Your City, Your State, Your K12 Public School all attacked using NSA weapon.

Your City, Your State, Your K12 Public School all attacked using NSA weapon.

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc
By Nicole Perlroth and Scott Shane
May 25, 2019

In Pennsylvania School Districts Stockpiling Huge budget surplus accounts, while still raising property taxes every year

WannaCry? Hundreds of US schools still haven’t patched servers
A dive into vulnerability data shows even big districts’ servers still offering up SMB v. 1.

I think patching your software and making backups will protect you better than blaming the Gov’t
or
… than blaming the government who weaponized an unknown flaw in software and made sure not to tell the software vendor, in order to prevent a patch which customers could install, you mean?
or
Microsoft was warned, and the patch came out a month before Shadow Brokers dumped it.

If you’re wondering why ransomware continues to be such a problem for state and local governments and other public institutions, all you have to do to get an answer is poke around the Internet a little. Publicly accessible security-scan data shows that many public organizations have failed to do more than put a bandage over long-standing system vulnerabilities that, if successfully exploited, could bring their operations to a standstill.

While the method by which RobbinHood ransomware infected the network of Baltimore City two weeks ago is still unknown, insiders within city government have pointed to the incomplete efforts by the Office of Information Technology to get a handle on the city’s tangle of software, aging servers, and wide-flung network infrastructure. Baltimore isn’t even the only city to have been hit by ransomware in the last month—Lynn, Massachusetts, and Cartersville, Georgia, both had electronic payment systems taken offline by ransomware this month. Greenville, North Carolina, was struck by the same RobbinHood ransomware affecting Baltimore in April.

But cities aren’t the only highly vulnerable targets to be found by would-be attackers. There are hundreds of thousands of Internet-connected Windows systems in the United States that still appear to be vulnerable to an exploit of Microsoft Windows’ Server Message Block version 1 (SMB v. 1) file sharing protocol, despite repeated public warnings to patch systems following the worldwide outbreak of the WannaCry cryptographic malware two years ago. And based on data from the Shodan search engine and other public sources, hundreds of them—if not thousands—are servers in use at US public school systems. Even in cases where Microsoft’s patch of SMB v. 1 has been applied, the protocol remains a potential security problem—one that some organizations can’t completely close because some vendors still require the protocol for applications such as networked copiers and scanners.

While conducting research as a follow-up to our coverage of Baltimore City’s ongoing ransomware attack, Ars discovered that neighboring Baltimore County’s public school system had eight publicly accessible servers that still were running in configurations that indicated they were vulnerable to EternalBlue, the Equation Group exploit exposed by Shadow Brokers in April 2017 and then used as part of the WannaCry malware a month later. The exploit is now packaged as part of multiple malware kits, according to security researchers.

https://arstechnica.com/information-technology/2019/05/two-years-after-wannacry-us-schools-still-vulnerable-to-eternalblue/

SEE

Where are the State AG’s in protecting the citizens from malware that “gets away” from the NSA? The weaponized software created by the NSA…. when employees who have been taught everything by the NSA leave their jobs and take what they know with them then form companies and sell their “knowledge /skills / know how” learned on the job by working for America to enemies.

https://krebsonsecurity.com/2017/12/former-nsa-employee-pleads-guilty-to-taking-classified-data/


02
Dec 17

Former NSA Employee Pleads Guilty to Taking Classified Data

A former employee for the National Security Agency pleaded guilty on Friday to taking classified data to his home computer in Maryland. According to published reports, U.S. intelligence officials believe the data was then stolen from his computer by hackers working for the Russian government.

Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today to “willful retention of national defense information.” The U.S. Justice Department says that beginning in April 2006 Pho was employed as a developer for the NSA’s Tailored Access Operations (TAO) unit, which develops specialized hacking tools to gather intelligence data from foreign targets and information systems.

According to Pho’s plea agreement, between 2010 and March 2015 he removed and retained highly sensitive classified “documents and writings that contained national defense information, including information classified as Top Secret.”

Pho is the third NSA worker to be charged in the past two years with mishandling classified data. His plea is the latest — and perhaps final — chapter in the NSA’s hunt for those responsible for leaking NSA hacking tools that have been published online over the past year by a shadowy group calling itself The Shadow Brokers.

https://thehill.com/policy/national-security/436950-former-cia-nsa-employees-sue-agencies-over-alleged-censorship

Ex-NSA employees criticize Mike Rogers’ role with Israeli venture firm

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc By Nicole Perlroth and Scott Shane May 25, 2019

For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.

But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.

Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.

It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.

< – >

WHERE ARE THE CLASS ACTION SUITS?

WHY DOESN’T THE STATE HOLD THE DEFENSE DEPARTMENT ACCOUNTABLE FOR THE DAMAGE DONE TO THEIR CITIZENS?

Breaking news. Patch yourself for the CVEs exploited by NSA tools on the loose. This includes major cities!

ETERNALBLUE was initially nicknamed EternalBluescreen —NSA never seriously considered alerting Microsoft about discovering the vulnerability (before Shadow Brokers happened), and —“held on it” (“used it,” presumably) for more than five years
https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html


NEW: Baltimore was hit with an NSA hacking tool that is being used to hijack U.S. cities. ⁦⁩ and I spent months looking into the origins of EternalBlue, a stolen NSA weapon that is popping up in more and more attacks across the country.

The NSA spent more than a year searching for the flaw in Microsoft’s software and writing the code to exploit it.

NSA TAO operators jokingly referred to it as “EternalBluescreen” because it often crashed computer systems, a risk they might tip off targets. It took months to hone. Once it became a reliable espionage tool, it netted some of the NSA’s best counter-terrorism intelligence, and there was never any serious consideration that NSA would turn over the underlying flaw to Microsoft for patching.

The NSA kept it for 5+ years until unidentified hackers threatened to publish it.

In April 2017, the group, which calls itself the ShadowBrokers, dumped it online, where it has been picked up by North Korea, Russia, Iran and, just this week, China in attacks that have cut a path of destruction around the globe. But in the last year, it has boomeranged back to the NSA’s own backyard, hitting Baltimore, Allentown, San Antonio and countless other cities in attacks that have paralyzed municipal operations and alarmed government officials, who privately say the NSA needs to account. The NSA refuses to discuss the incidents or even acknowledge that the dumped tools were part of its cyber arsenal, but in an unusually candid interview, NSA former director Mike Rogers, who oversaw the agency during the leak, deflected blame. “If Toyota makes pickup trucks and someone takes a pickup truck, welds an explosive device onto the front, crashes it through a perimeter and into a crowd of people, is that Toyota’s responsibility?

“The N.S.A. wrote an exploit that was never designed to do what was done.”

Microsoft rejects that analogy: “These exploits are developed and kept secret by governments for the express purpose of using them as weapons or espionage tools. They’re inherently dangerous. When someone takes that, they’re not strapping a bomb to it. It’s already a bomb.”

EternalBlue is being packaged as part of many malware attacks as one possible lateral movement tool. Making a bomb is very much responsibility of the creator.

NSA toyota analogy was not correct. Exploit is like a bomb its a different matter who detonate it and where. NSA is very much responsible for their malicious espionage tools.

https://twitter.com/waveslide/status/1132442317372219392

EternalBlue was leaked 2 years ago. MS patched BEFORE it hit the wild. Some industry gossip the NSA knew they’d lost control and gave MS a heads-up. THIS PATCH HAS BEEN OUT FOR TWO YEARS! If it hits your network now, you deserve it. Usually, it’s a component of a malware package.

China has also been able to intercept an NSA tool as it attacked their networks. They stopped it, copied it, modified it, and sent it back to us and all of our allies.


‏ @bitsdigits
No, it wasn’t the NSA hacking tool that did this. It was basic exemptions to the #Baltimore #CIO policies that didn’t address patch management deficiencies that did this. Has anyone looked at what .gov requirements are
https://home.dotgov.gov/registration/requirements/

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc

https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html

For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.

But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.

Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.

It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.

< – >

https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html

In Pennsylvania School Districts Stockpiling Huge budget surplus accounts, while still raising property taxes every year

[ECP] NetHappeinings 3/12/19 #K12 #CPO

#NetHappenings @Nethappenings

3/12/19 #Web30 The World Wide Web turns 30 today!

Do you remember what life was like 30 years ago, pre-www,  when cyber-utopians heralded the new era of human collaboration and communication to  the underworld of social media posts called  ‘e-bile’?

Who Invented the Internet?
Who Controls The Internet?
Seven people control the system at the heart of the web: the domain name system, or DNS.

NetHappenings Where Internet Pioneer Gleason Sackmann got things started.

► @NetHappenings 

► K12PlayGround TM 
1st and oldest online K12 School directory in the World ©1993 History:
Be a part of Internet History!
Find, Edit, and Submit your K12 school information.
Join a #STEAM Project link to video project  find with #hashtags
@K12PlayGround

EduTech of ND @EduTechND History: Where Internet Pioneer Gleason Sackmann got things started.
EduTech provides information technology services and education technology professional development to K-12 educators in ND.

https://twitter.com/edutechnd

Girls Go CyberStart. The 2019 Girls Go CyberStart program is a series of online challenges that allow students to act as cyber protection agents to solve cybersecurity-related puzzles and explore related topics such as cryptography and digital forensics.
+++++++++++++++++++++++++++++++++++++++

NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system. It is available for a wide range of platforms, from large-scale servers and powerful desktop systems to handheld and embedded devices.

Marcus J. Ranum, #Computer and #NetworkSecurity Researcher is now discussing our assumptions about #ComputerSecurity at #govsatcom 2019 #CyberSecurity #Luxembourg

2011 “The Internet will remain as insecure as it is possible to be and still function. ” -Marcus Ranum

► Amnesty Demands Israel Revoke NSO’s License After Haaretz Report on Firm’s Negotiations With Saudis Israeli Firm’s Spyware Was Used to Track Khashoggi

► Coinbase’s Newest Team Members Helped Authoritarians Worldwide Monitor Journalists and Dissidents H — king team
https://foreignpolicy.com/2016/04/26/fear-this-man-cyber-warfare-hacking-team-david-vincenzetti/

Never underestimate power, never underestimate fame. And our nation is run on loyalty, whether it be in Congress or your own little home, we’re positively tribal. Being rich and famous does not entitle you to break society’s rules. From time immemorial the wealthy have paid for silence, look at banks and offshore tax accounts.

+++++++++++++++++++++++++++++++++++++++

How much less California spends on each public school student than other states.
$25.4k per student in NYC, $16.7k in PA and $10.4k here in California.
How do young families keep moving  to CA?

Rankings of the States 2017 and Estimates of School Statistics 2018

California is 41st in the nation in per pupil K-12 spending

California is “No. 1 in per prisoner” spending.

Mostly True: You are shocked because the stats are bunk. Look at how much California teachers make (2nd highest in US) and then ask how overall spending could rank 41st? Answer: the 41st stat, like the $10.4k per student stat, has been helpfully “adjusted” to eliminate salary differences.

FALL ENROLLMENT 49,800,148 children
Average Daily Attendance 46,457,525 children

2017 High School Graduates 3,238,440 page 18

AVERAGE SALARY OF INSTRUCTIONAL STAFF 60,206 page 25
AVERAGE SALARY OF TEACHERS  58,479 page 26

How Much Federal Money follows the child out of the public school system into for profit charter follows no rules companies.

PUBLIC SCHOOL REVENUE PER STUDENT IN FALL ENROLLMENT page 29
PERCENTAGE OF COMBINED STATE & LOCAL REVENUE 49.8 page 34

The exceptions start on page 83
example: Enrollment figures only include students attending public schools and do not include those students attending private schools at public expense.

WHAT ABOUT ALL THE MONEY FROM THE LOTTERY?

Is The Lottery Shortchanging Schools?

Powerball Windfall? Schools Don’t Always Benefit From Lottery Sales

“Revenues generated from lottery have very little or no impact on overall education spending,” said Lucy Dadayan, a senior policy analyst at the Nelson A. Rockefeller Institute of Government, an Albany, New York, think tank. The reason: State legislatures often use the millions of dollars that come in from the lottery as an opportunity to reallocate other funds intended for schools from the state’s general revenue, making the overall education budget barely higher than it was before lottery money was added. “The state legislators added the funding in to the budget, and then they take it out,” said John O’Neil, communications director for the Virginia Education Association, an organization of more than 50,000 teachers and school professionals.

►Public school districts large systems that serve close to or more than 100,000 students have No Chief Privacy Officers.

Who is senior-level official who is responsible for the organization’s privacy policies and data governance in your school district?

Big Education Ape: Oakland, CA: Billionaires Will Convene to Discuss New Plans for Privatizing Public Schools | Diane Ravitch’s blog

Stats already show that Charter Schools do not graduate their students from high school.

Billionaires want all the K12 Department of Education money meant for the common good, the commons, our common wealth for their own pocket. These billionaires want the tax payers money for their own private  gain just to enrich themselves.

This has NOTHING to do with the quality of K12 Education.

The big business of selling student information and they do not protect their rights to privacy.

This is the art of the Steal.

https://www.newschools.org/about-us/team/donors/

Buying and selling the Data!

Anonymous at the top of the list
Chan Zuckerberg Foundation
Charles & Helen Schwab Foundation
The Walton Family Foundation
W.K. Kellogg Foundation
Perkins Hunter Foundation (Perkins family wealth started by opium drug running pirates)
The College Board
Michael & Susan Dell Foundation
John & Ann Doerr
Omidyar Network

► THERE ARE NO CHIEF PRIVACY OFFICERS IN K-12 EDUCATION

Children’s Rights K12 School Rights vs. Students Online privacy rights.

#StudentPrivacyRights

#ChiefPrivacyOfficer #CPO #K12CPO

STUDENT RIGHTS TO PRIVACY AND K12 SCHOOL RIGHTS VS. STUDENTS ONLINE PRIVACY RIGHTS.
and

DO YOU KNOW WHAT YOUR STATE IS COLLECTING ABOUT YOUR CHILD?There isn’t a single school district with a K-12 CPO. In fact, it is still extremely rare for districts to hire even one full-time employee dedicated to privacy.

Student Privacy Bill Protection : No Parental Consent Needed for Data Mining

Anyone who tells you they don’t need privacy because they “have nothing to hide” is a sheep that will enable a total surveillance state. Just don’t do it. Privacies protect our basic human rights.

► This story on IBM hoovering up millions of Flickr photos to power its facial recognition machine learning is fascinating and a nightmare

Facebook Is Giving Advertisers Access to Your Shadow Contact Information

: “Screen-grabbed from Facebook: a teacher had her students turn their phone volume up and create a collective record

Alex Stamos on Twitter: “This explains how Facebook plans to monetize a unified, 2 billion user end-to-end encrypted messaging service. I can’t think of a tech project with a more important privacy/safety balancing act than this one. I hope my friends working on it start public discussions on that.

Bob Lefsetz Zuckerberg’s Blog Post
A Privacy-Focused Vision for Social Networking
This isn’t about privacy, this is about MONOPOLY!

 

+++++++++++++++++++++++++++++++++++++++

COLLEGE ADMISSIONS IS BRIBED

A few months ago I was interviewing a college admissions coach who told me the following about how big of a donation it takes to get a child into an Ivy no questions asked: “There’s a certain magic number. It’s way higher than people think: $10 million.”

“what it takes to break into the 1% in various countries

$25 million nationwide college admissions cheating scam

“This case is about the widening corruption of elite college admissions through the steady application of wealth combined with fraud,” Andrew Lelling, the U.S. attorney for the District of Massachusetts, said at a news conference. According to Lelling, the ringleader of the scam is William Singer, owner of a college counseling service called Key Worldwide Foundation, who accepted bribes totaling $25 million from parents between 2011 and 2018 “to guarantee their children’s admission to elite schools.”
“The parents are a catalog of wealth and privilege,” Lelling said. “They include, for example, the CEOs of private and public companies, successful securities and real estate investors, two well-known actresses, a famous fashion designer and the co-chairman of a global law firm.”
Also named as defendants in the indictment are Robert Zangrillo, founder and CEO of the private investment firm Dragon Global; Bill Glashan, a businessman and international private equity investor; and Gordon Caplan, a New York attorney.

► Former PIMCO CEO Doug Hodge Named In Fraud Complaint Alongside Aunt Becky From “Full House”
Imagine surviving years of working with Bill Gross only to be taken down by bribing your kid into college. Um, Doug? You do have to talk in code. You’re doing a fraud.
JFC, you’d think a guy who spent that much time with Bill Gross would know how to bullshit properly.

How a Bicoin Evangelist Made Himself Vanish, in 15 (Not So Easy) Steps
#10 Buy a decoy house to fool the D.M.V.
Dozens of companies leaked sensitive data thanks to misconfigured Box accounts
Hospitals have ‘holy grail of personal data, ‘ yet their spending lags on 
digital security
Car alarms with security flaws put 3 million vehicles at risk of hijack
Drop Huawei or See Intelligence Sharing Pared Back, U.S. Tells Germany
Defense tech founded by Trump’s most prominent Silicon Valley supporters wins secretive military AI contract
Dreamers and Dropouts: Stories From Stanford, Cradle of Unicorns: The Good and the Bad of Stanford’s Massively Successful Startup Scene
Yes: a flying, jet-powered motorcycle As spec’ed out, the commercial speeder will weigh 231 lbs and be powered by four jet engines fueled with kerosene, diesel or Jet-A fuel. An ultralight version of the speeder will fly 60mph and won’t require a pilot’s license; alternatively, an experimental version of the craft will be able to fly over 150mph, but will require a formal license to fly. That aircraft should also have 30 minutes of flight time with 1200lbs of max thrust and a flight ceiling of 15,000 feet, though JetPack fully admits that most of its customers won’t need that…
Cyberization means it’s not your daddy’s war anymore: Kurdish rebels are exploiting an app to befriend and get information from Turkish soldiers. Reminiscent of the dating apps used by Hamas recently to spy on Israeli soldiers.

 NYC Media Lab newletter – https://nycmedialab.org/data/
How AI Will Rewire Us
Nicholas A. Christakis, Sterling Professor of Social and Natural Science at Yale and author of Blueprint: The Evolutionary Origins of a Good Society, believes AI is the only general purpose technology (GPT) that will fundamentally change our relations towards each other. If you look at any other GPT – the steam engine, electricity, the internet – these have changed everything around us except our “love, friendship, cooperation, and teaching” – what Christakis calls our evolutionary social suite. In this Atlantic piece, he explores how AI will be the first GPT to affect our social suite. Christakis noticed some peculiar things at his Yale lab. For one, when you include a cheerful bot who admits to occasional mistakes in a group assignment, the humans in the group work better together, vs. groups with bland robots. This holds true in larger experiments, with thousands of participants: “groups with mistake-prone bots consistently outperformed groups containing bots that did not make mistakes”. ~ Joly MacFie

John Gilmore  **Copyright seizure approaching** SpaCCS 2019 CFP (10+SIs): The 12th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage

Don’t submit your paper to this conference!  When researchers refuse to
supply their papers to the publishers who extort monopoly fees from
academic librarians, they have found the easiest way to tear down these
monopolies.

If you submit any paper to this conference, you will be forced
to assign your entire copyright in the paper to “Springer Nature
Switzerland AG”, now and forever, for their profit and your loss
and the public’s loss (see below).

Jun Feng is a program chair.  He should know to warn authors that
the whole conference is a scam on academic authors, which steals their
copyrights in order to extract large fees from academic libraries.  But
perhaps he did not mention this because he’s helping to run the scam.

I recommend publishing your work in Open Access conferences and journals in which (1) you are free to retain your copyright and control your
rights, and (2) the public is free to read your paper without paying
exhorbitant fees to a walled-garden publisher that prevents public
access to your scholarship.  See
https://en.wikipedia.org/wiki/Open_access

For example, the USENIX
Association runs many respected conferences and does Open Access
publication of their proceedings (https://www.usenix.org/).  The Public
Library of Science journals are also Open Access
(https://www.plos.org/).  Open access publishing increases your impact,
because all potential readers can actually read your paper.  Many
funders and academic institutions *require* that your work be published
with open access, because they have seen how the academic publishing
monopoly has damaged academic libraries (and science in general).

For general info about the highly profitable scams around academic
publishing, see:
https://en.wikipedia.org/wiki/Academic_publishing#Publishers_and_business_aspects

Jun Feng <junfeng989@gmail.com> wrote:

Papers must be clearly presented in English, must not exceed 14 pages (or
up to 20 pages with the pages over length charge) in Springer LNCS format (
https://www.springer.com/gp/computer-science/lncs/conference-proceedings-guidelines),

5G the Free WiFi Killer

From: Dave Burstein dslprime.com
Date: Monday, August 24, 2015
Subject: “5G the Free WiFi Killer” EE Times

The Intel/Verizon/Ericsson model of future wireless has everything controlled by a (carrier-managed) gateway. This report from the Intel Developers’ Forum suggests troubling consequences.
The EE Times article below may be making some assumptions I don’t share, but the underlying point is on target. The author fears a carrier gateway will impede WiFi and more. To be proven.
50-70% of wireless traffic now goes over WiFi, a figure that will increase as faster WiFi routers become common and more home gateways are configured to share unused bandwidth.
That’s an existential threat to phone companies depending on revenue from expanding data usage. They are fighting back in industry fora, including defining LTE-U/LAA as “LTE spectrum owners only” and seeking to dedicate 40 MHz of current WiFi spectrum to the 4 telcos.
Anyone who believes in a “multi-stakeholder” “open” Internet should be worried. In particular, the carriers are bringing this to industry only organizations especially 3GPP (the LTE standard setter), EU 5G groups, the Flex5GWare project and Horizon2020.
We badly need to get a consumer voice in these groups. I’ve raised the issue to Larry Strickling (U.S. Gov) and Kathy Brown (ISOC). vocal supporters of “multi-stakeholder.” The decisions being made in these groups will have more impact on consumers than the limited scope of the ITU/ICANN debate. I’m only one voice and I hope more speak up on the importance of the public interest.

5G the Free WiFi Killer

http://www.eetimes.com/document.asp?doc_id=1327482&

Integrating comm comes at a price
8/21/2015 09:50 AM EDT
SAN FRANCISCO, Calif.—5G may be not much more than a moniker for what comes after 4G, but Intel clarified its vision recently at a keynote during the Intel Developer Forum 2015 (IDF, San Francisco, Aug.18-20). “Seamless” is the goal and it comes at a price.
The top-line is that Intel hopes to apply all its expertise in computing, networking and wireless communications to make a seamless 5G solution that incorporates distributed intelligence at all levels–from the smartphone to the router to the basestation aggregator to cloudlets, clouds and our fastest supercomputers.
The bottom line is that cellular, WiFi, centimeter- and millimeter wavelength bands must be seamlessly integrated from the user’s point-of-view, according to Aicha Evans, vice president of platform engineering group and general manager of the communications and devices group at Intel.
“5G is not about faster, but about integrating all types of connectivity,” Evans told her keynote attendees at IDF. “The building blocks of 5G are already here today.”
To the carriers this integration will come at a price, since 5G-for-all presents the opportunity to kill free WiFi and instead charge users for every data packet they send or receive, no matter which of the integrated communications technologies is used. At Evans’ keynote she gathered together carriers, service providers and strategists to outline what it is that they expect from 5G, including Alex Choi, chief technical officer (CTO) of SK Telecom (Asia), Bin Shen, Verizon’s vice president of strategy (U.S.) and Paul McNamara, vice president of Ericsson’s corporate strategy group (Europe).

However, before the panel painted the world-changing picture of extraordinary speeds and ultra-low latency–at a price–Intel’s Sandra Rivera, vice president of the data center group and general manager of the Internet of Things (IoT) described the benefits of 5G to the users.

“Intelligence will begin with at the base station,” Rivera asserted to the crowd at IDF. <snip>

Editor, Fast Net News, Net Policy News and DSL Prime
Author with Jennie Bourne  DSL (Wiley) and Web Video: Making It Great, Getting It Noticed (Peachpit)

XRay, first step in understanding how personal data is being used on web services

New tool makes online personal data more transparent

8/18/14 Columbia Engineering researchers develop XRay, first step in understanding how personal data is being used on web services like Google, Amazon, and YouTube

New York, NY—August 18, 2014—The web can be an opaque black box: it leverages our personal information without our knowledge or control. When, for instance, a user sees an ad about depression online, she may not realize that she is seeing it because she recently sent an email about being sad. Roxana Geambasu and Augustin Chaintreau, both assistant professors of computer science at Columbia Engineering, are seeking to change that, and in doing so bring more transparency to the web. Along with their PhD student, Mathias Lecuyer, the researchers have developed XRay, a new tool that reveals which data in a web account, such as emails, searches, or viewed products, are being used to target which outputs, such as ads, recommended products, or prices. They will be presenting the prototype, which is designed to make the online use of personal data more transparent, at USENIX Security on August 20. The researchers have posted the open source system, as well as their findings, online for other researchers interested in studying how web services use personal data to leverage and extend.
“Today we have a problem: the web is not transparent. We see XRay as an important first step in exposing how websites are using your personal data,” says Geambasu, who is also a member of Columbia’s Institute for Data Sciences and Engineering’s Cybersecurity Center.
We live in a “big data” world, where staggering amounts of personal data—our locations, search histories, emails, posts, photos, and more—are constantly being collected and analyzed by Google, Amazon, Facebook, and many other web services. While harnessing big data can certainly improve our daily lives (Amazon offerings, Netflix suggestions, emergency response Tweets, etc.), these beneficial uses have also generated a big data frenzy, with web services aggressively pursuing new ways to acquire and commercialize the information.
“It’s critical, now more than ever, to reconcile our privacy needs with the exponential progress in leveraging this big data,” says Chaintreau, a member of the Institute for Data Sciences and Engineering’s New Media Center. Geambasu adds, “If we leave it unchecked, big data’s exciting potential could become a breeding ground for data abuses, privacy vulnerabilities, and unfair or deceptive business practices.”
Determined to provide checks and balances on data abuse, XRay is designed to be the first fine-grained, scalable personal data tracking system for the web. For example, one can use the XRay prototype to study why a user might be shown a specific ad in Gmail. Geambasu and Chaintreau found, for example, that a Gmail user who sees ads about various forms of spiritualism might have received them because he or she sent an email message about depression.
Developing XRay was challenging, say the researchers. “The science of understanding the use of personal web data at a fine grain—looking at individual emails, photos, posts, etc.—is largely non-existent,” Geambasu notes. “There really isn’t anything out there that can accurately pinpoint which specific input—which search query, visited site, or viewed product—or combination of inputs explains which output. It was clear that we needed to come up with a new, robust auditing tool, one that can be applied effectively to many different services.”
How it Works
“We knew from the start that our biggest challenge in achieving transparency would be scale—how do we continue to track more data while using minimum resources?” Chaintreau says. “The theoretical results were encouraging, but seemed too good to be true. So we tested XRay in actual situations, learning from experiments we ran on Gmail, Amazon, and YouTube, and refining the design multiple times. The final design surprised us: XRay succeeded in all the experiments we ran, and it matched our theoretical predictions in increasingly complex cases. That is when we finally thought that achieving web transparency at large is not a dream in a distant future but something we can start building toward now.”
The current XRay system works with Gmail, Amazon, and YouTube. However, XRay’s core functions are service-agnostic and easy to instantiate for new services, and they can track data within and across services. The key idea in XRay is to use black-box correlation of data inputs and outputs to detect data use.
To assess XRay’s practical value, the researchers created an XRay-based demo service that continuously collects and diagnoses Gmail ads related to a set of topics, including various diseases, pregnancy, race, sexual orientation, divorce, debt, etc. They created emails that included keywords closely related to one topic and then launched XRay’s Gmail ad collection and examined the targeting associations. XRay’s data is now available online to anyone interested in sensitive-topic ad targeting in Gmail.
“We’ve just started to peek into XRay’s targeting data and even at this early stage, we’ve seen a lot of interesting behaviors,” Geambasu says. “We know that we need larger-scale experience to formalize and quantify our conclusions, but we can already make several interesting observations.”
The researchers note that (1) It is definitely possible to target sensitive topics in users’ inboxes, including cancer, depression, or pregnancy. (2) For many ads, targeting was extremely obscure and non-obvious to end-users, which opens them up to abuses. (3) The researchers have already seen signs of such abuses, for instance, a number of subprime loan ads for used cars targeting debt in users’ inboxes. Examples of ads and their targeted topics can be found on the XRay website.
The tool can be used to increase user awareness about how their data is being used, as well as provide much needed tools for auditors, such as researchers, journalists, and investigators, to keep that use under scrutiny. Geambasu and Chaintreau, who recently won a Magic Grant from the Brown institute for Media Innovation to build better transparency tools, have made the XRay prototype available for auditors at http://xray.cs.columbia.edu.
“Our work calls for and promotes the best practice of voluntary transparency,” says Chaintreau, “while at the same time empowering investigators and watchdogs with a significant new tool for increased vigilance, something we need more of every day.”

#
Big Data, Internet Surveillance, and 4th Amendment.
Who watches the watchers? Big Data goes unchecked Washington


Educational CyberPlayGround: Surveillance Technology in the Work Place .
networking would presumably be the domain of PRISM. How Much Big


Parents fight Big Data Collection and Surveillance
Education Surveillance and Big Data Big Data If you’re OK with


Privacy Concerns over selling K-12 Student Datainformation is a common practice.
Department has been a major proponent of big data . It has used


Educational CyberPlayGround: Knowledge Management
Crunch your way through big data on your iPad? Lucky Sort , is


Learn how to protect your privacy when you are online.
The ethics of data and power. BIG DATA The data all of these


Educational CyberPlayGround: State Associations of School Administrators Alabama ,…
Who watches the watchers? Big Data goes unchecked Washington
Educational CyberPlayGround: Future Trends in Computing.
makezine.com/ 2012 BIG DATA When scientists publish their


Federal K12 Department of Education in America FAIL.
Education Surveillance and Big Data Is your company product or


Predictive Technology – Darpa develops cognitive fingerprint.
Big Data And You: How Your ‘Likes’ Reveal Sexuality, Race, Drug

 

[ECP] Educational CyberPlayground Nethappenings News

Happy Reading
Guardian launches SecureDrop system for whistleblowers to share files
SecureDrop platform allows sources to submit documents and data while avoiding most common forms of online tracking
Access the Guardian’s SecureDrop system here
Details of Britain’s covert surveillance programme – including the location of a clandestine British base tapping undersea cables in the Middle East
The secret British spy base is part of a programme codenamed “CIRCUIT” and also referred to as Overseas Processing Centre 1 (OPC-1). It is located at Seeb, on the northern coast of Oman, where it taps in to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf. Seeb is one of a three site GCHQ network in Oman, at locations codenamed “TIMPANI”, “GUITAR” and “CLARINET”. TIMPANI, near the Strait of Hormuz, can monitor Iraqi communications. CLARINET, in the south of Oman, is strategically close to Yemen.  British national telco BT, referred to within GCHQ and the American NSA under the ultra-classified codename “REMEDY”, and Vodafone Cable (which owns the former Cable & Wireless company, aka “GERONTIC”) are the two top earners of secret GCHQ payments running into tens of millions of pounds annually.
Chester Nez, last of the World War II Navajo ‘code talkers, ‘ passes away quietly at 93
A Day at the Miami Beach Cyberarms Fair
Still reeling from Heartbleed, OpenSSL suffers from crypto bypass flaw
There’s a Security Gap at the Capitol. And It’s as Troublesome as the One at Navy Yard.
Fun fact of the week on the  State of the World
South Africa ranks number 1 out of 148 countries in strength of auditing and reporting standards, according to the Global Competitiveness Report 2013/2014. Our banks rank 3rd behind Canada and New Zealand, the Swiss banks rank 28th.
“JOHANNESBURG – South Africa is at risk of a credit ratings downgrade in the  immediate future, as poor economic data provides little hope for improvement  in its dual current account and fiscal deficits, Standard Bank warned on  Thursday.”
Sleep’s memory role discovered
US Secret Service seeks Twitter sarcasm detector
Google’s Larry Page slates ‘risk averse’ education system
An open letter from the Google letter slates the iterative approach of the tech industry and says education should encourage risk takers and ‘big thinkers’
How activity trackers remove our rights to our most intimate data
Are we happy to allow companies to gather details of every heartbeat and minute of sleep, then deny us access to that data?
Internet users cannot be sued for browsing the web, ECJ rules
After a five-year case, the European court of justice has ruled that copies of web pages made in the course of browsing the internet do not infringe copyright law
Flaw Lets Hackers Control Electronic Highway Billboards
CCSW 2014: The ACM Cloud Computing Security Workshop
November 7, 2014, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA.
BT and Vodafone among telecoms companies passing details to GCHQ
Fears of customer backlash over breach of privacy as firms give GCHQ unlimited access to their undersea cables
Vodafone reveals existence of secret wires that allow state surveillance
Wires allow agencies to listen to or record live conversations, in what privacy campaigners are calling a ‘nightmare scenario’
Vodafone feels Edward Snowden effect with surveillance revelations Documents released by Vodafone show the level of collaboration between telecom companies and the surveillance agencies.
Transparency on the part of Vodafone only goes so far. It has not yet clarified or even confirmed its participation in Tempora, GCHQ’s tapping of the network of cables which carry the world’s phone calls and internet traffic.
Without Snowden, it is hard to believe that one of the world’s biggest telecom companies would be publishing details about warrant requests, calling for increased transparency and urging legislative reform to bring surveillance into line with the internet age.
NSA reform bill finds few allies before Senate intelligence committee
Reform advocates, tech leaders and NSA defenders criticise bill as neither adequately defending privacy rights nor national security
2nd Circ. Backs Softer FTAIA Limits In Foxconn Win
Complete Corruption!
Appeals court tells judge to stop weighing in on Citigroup mortgage case
An appeals court overruled a judge who questioned a settlement, giving the regulators and banks power to cooperate
– Dogged journalism from The American Lawyer recently confirmed that the SEC was indeed working closely with banks to limit their securities fraud exposure – sweeping dozens of deals into settlements that looked like they were covering only one or two. That usually meant the banks could pay less in fines.   Rakoff, the district court judge assigned to approve the SEC-Citi consent decree, apparently smelled a rat.   He denied the Citigroup settlement, arguing that the fine was “pocket change” for a bank of Citi’s size and saying that he had not been provided with the relevant facts to “exercise even a modest degree of independent judgment”.
Using a standard that enables judges to reject consent decrees if they are not “fair, reasonable, adequate and in the public interest”, Rakoff rebelled against rubber-stamping the deal. He refused to, in his words, “become a mere handmaiden to a settlement privately negotiated on the basis of unknown facts”.
The Justice Department risks losing big fish of financial crime by chasing whales
The SEC and FBI lack the resources to pursue every insider trading case, and should pick their battles before pursuing a giant
Los Angeles sues big banks for predatory mortgages but unlikely to win
Minority communities have long been targets for predatory lenders. Los Angeles is suing JP Morgan, Wells Fargo, Citigroup and Bank of America, but the city isn’t trying to help homeowners
U.S. Marshals Seize Local Cops’ Cell Phone Tracking Files in Extraordinary Attempt to Keep Information From Public
U.S. Marshals Seize Cops’ Spying Records to Keep Them From the ACLU
A routine request in Florida for public records regarding the use of a surveillance tool known as stingray took an extraordinary turn recently when federal authorities seized the documents before police could release them.  The surprise move by the U.S. Marshals Service stunned the American Civil Liberties Union, which earlier this year filed the public records request with the Sarasota, Florida, police department for information detailing its use of the controversial surveillance tool.
Why Are the US Marshals at the Center of All These Pen Registers?
Then, the ACLU revealed that, just before an appointment to view Sarasota, Florida’s requests under the Pen Register authority to use Stingray IMSI catchers to identify cell locations, the US Marshals declared control over the records, claiming they had deputized the local cop who had made the requests.
Here’s The Simple Reason Congress Hasn’t Fixed The VA
Veterans didn’t have the cash to pay lobbyists so they don’t get lawmakers’ attention!!!!!!
Money molds not just the agenda but the shape of Congress itself. Think of it as a host-parasite relationship in which the host, Congress, adjusts to interact most effectively with the parasite, money.
Pelosi Confronted By Teen Reporter On NSA
Finally, a reporter asks House Minority Leader Nancy Pelosi (D-CA) some tough questions. Unfortunately, this reporter is a teenager from the YouTube “TeenTake” and not someone from the Capitol Hill press corps.
When Andrew Demeter asked Pelosi, “Why do you support the NSA’s illegal and ubiquitous data collection?” she had a bit of a “deer in the headlights” look on her face.   “Well I, I do not, I have questions about the metadata collection that they were, uh, collecting,”
Pelosi stammered in response.  Demeter, unlike his professional counterparts in the mainstream media, actually challenged Pelosi with a follow-up: “You did vote for a bill to continue funding for the NSA, though.”
Pelosi responded, “Yeah, of course.” Demeter pressed the issue calling NSA data gathering a “clear violation of the Fourth Amendment.”
Sprint, T-Mobile Said Near Accord on Price, Termination Fee
Catholic Nun Killers and flesh traffickers caught
Of course the church is against abortion cause that cuts into the baby selling business profits.
Mass septic tank grave ‘containing the skeletons of 800 babies’ at site of Irish home for unmarried mothers. A source close to the investigation said: ‘No one knows the total number of babies in the grave.  There are 796 death records but they are only the ones we know of. The existence of the grave was uncovered by local woman Catherine Corless, who compiled the records of 796 babies who died at the home. She has established a group called the Children’s Home Graveyard Committee to erect a memorial.
 
“And the sign said, The words of the prophets are written on the subway walls & tenement halls, and echoed in the Sounds of Silence”.
END The Digital Divide:
Hiring via social networks: work for the wealthy, connected and savvy
As recruiting shifts to closed networks online, many Americans without easy access or social media skills are at a disadvantage
55 percent of Philadelphia households lack access to Internet: new early data shows rate higher than previously thought.
 
 
 

#Privacy #Heartbleed

Heartbleed Means HealthCare.gov Users Must Reset Passwords
http://www.nextgov.com/cybersecurity/2014/04/heartbleed-means-healthcaregov-users-must-reset-passwords/82852/
By Aliya Sternstein
Nextgov.com
April 19, 2014
Federal officials are telling Obamacare website account holders to reset
their passwords, following revelations of a bug that could allow hackers
to steal data.
Officials earlier in the month said the government’s main public sites,
including HealthCare.gov, were safe from the risks surrounding Heartbleed
— faulty code recently found in a widely-used encryption tool.
But, this weekend, the online marketplace’s homepage directs users to
change their login information.
“While there’s no indication that any personal information has ever been
at risk, we have taken steps to address Heartbleed issues and reset
consumers’ passwords out of an abundance of caution,” HealthCare.gov
states.
[…]
INFO: Google scans user’s emails
http://bit.ly/1reFUNj
Google updates terms of service to reflect its scanning of users’ emails
Google has updated its terms of service to reflect that it analyzes user
content including emails to provide users tailored advertising, customized
search results and other features.
The Internet giant’s scanning of users’ email has been controversial with
privacy groups describing it as an intrusion into user privacy.
[…]
Mission-critical satellite communications wide open to malicious hacking
By Dan Goodin
Ars Technica
April 17, 2014
Mission-critical satellite communications relied on by Western militaries
and international aeronautics and maritime systems are susceptible to
interception, tampering, or blocking by attackers who exploit easy-to-find
backdoors, software bugs, and similar high-risk vulnerabilities, a
researcher warned Thursday.
Ground-, sea-, and air-based satellite terminals from a broad spectrum of
manufacturers—including Iridium, Cobham, Hughes, Harris, and Thuraya—can
be hijacked by adversaries who send them booby-trapped SMS text messages
and use other techniques, according to a 25-page white paper published by
penetration testing firm IOActive. Once a malicious hacker has remotely
gained control of the devices, which are used to communicate with
satellites orbiting in space, the adversary can completely disrupt
mission-critical satellite communications (SATCOM). Other malicious
actions include reporting false emergencies or misleading geographic
locations of ships, planes, or ground crews; suppressing reports of actual
emergencies; or obtaining the coordinates of devices and other potentially
confidential information.
“If one of these affected devices can be compromised, the entire SATCOM
infrastructure could be at risk,” Ruben Santamarta, IOActive’s principal
security consultant, wrote. “Ships, aircraft, military personnel,
emergency services, media services, and industrial facilities (oil rigs,
gas pipelines, water treatment plants, wind turbines, substations, etc.)
could all be impacted by these vulnerabilities.”
Santamarta said that every single one of the terminals he audited
contained one or more weaknesses that hackers could exploit to gain remote
access. When he completed his review in December, he worked with the CERT
Coordination Center to alert each manufacturer to the security holes he
discovered and suggested improvements to close them. To date, Santamarta
said, the only company to respond was Iridium. To his knowledge, the
remainder have not yet addressed the weaknesses. He called on the
manufacturers to immediately remove all publicly accessible copies of
device firmware from their websites to prevent malicious hackers from
reverse engineering the code and uncovering the same vulnerabilities he
did.
[…]

Constance Bommelaer Senior Director, Global Policy Partnerships

Constance Bommelaer

Senior Director, Global Policy Partnerships

Constance joined the Internet Society in 2006. She is currently Senior Director of Global Policy Partnerships and helps developing partnerships with international organizations as well as strategic positions on key Internet issues. In this role, she founded and now coordinates the Internet Technical Advisory Committee (ITAC) to the OECD. She also leads ISOC’s engagement with UNESCO, WIPO, the G8, the G20 and the IGF. In 2010 and 2011 she was responsible for the strategic development of the Internet Society’s Next Generation Leaders program, a youth program designed to help prepare young professionals from around the world to become the next generation of Internet technology, policy, and business leaders.
She was previously a Policy Officer with the French Prime Minister’s Office (Direction du development des medias; 2003-2006), covering Internet governance matters, regulatory affairs and information society issues. Constance participated in the World Summit on Information Society (WSIS), contributed to building legal and technical cooperation activities between France and African countries (e.g. Signal Spam project) and acted as a liaison with the European Commission on French e-content related projects.
Since 2003, Constance also serves as a Naval Ensign in the reserve of the French Navy.
She has studied law and political sciences and speaks fluent English.
Constance is based in Geneva, Switzerland
 

From: Constance Bommelaer <bommelaer@isoc.org>
Date: December 20, 2013 12:27:32 PM EST
Subject: [Internet Policy] 1net Steering Committee & Brazil Committees – Call for expressions of interest – Internet technical community

 

Dear all,
 
The Internet Society (ISOC) is coordinating the process leading to appointments to represent the Internet technical community in two of the “Brazil Planning Committees” and in the “1net Steering Committee”
 
The “Brazil Planning Committees” will contribute to the preparation of a “Global Multistakeholder Meeting on the Future of Internet Governance” that will be held on 23 and 24 April 2014, in Sao Paolo, Brazil.
 
The two major tasks of “1net Steering Committee” will be (1) to liaise with stakeholder communities and encourage participation and submission of productive ideas with respect to Internet governance issues; and (2) to steer, manage, and otherwise lead the activities of the 1net platform towards a productive understanding and possibly consensus with respect to these issues.
 
Individuals interested in being suggested by the NomCom set up for this purpose are invited to read more about the process and the timeline here: http://www.internetsociety.org/sites/default/files/Call1netBR-ForPublication.pdf 
 
The deadline for submitting expressions of interest is 10 January 2014.
 
Any questions or requests for additional information can be sent to: information.itcg@gmail.com.
 
Useful links:
 
 
Thank you and best regards,
Constance Bommelaer
Senior Director, Global Policy Partnerships
The Internet Society

Computer Wonder Woman Stand Strong

 

Computer Wonder Woman

Great ad on women vs. men in power positions.
70% of men think that women need to downplay their personality to be accepted. Double standards hold women back. Because when you stand strong, you shine.

About IEEE Computer Society

IEEE Computer Society is the source that computing professionals trust to provide high-quality, state-of-the-art information on an on-demand basis.

About IEEE Computer Society

IEEE Computer Society is the world’s leading computing membership organization and the trusted information and career-development source for a global workforce of technology leaders including: professors, researchers, software engineers, IT professionals, employers, and students. The unmatched source for technology information, inspiration, and collaboration, IEEE Computer Society is the source that computing professionals trust to provide high-quality, state-of-the-art information on an on-demand basis. The Computer Society provides a wide range of forums for top minds to come together, including technical conferences, publications, and a comprehensive digital library, unique training webinars,professional training, and a TechLeader Training Partner Program (T2P2) to help organizations increase their staff’s technical knowledge and expertise. To find out more about the community for technology leaders, visit http://www.computer.org.