Beware sexy honeybots spear phishing on social media

220px-Robin_SageIf your connected life includes access to sensitive, proprietary or confidential information, be thoughtful about who you friend, follow or connect to online.

When fake femme fatale can dupe the IT guys at a government agency, you could also be spear phished.

If this all sounds familiar, you might be thinking of “Robin Sage,” when another fictitious femme fatale fooled security analysts, defense contractors and members of the military and intelligence agencies around the DC area.

Everything is new again.

[Image Credit: Wikipedia]

Leave a comment

Filed under blogging, security, social media, technology

Apple releases first transparency report on government requests for user data

Apple, one of the least transparent companies in the world, has released a transparency report on government requests for user data.(PDF). Requests from the United States of America dwarf the rest of the world — and that’s without including the ones that Apple cannot tell us about, due to gag orders and National Security Letters.

apple-transparency-table

Notably, Apple has indicated that it will join other tech companies in seeking the ability to disclose such requests:

“We believe that dialogue and advocacy are the most productive way to bring about a change in these policies, rather than filing a lawsuit against the U.S. government. Concurrent with the release of this report, we have filed an Amicus brief at the Foreign Intelligence Surveillance Court (FISA Court) in support of a group of cases requesting greater transparency. Later this year, we will file a second Amicus brief at the Ninth Circuit in support of a case seeking greater transparency with respect to National Security Letters. We feel strongly that the government should lift the gag order and permit companies to disclose complete and accurate numbers regarding FISA requests and National Security Letters. We will continue to aggressively pursue our ability to be more transparent.”

Apple did break new ground with the report, as FT reporter Tim Bradshaw observed: it was the first to disclose requests for device data.

device-data-requst

The U.S. government leads the rest of the world in device data requests by law enforcement as well, though not by as wide a margin: Australia, the United Kingdom, Singapore and Germany have all made more than 1000 requests, according to the disclosure.

Be careful about what you put in that iCloud, folks.

Apple’s transparency report ends with an interesting footnote: “Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.”

For those unfamiliar with that part of the law, it has been the subject of intense criticism for years from privacy and civil liberties advocates, particularly since the disclosures of mass surveillance of U.S. telecomm data by the NSA entered the public sphere this past summer.

3 Comments

Filed under journalism, security, technology

What went wrong at Healthcare.gov?

20131017-101720.jpg

Folks, I’m going to be on the Kojo Nnamdi Show on Monday and need your help.

1) What are the best explanations of what went wrong at Healthcare.gov? This digest by Charles Ornstein is a start but I’d love more.

2) What are the best papers you’ve read about federal contracting? Where would you point people to understand how contracting works, why there are so many rules about how technology can be acquired and how this system needs to change/is changing?

Who do you think has best answered the question of “what went wrong at Healthcare .gov” amongst the national media and expert technologists?

In addition to the links above , I’d add:

What else should people read?

12/1/2013 Update: After two months of intense scrutiny, the tensions and troubles behind Healthcare.gov have been well-documented by investigative journalists at The Washington Post, The New York Times, The Wall Street Journal, ProPublica and NPR News.

No single issue led to the Healthcare.gov’s failure at relaunch on October 1. Rather, a combination of procurement problems, poor work by a key contractor, bad management skills, insularity and political sensitivity led to a bug-laden website with a broken backend.

How well is Healthcare.gov working today? Better, at least on the front-end, as detailed in an operational progress report released on December 1st. Lost in that update on the administration’s “big fix, however, was a detail released in a December 2nd post on improved window shopping at Healthcare.gov, published on the Department of Health and Human Services blog (emphasis is mine):

Over the last several weeks, we’ve made a number of changes to improve the accuracy of the “834” messages to issuers. The team, working with issuers, determined that more than 80 percent of 834 production errors were due to a bug that prevented a Social Security number from being included in the application, which in turn caused the system not to generate an 834. That bug has been fixed. Other issues related to the remaining 834 production issues have either been fixed or are in testing so that the fixes can be deployed soon.

In other words, when the Healthcare.gov marketplace launched, a single programming error meant that enrollment data being sent to insurers was invalid. That’s not just a bug: it’s a fundamental shortfall in meeting the requirements for a functional software application of this sort.

Leave a comment

Filed under blogging, journalism, technology

Twitter disables links in direct messages [Updated]

20131016-224018.jpg

Removing the ability to send links in direct messages is the first time Twitter has truly crippled its service for me.

UPDATE: Per TechCrunch, this appears to be temporary, caused by a technical choice to try to address an upsurge in spam, not a permanent change. Here’s hoping. I’ve updated the headline of this post.

Twitter posted this message on its DM help article:

We’re restructuring back-end elements of our direct message system. As a result, users may be unable to send some URLs in direct messages. We apologize for the inconvenience.

Leave a comment

Filed under Uncategorized

New “Hobbit” trailer substitutes more fighting for wonder

This morning, a new trailer for the next installment of “The Hobbit” was released online.
All in all, this new vision of a beloved epic fantasy tale was much more enjoyable to wake to this morning than reality in DC.

This Tolkein fan was quite dismayed, however, to see so much screentime in “The Desolation of Smaug” given to Legolas and a female elf, neither of whom figured at _all_ in the book, along with more of the white orc and wrangling with goblins.

I’m not sure what to make of “Tauriel,” played by Evangeline Lilly, other than to see a pretty naked attempt by the filmmakers to add a female character to a story almost entirely devoid of them. them. At least Peter Jackson has “confirmed there will be no romantic connection to Legolas,” per IMDB.

It looks like a lot more fighting has been introduced in the storyline, just as with the first installment. I’m not pleased.

While hack/slash may appeal to the teens that swell the coffers of movie ticket sales, I can’t help but feel that there was more than enough mystery and magic in the journey from the edge of the Misty Mountains to Beorn, Mirkwood, the wood elves kingdom, barrels out of bondage and the gateway of Erebor.

The scenes of orcs marching (in Mordor?) and the eye of Sauron are a on the whole less jarring, in terms of Jackson, Fran Walsh & Philippa Boyens weaving in details from the appendices and making this much more of a prequel to the Lord of the Rings, though the effect is to dramatically change the scope and feeling of the magical tale that Tolkein originally wove for his children.

What do you think?

2 Comments

Filed under video

Will social search on Facebook be Google’s toughest challenge yet?

On further reflection Facebook’s announcement regarding upgraded search could be the biggest tech news today.

Why? Well, Facebook graph search for posts and updates will make the network MUCH easier to discover fresh content relevant to a given person, place or thing, both for journalists and regular users.

Right now, search just turns up profiles and pages, not posts.

20130930-184136.jpg

Combined with a “business graph,” locations and secure payment systems, such a search engine could become useful to a billion Facebook users quickly.

Over time, searches will generate a huge amount of interest data and potentially a new source of revenue, if Facebook adapts Google’s model of selling ads next to results.

Search for Twitter, Tumblr, Google+ and other mobile social networks to come could well evolve similarly, if not at the same massive scale.

Agree? Disagree? Thoughts? Have links to better and/or relevant analysis? Please share in the comments.

Update: Commenting on Google+, open standards advocate Chris Messina agreed that this is notable news, although how big “depends on coverage for normal searches (which would determine search quality perception) and the relative impact of the corpus being mostly ACL’d content.”

Still, wrote Messina, “it’s a big deal, especially if Facebook can annotate that data with intent/verb-based apps. For example, query: “restaurants in New York City that my friends like and I haven’t been too”. I’d expect to see apps I use in the results, like OpenTable or Foursquare.”

He also raised a wrinkle I hadn’t considered: “That’s another aspect of this that becomes big for developers (at some point) — search as a personalized app platform.”

1 Comment

Filed under article, social media, technology

Al Jazeera America bets on an American audience for serious journalism

BSIjIXQIIAAesix.jpg-large
I’m watching the launch of Al Jazeera America here in DC, on Channel 107*. (No HD in this media market, from what I can tell.) It’s the biggest launch in broadcast media since Fox News, in 1996, and in media since Politico, in 2007.

Goodbye Current TV, hello Al Jazeera America.

It remains to be seen whether Americans will tune into to a 24-hour news channel that is, like Brian Stelter notes in his piece on Al Jazeera America’s approach to the news, something akin to a journalism professor’s dream, with 14 hours of news daily, documentaries and an aspiration to cover all of the U.S.A. Andrew Beaujon wrote a good primer on the Al Jazeera America launch over at Poynter, from its hiring to its talent to the big question about whether people want straight news.

At launch, I’m optimistic about Al Jazeera America’s programming, at least based upon my experience appearing on Al Jazeera English this winter. From data mining the U.S. election to covering the debates online, I met bright, professional journalists who demonstrated humor, integrity, a commitment to high standards, both technically and editorially, and a willingness to experiment with the incredible new tools that now exist for newsgathering and publishing.

I’ve long since accepted, however, that I may be an outlier in some ways. There are no shortage of Americans who watch and criticize media in 2013. Given 8 hours/day of television and the ease of a tweet or a Facebook update about what we’re watching, we’re all amateur media critics now. The fraction of that viewership who will shift their habits and tune into another channel for this kind of serious journalism isn’t something we know yet.

The modern information diet includes a huge amount of infotainment, advertorial, sports, reality TV and partisan opinion shows. When the ratings come in for Al Jazeera America, six months from now, we’ll have more of a sense of whether there is an audience for this kind of approach and programming, and what that says about us as a people.

I’ll be watching.

2 Comments

Filed under article, journalism, video