for Unfair Data Security Practices
Stating Company Failed to Protect Consumers’ Sensitive Medical and Personal Information
The Federal Trade Commission today announced the issuance of an Opinion and Final Order reversing an Administrative Law Judge (ALJ) Initial Decision that had dismissed FTC charges against medical testing laboratory LabMD, Inc.  In reversing the ALJ ruling, the Commission concludes that LabMD’s data security practices were unreasonable and constitute an unfair act or practice that violated Section 5 of the Federal Trade Commission Act.
   In response to the opinion, LabMD CEO Michael Daugherty issued the following statement:
Their own judge tossed all their evidence and now they waste taxpayer dollars to go to an Article III court relying on hearsay.  I am so relieved to be away from their dirty, biased system and into an Article III court.  Shame on every Commissioner.  They have, without remorse, made a mockery of legal ethics, regulatory boundaries and HHS.  Yet in their magical thinking they carry forward and I can’t wait.  Villainy wears many masks, none more dangerous than the mask of virtue.


Perspective.  I’m interested in how this will play out.
Broadband internet access will become a legal right under new EU telecoms rules
The European Commission is setting itself up for a fight with national governments by forcing them to pay for guaranteed internet access across the EU and comply with new rules on radio spectrum sales, according to an an internal document obtained by EurActiv.com.
Broadband internet access will be legally guaranteed under changes to EU universal services rules, while services that are currently guaranteed, like public payphones, will be taken out of the new law.  National governments won’t be happy with the change because the Commission wants them to pay for guaranteed internet – instead of private telecoms companies.
   National governments are expected to put up a fight about the funds the Commission wants them to front for affordable broadband.  “Given its wide societal and economic benefits universal service should be financed through general budget and not through sectorial funding,” the document reads.
Telecoms operators will be relieved that they won’t have to pay to build broadband networks in rural areas where they might not already exist.


Eventually, a valuable resource?
Scholarpedia – peer reviewed open access encyclopedia
by Sabrina I. Pacifici on Jul 29, 2016
Scholarpedia is a peer-reviewed open-access encyclopedia written and maintained by scholarly experts from around the world.  Scholarpedia is inspired by Wikipedia and aims to complement it by providing in-depth scholarly treatments of academic topics.


I’ve got my students designing an App.  This might be a help or a distraction.  Note that it did not start as a website.  The preferred platform in India is the smartphone, right? 
B-Town rejoices over Bollywood's dedicated app, Flickbay!
Gossip magazines and entertainment birdies now might have a run for their money as an app providing information purely about Bollywood films, celebrities and latest happenings of B-Town is finally here.
'Flickbay' is one of a kind app that lets you know about the latest happenings in Bollywood in just a click.


Clearly not what we teach in the Agile Programming class.


Saturday funnies.
Hack Education Weekly News
   Via NPR: “Clinton’s Free-Tuition Promise: What Would It Cost? How Would It Work?”  [What is it worth?  Bob] 
   Via Politico: Stolen “emails from the Democratic National Committee show DNC Deputy Communications Director Eric Walker telling his colleagues to avoid mentioning the Common Core in a video.  It ‘is a political third rail that we should not be touching at all. Get rid of it.’”
   Melania Trump’s website has been scrubbed from the Internet – it now redirects to the Trump real estate business page – following questions that she’d lied on the website about having a college degree.
   “Pop star tells fans to send their Twitter passwords, but it might be illegal,” says Ars Technica.  Illegal or not, this is such a dumb idea.  “#HackedByJohnson entices young fans so he can post cute messages in their name.”

Friday, July 29, 2016

As expected.  We will see a lot more stories like this as the election gets closer.
A hackable election: 5 things you need to know about e-voting machines
As the U.S. heads toward an especially contentious national election in November, 15 states are still clinging to outdated electronic voting machines that don't support paper printouts used to audit their internal vote counts.

(Related) Yes, Colorado makes the list. 
E-voting: List of Vulnerable States


Perspective.  TV ain’t what is useta was. 
CBS Relying Less on Ad Sales as 'Star Trek' Fuels Global Growth
The network that never tires of calling itself "the most-watched network" showed Thursday that despite a decline in advertising sales at its CBS network and affiliated television stations, overall revenue in the second quarter grew due to international licensing of its upcoming new Star Trek series which will air exclusively on CBS All-Access, its subscription-based digital service.


I’ll admit, this confused me a little.
Buttoned-down Unilever just paid $1 billion dollars for the Dollar Shave Club.  The scrappy startup, launched in 2012, offered a blades-by-subscription service for as little as $3 a month and quickly grew to a team of 45 engineers and 3.2 million subscribers.
   The deal is full of intriguing details. Unilever paid five times what Dollar Shave Club was expecting for revenues this year.  Analysts had valued it for far less: in its most recent funding round — a $90.7 million Series D in November 2015  — Dollar Shave Club had been valued at $630 million, according to Pitchbook.  While Dollar Shave Club represents a growing share of the razorblades market, it is still tiny, it operates with low margins, is made up of an irreverent albeit engineering-savvy team – and is, as yet, unprofitable.
So why did a traditional consumer products company do a deal that feels more like it belongs in the tech sector than the consumer product industry?
   Absorbing a disruptor.  Dollar Shave Club is an interesting illustration of the theory of a disruptor breaking into a highly profitable and over-served industry from the low-end; it’s not unusual for incumbents to seek to absorb these rivals when they’re still relatively small.
   The best explanation for it is that it is, indeed, a “Silicon Valley” play. Unilever’s move is a signal of more fundamental changes in the consumer products industry.
Dollar Shave Club has shown that the shaving market can still be transformed – thanks to an online subscription model, a memorable brand, and a strong consumer experience.


And now a question for IT Architecture students; Should all of your devices see the same files?  Asked another way; Why wouldn’t you want all your devices to see the same files?
Apple and Oracle vets’ Upthere raises $77 million to put a new spin on personal cloud storage
   Upthere is different, and it marks a pretty interesting departure from where the rest of the market is going.
   So the team set out to tackle this problem at its root.  Instead of relying on on-device storage, the Upthere founding team came together in 2012 and decided to look at how it could create a service that directly writes to the cloud and allows you to (mostly) bypass local storage.  That way, all of your devices see the same files, be those documents, music files, photos or anything else.  As you make updates or upload new documents, all the other machines see those changes in real time.


For my students.  Select the proper tool for the research job. 
8 Search Tricks That Work on DuckDuckGo but Not on Google


A new tool for my nephew.
Everything You Need to Know About Deezer Music
Deezer has been around since 2007 but wasn’t made fully available in the United States until July 2016.  For once, users in the U.S. were one of the last to receive access to a service and, having tried Deezer for myself, all I can say is, “It’s about time!”
   Deezer is actually good enough to compete with the big boys.

Thursday, July 28, 2016

Probably not wise.  You know this will inspire hackers to go after Trump.  Perhaps it will incent a hacker who actually has all of Hillary’s emails to send them to various news outlets. 
Trump Calls For Russian Cyber-Espionage To Recover Clinton’s 30,000 Deleted Personal Emails


Correction.  This was not flagged as a North Korean hack when it was first announced.  We should have known better.  I guess Kim Jong-un wants to send a bunch of Secret Shoppers south to buy the latest video games.  (Maybe there are no Pokémon in the North?  Now that would be a real sanction!) 
Well, it was only a matter of time before we saw this, right?
South Korean police said Thursday that North Korea was behind the latest hacking of a leading online shopping mall, which led to the leak of personal information of some 10 million customers.
The remark came after police conducted a detailed probe into the server of Interpark Corp., after an unidentified entity broke into it and stole customer-related information in May.
Read more on The Korea Times.


For my Computer Security students.
Could Your Devices Cause a Massive Security Breach at Work?
Many companies let their employers access important services with their own devices.  Most of the time, this doesn’t cause any problems, but it does remove a bit of control.  If a big mistake is made, it could end up causing a huge breach!


Computer Security students.  How would you prevent this?  (It is actually quite easy.) 
Graham Cluley writes:
It was just after 6pm on December 23, 2013, and Lennon Ray Brown, a computer engineer at the Citibank Regents Campus in Irving, Texas, was out for revenge.
Earlier in the day, Brown – who was responsible for the bank’s IT systems – had attended a work performance review with his supervisor.
It hadn’t gone well.
Brown was now a ticking time bomb inside the organisation, waiting for his opportunity to strike.  And with the insider privileges given to him by the company, he had more of an opportunity to wreak havoc than any external hacker.
Prosecutors described what happened next, just before Brown left the Citibank offices that evening:
Read more on Tripwire.


Think anyone will notice?  The real question is, was this data actually useful? 
This story needs to get a lot more media coverage in the U.K. and discussion.  Will the British people just shrug, though, because of currently elevated terrorism threats, or will they be outraged and insist on reform?
Graeme Burton reports:
The hearing into Privacy International’s challenge to the UK security services’ collection of bulk communications and personal data opened in London on Monday, and previously secret documents revealed for the first time the extent of government surveillance into ordinary citizens’ communications.
This follows a ‘dirt dump’ in April which showed that successive home secretaries have allowed this to carry on since at least 2005.
The documents provide evidence that MI5, MI6 and GCHQ collected data on every citizen in the UK, including location information, telephone numbers dialled and calls received, as well as metadata regarding time, date and duration of calls.
In addition, the security services are accused by Privacy International of collecting data in bulk via the internet, including browsing history, IP addresses visited, instant messaging data and operating systems.  The bulk collection of personal information even includes physical post data.
Read more on The Inquirer.


Are you trying to identify owners or users?  It may not tie 100% to one person, but would 99% be enough for you?
Wendy Davis reports:
The advocacy group Electronic Privacy Information Center is asking a federal appellate court to revive iPhone user Ryan Perry’s battle with CNN.
The dispute largely centers on whether the 12 random numbers and letters that make up an iPhone’s Media Access Control address should be considered “anonymous.”  EPIC argues in new court papers that the MAC address actually serves as a better way to identify iPhones’ owners than their names.
[…]
The dispute dates to 2013, when Perry alleged in a potential class-action lawsuit that CNN disclosed information about video clips watched by himself and other iPhone users, along with their 12-digit Media Access Control addresses, to the analytics company Bango.
Read more on MediaPost.


Every organization should have incident response plans that include cyber.  (Why does the government think it should have colors for the level of severity, and then call them by number?) 
New Presidential Policy Directive Details U.S. Cyber Incident Response
The U.S. Government finally has its own incident response plan.  In reality it is more like the framework for the development of an incident response plan (IRP); but it is a good high level start.  IRP for a nation is more complex than IRP for an organization; but Obama's new Presidential Policy Directive on Cyber Incident Coordination (PPD-41), approved on Tuesday, begins to define what constitutes a cyber incident, and who is responsible for responding to that incident.
The first problem is to define whether an incident requires a national response.  Here the PPD describes a cyber incident severity schema specifying six color-coded levels from zero to five. [I propose color 48, fuchsia!  Bob]


For my Ethical Hacking students.  Disable this or find evidence that it “harms” me in some way so I can sue Microsoft.  (A good mid-term project) 
Cortana can’t be disabled in the Windows 10 Anniversary Update
Microsoft has decided that Cortana, its personal digital assistant, is so useful that you’ll never be able to disable it going forward.  While Cortana has received a variety of upgrades in the Anniversary Update, and now supports multiple languages, deeper integration with calendars and applications, and can remember random facts about you, it can’t be flatly shut off any longer.


Perspective.  I wonder if my students know what SaaS is? 
85 Percent of Small Businesses Set to Invest More in SaaS (Infographic)
Just a couple of years ago, businesses looked at Software as a Service (SaaS) with some apprehension primarily because of security risks.  A lot has changed since then.  Today more than 85 percent of small business executives are willing to invest more in SaaS solutions over the next five years, according to research by Intuit.
   The data has been compiled and analyzed by software company Better Buys in its 2016 Report on the State of SaaS.
·  About 64 percent of small and medium-sized businesses rely on cloud-based technology to drive growth and boost workflow efficiency, finds cloud computing services company BCSG.
·  SaaS is expected to grow to $12 billion in 2016, and jump to $16 billion in 2017, and continue to grow year over year to an estimated $55 billion by 2026.
·  About 90 percent of mobile data traffic will be generated by cloud solutions by 2019.
·  Nearly half (43 percent) of small business owners use mobile as the primary devices for running their operations


I really hope this works out okay, but I note that even though he is harmless, he can be harmless only among the second class citizens, not anywhere near members of Congress or the president.
John Hinckley, Who Tried To Kill A President, Wins His Freedom
A federal judge in Washington, D.C., has granted a request for Hinckley to leave the mental hospital where he's resided for decades, to go live full-time with his elderly mother in Williamsburg, Va.
The release could happen as early as next week, the judge ruled. Under the terms of the order, Hinckley is not allowed to contact his victims, their relatives or actress Jodie Foster, with whom he was obsessed.  Hinckley also will not be permitted to "knowingly travel" to areas where the current president or members of Congress are present.


Remember this?  Think we should try to do it in Denver?  (Or wait for Big Brother to do it for us?)
New Yorkers Greet the Arrival of Wi-Fi Kiosks With Panic, Skepticism and Relief
When it comes to acceptance of New York City’s rapidly growing network of sidewalk kiosks offering “free super fast Wi-Fi,” some people are Nekeya Browns and some are Alex Padillas.
As soon as the LinkNYC booths were activated in their Washington Heights neighborhood this month, Ms. Brown celebrated by plugging in her headphones and swaying to some Marvin Gaye tunes; Mr. Padilla, in his Yankees jersey, stood a few feet back, reluctant even to touch the keyboard for fear of having his pocket of personal data picked.
   “Whoever thought of this was a great person,” she said, listing all of the benefits of the kiosks.  “I told a homeless lady that whenever you need to call your family, you can use this.”
And so it goes in the first stage of the citywide rollout of these curbside machines that promise swift connections to the internet, phone service and ports for charging cellphones and other devices, all at no cost to the users.
   Along Eighth Avenue in Midtown, some homeless people are camping around the kiosks.
   City officials … admit they did not know what to expect
   Last weekend, experts on digital data and online privacy were wondering what CityBridge planned to do with all of the personal information made available.  
   The civil liberties organization has asked city officials to revise LinkNYC’s privacy policy, arguing that it allows the system’s operators to collect all sorts of data about users and sell it to other companies.
   “What Google’s doing here is taking the business model that they’ve perfected in the online world and bringing it into the real world,” Mr. Dean said in an interview.


Uber drivers drive to you when you call them.  What will self-driving cars do? 
How Ford and MIT's Electric Shuttle Experiment Could Improve Ride-Hailing
Ford Motor is unleashing electric vehicles onto the Massachusetts Institute of Technology campus.  Students and faculty will be able hail these cars via mobile app in order to shuttle them to and from class.  It sounds a lot like Uber and Lyft. But that’s not exactly what Ford is aiming for—at least not initially.
The electric shuttles, which will be small enough to navigate sidewalks [Who has right-of-way?  Bob] within the campus, will be outfitted with cameras and LIDAR sensors, or light-sensitive radar.  The technology emits short pulses of laser light so that the vehicle’s software can produce high-definition 3D images in real-time of what is around the cars.  All of the data captured by the cameras and LIDAR combined with weather information as well as class schedules will be used to understand pedestrian traffic patterns.
In the near term, Ford and MIT researchers hope to use all that data to predict demand for the shuttles, then routing those vehicles to areas where they’re needed most at the corresponding times.
   But Ford posits the research project at MIT could also enhance the concept of ride-hailing as a whole because it’s focused on developing predictive algorithms that will direct vehicles to where people are most likely to need them and, hopefully, reduce wait times.  In other words, this research could eventually be used for a commercialized, on-demand shuttle service well beyond the borders of Ford’s company campus.


I would not have expected Microsoft to help Apple.  Silly me.  On the other hand, I don’t think I would have ever thought of their solution. 
Microsoft thinks it can do a better iPhone camera app than Apple
Don’t look now, but Microsoft is becoming a serious player in the world of iPhone apps.
It has already brought over Office and subsumed well-regarded email app Acompli and calendar app Sunrise into a revamped Outlook for iPhone.  Now, Microsoft is looking to offer up a rival to the built-in camera app.
Microsoft Pix, a free app from Microsoft Research, focuses first and foremost on delivering better pictures of people.  It does this by continuously taking pictures when the app is open and using an algorithm to choose the best shot or shots from among 10 images (seven just before the camera button is pressed and three after).

Wednesday, July 27, 2016

Do you get the feeling that some people just don’t get the whole “security thing?”  (Note that ScanWorx.com in also offline.) 
Sometimes, I’d really love to know why.
Caitlin Mota reports:
Apparently, someone really doesn’t like Harrison.
Since the West Hudson town’s website was initially hacked on July 7,  Harrison’s website has been infiltrated seven more times in the past two weeks, officials said.
“These are highly intelligent criminals who seek to cause havoc and destruction in the cyber world,” said Nick Ayala of Scan Worx, the company that has managed the town’s website for eight years.  “Unfortunately, these are the times we live in.”
Harrison Mayor James Fife told The Jersey Journal this morning that the town’s website does not contain any private information and no “sensitive material” has been compromised.
Read more on NJ.com.
[From the article:
Asked if he knew why his town's website -- which is currently offline -- is being targeted, Fife said it was "almost impossible" to determine.
"I don't know why, I don't think anyone knows," the mayor said. 
Ayala said Scan Worx has put in hundreds of hours working to repair the website, along with adding extra security features. [A typical response.  Why were they not there in the first place?  Bob]


For my Ethical Hacking students.  Yet another example of a “new” technology that security has not caught up with.  Encrypting communications has been around for thousands of years, but no one thought it might apply to them? 
Hackers Can Spy on Wireless Keyboards From Hundreds of Feet Away
   According to research published Tuesday by Bastille, a cybersecurity company, eight wireless keyboards manufactured by major electronics companies transmit information in a way that makes it possible for a hacker to eavesdrop on every sentence, password, credit card number, and secret typed on them.

(Related) Every new technology needs to re-invent the security wheel.
Wearables could compromise corporate data
As smartwatches and other wearables gain popularity, experts are warning of potential data security risks in workplaces.

Some employees have begun connecting their personal smartwatches with corporate Wi-Fi networks, which could mimic the problems caused when personal smartphones started showing up at work several years ago.  That earlier bring-your-own-device (BYOD) trend fostered an explosion of software products from various vendors for managing devices securely, alongside laptops and desktops.
   Gillespie is concerned that as smartwatches are allowed to attach to emails -- or internal productivity software in some cases -- vital corporate and personal data could be lost, stolen or corrupted.
The problem is only just emerging and few companies seem to understand the potential harms, Gillespie and others said.
"As of now, wearables and Internet of Things devices are not getting attached to employer networks and so it's not been viewed as a serious problem," Gillespie said in an interview.  "But I do think employer IT and HR departments should be aware that the consumer rollout of wearables has not been designed with enterprise data security in mind."


This is in Chicago.  Think it will spread? 
Joe Cadillic writes:
Nearly 1,500 people were arrested earlier this year, because they were put on a police ‘Strategic Subject List‘ (SSL).  The SSL was formerly called the ‘Heat List‘ which started in 2013.  (SSL is just another term for Predictive Policing)
According to CBS Chicago police are using an algorithm to predict who’ll commit a crime in the future!
The SSL uses an algorithm to try to predict who is most likely to be involved in a shooting – either as the shooter or victim – by analyzing data such as gang affiliations, criminal records, past shootings, and previous contact with police.
Read more on MassPrivateI.


Perhaps Bitcoin is becoming more acceptable?
Europe's first regulated bitcoin product launches in Gibraltar
Europe's first regulated bitcoin product - an asset-backed exchange-traded instrument that will invest exclusively in the digital currency - begins trading this week on the Gibraltar Stock Exchange and Germany's Deutsche Boerse.
The Web-based currency can be used to send money instantly around the world, free of charge and with no need for third-party checks.  It is accepted by several major online retailers and is used in more than 200,000 daily transactions.
Its value has been highly volatile, peaking at more than$1,200 in late 2013 before crashing after the collapse of the Mt. Gox bitcoin exchange.  It has since stabilized somewhat, trading at around $655 on Monday, up more than 50 percent this year.

(Related) It’s not money, but it is currency and you can buy stuff with it.  Got it? 
Bitcoin not money, Miami judge rules in dismissing laundering charges
A Miami-Dade judge ruled Monday that Bitcoin is not actually money, a decision hailed by proponents of the virtual currency that has become popular across the world.
In a case closely watched in financial and tech circles, the judge threw out the felony charges against website designer Michell Espinoza, who had been charged with illegally transmitting and laundering $1,500 worth of Bitcoins.  He sold them to undercover detectives who told him they wanted to use the money to buy stolen credit-card numbers.
But Miami-Dade Circuit Judge Teresa Mary Pooler ruled that Bitcoin was not backed by any government or bank, and was not “tangible wealth” and “cannot be hidden under a mattress like cash and gold bars.”
“The court is not an expert in economics; however, it is very clear, even to someone with limited knowledge in the area, the Bitcoin has a long way to go before it the equivalent of money,” Pooler wrote in an eight-page order.
   “This court is unwilling to punish a man for selling his property to another, when his actions fall under a statute that is so vaguely written that even legal professionals have difficulty finding a singular meaning,” she wrote.
The ruling was lauded by Bitcoin experts who believe the ruling will encourage the use of the virtual currency, and offer a roadmap to governments across the world that have struggled to understand and regulate it.
   Law enforcement has struggled to figure out how Bitcoin fits into illegal activities, and Espinoza’s case was believed to be the first money-laundering prosecution involving the virtual currency.
The controversial virtual currency allows some users to spend money anonymously and it can be also be bought and sold on exchanges with U.S. dollars and other currencies.
   Regulated services such as CoinBase, which operates similarly to PayPal, allow people to buy, sell and use the Bitcoins.  But authorities have raised concerns about the currency being used in the anonymous black market.
Most notoriously, Bitcoins were used to traffic drugs in the now-shuttered Silk Road network. In an unrelated South Florida case, a Miramar man got 10 years in prison after using Bitcoins to buy Chinese-made synthetic heroin from a Canadian prisoner.


For a second there, I thought LinkedIn was saying that PowerPoint sucked.  Apparently, PointDrive is more about tracking customer eyes.  Send them a bunch of data, find out what they looked at and then sell, sell, sell! 
LinkedIn acquires Chicago-based PointDrive
PointDrive, a Chicago-based presentation-sharing software startup, has been acquired by LinkedIn, the companies announced Tuesday.
   PointDrive, which CEO Bill Burnett launched widely in 2014, lets users create presentations and send them through its Web app or an email link.  The goal is to present files in a more organized, visually appealing manner than email attachments, and to collect analytics on when, for how long, and where recipients look at presentations.


Perspective.  Okay, I admit this one snuck up on me. 
Apple Pay Now Accounts for Three-Fourths of U.S. Contactless Payments


What do you bet that the US will double this amount next year?  (My tax dollars at work waste!)
U.S. Spent $1.4 Billion To Stop HIV By Promoting Abstinence. Did It Work?
In the past 12 years, the U.S. has spent more than $1.4 billion funding abstinence programs in Africa.  They're part of a larger program — called the President's Emergency Plan for AIDS Relief — aimed at stopping the spread of HIV around the world.
Many health officials consider PEPFAR a success. It is credited with giving lifesaving HIV drugs to more than 5 million people and preventing nearly 1 million babies from getting HIV from their mothers.
But a study, published Monday in Health Affairs, finds the abstinence programs have been a failure.
   The results were clear: PEPFAR funding wasn't associated with changes in young people's choices about sex. Bendavid and his team could find no detectable differences in the rates of teenage pregnancies, average number of sexual partners and age at first sexual intercourse in countries that had received PEFPAR money compared with those that hadn't.


I could use this to plan my IoT class!  Maybe.
Searching for the Internet of Things on the Web: Where It Is and What It Looks Like
by Sabrina I. Pacifici on Jul 26, 2016
Searching for the Internet of Things on the Web: Where It Is and What It Looks Like.  Ali Shemshadi, Quan Z. Sheng, Wei Emma Zhang, Aixin Sun, Yongrui Qin, Lina Yao  (Submitted on 23 Jul 2016).
“The Internet of Things (IoT), in general, is a compelling paradigm that aims to connect everyday objects to the Internet.  Nowadays, IoT is considered as one of the main technologies which contribute towards reshaping our daily lives in the next decade.  IoT unlocks many exciting new opportunities in a variety of applications in research and industry domains.  However, many have complained about the absence of the real-world IoT data.  Unsurprisingly, a common question that arises regularly nowadays is “Does the IoT already exist?”.  So far, little has been known about the real-world situation on IoT, its attributes, the presentation of data and user interests.  To answer this question, in this work, we conduct an in-depth analytical investigation on real IoT data.  More specifically, we identify IoT data sources over the Web and develop a crawler engine to collect large-scale real-world IoT data for the first time.  We make the results of our work available to the public in order to assist the community in the future research.  In particular, we collect the data of nearly two million Internet connected objects and study trends in IoT using a real-world query set from an IoT search engine.  Based on the collected data and our analysis, we identify the typical characteristics of IoT data.  The most intriguing finding of our study is that IoT data is mainly disseminated using Web Mapping while the emerging IoT solutions such as the Web of Things, are currently not well adopted.  On top of our findings, we further discuss future challenges and open research problems in the IoT area.”


Next best thing to having my students write their own textbook,
Opening the Textbook: Educational Resources in U.S. Higher Education, 2015-16
by Sabrina I. Pacifici on Jul 26, 2016
Opening the Textbook: Educational Resources in U.S. Higher Education, 2015-16  I. Elaine Allen, Ph.D. Professor of Biostatistics & Epidemiology, UCSF Co- Director, Babson Survey Research Group Jeff Seaman, Ph.D. Co- Director, Babson Survey Research Group.
Most higher education faculty are unaware of open educational resources (OER)–but they are interested and some are willing to give it a try.  Survey results, using responses of over 3,000 U.S. faculty, show that OER is not a driving force in the selection of materials – with the most significant barrier being the effort required to find and evaluate such materials.  Use of open resources is low overall, but somewhat higher for large enrollment introductory-level courses.”


“Lazy is as lazy does?”  I don’t play computer game (I stink at games) so this would be perfect for me.
The tireless, automated bots that want to play Pokémon Go for you
Last week, we took a look into the growing world of Pokémon Go hacks that reveal the location of usually hidden Pokémon nearby.  Now, a new wave of PC-based Pokémon Go "bots" take the hacking a step further, spoofing locations and automating actions to essentially play the game for you while you sit in the comfort of your own home.
There are a number of competing bots out there, from the open source Necrobot to the pre-compiled Pokébuddy to MyGoBot, which recently started charging $4.99 for its automation tool following a three-hour free trial.  All of them work on the same basic principles, sending artificial data to the Pokémon Go servers to simulate an extremely efficient, entirely tireless player.

(Related)  Like “SWATting, but for gamers.”  
Pokémon GO users PRANKED into stampeding local park to catch Mewtwo

(Related)  …which suggests this idea for a sting.
Cops should use the Pokemon Go craze to catch mobile phone thieves, urge politicians
The calls come after a reported spate of crimes has seen crooks mugging or attacking Pokémon Go players, who travel to real locations to collect items and catch monsters.
Vulnerable victims – many of whom are youngsters – are likely to be distracted while playing and holding their phones out in front of them, and they could be lured or tracked to isolated locations, a Tory warned.
Conservative London Assembly member Steve O’Connell said the Met should station cops near key “PokéStops” locations, that are likely to be used by lots of players.

Tuesday, July 26, 2016

Something novel.  It wasn’t North Korea? 
The Korea Herald reports:
Police said Monday they are investigating a hacking case involving a leak of more than 10 million customer data from a leading South Korean online shopping mall.
An unidentified suspect allegedly hacked into the server of Interpark Corp. and stole customer information, including names, addresses and phone numbers, in May, according to police.
Police suspect that the hacker sent an email containing malicious codes to the company officials and penetrated its database.
The investigation was launched earlier this month as the online shopping mall operator reported to police that the hacker asked for money, threatening to go public with the fact that Interpark’s data was stolen. 
Read more on Korea Herald.


Some things you might not know about Pokémon.
The CIA, NSA and Pokémon Go


Continuing my “no consequences” theme.  “Yes, they broke the law we are responsible for enforcing and if they do it again we may look into actually getting off our asses and doing something.  But don’t count on it.”  (How not to encourage addicts to seek help?)
File this under “small breach, huge harm.”
Mike Anderson reports that a woman is suing Pennington County because employees at City County Alcohol Drug Program (CCADP) violated federal law when they notified law enforcement that they had found a used syringe in her possession when she came to them, seeking help.
Their notification appears taboo to me under the Confidentiality Of Alcohol And Drug Abuse Patient Records Regulation (42 CFR Part 2), but hey, IANAL and all those disclaimers.
Disturbingly, perhaps, every agency the woman and her legal representative have contacted refuse to take any action and say that what the program did is permissible.
And what did OCR do when the woman, who spent 200 days in jail after being convicted on charges, filed a complaint under HIPAA?
Giroux recently received a response from the Office for Civil Rights, a federal agency that protects an individual’s civil and privacy rights.  Like the other groups she has reached out to, the OCR said in its letter that it will not take any punitive action, but with one crucial difference.
Based on Giroux’s description of events, the letter acknowledged that a breach of federally protected confidentiality had indeed occurred.  The OCR informed Giroux that it has closed its case against the Pennington County drug treatment center with one caveat:
If it receives another complaint alleging that Pennington County drug treatment staff have broken the confidentiality rights of their clients, “OCR may initiate a formal investigation of the matter.”
So maybe there wasn’t a breach of 42 CFR Part 2, but there was a HIPAA breach?  And OCR won’t do anything unless someone else also claims to have been harmed or the victim of a similar breach?
Wow.  That is terribly disappointing. I’d like to see a record of HHS/OCR notifying them, in writing, that what they have done violates HIPAA, and don’t do that again.


Perspective.  Do you think that buying failed companies is the road to success?  I don’t see this working, but I have been spectacularly wrong in the past.  So, what do I know.
Yahoo Deal Could Put Verizon in Google and Facebook's League
Verizon Communications on Monday announced that it had entered into a definitive agreement to acquire Yahoo's operating business for approximately US$4.83 billion in cash. The deal, which comes on the heels of Verizon's $4.4 billion AOL purchase last year, will allow it to expand its digital advertising business.
   However, "going forward, it's not a new beginning for Yahoo," added Steve Blum, principal analyst at Tellus Venture Associates.
"It's more likely to be broken apart and recombined with AOL and other Verizon assets," he told the E-Commerce Times.
   "Remember that Microsoft offered $45 billion for essentially the same deal in 2008," said Tirias' Teich.
"That should put the current $4.8 billion price in context," he added.
"Yahoo's biggest problem is sinking value," observed Blum.
"In 2008, Microsoft's offer at the time was considered a bargain basement price -- Yahoo hit $125 billion during the dot-com boom," he recalled.  "From a shareholder's perspective, $4.8 billion now is a better play than likely taking less in a year or two."


Architecting a business model.
How Industrial Firms Can Pivot to Digital Business Models
   For example, Walmart dominated the retail market for a long time and yet it is battling Amazon for its future.  How about the yellow-page companies — where are they now?  Nowhere to be found, because they didn’t understand the web and search and so left the market to Google.  Is the same going to be true for the hotel industry, in that existing giants such as Starwood and Marriott will capture the future opportunity for us all renting out houses or will Airbnb own the market?  As for cars and transport, will it be owned by GM, Ford or Uber and its Chinese rivals?  So the question for the industrial giants of today — whether they are in oil production, car manufacturing or real estate development — is this: What is your future business model?  Will it be inside out (organization-centric) or outside in (network-centered)?

(Related)  An Infographic for my Data Management students.
Infographic: Moving Digital Transformation Forward


Why?  Is the UK more forward thinking?  How? Do they have easier laws or easier politicians?
Amazon Expands Drone Testing in Britain
Amazon has partnered with the British government to significantly expand drone testing, a move that could allow the devices to deliver packages to British homes far earlier than in the United States.
Under the partnership, Britain’s aviation regulator will let Amazon test several aspects of drone technology — such as piloting the machines beyond the line of sight of its operators — that the Federal Aviation Administration in the United States has not permitted.  The tests, which are an important sign of confidence in Britain [???  Bob] after its historic vote last month to leave the European Union, are to begin immediately.


Interesting high-level summary.  This might start some businesses thinking, but I doubt anyone in government can think.
How Is the Federal Government Using the Internet of Things?
by Sabrina I. Pacifici on Jul 25, 2016
How Is the Federal Government Using the Internet of Things? By Daniel Castro, Joshua New & Alan McQuinn. July 25, 2016: “The Internet of Things (IoT)—a term used to describe the set of physical objects embedded with sensors or actuators and connected to a network—offers numerous opportunities for the federal government to cut costs and improve citizen services.  Moreover, because the Internet of Things generates positive network externalities, widespread adoption by the government will spur commercial adoption.  While early adopters in the federal government have already demonstrated the potential of this technology with projects that improve public safety, reduce energy use, enhance military capabilities, and improve worker health, overall adoption across federal agencies is still very low.  The federal government faces a number of challenges that have slowed the adoption of the Internet of Things in the public sector.  First, there is a lack of strategic leadership at the federal level about how to make use of the Internet of Things.  Second, federal agencies do not always have workers with the necessary technical skills to effectively use data generated by the Internet of Things.  Third, federal agencies do not have sufficient funding to modernize their IT infrastructure and begin implementing IoT pilot projects.  Fourth, even when funding exists, federal procurement policies often make it difficult for agencies to quickly and easily adopt the technology.  Finally, risks and uncertainty—about privacy, security, interoperability, and return on investment—delay federal adoption as potential federal users wait for the technology to mature and others to adopt first…”


Publish or perish?
Law Journals: Submissions and Ranking, 2008 – 2015
by Sabrina I. Pacifici on Jul 25, 2016
Washington and Lee School of Law – “The purpose of the Law Journal Rankings Project is to give scholars a resource to locate law journals by subject, country or publication, or ranking (where available), to display journal editorial information, and to facilitate an author’s article submission to those journals.  The site currently ranks journals based on citation data from a 2007-2014 survey period.  The site is updated annually.  In February 2016 the site will be updated with data from a 2008-2015 survey period.  Most bar journals, magazines, and newsletters are excluded from this list.


I hope this is because they are no longer needed, not because the Brits think they need to get the word out in case Donald Trump is elected?
BBC open access to archive of plans for response to nuclear war
by Sabrina I. Pacifici on Jul 25, 2016
BBC Magazine – The BBC’s detailed plans for nuclear war: “For the first time, the BBC has given detailed access to the plans it drew up in the Cold War for a Wartime Broadcasting System to operate in the event of nuclear war.  Paul Reynolds, a former BBC diplomatic and foreign correspondent, has been studying the secrets of what was known as the “War Book”.


Investing on a whim?  As random as finding a rare Pokémon. 
Nintendo Slumps By Most Since 1990 on Dashed Pokemon Go Hopes
Nintendo Co. shares plunged by the most since 1990 after the company said late Friday that the financial benefits from the worldwide hit Pokemon Go will be limited.
The stock sank 18 percent to 23,220 yen at the close in Tokyo, the maximum one-day move allowed by the exchange, wiping out 708 billion yen ($6.7 billion) in market value.
   The correction comes after Pokemon Go’s release almost doubled Nintendo’s stock through Friday’s close, adding $17.6 billion in market capitalization.  Nintendo is a shareholder in the game’s developer Niantic Inc. and Pokemon Co., but has an "effective economic stake" of just 13 percent in the app, according to an estimate by Macquarie Securities analyst David Gibson.


Perhaps I could use this in my classroom.  All my students have Smartphones – unfortunately, I don’t. 
A Crowd-sourced List of Google Cardboard Apps & Videos
During the ISTE conference this year I met Jack Bosley who is an educational technology teacher in Kentucky.  He introduced himself after the panel discussion, hosted by Samsung, about virtual reality in education.  Jack shared with me a Google Form that he created to crowd-source a list of apps and videos to use in Google Cardboard viewers in classrooms.  So far the form has gathered thirty entries.  And you can contribute to the list here.  If you make a submission through the form, you will have access to the list.
Jack has also put together a great introductory presentation about Google Cardboard.  That presentation can be seen here.
People looking to learn more about virtual reality in education may be interested in the studies that I highlighted in this post that I published at the end of June.