From rforno at infowarrior.org Fri Aug 26 06:18:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Aug 2016 11:18:48 -0000 Subject: [Infowarrior] - FBI-Controlled Megaupload Domain Now Features Soft Porn Message-ID: <60C67095-C58B-4BC6-B3F5-EB04FF3E3B11@infowarrior.org> (And yet the FBI is the lead agency for incident response involving internet matters. I'm most reassured by this fact. --rick) FBI-Controlled Megaupload Domain Now Features Soft Porn ? By Ernesto ? on August 26, 2016 ? C: 2 As part of its criminal case against Megaupload, the U.S. Government seized several domain names belonging to Kim Dotcom's file-hosting service. Nearly five years later the authorities still control the domains but they haven't done a very good job of securing them. Megaupload.org now links to a soft porn portal. < - > https://torrentfreak.com/fbi-controlled-megaupload-domain-now-features-soft-porn-160826/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 26 07:07:24 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Aug 2016 12:07:24 -0000 Subject: [Infowarrior] - Team Prenda Done Fighting Judge Otis Wright Message-ID: <5A7EA6BA-3F91-422D-9C98-AB357AF0BF14@infowarrior.org> To quote from Hollywood: "The End ...... ?" Team Prenda Done Fighting Judge Otis Wright https://www.techdirt.com/articles/20160825/01064235338/team-prenda-done-fighting-judge-otis-wright.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 26 12:19:25 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Aug 2016 17:19:25 -0000 Subject: [Infowarrior] - Friday Humour: Rogue Binks Trailer #1 Message-ID: Rogue Binks: A Star Wars Story - Trailer #1 https://www.youtube.com/watch?v=0IcjLG_VfNg -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Aug 27 17:53:52 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 27 Aug 2016 22:53:52 -0000 Subject: [Infowarrior] - Sci-Hub is providing science publishers with their Napster moment Message-ID: Sci-Hub is providing science publishers with their Napster moment Devin Coldewey https://techcrunch.com/2016/04/29/sci-hub-is-providing-science-publishers-with-their-napster-moment/ A report from Science shows that academic paper piracy site Sci-Hub is not a niche product catering to cheapskates and isolated mad scientists: It?s as popular as it is illegal, and its millions of users span the globe, from Tehran to Boston. For those not aware, Sci-Hub is, in the X for Y startup lingo of our days, The Pirate Bay for research. Millions of papers, many of which require a fee or institutional subscription of some kind to access, have been downloaded in full and added to the Sci-Hub database. You can get just about any paper you want with a few keystrokes ? and, naturally, publishers are furious. Alexandra Elbakyan, the young Kazakh grad student who founded Sci-Hub in 2011, provided Science reporter John Bohannon with six months of usage data ? which, incidentally, the journal is kindly providing for anyone to download themselves. The stats, which have been scrubbed of personally identifying information, are impressive: There are more than 50 million papers stored, with between 4 and 6 million downloaded a month. There are users on every continent but Antarctica ? but I?m sure someone down there will fix that before long. This contrasts with the ideas some had about the conditions when researchers were likely to turn to Sci-Hub instead of ordinary legal access. One would expect people in economically unsound countries with no university affiliation to pirate these papers. But what?s with the 110,000 downloads or so from Fremont and Mountain View? Not exactly impoverished regions! The pattern isn?t that hard to figure out. There?s no pattern; everyone is doing it. And they?re doing it for the same reason they started pirating music back in the 2000s (or earlier, if you were cool): It?s easier. Having had to wrangle a few institutional permissions and the like before, myself, and hearing my dad talk about the administration at the university he worked at for nearly 40 years, and considering how overworked most professors and grad students already are, I?m not surprised at all that this simple, effective tool has found purchase in the academic community here and worldwide ? anything you can do to save a few hours or bucks, avoid a laborious back-and-forth with the department head and generally accelerate the process of actually doing research. Although Elsevier, the publisher whose papers seem to be by far the most pirated, has filed a lawsuit, and although Elbakyan must remain in hiding for the present in face of potential indictment under U.S. law, Sci-Hub is proving to be as powerful and divisive a tool as, surely, it was intended to be from the start. The site had its original URL removed, but you can still find it easily. And Elbakyan has taken measures to make sure it stays up should she be arrested or if it is otherwise interfered with. And anyway, the data?s already out there: Several copycat sites already exist. The cat?s not going back in the bag. Be sure to check out the full report over at Science; the journal?s editor in chief also wrote an editorial on the topic, and Bohannon profiled Elbakyan. All worth reading today ? or you could wait and download them from Sci-Hub tomorrow. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Aug 29 18:37:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Aug 2016 23:37:48 -0000 Subject: [Infowarrior] - NZ Court Grants Kim Dotcom's Request To Have Extradition Hearing Livestreamed On YouTube, Despite DOJ Protests Message-ID: <4F7825BD-25F7-412E-A037-E9683FD2DDFC@infowarrior.org> NZ Court Grants Kim Dotcom's Request To Have Extradition Hearing Livestreamed On YouTube, Despite DOJ Protests https://www.techdirt.com/articles/20160829/15440235387/new-zealand-court-grants-kim-dotcoms-request-to-have-extradition-hearing-livestreamed-youtube-despite-doj-protests.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 30 12:32:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Aug 2016 17:32:54 -0000 Subject: [Infowarrior] - FBI director looks to 2017 for 'adult' encryption debate Message-ID: <2AD8713E-241F-4C37-AEC1-EBCED19F1FF0@infowarrior.org> FBI director looks to 2017 for 'adult' encryption debate By Joe Uchill - 08/30/16 10:53 AM EDT http://thehill.com/policy/cybersecurity/293786-comey-targets-2017-for-less-emotional-adult-conversation-on-encryption FBI Director James Comey is welcoming the brief lull in the encryption debate, hoping that it will reemerge next year as a less passionate, more fact-based ?adult conversation.? Comey seemed willing to accept the result of a sober conversation during comments Tuesday at the 2016 Symantec Government Symposium in Washington. But he appeared incredulous it would result in anything but requiring tech companies to provide law enforcement a technological means to access currently irretrievable encrypted data with a warrant. ?At the end of the day, if the American people say ?You know what, we?re okay with that part of the room being dark, we?re okay with, to use one example, with the FBI in the first 10 months of this year getting 5,000 devices from state and local law enforcement and in 650 of those not being able to open those devices,? he said, without finishing the hypothetical. ?That?s criminals not caught, that?s evidence not found, that?s sentences far shorter for pedophiles and others because judges can?t see the true scope of their activity. We should not drift to a place that a wide swath of America is off limits to judicial authority." Many tech companies and researchers have rejected the idea of providing the government with an access point to encrypted information as unworkably unsecure. Comey said those who support "strong" encryption and those who support adding ?backdoors? to encryption algorithms ? both names he takes exception to ? should take the rest of the year to gather information to hold a more sober debate in 2017. Pushing the debate to next year would place it at the start of a new administration likely to be more sympathetic to Comey's argument. Both the Democratic and Republican platforms call for a compromise between tech companies and activists and the government to allow some form of access to all data with a warrant. Republican nominee Donald Trump once called for a boycott of Apple for not assisting the FBI in decrypting information on a cellphone, while Democratic rival Hillary Clinton suggested a "Manhattan-like project" dedicated to forming a solution. The problem, say nearly all experts, is that there may be no compromise that maintains the same level of security. Hackers can take advantage of any gateway intended for the FBI ? a problem that recently came to fruition when National Security Agency source code containing secret agency methods to bypass security hardware leaked online, leaving thousands vulnerable. Comey said he was not deterred by naysayers. He described the problem as less technological and more ideological, saying tech companies' ideology should not be the determining factor in American policy. ?The FBI?s role has never been to tell people how to live. Our role is simply to say those tools you were counting on us to use to find people in criminal cases, in national security cases, they are less and less effective every day because of this change. But it?s also not the job of tech companies, as wonderful as they are, as great as their product is, to tell the American public how to live," he said. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 9 12:22:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 09 Aug 2016 17:22:22 -0000 Subject: [Infowarrior] - =?utf-8?q?FBI_chief_Comey=3A_=E2=80=9CWe_have_nev?= =?utf-8?q?er_had_absolute_privacy=E2=80=9D?= Message-ID: FBI chief Comey: ?We have never had absolute privacy? 650 phones are "a brick to us... Those are cases unmade, evidence unfound." Joe Mullin - 8/9/2016, 12:00 PM http://arstechnica.com/tech-policy/2016/08/fbi-chiefs-complaints-about-going-dark-arent-going-away-will-be-revived-next-year/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 9 23:23:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Aug 2016 04:23:44 -0000 Subject: [Infowarrior] - Stochastic Terrorism Message-ID: <70CD7CE3-2FB5-4E2C-B426-2F19E4412B5B@infowarrior.org> ?Stochastic terrorism is the use of mass communications to incite random actors to carry out violent or terrorist acts that are statistically predictable but individually unpredictable. In short, remote-control murder by lone wolf.? < - > In an incident of stochastic terrorism, the person who pulls the trigger gets the blame. He?I use the male pronoun deliberately because the triggerman is almost always male?may go to jail or even be killed during his act of violence. Meanwhile, the person or persons who have triggered the triggerman, in other words, the actual stochastic terrorists, often go free, protected by plausible deniability. The formula is perversely brilliant: ? A public figure with access to the airwaves or pulpit demonizes a person or group of persons. ? With repetition, the targeted person or group is gradually dehumanized, depicted as loathsome and dangerous?arousing a combustible combination of fear and moral disgust. ? Violent images and metaphors, jokes about violence, analogies to past ?purges? against reviled groups, use of righteous religious language?all of these typically stop just short of an explicit call to arms. ? When violence erupts, the public figures who have incited the violence condemn it?claiming no one could possibly have foreseen the ?tragedy.? Stochastic terrorism is not a fringe concept. It is a terrorist modality that has been described at length by analysts. It produces terrorism patterns that should be known to any member of Congress or any presidential candidate who has ever thought deeply about national or domestic security issues, which one might hope, is all of them. < - > https://valerietarico.com/2015/11/28/christianist-republicans-systematically-incited-colorado-clinic-assault/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Aug 10 06:52:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Aug 2016 11:52:57 -0000 Subject: [Infowarrior] - What Intelligence Briefings Can Tell Us About Candidates Message-ID: <48DE24E5-4076-43B4-8444-E9B349DAE9F1@infowarrior.org> What Intelligence Briefings Can Tell Us About Candidates By MICHAEL V. HAYDEN AUG. 10, 2016 http://www.nytimes.com/2016/08/10/opinion/what-intelligence-briefings-can-tell-us-about-candidates.html The no-longer-presumptive nominees of the Democratic and Republican parties will soon start receiving periodic classified intelligence briefings, with the first one coming perhaps this week. Rarely has this routine ritual received so much public attention ? and with good reason. To anyone who has actually had to protect the nation?s secrets, Hillary Clinton?s email setup as secretary of state was inconceivable and her later explanations of it were incomprehensible. The judgment by the F.B.I. director, James B. Comey, that her handling of the emails was ?extremely careless? was, to the intelligence tribe, a huge understatement. Donald J. Trump has never been exposed to state secrets, so the issue is not that he may have been careless in the past. It?s just that he seems to say anything that enters his head at the moment. That?s a danger for someone who will now be living partly in a classified world. But with Mr. Trump, the issue goes even deeper. Earlier this week I joined 49 other former national security officials who had served in Republican administrations in declaring that he lacked the ?character, values and experience? to be president. Our letter noted that ?being willing to listen to his advisers? is crucial to a good leader?s temperament. That temperament will be tested in his first classified intelligence briefing. Mr. Trump has asserted that the Islamic State is gaining strength, questioned the need for NATO, praised President Vladimir V. Putin of Russia and extolled the benefits of Brexit. Yet I can picture that he?ll soon receive a briefing that would include phrases like recent successes against the Islamic State, or threats to NATO unity, or Mr. Putin?s ambitions in Ukraine, or the crippling consequences of Brexit. Might a briefing change his mind? Probably not. After meetings with Henry A. Kissinger and James A. Baker III, prominent Republican secretaries of state, Mr. Trump said he came away with ?a lot of knowledge.? But asked if those meetings had altered his views, Mr. Trump simply replied, ?No.? Yet such openness to conflicting views is critical for a president who must constantly assess a complicated and ever-changing world. Mrs. Clinton, whose candidacy I am not supporting, presents different challenges. Absent the email kerfuffle, the briefing for Mrs. Clinton could well begin with her saying, ?Now, where were we?? But it was the director of national intelligence?s inspector general, I. Charles McCullough III, who held his ground in saying that some of the emails on her server were indeed highly classified. Will hard feelings ? or lingering concerns about protecting data ? strain her relationship with the intelligence services? The Republican and Democratic nominees will get identical intelligence briefings; no favoritism here. These briefings will not be very specific or frequent. But all that changes on election night. And that is when the president-elect?s openness to information that runs counter to his or her worldview suddenly becomes especially important. Wednesday morning after the election, a briefing team is going to give the president-elect the daily brief ? the real one, pretty much just like the one President Obama will get that day. Do what it takes to get 270 electoral votes, and you get the real secrets ? worldview or carelessness or talkativeness be damned. It?s a wonderful commentary on the sovereignty of the people. And the need to vote wisely. The briefings themselves will be intense. The president-elect will be shown great deference personally, but his or her campaign positions could be treated more harshly. This is the chance for the intelligence professionals to set the record, as they see it, straight. I had my own such experience. After Election Day in 2008, I was briefing Mr. Obama on C.I.A. renditions when Joseph R. Biden Jr., the vice president-elect, interrupted to observe that the agency had conducted that program ? which entailed sending suspected terrorists to third countries ? simply to ?rough them up.? I rejected the contention and advised him that he needed to stop saying that. I haven?t heard him say it again. In an intense briefing on Iran with President Obama shortly after his inauguration, he asked me how much low-enriched uranium the Iranians had at Natanz, a major nuclear plant where they had thousands of centrifuges spinning. I thought he was asking the wrong question. I said that I knew the answer and would give it to him in a minute. But I added that there might be another way of looking at it, that there wasn?t a neutron or electron at Natanz that was ever going to be in a nuclear weapon. What the Iranians were building at Natanz, I said, was technology and confidence, something not strictly related to the size of the stockpile. In other words, it was Natanz?s operation, not its output, that was most important. The members of Obama team took such dialogue seriously. They would go their own way, of course, but they didn?t instinctively reject alternative views. I suspect Secretary Clinton would react much the same. How Mr. Trump ? who routinely describes those with alternative views as weak, corrupt or stupid ? would respond is anyone?s guess. But I?d rather not find out. Michael V. Hayden, the director of the Central Intelligence Agency from 2006 to 2009 and the National Security Agency from 1999 to 2005, is the author of ?Playing to the Edge: American Intelligence in the Age of Terror.? -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Aug 10 14:41:08 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Aug 2016 19:41:08 -0000 Subject: [Infowarrior] - Researchers Crack Microsoft Feature, Say Encryption Backdoors Similarly Crackable Message-ID: <0701391E-1793-4276-89B2-CBC0A75BD463@infowarrior.org> Researchers crack Microsoft feature, say encryption backdoors similarly crackable By Joe Uchill - 08/10/16 05:14 AM EDT http://thehill.com/policy/cybersecurity/290947-researchers-crack-microsoft-feature-say-encryption-backdoors-similarly Researchers who uncovered a security key that protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work. The pair of researchers, credited by their hacker nicknames MY123 and Slipstream, found the cryptographic key protecting a feature called Secure Boot. They believe the discovery highlights a problem with requests law enforcement officials have made for technology companies to provide police with some form of access to otherwise virtually unbreakable encryption that might be used by criminals. ?Microsoft implemented a ?secure golden key? system. And the golden keys got released from [Microsoft's] own stupidity,? wrote the researchers in their report, in a section addressed by name to the FBI. ?Now, what happens if you tell everyone to make a ?secure golden key? system? Hopefully you can add 2+2.? Secure Boot is a built into the firmware of computer ? software unique to different types of hardware that exists outside the operating system and is used to boot the OS. Microsoft built Secure Boot to handle a type of malware that tampers with the boot process. This malware ? called a rootkit ? flies so far under the radar that even security tools cannot notice it. To handle the problem, Microsoft requires devices to have a mode that prevents any operating system without a Microsoft issued cryptographic key from booting. It also allows some keys to control specific aspects of the boot. Most systems let users turn Secure Boot on and off. Certain systems, including some tablets and phones, do not. Devices that cannot disable Secure Boot can never install competing operating systems. There appears to have been a mode set up for developers to disable the keys being checked. MY123 and Slipstream were able to exploit a design flaw in the system to steal the keys to the mode that disables the keys. The pair notified Microsoft of the design flaw, and Microsoft has made a few patch attempts to fix it. But the patches, writes Slipstream, have not worked. Four hours after the research was posted, someone posted what purports to be the key-disabling key. Now, anyone looking to bypass Secure Boot is able to do so. ?This is a perfect real world example about why your idea of backdooring cryptosystems with a ?secure golden key? is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears,? writes Slipstream in the report. FBI Director James Comey has been non-committal as to whether he wants a golden key ? a single key used to unlock a series of devices ? or what?s known as a split key ? a two-key system where a device manufacturer holds one and the FBI the other. But reverse engineering the Secure Boot key or keys from this design flaw would be largely the same no matter which method was used. From a security standpoint, now that its keys have been released, having Secure Boot turned on is more or less no different than having Secure Boot turned off, bringing rootkits back into the threat landscape. But the keys' release is nonetheless cause for celebration for many Microsoft device owners. The phones and tablets that could not turn off Secure Boot before now have the ability to do so, which means people who had no ability to change operating systems on their tablets now have that ability. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Aug 10 15:59:05 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Aug 2016 20:59:05 -0000 Subject: [Infowarrior] - WGN reporter brilliantly skewers Olympics broadcast restrictions Message-ID: Here Is The End Result Of The USOC And NBC's Over-Protectionist Olympic Nonsense https://www.techdirt.com/articles/20160808/06272635178/here-is-end-result-usoc-nbcs-over-protectionist-olympic-nonsense.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Aug 11 07:36:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Aug 2016 12:36:37 -0000 Subject: [Infowarrior] - Fwd: Your car is watching you References: <20160811005836.17E65A06D79@palinka.tinho.net> Message-ID: <8400A7F1-855B-4B8B-AFB3-9A35D1AEF44F@infowarrior.org> -- It's better to burn out than fade away. > Begin forwarded message: > > From: dan > > http://www.bbc.com/autos/story/20160809-your-car-is-not-your-friend > > How connected car tech is eroding personal privacy > > Your car is watching you -- tracking your driving style, your > whereabouts, and even your favourite songs. Can it be trusted? > > * By Erin Biba > > 9 August 2016 > > BILL SCANNELL FELL DOWN A RABBIT HOLE. All he wanted was to > disable a device in his car: An always-on, net-connected "helper" > that provides the car's driver with app connections, turn-by-turn > navigation, and roadside assistance... at the expense of personal > driving data. Similar devices track how fast you're going, how > hard you ride the brakes, even your final destination. And all > that info gets sent back to the manufacturer. Scannell wanted > out. Unfortunately, it was easier said than done. > > You see, Scannell is a security guy. And, while Scannell thought > these features of the Car-Net system in his new Volkswagen Golf > were pretty neat, for him the system was a lot more than the > "partner" that VW advertises. But he's been in privacy for years. > In fact, it's literally his job -- he's an adviser for security > start-ups. And he knows all too well how simple it is to hack > into a system with an open internet connection. For him, Car-Net > wasn't a helper. It was an opening for companies to spy on him. > For a hacker to take control over his steering wheel. To find > himself in a potentially dangerous situation. > > It's a reality that is present in basically every single new car > that hits the market these days. Our cars are all waking up and > coming online. The companies that manufacture them are filling > each one full of hundreds of sensors that capture endless amounts > of data about us and how we drive. It's the last bastion of > consumer information. > > And just like your mobile phone, which has been spying on you > for years, your car is not your friend. > > Your car forgets nothing > > Unfortunately for Scannell -- and all car owners, for that matter > -- disabling systems like Car-Net is no easy task. Sitting in > his brand new car at the dealership, watching the system's light > flashing (even though he never asked for it to be enabled) > Scannell was concerned. And then he started reading the manual. > He soon decided: The system had to go. > > "[Car-Net] is this two way microphone into your entire life. You > never know when it's on or off. Your life is not your own," he > says. "At this point my concern is about control. And who controls > what. Do I believe VW would shut my car off while I'm driving? > No. Do I believe there's potential, just because it's America > and things are weird... that someone [could] decide to shut my > car off? Yes." > > And his fear doesn't come out of nowhere. Hackers have already > proven that they're capable of this feat. Last year, Manchester-based > NCC Group told the BBC that they had found a way to take control > of a car's brakes and a variety of its systems through the car's > radio. In fact, they said, it would even be possible for them > to take control of several cars at once using the same technique. > All it would take was one stream of code to infiltrate a weakness > in the system. > > "I don't think I should have to worry about these things," > Scannell says. "I'm a great believer in privacy, but I'm not a > privacy nut. I didn't want this thing activated. It was important > to me that it not be activated." > > These devices have microphones and video cameras. The on-board > entertainment and navigation systems keep track of what music > you're listening to and where you physically go in your car. > > The insidious part of these systems is that their potential to > do harm isn't as big or scary as a stranger taking over control > of your wheel. It's the smaller, less obvious forms of data > collection and tracking that are starting to make privacy experts > very nervous. > > Ever since General Motors introduced the OnStar telematics system > in 1995, car makers have been busy filling vehicles with a whole > slew of devices that track, sense, and communicate. Most new > cars are equipped with about 100 electronic actuators that are > distributed throughout the vehicle's various systems. It's their > job to notice what's happening in the steering wheel, the throttle, > and the brakes. They sense weight on the seats and they keep > track of how fast the car is going. Then they log all this data, > store it, and send it back to the manufacturer. > > The dealership or the manufacturer will then use this data for > a variety of purposes. The main reasons -- at least the ones > that they share publicly -- are to assist the vehicle's owner > with car maintenance and protect their safety. Hit a certain > number of miles on your odometer? Your car will let you know > it's time for an oil change. System notices your brake rotors > have started to wear down? Your car will tell you it's time for > a fix. In 2009 OnStar introduced Stolen Vehicle Slowdown, a > feature that allows the company to remotely manipulate a moving > vehicle's throttle response, gradually cutting the power. The > company touted the feature -- which is part of a security suite > that includes a remote engine ignition blocker and a theft-alarm > notification function -- as a way to safely disable a stolen > vehicle that was in sight of law enforcement, thereby ending a > high-speed chase before it started. But to privacy experts, it > was further proof that telematics systems could override every > vehicle control short of the steering wheel. And if an OnStar > operator could do it, they feared, couldn't a hacker? > > Beyond the actuators, there's data collection going on in the > OnStar and Car-Net-like systems as well. These devices have > microphones and video cameras. The on-board entertainment and > navigation systems keep track of what music you're listening to > and where you physically go in your car. > > In fact, in the US, there's a federally mandated "black box" -- > an elusive device known officially as an Event Data Recorder, > or EDR -- that has been installed in every new car since 2014. > It logs much of this data, like whether or not you're wearing > your seatbelt, for use in law enforcement and post-accident > assessment. There is basically no aspect of the driving experience > that can't be measured, quantified, and logged. > > "It's the field of dreams approach to privacy and surveillance," > says Lee Tien, a senior staff attorney at the Electronic Frontier > Foundation, a non-profit organisation that is dedicated to > protecting civil rights in the digital world. "If there are > sensors in cars collecting data that pertain to what people are > doing then there will be a law enforcement interest. We start > there. But we recognise that it's all of the companies, whether > car vendors or third party vendors, that also have a lot of use > for that data. It's the car analogue to data on the internet. > You go to Facebook and they're sucking in data. Google -- they're > sucking in data. If you build it, they will come." > > No easy way out > > After being met with blank stares and shrugs by salesmen at the > VW dealership when Scannell asked if his Car-Net system was > running or not, he ultimately decided the best bet would be to > try and get it removed. And, because he's tech guy, he turned > to the Internet to see if anyone had attempted the task on their > own. Car-Net, he found, was a lot more than just a little module > that could be yanked out. In an online forum for Golf owners, > he found someone who had tried to remove the system. > > A step-by-step photo essay on the forum shows user "shoku" > dismantling their entire dashboard and finally teasing out the > Car-Net box, which is marked with a label that notes opening the > box voids the warranty. "Inside we find a pretty dense multi-layer > circuit board. Compared to my Nexus 5 cell phone, it has way > more components," shoku writes. "Under the board is a loose > plastic bit with some terminals. Definitely the cell antenna. > Just removing the antenna did not disable the communications. > It was able to connect as if nothing was wrong, even after I > tried shorting the leads together." > > There is basically no aspect of the driving experience that > can't be measured, quantified, and logged. > > This is the part that Scannell says is the most concerning. Even > when the system's antenna was physically disconnected, the car > was still online. He says that buried deep in the dashboard is > Verizon cell phone 3G hardware that's always on. "Whether you've > provisioned it or not," he says. "You can still wirelessly connect > to the car." > > According to Dorothy Glancy, a professor of law at Santa Clara > Law School, and a nationally known expert on transportation and > privacy security law, all of this data collection and wireless > connectivity is perfectly legal. "The government isn't doing > anything about this," she says. There are few laws that protect > the privacy of the information that you generate inside your > car. The only real auto-related privacy protections the US federal > government affords are for the records held by the Department > of Motor Vehicles. > > And this has some nerve-wracking implications for consumer > protection that go beyond a little snooping. For example, US-based > Progressive Insurance recently introduced Snapshot, a biscuit-sized > device that plugs into a car's standard onboard diagnostics port. > During the sample period (usually at least 75 days), the module > tracks vehicle speed, time of day and location -- thanks to > integrated GPS, included "for research and development purposes". > The module uses this data to extrapolate acceleration rates and > braking force. (The device actually beeps during hard braking, > to evoke a sort of Pavlovian response to "bad" driving.) The > company then provides all the data in a handy, easy-to-access > online page on your Progressive account. Progressive says voluntary > use of the device will allow the user to "get a personalised car > insurance rate based on how you drive." > > And Progressive isn't the only US insurance company that has > started providing this service. Allstate also has a similar > device called Drivewise, Nationwide has SmartRide, and StateFarm > has DriveSafe and Save, which actually collects its data through > customers' pre-existing OnStar systems. Glancy says that, while > these services are elective, it's not completely clear what > exactly insurance companies are doing with all the information > they're gathering. "I've been concerned about this being misleading > to consumers," she says. And because there are no laws to protect > consumer privacy in this arena, she continued, it would be very > difficult to use legal measures to reveal how the data is being > processed. > > A spokesperson for Progressive says they try to be clear about > how they manage data, but that policy is not necessarily the > norm industry-wide. According to Progressive's terms of service, > the company says they don't use the data to resolve an insurance > claim unless you ask them to. Though they do say they will share > it in response to a legal subpoena, or "to a state department > of insurance to support renewal rates, to service providers who > are contractually required to maintain its confidentiality; > and/or as otherwise required by law." Lastly, the terms of service > do state they share non-identifiable forms of the data "more > broadly" -- "de-personalising the data means that we remove > personally identifiable information so that the data cannot be > associated with a particular driver or policyholder." > > Spilling secrets > > Five car gadgets that could invade your privacy > > some text > > STANDALONE GPS NAV UNITS Most basic dash-top GPS devices are > strictly receivers, using satellite-provided location data to > drive internal mapping software. But even the simplest of them > still record detailed location information -- data that could > be harvested when the unit is connected to a computer for annual > map updates or, if the unit has a Bluetooth chip or an FM radio > transmitter, snagged out of thin air. > > TOLLWAY TRANSPONDERS Intended to allow motorists to breeze past > the cash-carrying plebes lined up at toll booths, these radio > frequency identification (RFID) modules transmit user data to > antennae above the roadway. These pulses of information confirm > the identity of the module's owner and deduct funds from a prepaid > account, logging time and location in the process. What else > can such transponders do? Measuring the time it takes a car to > move from one antenna to the next gives an accurate indication > of vehicle speed. And if that speed is higher than the posted > limit... > > DASHBOARD CAMERAS Dashcams are purchased on the optimistic > assumption that in the event of a collision, somebody else will > be at fault and the video evidence will provide courtroom triumph > for the cam's owner. But dashcam data -- which along with a video > record includes location, speed, braking, and impact-force data > -- works both ways, and you can be assured that deleting an > incriminating clip will not be looked upon favourably by the > court. > > GPS TRACKING DEVICES Aftermarket gadgets like the LoJack GPS > tracker were created to allow law-enforcement agencies to locate > and recover stolen vehicles in real time. But there is no denying > that such real-time data could be quite useful to a variety of > parties: parents with driving teenagers, spouses with trust > issues, insurance companies, rental-car agencies, even employers > with field employees. > > OBD-II BLUETOOTH MODULES Once the sole purview of service > technicians with special training and expensive gear, the data > that flows to a car's onboard diagnostics port - engine fault > codes, fuel consumption and more -- can now be tapped and broadcast > via Bluetooth-equipped modules like the Automatic dongle, which > pairs to a free smartphone app. The setup allows users to > scrutinize their car's internal workings, and combine this info > with location data to track trips, find a parked car, or locate > a fuel station. And all of that information -- the mundane and > the sensitive -- is pumped into the cloud. What happens to it > up there, well... -- Matthew Phenix > > Allstate, on the other hand, has been pretty boisterous in its > excitement about the possibility of monetising consumer data. > To incentivise their Drivewise program, they give customers > rewards points just for enrolling. And then, as they use the > device, customers earn additional points towards rewards like > merchandise and gift cards. In May last year, according to a > Bloomberg story, the company's CEO Tom Wilson, while speaking > at a conference in New York, noted several companies that are > currently making money by collecting their customer's data: > "Could we, should we, sell this information we get from people > driving around to various people and capture some additional > profit source, and perhaps give a better value proposition to > our customers? ... It's a long-term game," he said. > > In fact, both Glancy and the EFF's Tien agree that marketing > companies are desperate to get inside your vehicle and figure > out what the heck you do there. For generations, the only way > marketers have been able to get at us in our cars have been > passively, through billboards or radio ads. > > Being in the car, says Tien, "it's alone time. Whether I sneeze > or fart or yell, it's very private in a weird way. From a > marketer's perspective they're really curious. They want to know. > It's an area they haven't been able to get much data on. Now > that [data is] going to be available and it completes the > profiling. It's one of the last frontiers for areas where you > can get data about people." The incentives to spy on people, he > says, are very strong. > > Drive carefully -- marketers are watching > > When Scannell decided he didn't want to void his warranty by > tearing out Car-Net on his own, he turned to Volkswagen to help > him deal with the device. After what he calls a "Terry Gilliam > Brazil-like" experience of being told the system would need to > be turned on before it could be disabled, the company eventually > said removing the system would be impossible. In a letter sent > to him by their CARE customer service division, the Region Case > Manager wrote: "Volkswagen is unable to meet your request to > remove the Car-Net system or module from your vehicle. Doing > this would void certain warranties and may interfere with some > safety features on your Golf, such as the immobilizer system." > > According to Tien, safety is always going to be at odds with > consumer privacy and protection when it comes to manufacturers. > "Pretty much everything we want socially we can get without > having to give up privacy. But it's very easy to not protect > privacy. The only people who care are ordinary people. Because > neither the companies nor the government really care very much. > They may pay lip service to it, but it's always going to be > overwritten by safety, or collision avoidance, or emissions > standards. All these grand good things," he says. > > How customer privacy is treated varies. According to Glancy, the > German car manufacturers avoided installing the black box tracking > devices into their cars for years. And Ford, meanwhile, recently > created a program called the Driver Behaviour Project in the UK. > That project would provide drivers with a plug-in device much > like the Progressive Snapshot, that would assign drivers a > personal score based on their driving behavior. And Ford says > that they believe customers own their own data. > > According to Don Butler, Ford's executive director of Connected > Vehicles and Services, respecting people's privacy in their cars > preserves their trust in the company. And there are few things > more important for a car brand then to ensure that their customers > trust them. "I want to be very, very clear that we don't track > customers. We value and treasure the data on behalf of the > customer," he says. Ford has set up an internal council that > makes policy recommendations and decisions throughout the company > to ensure the protection of privacy. > > That said, this January Ford announced it had entered into a > partnership with Amazon to allow its drivers to connect to their > cars and Ford's technology through the cloud. This new feature > effectively turns the car into an Amazon Echo on wheels. The > Echo is an always-on device that has already sparked huge privacy > concerns as it sits in your living room quietly and passively > listening for you to give it a command. And now it will quietly > listen to you in your car as well. > > As our vehicles become more and more automated, that sense of > trust and security Ford is attempting to cultivate will become > even more important. After all, if humans hand their control > over their vehicles to self-driving cars, then manufacturers > will be responsible for individual lives on a level they never > have before. > > In the end, Scannell says he never got any sort of positive > resolution with VW. "There's no where I can go with this," he > says. "We get to drive our VW Golf SportWagen [and hope that] > someone doesn't shut it off on us. We are not given legal recourse. > There's no remedy for us to have control over our vehicle." > > Whether I sneeze or fart or yell, it's very private in a weird > way. From a marketer's perspective they're really curious. > They want to know. > > Volkswagen, however, says that Scannell wasn't given the full > story by the CARE letter he received. According to Frank Weith, > General Manager of Connected Services at Volkswagen Group of > America, "What the letter doesn't outline is that we do have the > capability to completely sever the connection from the car to > the cellular network. The customer would have to bring their > vehicle to the dealer where it would be put into 'flight mode'. > The result is the same as if the module were removed from the > vehicle. This can only be done at the dealer." > > Once this "flight mode" is enabled the Car-Net system, he says, > effectively becomes a "brick in the car" and the dealer will > also perform a test to ensure that the vehicle is not capable > of sending or receiving information. > > In some ways, it's consumers themselves that can partly take on > blame for this state of affairs. Much like what happened with > our phones and location tracking, people "see what the want to > see," says the EFF's Tien. "It's a lack of imagination -- or > lack of technical literacy. People are used to things being a > certain way. When things get upgraded their expectations tend > to stay with them even when [devices] are evolving under their > noses. As long as it gives them what they want to get out of it > the idea that it's capturing information doesn't seem terrible." > > That means ultimately it will be up to consumers to demand privacy > from manufacturers before they will give up access to our data, > because there's no incentive for them to do otherwise -- especially > when only security experts like Scannell are the types of consumers > that are calling for it. > > "Some manufacturers may be more friendly to your privacy than > others," says Glancy. "But we ought to have more friendly cars. > The car shouldn't be a rat or an adversary. It's supposed to be > a tool for us to have personal mobility. But it's kind of turned > on us in odd ways." > > Marketing companies are desperate to get inside your vehicle > and figure out what the heck you do there. > > And, while it may feel like Volkswagen is the bad guy of this > story, they're not even close to being the only car manufacturer > that has equipped their vehicles with on-board systems that send > and receive data. BMW, Mercedes-Benz, Audi, Lexus, Toyota, Nissan, > Infiniti, Honda, Acura, Mini, Hyundai, and Chrysler/Dodge/Jeep > cars all come with their own versions of Car-Net. And, of course, > every single new car that hits the road is federally mandated > in the US to have a little black box. > > These snooping systems aren't going to get less intrusive over > time. Unless, of course, consumers start calling for privacy. > As Scannell's example clearly highlights, even though the > manufacturers may be building in an off-switch, the consumer > desire to protect their own privacy is so low that even knowledge > of the switch's existence appears to have been a mystery to the > dealer, the customer service team, and the technicians they > consulted with. Only Weith, a top executive at the company, > managed to have a solution to Scannell's problem. It's likely > that wouldn't have been the case if more customers had been > asking to have their Car-Net systems disabled. > > Once cars become fully driverless they will rely entirely on > their outgoing and incoming data connection to function properly. > And that means we are currently laying the groundwork for what > the future of privacy in our cars will look like. If people > actually do care about protecting themselves from manufacturers > and marketers that want to watch their every vehicular move, the > time to speak up is now. Otherwise it could very, very quickly > become too late. > From rforno at infowarrior.org Thu Aug 11 17:28:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Aug 2016 22:28:13 -0000 Subject: [Infowarrior] - DNC creates cybersecurity advisory board Message-ID: They don't need a board of executives, they need more competent operational experts to develop, deploy, and maintain appropriate security tools and practices within the current enterprise. In 2016, the last thing you NEED to do when responding to an internet security breach is form (yet another) advisory group. You need operational expertise & funding to implement corrective & proactive action immediately, not a group of well-heeled pundits to provide ignorable recommendations in six months. --rick DNC creates cybersecurity advisory board following hack By John Savage http://www.politico.com/story/2016/08/dnc-cybersecurity-advisory-board-226929 The Democratic National Committee is creating a four-member cybersecurity advisory board, according to a memo obtained by POLITICO on Thursday. The advisory board is a response to the recent DNC hack and subsequent email leak that led to the resignation of former Chairwoman Debbie Wasserman Schultz and other top DNC officials. ?To prevent future attacks and ensure that the DNC?s cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,? interim DNC Chairwoman Donna Brazile wrote in a memo. ?The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces?today and in the future.? Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Copra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor. In the memo, Brazile detailed that committee?s response to WikiLeak?s email dump on the eve of the Democratic National Convention last month. Some emails contained personally identifiable information for supporters and others, she noted, adding that the release was intended to inflict maximum damage against the Democrats and presidential nominee Hillary Clinton. Brazile said the committee?s legal counsel has reviewed the information to determine who was impacted and how, and maintained that the DNC will inform the individuals who were affected next week. ?Those individuals receiving the data breach notice also will receive offers of assistance to help mitigate any threats to their financial security. Details concerning the breach and other pertinent information for victims will soon be available,? she said. ?We understand that this incident is alarming to all who may be affected, and I share your anger at those who committed and abetted this act. Our focus now is preventing future attacks, strengthening our capabilities, and helping protect those whose data was stolen.? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 12 10:33:49 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Aug 2016 15:33:49 -0000 Subject: [Infowarrior] - Rightscorp Threatens Every ISP in the United States Message-ID: <846C2F81-A892-44A6-9F4A-C5073666F7E3@infowarrior.org> Rightscorp Threatens Every ISP in the United States ? By Andy ? on August 12, 2016 https://torrentfreak.com/rightscorp-threatens-every-isp-united-states-160812/ Following a court win by its client BMG over Cox Communications this week, Rightscorp has issued an unprecedented warning to every ISP in the United States today. Boasting a five-year trove of infringement data against Internet users, Rightscorp warned ISPs that they can either cooperate or face the consequences. This week was one to forget for United States service provider Cox Communications after a federal court in Virginia found it liable for copyright infringements carried out by its customers. The ISP was found guilty of willful contributory copyright infringement and ordered to pay music publisher BMG Rights Management $25 million in damages. The case was filed in 2014 after it was alleged that Cox failed to pass on cash settlement demands to customers that were sent by anti-piracy outfit Rightscorp on behalf of BMG. The ISP also failed to take firm action against repeat infringers. Now, with a BMG victory on the record, Rightscorp has come out swinging. Welcoming the decision of Judge Liam O?Grady, the anti-piracy outfit says that its long-held position, that ISPs must comply with its wishes, has been proven accurate. ?For nearly five years, Rightscorp has warned US internet service providers (ISPs) that they risk incurring huge liabilities if they fail to implement and enforce policies under which they terminate the accounts of their subscribers who repeatedly infringe copyrights,? the company said in a statement. ?Over that time, many ISPs have taken the position that it was simply impossible for an ISP to be held liable for its subscribers? actions ? even when the ISP had been put on notice of massive infringements and supplied with detailed evidence. There had never been a judicial decision holding an ISP liable.? Of course, that changed this week with Judge O?Grady?s decision, and Rightscorp CEO Christopher Sabec couldn?t be happier. ?Although Rightscorp was not a party in this case, we are delighted with the outcome. The Federal District Court declared the liability of ISPs to be precisely what Rightscorp has been saying it is for years,? Sabec says. ?With this final Federal Court ruling, not only has our position on ISP liability been confirmed, but our Company?s technology and processes for collecting and documenting evidence of peer-to-peer copyright infringement on ISP networks has been validated as well.? While Rightscorp was expected to make the most of BMG?s victory in its future dealings with ISPs, the level of aggression in its announcement still comes as a surprise. Essentially putting every provider in the country on notice, Rightscorp warns that ISPs will now have to cooperate or face the wrath of litigious rightsholders. ?As we have consistently told ISPs, we stand ready to assist those ISPs that desire to work in a constructive way with the copyright community in order to reduce the massive infringements that occur every day on their networks,? Sabec says. ?But our company has also amassed a vast amount of data documenting infringements that have occurred over the past five years on the network of essentially every ISP in the country. That data will be made available to copyright holders that wish to enforce their rights against ISPs that are not inclined toward a cooperative solution.? Whether this week?s developments will help to pull Rightscorp out of the financial doldrums will remain to be seen. The company has been teetering on the edge of bankruptcy for a couple of years now, and its shares on Wednesday were worth just $0.038 each. Following the BMG news, they peaked at $0.044 -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 12 14:02:40 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Aug 2016 19:02:40 -0000 Subject: [Infowarrior] - Cory Doctorow On What iPhone's Missing Headphone Jack Means For Music Industry Message-ID: <9EE17AA4-4B9F-48CC-B9E8-8EACB6E438C7@infowarrior.org> Cory Doctorow On What iPhone's Missing Headphone Jack Means For Music Industry http://boingboing.net/2016/08/12/how-a-digital-only-smartphone.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 12 16:22:17 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Aug 2016 21:22:17 -0000 Subject: [Infowarrior] - iMessage's 'End-To-End' Encryption Hardly Any Better Than TLS, Say Cryptography Researchers Message-ID: <130A0FAE-B8F4-4107-BB14-B8473945C014@infowarrior.org> iMessage's 'End-To-End' Encryption Hardly Any Better Than TLS, Say Cryptography Researchers by Lucian Armasu August 12, 2016 at 3:30 PM - Source: Usenix Security Symposium http://www.tomshardware.com/news/imessage-weak-encryption-matthew-green,32466.html Apple?s iMessage has long been lauded as being the first mainstream chat application to use end-to-end encryption. However, cryptography professor Matthew Green and his team of students at Johns Hopkins University discovered that the iMessage's encryption is actually hardly any better than regular TLS network encryption. iMessage Attacks Earlier this year, after doing an overview of iMessage?s security architecture, Green ended up saying that the iMessage end-to-end encryption was fundamentally broken. He also recommended Apple to switch to the Signal protocol or another modern alternative to iMessage?s protocol. At the Usenix Security Symposium this week, professor Green and his team presented a more thorough analysis of the iMessage protocol and potential attacks against it. The team of researchers had to reverse-engineer Apple?s iMessage clients to uncover these vulnerabilities. Apple doesn?t offer much documentation for iMessage other than a high-level overview of the protocol, and the client apps are closed source. The researchers identified a practical adaptive chosen ciphertext attack, which allowed them to decrypt certain iMessage payloads and attachments, provided that a Sender or a Receiver device is still online. To test the attack, the team also created a proof of concept exploit that showed that the attack could be done remotely and silently against any iMessage user. The researchers noted that they had to use novel exploit techniques to create a chosen ciphertext attack against ciphertexts that contain gzip compressed data. They believe this type of attack could be used against other encryption protocols, as well. Now would probably be a good time for other chat application providers to check whether this type of attack, which the researchers described in their paper in more detail, can be used against their own apps. iMessage?s Biggest Weakness The attack described by the Johns Hopkins researchers is retrospective, which means an attacker can decrypt messages that were already encrypted. Perhaps this wouldn?t be such a big issue if Apple wouldn?t store both undelivered messages (for up to 30 days) and iCloud backed-up messages on its servers. Because it does, though, a sophisticated attacker can use an attack like this to access those messages. It also exposes the messages to be decrypted by court order, because Apple itself is able to decrypt any iCloud backups. In that case, users have the option to disable iCloud backups, but because iMessage backups can?t be individually enabled or disabled, the users would have to disable iCloud backup for other files, as well. However, even with iCloud sync disabled, there?s still the issue of the undelivered messages being stored for 30 days. Green?s team also warned that an attacker could steal a certificate and then be able to decrypt iMessages on certain versions of iOS and macOS, which don?t have support for certificate pinning. The researchers believe these types of threats are realistic, given how many people use iMessage all over the world, not to mention the attention Apple?s devices and services have been getting from various national governments. Lack Of Forward Secrecy Ever since Edward Snowden released the NSA documents, an encryption mechanism called ?forward secrecy? has significantly increased in popularity with service providers. The mechanism essentially automatically rotates the encryption keys at regular intervals, and once it switches to a new key, past data can?t be decrypted anymore. This has been a main feature of end-to-end encryption protocols such as Off-The-Record (OTR) and Signal, but Green said iMessage lacks it completely. The lack of forward secrecy means that if someone steals an iOS or macOS device and unlocks it, they can then decrypt past conversations from those devices. The researchers also criticized Apple for using non-standard encryption that seems implemented in a rather ad hoc manner. Moreover, Apple doesn?t use a properly authenticated symmetric encryption algorithm and instead relies on a digital signature to prevent tampering. This is what makes the chosen ciphertext attacks that can recover full contents of some messages possible. iMessage Mitigations Green once again recommended that Apple entirely replace iMessage with a new messaging system that?s been properly designed and verified. However, he realizes that Apple has to maintain some sort of backwards compatibility for the hundreds of millions of users that would continue to use iMessage even if Apple did create a new messaging app. Because of that, he and his team also proposed some ?short-term patches? for iMessage that can make the older iMessage clients a little more secure, as well as some long-term ones that will break iMessage?s compatibility with the old clients. The short-term patches for the old clients include: ? Duplicate RSA ciphertext detection, which means Apple will have to maintain a list of previously received RSA ciphertexts ? Regeneration of encryption keys and the destruction of message logs ? Pin Apple Push Notification Service Daemon and Messages certificates ? Reorganize message layout in a way that can block the type of attacks Green talks about in his paper The long-term changes that were proposed in the paper include: ? Completely replace iMessage? encryption with a well-studied construction such as OTR or Signal ? Adopt AES-GCM authenticated encryption for TLS traffic ? Place the protocol versioning information in the public key block and the authenticated portions of the ciphertext to prevent downgrade attacks ? Implement key transparency (Apple?s centralized key server is a major weakness of iMessage?s protocol) The researchers said that they have reported all of these vulnerabilities to Apple, and the company has already implemented most of the proposed short-term patches such as the duplicate RSA ciphertext detection and certificate pinning (only for iOS 9+ clients), and it removed gzip compression. However, Green and his team stressed that Apple should eventually do a major overhaul of the iMessage protocol while following their proposed long-term changes. About the author Lucian Armasu @lucian_armasu Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Aug 13 10:45:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 13 Aug 2016 15:45:35 -0000 Subject: [Infowarrior] - Obama puts Congress on notice: TPP is coming Message-ID: Obama puts Congress on notice: TPP is coming By Adam Behsudi 08/12/16 10:23 AM EDT Updated 08/12/16 04:22 PM EDT The White House put Congress on notice Friday morning that it will be sending lawmakers a bill to implement President Barack Obama?s landmark Trans-Pacific Partnership agreement ? a move intended to infuse new energy into efforts to ratify the flat-lining trade pact. The move establishes a 30-day minimum before the administration can present the legislation, but the White House is unlikely to do so amid the heated rhetoric of a presidential campaign in which both major party nominees have depicted free trade deals as massive job killers. Friday's notification is the clearest signal yet that the White House is serious about getting Obama?s legacy trade deal ? the biggest in U.S. history ? passed by the end of the year, as he has vowed to do despite the misgivings of Republican leaders and the outright opposition of a majority of Democrats in Congress. Striking a defiant tone, Obama predicted at a press conference last week that the economic centerpiece of his strategic pivot to Asia would pass in the lame-duck session, saying he?d like to sit down with lawmakers after the election to discuss the "actual facts" behind the deal, rather than toss it around like a "political football." "We are part of a global economy. We're not reversing that," Obama said, describing the necessity of international supply chains and the importance of the export sector to U.S. jobs and the economy. "The notion that we're going to pull that up root and branch is unrealistic." The notification, a new requirement of the trade promotion authority legislation Congress passed last year to expedite passage of the Asia-Pacific pact, is ?meant to ensure early consultations between the administration and Congress,? Matt McAlvanah, a spokesman for the Office of the U.S. Trade Representative, said in a statement. ?As such, the draft SAA [Statement of Administrative Action] was sent today in order to continue to promote transparency and collaboration in the TPP process.? < - > http://www.politico.com/story/2016/08/obama-congress-trade-warning-226952 -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Aug 13 17:05:05 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 13 Aug 2016 22:05:05 -0000 Subject: [Infowarrior] - =?utf-8?q?Alzheimer=E2=80=99s_Disease=3A_Period_P?= =?utf-8?q?ain_Drug_Cures_Symptoms_In_Mice=2C_New_Research_Shows?= Message-ID: (If this proves sustainable in follow-on tests, holyshitthisisbignews. The full Nature journal article is @ http://www.nature.com/articles/ncomms12504.) Alzheimer?s Disease: Period Pain Drug Cures Symptoms In Mice, New Research Shows By Seerat Chabba @crat074 On 08/13/16 AT 3:31 AM http://www.ibtimes.com/alzheimers-disease-period-pain-drug-cures-symptoms-mice-new-research-shows-2401212 The incurable Alzheimer?s disease may now have a cure. A new research by the University of Manchester shows that the most common form of dementia can be fully cured with an anti-inflammatory drug, commonly used for period pain. Almost 7.5 million new cases of Alzheimer?s ? a disease that causes acute problems with memory, thinking ability and behavior ? diagnosed around the world every year. In the United States, about five million people currently suffer from the degenerative disease that has claimed one in three senior citizens with some form of dementia. The team, led by Dr. David Brough, worked with mice to find that a common Non-Steroidal Anti Inflammatory Drug (NSAID) routinely used to relieve menstrual pain ? mefenamic acid ? completely reversed the inflammation of the brain and lost memory in the specimen. Mefenamic acid is available as a generic drug and is sold under a variety of brand names. For the study, 20 mice were genetically altered to exhibit symptoms of Alzheimer?s. Ten of these were treated with mefenamic acid by using a mini-pump under their skin for one month, while the other 10 mice were treated in the same way with a placebo. Researchers found that the mice treated with mefenamic acid saw a complete reversal of memory loss, while the placebo group?s condition remained unchanged. ?There is experimental evidence now to strongly suggest that inflammation in the brain makes Alzheimer?s disease worse,? Brough said in a statement. ?Our research shows for the first time that mefenamic acid, a simple Non-Steroidal Anti Inflammatory Drug can target an important inflammatory pathway called the NLRP3 inflammasome, which damages brain cells.? ?Until now, no drug has been available to target this pathway, so we are very excited by this result,? he added. However, trials on animals are not the same as human trials and may yield different results. If the proposed human trials prove to be promising, it won?t be long before the treatment reaches patients. ?Because this drug is already available and the toxicity and pharmacokinetics of the drug is known, the time for it to reach patients should, in theory, be shorter than if we were developing completely new drugs,? Brough said. Dr. Doug Brown, Director of Research and Development at Alzheimer's Society, backs this by saying, ?Testing drugs already in use for other conditions is a priority for Alzheimer?s Society ? it could allow us to shortcut the fifteen years or so needed to develop a new dementia drug from scratch.? There is also a note for caution attached with the research. ?These promising lab results identify a class of existing drugs that have potential to treat Alzheimer?s disease by blocking a particular part of the immune response. However, these drugs are not without side effects and should not be taken for Alzheimer?s disease at this stage - studies in people are needed first,? Brown said in the statement. The study was published Thursday in the journal Nature Communications. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Aug 14 08:46:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 Aug 2016 13:46:33 -0000 Subject: [Infowarrior] - =?utf-8?q?The_=2447_Billion_Network_That=E2=80=99?= =?utf-8?q?s_Already_Obsolete?= Message-ID: <3153D61C-77C9-4D7F-8156-6DB712B496F3@infowarrior.org> The $47 Billion Network That?s Already Obsolete Steven Brill http://www.theatlantic.com/magazine/archive/2016/09/the-47-billion-network-thats-already-obsolete/492764/ The prize for the most wasteful post-9/11 initiative arguably should go to FirstNet?a whole new agency set up to provide a telecommunications system exclusively for firefighters, police, and other first responders. They would communicate on bandwidth worth billions of dollars in the commercial market but now reserved by the Federal Communications Commission for FirstNet. FirstNet is in such disarray that 15 years after the problem it is supposed to solve was identified, it is years from completion?and it may never get completed at all. According to the GAO, estimates of its cost range from $12 billion to $47 billion, even as advances in digital technology seem to have eliminated the need to spend any of it. FirstNet, which has received scant press attention, was established in 2012 and funded with an initial $7 billion. A classic congressional compromise made it a quasi-independent unit of the Department of Commerce. That was supposed to give it the heft and authority of the federal government but the agility and culture of a private-sector start-up. In fact, the reverse dynamics seem to have taken over from the beginning. It took FirstNet two years just to recruit a skeleton staff, only to be hit by an inspector general?s report that found potential conflicts of interest and problems with the awarding of initial consulting contracts. It then took another two years to issue a request for proposal (RFP) asking contractors to bid on the work to build and operate the system. The impetus for FirstNet grew out of an aspect of the September 11 narrative that is part tragedy and part urban myth. < - > Certainly, FirstNet is not on Jeh Johnson?s priority list. Asked about FirstNet, the homeland-security secretary said he was ?not familiar with what they?re supposed to be doing.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Aug 14 20:01:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Aug 2016 01:01:13 -0000 Subject: [Infowarrior] - Fwd: another VW story - this is an encryption backdoor References: <935DB8F3-11B6-41A5-B853-E42FF6AC7B1E@well.com> Message-ID: <4B734169-6189-4AD2-A3DF-378B968D59DC@infowarrior.org> > Begin forwarded message: > > From: "Dan > > https://www.techdirt.com/articles/20160812/10515435227/volkswagen-created-backdoor-to-basically-all-cars-now-hackers-can-open-all-them.shtml > > Volkswagen Created A 'Backdoor' To Basically All Its Cars... And Now Hackers Can Open All Of Them > from the backdoors-are-bad-m'kay? dept > And... for our latest example for why requiring companies to build backdoors into encryption or similar technologies is a bad idea comes from automaker Volkswagen. Researchers are now revealing that approximately 100 million VW vehicles can be easily opened via a simple wireless hack. The underlying issue: a static key used on basically all of the wireless locks in VWs. > The researchers found that with some ?tedious reverse engineering? of one component inside a Volkswagen?s internal network, they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles. By then using their radio hardware to intercept another value that?s unique to the target vehicle and included in the signal sent every time a driver presses the key fob?s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car. ?You only need to eavesdrop once,? says Birmingham researcher David Oswald. ?From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.? > In other words, VW created a backdoor, and assumed that it would remain hidden. But it did not. > > This is exactly the kind of point that we've been making about the problems of requiring any kind of backdoor and not enabling strong encryption. Using a single encryption key across every device is simply bad security. Forcing any kind of backdoor into any security system creates just these kinds of vulnerabilities -- and eventually someone's going to figure out how they work. > > On a related note, the article points out that the researchers who found this vulnerability are the same ones who also found another vulnerability a few years ago that allowed them to start the ignition of a bunch of VW vehicles. And VW's response... was to sue them and try to keep the vulnerability secret for nearly two years. Perhaps, rather than trying to sue these researchers, they should have thrown a bunch of money at them to continue their work, alert VW and help VW make their cars safer and better protected. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Mon Aug 15 07:56:20 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Aug 2016 12:56:20 -0000 Subject: [Infowarrior] - In Bungled Spying Operation, NSA Targeted Pro-Democracy Campaigner Message-ID: <4BEE679E-B171-4CC0-81D5-55F445D0A123@infowarrior.org> In Bungled Spying Operation, NSA Targeted Pro-Democracy Campaigner https://theintercept.com/2016/08/14/nsa-gcsb-prism-surveillance-fullman-fiji/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 16 11:11:34 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Aug 2016 16:11:34 -0000 Subject: [Infowarrior] - How the IOC effectively maintains a gag order on nonsponsors of the Olympics Message-ID: <6AB82842-AD4F-47C4-A294-AC232131DFD3@infowarrior.org> How the IOC effectively maintains a gag order on nonsponsors of the Olympics Shontavia Johnson Professor of Intellectual Property Law, Drake University August 12, 2016 4.10pm EDT https://theconversation.com/how-the-ioc-effectively-maintains-a-gag-order-on-nonsponsors-of-the-olympics-63747 -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 16 13:24:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Aug 2016 18:24:44 -0000 Subject: [Infowarrior] - NTIA informs ICANN it will allow IANA contract to lapse on 10/1 Message-ID: Update on the IANA Transition August 16, 2016 by Assistant Secretary for Communications and Information and NTIA Administrator Lawrence E. Strickling https://www.ntia.doc.gov/blog/2016/update-iana-transition Two months ago, we passed an important milestone in a nearly 20-year effort to privatize the Internet domain name system (DNS). We announced on June 9 that the transition proposal developed by the Internet multistakeholder community meets the criteria we outlined in March 2014 when we declared our intent to transition NTIA?s stewardship role related to the DNS. While this was a significant moment in this journey, we said in June that the Internet Corporation for Assigned Names and Numbers (ICANN), which currently operates the IANA functions under a contract with NTIA, still had work to do to implement key action items called for in the transition plan. On Friday, ICANN informed NTIA that it has completed or will complete all the necessary tasks called for in the transition proposal by the end of the contract term. NTIA has thoroughly reviewed the report. We informed ICANN today that based on that review and barring any significant impediment, NTIA intends to allow the IANA functions contract to expire as of October 1. The IANA stewardship transition represents the final step in the U.S. government?s long-standing commitment, supported by three Administrations, to privatize the Internet?s domain name system. For the last 18 years, the United States has been working with the global Internet multistakeholder community to establish a stable and secure multistakeholder model of Internet governance that ensures that the private sector, not governments, takes the lead in setting the future direction of the Internet?s domain name system. To help achieve this goal, NTIA in 1998 partnered with ICANN, a California-based nonprofit, to transition technical DNS coordination and management functions to the private sector. NTIA?s current stewardship role was intended to be temporary. In March 2014, NTIA initiated the final step in the privatization of the DNS by asking ICANN to convene Internet stakeholders to develop a plan to transition NTIA?s stewardship role for the DNS to the Internet multistakeholder community. Stakeholders spent two years developing a thoughtful consensus proposal that meets the criteria we outlined in 2014 and will strengthen the multistakeholder approach, while maintaining the stability, security, and openness of the Internet that users across the globe depend on today. This multistakeholder model is the key reason why the Internet has grown and thrived as a dynamic platform for innovation, economic growth and free expression. We appreciate the hard work and dedication of all the stakeholders involved in this effort and look forward to their continuing engagement. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 16 14:23:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Aug 2016 19:23:18 -0000 Subject: [Infowarrior] - WikiLeaks, too, claims to have NSA code Message-ID: <409CC3C1-C81D-4C5B-9176-F3EEC3A71F0A@infowarrior.org> WikiLeaks, too, claims to have NSA code By Joe Uchill - 08/16/16 09:40 AM EDT http://thehill.com/policy/cybersecurity/291565-wikileaks-too-claims-to-have-nsa-code The auction for an advanced, National Security Agency-linked cyberweapon just became cheaper. After a day of speculation over whether the previously unknown ?Shadow Brokers? could really be auctioning off an authentic stolen copy of the vaunted espionage group?s source code, WikiLeaks announced it would be releasing a free, ?pristine? copy. WikiLeaks ? and The Shadow Brokers ? claim to have copies of the code behind the Equation Group, labeled ?one of the most sophisticated cyber attack groups in the world? when it was discovered last year. The operation went under the radar for 14 years before being discovered, well longer than other known attackers. Equation is usually described as an NSA team because of similarities between its work and other projects attributed to the spy agency, as well as the use of NSA jargon within the program?s core. An auction notice by Shadow Brokers placing hacked source code of Equation malware gained wide attention Monday. While inconclusive, files the Brokers released as proof it had the code appeared legitimate enough to pique the security community's interest. But Monday night, WikiLeaks tweeted, ?We had already obtained the archive of NSA cyber weapons released earlier today and will release our own pristine copy in due course.? It is unclear why WikiLeaks had not already released a copy of the code it claims it had. As of late, WikiLeaks has timed its releases for maximum political impact. Emails leaked from the Democratic National Committee went live leading into the Democratic Convention, rather than when they were first obtained. Democratic Congressional Campaign Committee and DNC hacker Guccifer 2.0 announced WikiLeaks will release the brunt of the documents taken from the DCCC hack. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Aug 17 14:07:25 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Aug 2016 19:07:25 -0000 Subject: [Infowarrior] - Trump makes intel community queasy Message-ID: <0E973270-F2FD-4BB8-8DB8-564981392082@infowarrior.org> (his first briefing is this afternoon. --rick) Trump makes intel community queasy By Matt Latimer http://www.politico.com/story/2016/08/trump-intelligence-community-unhappy-227120 Just ahead of his first classified briefing, Donald Trump said he didn't trust the work of America's intelligence agencies. Well, they don't exactly trust him either. Interviews over the past several months with current and former intelligence officials and intelligence experts revealed significant trepidation about the notion of a Trump presidency ? an uneasiness that the Republican nominee?s latest comments are likely to exacerbate. Several sources cited Trump's unpredictability, his harsh rhetoric about Muslims, his vocal support for torture and his suggestions that he'd go after terror suspects' families as causes of concern, even among the most hawkish elements of the intelligence world. "The wholesale slaughter of families of terrorists ? it is understood as a war crime," an Army intelligence officer told POLITICO. "You can see how emotionally it might seem like a satisfying" thing to say, "but no matter how much you might wait to raze and salt the earth ... people understand the right versus wrong component of it." A terrorism expert at a D.C. think tank described the mood about a possible President Trump in the intelligence community as "fearful." "Most people assume that even if he got in he would be forced to moderate because of the realities of your office and the inevitable restrictions on your power," he added. "But the president has the lead on foreign policy and security. The president can do a lot without any sort of restraints from Congress." As is standard for presidential nominees, Trump on Wednesday was due to get a classified intelligence briefing. The real estate mogul has said he will bring along to the session retired Lt. Gen. Michael Flynn, a former head of the Defense Intelligence Agency. Flynn has raised eyebrows in the U.S. national security establishment because of his appearances on a Kremlin-funded TV network, especially at a time of spiking tensions between Moscow and Washington, and his presence at a classified session has rung alarms. But Trump defended Flynn, widely viewed as a maverick inside the intelligence community, as "tough" and "smart" in an interview with Fox News on Tuesday night. Then, asked, if he trusts "intelligence," the real estate mogul said: "Not so much from the people that have been doing it for our country." "I mean, look what's happened over the last 10 years. Look what's happened over the years. It's been catastrophic. And, in fact, I won't use some of the people that are sort of your standards, you know, just use them, use them, use them, very easy to use them, but I won't use them because they've made such bad decisions," said Trump, who was also to be joined by New Jersey Gov. Chris Christie at the briefing. "You look at Iraq. You look at the Middle East. It's a total powder keg. It's a ? if we would have never touched it, it would have been a lot better." Flynn has been especially vocal about claims that intelligence officials have downplayed the rise of the Islamic State at the White House?s behest. Earlier this month, a House Republican task force alleged that U.S. Central Command officials had changed intelligence reports to make it appear the fight against the terrorist group is going better than it really is, exposing frustrations within the national security community over the Obama administration?s approach to Syria and Iraq. Former New York City Mayor Rudy Giuliani, a major Trump booster, said he agreed with Trump's decision to have Flynn accompany him for the briefing because the retired general will "be able to ask critical questions." Giuliani also slammed the intelligence agencies' work product as "terrible." "I mean, our intelligence has really let us down on a number of occasions, and there's something substantially wrong with the way we gather intelligence," Giuliani said. "When the president of the United States can say just a short-- really, just a short while ago that [the Islamic State terrorist network] is the JV team, something is wrong with our intelligence." Asked about Trump's criticisms, the CIA deferred comment to the Office of the Director of National Intelligence, which in turn declined to comment. Such reticence is in line with the agencies' traditional mandate to stay out of the political realm. And in many ways, most people in the intelligence community's rank and file will follow that mandate no matter what happens in the campaign or on Election Day, analysts said. "It?s probably, within the agency, extremely apolitical," said Soufan Group analyst Patrick Skinner of the CIA, where he used to be a case officer. "You really just don?t talk about it." Skinner, added, however, that people at senior levels in the agencies "might be wondering about priorities." He and others also said a Trump win in November won't necessarily repel future recruits nor lead to mass retirements, at least not immediately. "If there is a President Trump ? that?s kind of a funny sentence to say ? then there will probably be a lot of hope that the directors ? all the top appointees ? would be very diligent in their duties," Skinner said. "There has to be some kind of faith that the system works, but he?s running on a no-faith-in-the-system campaign." "The civil servants will trudge on. They know how to slow-roll people whose ideas they deem unworkable," added a former National Security Council official. "That?s what the bureaucracy does. You?ll see quite a bit of that when Trump comes in." Within the broader intelligence industry ? which includes companies that produce the technology and weaponry used by the various agencies ? people are "incredulous,? according to a consultant with extensive contacts in that field. ?People can hardly believe that it?s happening.? "What people like is predictable outcomes," the consultant said, pointing to Trump?s mercurial policy shifts as especially problematic for an industry that craves certainty. That being said, he added, ?If the public indicates or seems to show that they?re going to vote for Trump, I would think that businessmen would revert to their typical behavior and figure out how they can get their share.? For many in the intelligence realm, especially those at the mid-level to senior ranks, the most frustrating thing about Trump is his willingness to dismiss allies, including those in Muslim-majority countries, and alliances, such as NATO. "It comes up because the intel folks are highly dependent on liaison relationships," the D.C. think-tank expert said. "The war fighters also have the same issue. They are dependent frequently on local allies to engage enemy forces. And right now enemy forces are [the Islamic State] and al Qaeda, and again our partners are Muslims." Then, of course, there's Trump's seeming fondness for Russia and its strongman president, Vladimir Putin. The Republican nominee has said the U.S. needs to cooperate more with Russia on issues such as the bloody civil war in Syria, where Washington and Moscow are frequently at odds. The fact that Flynn is at his side is of particular concern to national security leaders who worry about Putin's long-term meddling intentions for his country?s role in the world. In media appearances on Wednesday, California Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee, said he was confident that the briefing that Trump receives will not include exceptionally sensitive information, but he still sounded a note of warning. "It gives me a lot of heartburn ... that we would share any information about Russia, particularly if you imagine the topic of Russian cyber efforts came up," Schiff told MSNBC. "I would feel very uncomfortable getting into that with a candidate with this kind of background.? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Aug 18 17:01:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Aug 2016 22:01:51 -0000 Subject: [Infowarrior] - How Trolls Are Ruining the Internet Message-ID: <18A14028-9087-418E-93C6-2F6B82783A2D@infowarrior.org> How Trolls Are Ruining the Internet ? Joel Stein @thejoelstein They?re turning the web into a cesspool of aggression and violence. What watching them is doing to the rest of us may be even worse Updated, August 18 http://time.com/4457110/internet-trolls/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 19 09:31:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Aug 2016 14:31:51 -0000 Subject: [Infowarrior] - The NSA Leak Is Real, Snowden Documents Confirm Message-ID: The NSA Leak Is Real, Snowden Documents Confirm Sam Biddle Aug. 19 2016, 8:00 a.m. https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 19 14:33:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Aug 2016 19:33:33 -0000 Subject: [Infowarrior] - 'Flash Boys' IEX stock exchange opens Message-ID: 'Flash Boys' IEX stock exchange, backed by L.A. investment giant, opens for business Los Angeles Times At mutual fund giant Capital Group, investment managers study stocks, looking to buy when they?re underpriced and sell when they?re overpriced. That?s how the downtown L.A. firm has made healthy returns for its millions of investors since the 1930s. But over the last few years, Capital Group has been looking toward something else to help boost its returns: a new stock exchange founded by a group of Wall Street evangelists, lauded in a bestselling book and powered by a spool of 38 miles of fiber-optic cable tucked away in a New Jersey data center. That new exchange, the Investors Exchange or IEX, the subject of Michael Lewis? 2014 book ?Flash Boys: A Wall Street Revolt,? was founded on the premise that ordinary investors ? particularly the middle-class ones whose money is managed by big firms like Capital Group ? need protection from high-speed trading firms that manipulate the market. After a nearly yearlong struggle for approval from the Securities and Exchange Commission, IEX today becomes a public stock exchange, like the New York Stock Exchange and Nasdaq, marking a victory for both the upstart exchange?s founders and Capital Group. < - > http://www.latimes.com/business/la-fi-capital-group-iex-20160815-snap-story.html -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Aug 20 09:12:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 20 Aug 2016 14:12:31 -0000 Subject: [Infowarrior] - NSA seeks to reassure on merging cyber defense, offense Message-ID: <2519B742-CD05-4C10-B71D-7F2B8E013E5E@infowarrior.org> NSA seeks to reassure on merging cyber defense, offense By Shaun Waterman August 19, 2016 8:00 AM http://fedscoop.com/nsa-reorganization-nsa21-august-2016 Officials at the huge spy agency say, despite concerns, a coming reorganization will not impact their work to defend U.S. computer networks from hackers and cyberspies. The NSA's fabled Information Assurance Directorate may be going away in a major reorganization of the agency at the end of August, but "the mission will continue," the directorate's chief said this week. IAD Director Curtis Dukes told a handful of reporters at a briefing in Washington that his staff would continue protecting the computer networks of the U.S. military and intelligence agencies, as well as working with the FBI, Homeland Security and private sector partners to keep hackers and cyberspies at bay for the civilian government and key industries. According to an NSA handout, the reorganization, dubbed NSA21, will reconfigure the huge sprawling agency into six directorates: ? Workforce & Support Activities; ? Business Management & Acquisition; ? Research; ? Engagement & Policy, which the handout says will serve as the NSA?s "'front door' to ensure we speak with one voice in all external engagements;" ? Capabilities, responsible for "deploying personnel across the enterprise to support mission operations;" and ? Operations, which will merge the two largest existing directorates ? signals intelligence and information assurance. Crucially, that "operations" segment means, in cyber, offense and defense are playing together for the first time. Signals intelligence is the foreign espionage mission of the NSA ? spying on the nation's adversaries. Information assurance is the defensive mission. By presidential fiat, the NSA has direct responsibility for the security of the communications and IT networks of the U.S. military and intelligence agencies. But in recent years, in the face of a rising tide of foreign cyberattacks, its IAD cyber defenders have also increasingly been called upon to provide technical expertise and support to the Department of Homeland Security and Federal Bureau of Investigation ? working to identify and kick out hackers who've penetrated civilian government or even private sector networks. "Over the past 24 months, there has not been a single [major cyber] incident where we didn't [at least] augment the incident response" said Dukes, listing the hacking of the Office of Personnel Management database, and the email compromises at the State Department, the Executive Office of the President and the Joint Chiefs of Staff. During more than a decade, IAD has developed relationships with industry, Dukes said, highlighting the work done with Microsoft ? over what he said was almost two years, 2012-14 ? to help mitigate the so-called "Pass the Hash" vulnerability. "Why do we work with them?" Dukes asked of IT providers. "We need their products for our [government] missions, but we need to make sure those products are as secure as possible ... right out of the box. "We used to do it separately" from the manufacturers, he said, "Now we do it in partnership" ? for instance in the agency's Commercial Solutions for Classified program, which provides guidance for government system managers on how to use commercial software securely on classified systems. But some in industry now see those relationships as under threat in the merger with signals intelligence. Offense and defense Because computers are now the easiest way to spy on people, and because everyone ? even U.S. adversaries ? uses the same Internet, there has long been what officials like to call a "healthy" or "creative" tension between the foreign espionage mission and the information assurance mission of the NSA. Crudely put, the IA's cyber mission is to find security holes in Internet infrastructure and common software and patch them; the signals intelligence mission is to find the same holes and keep them open as long as possible so they can be used to spy on foreigners. When the two directorates merge, some fear that the much larger and better funded signals intelligence mission will simply absorb the IA mission. Such concerns are "fair and must be addressed," former agency deputy director Chris Inglis told FedScoop. "In any merger ... of course there's the danger that a smaller component, especially if it's dramatically smaller, will be overwhelmed by the larger component," he said, urging the agency leadership "to take care to protect that kernel of strength, that depth of expertise that has been the hallmark of the IAD .. of its success." Currently, the signals intelligence directorate is about double the size of IAD, according to historian Matthew Aid, who has written extensively about the agency. But Inglis said the merger was imperative, driven by the changing information territory on which the agency was fighting. "There's no more 'adversary networks' and 'friendly networks,'" he said, "there's only one global network." Given that attackers and defenders are now competing on the same terrain, Inglis said, "the things that you learn from one mission should be used to improve the strength and resilience of the other mission." "it would be a shame, bordering on a mistake," not to take advantage of that, he said. NSA21: A big reorganization, done very quietly The wholesale reorganization of the huge and sprawling agency, dubbed NSA21, was first flagged last year by the agency's Director Adm. Michael Rogers, and details have eked out since. Curtis's briefing this week, however, was the first time officials have publicly addressed questions about it ? although his responses were off the record. Aid said that, even for the notoriously secretive NSA, details of the reorganization have been "extremely closely held." "It's very unusual," he said, adding that, prior to the agency's last major reorganization, undertaken by then-Director Gen. Michael Hayden, there had been "a huge roll out," involving extensive briefings to congressional overseers and "months and months of staff work." Congressional sources told FedScoop that overseers had been briefed, but details weren't available. In guarded public comments, leaders of the intelligence committees from both chambers and both parties have been generally supportive, but with "wait and see" caveats. "I don't get the sense that this got the kind of scrutiny you usually get before a major reorganization," Aid said. "The biggest problem they have right now is that they are drowning in data ... How does this help?" In its handout, the agency says it surveyed 4,500 members of its workforce; conducted 120 focus groups; and interviewed 100 "internal and external stakeholders" while developing the plan. A question of resources "One of the thoughts behind this [reorganization] is to reduce costs, to reduce staffing levels," Aid believes. "NSA is a very large organization, and probably not the most cost efficient" in the U.S. government, he said. The NSA budget is classified, but the no-longer secret top line of the nation's spying spending reveals that U.S. intelligence agencies have in the last few years reached a plateau in their burgeoning budgets. "Efficiency has got to be a part of any change," said Inglis, "But first and foremost the leaders [of national security agencies] are accountable for effectiveness, they need to deliver on the expectations of the American people." "You have to maintain the distinctions in law and authority," between the two missions, Inglis stressed, but he added that there were "clear synergies" between them. When two tribes go to war Aid, citing NSA staff he's friendly with, says that the planned reorganization has caused "consternation" among some at the agency. "They are almost like two different tribes," he said of the signals intelligence and information assurance directorates. The one dominated by a military culture, the other growing out of the agency's engagement with a group of rather un-military west coast cryptographers. Former IAD Director Dickie George says that, despite that cultural divide, "on both offense and defense, it's the same people, the same techniques and they've always talked." "As far as the deep technical work [goes] ... Over the years, the offensive and defensive people, the technical people [on both sides] have worked hand-in-hand, sharing techniques, sharing technologies." He believes the real issue will lie elsewhere ? in people's perceptions about the merger. "You do worry that there's be a perception issue," he said, but that was nothing new. "You always had to establish trust when working with people outside ... There's always a perception issue with the NSA. It's something I had to deal with my whole career," said George, a mathematician by training, who worked there from 1970 until his retirement in 2011. Notwithstanding any perception problems, Aid predicted the merger "shouldn't affect the relationships" IAD has with the private sector and civilian government. Officials "will continue to fulfill all the exact same functions" ? they'll go to the same meetings, do the same work. "But it's being demoted," said Aid. Inglis sees it differently, "Even though IA is the smaller of the two" missions, he said, "The strong bias has to be to defense as job one." He said those with concerns about the merger were looking through the wrong end of the telescope. Because the new operations directorate was equally responsible for both missions, he said, "This truly is a clarion call to the signals intelligence organization that they're now accountable for the success of the defensive mission as much as their own. They need to ensure through the application of their resources, the choices they make that they're making a material contribution to the information assurance mission." -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Aug 21 15:18:52 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 21 Aug 2016 20:18:52 -0000 Subject: [Infowarrior] - WiFi Signals Can ID Individuals by Body Shape Message-ID: (c/o ep) WiFi Signals Can ID Individuals by Body Shape Written by Daniel Oberhaus http://motherboard.vice.com/read/wifi-signals-can-id-individuals-by-body-shape?utm_source=mbtwitter August 21, 2016 // 04:00 PM EST With the Internet of Things slated to have tens of billions of connected devices by 2020, one of the most crucial design considerations for internet-connected products is figuring out how to seamlessly integrate these devices into everyday life. In this respect, teaching machines how to identify the individuals they are interacting with is paramount?it will allow for the total personalization of everything that is promised by the IoT. Rather than just having internet-connected light bulbs and refrigerators that are sitting around waiting to get hacked, these devices will be able to recognize you and interface with you according to your preferences (something that devices like the Xbox One are already doing via facial recognition). So far there have been a number of proposed methods for integrating human identification into smart objects, ranging from the creepy and invasive (think RFID chip implants or facial recognition) to the limited and cumbersome (like fingerprint scanners). In the quest for a non-invasive yet ubiquitous mode of human identification, a team of researchers from Northwestern Polytechnic University figured out a way to use WiFi signals to ID individuals moving around in a room?with an ID accuracy upwards of 90 percent. As the team detailed in a paper posted to arXiv earlier this month, their novel approach to human identification?which they?re calling FreeSense?uses interruptions in WiFi waves to identify individuals based on body shape and motion patterns. This is accomplished by monitoring changes in the WiFi?s channel state information (CSI), which is a fancy way of saying the fine-grained data about how a WiFi wave is propagating in a given space. ?Due to the difference of body shapes and motion patterns, each person can have specific influence patterns on surrounding WIFI signals while she moves indoors, generating a unique pattern on the CSI time series of the WIFI device,? the team writes in its report. ?FreeSense?is nonintrusive and privacy-preserving compared with existing methods [of human identification].? WiFi channel state information has already been successfully deployed as a motion sensor in other contexts, such as detecting when someone in a room has fallen or hearing what they are saying when they speak. Prior to this new research, none of these applications have been able to leverage WiFi CSI to identify individuals, however. To test their new methods, the team members used a normal laptop and off-the-shelf WiFi router in a 30 square meter ?smart home environment,? complete with typical home furnishings. The enlisted nine volunteers to function as a representative family that might be operating in this smart home, with the goal of using WiFi CSI to identify these individuals as they navigated the space. To begin with, the researchers trained their system to classify individuals based on 20 samples of them walking across the space in a straight line. Once this baseline was established, the individuals then navigated the space an additional 20 times to test the system. When all nine individuals were testing the system (one person in the room at a time), it was able to achieve about a 75 percent accuracy in identifying them; when it was just two individuals, FreeSense was able to identify them nearly 95 percent of the time. The reason for the difference is simple: the more individuals with similar body types or motion patterns you have in the system, the trickier it is to identify them. Still, the team found that the ideal number of people that can be identified by their system is somewhere between 2-6, which would capture the range of most nuclear families?with 6 people moving in the system, they were still able to achieve an 88 percent ID accuracy. Now that the FreeSense proof-of-principle has been successfully demonstrated, the researchers hope to improve upon the design by testing it when multiple people are in the room at once and seeing how increasing the distance between the WiFi receiver and transmitter affects recognition accuracy. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Aug 22 08:42:39 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Aug 2016 13:42:39 -0000 Subject: [Infowarrior] - 98 personal data points that Facebook uses to target ads to you Message-ID: <45910255-C7E5-4B60-8FE8-3377EBD19C07@infowarrior.org> 98 personal data points that Facebook uses to target ads to you https://www.washingtonpost.com/news/the-intersect/wp/2016/08/19/98-personal-data-points-that-facebook-uses-to-target-ads-to-you/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Aug 22 10:25:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Aug 2016 15:25:44 -0000 Subject: [Infowarrior] - The NSA hack proves Apple was right to fight the FBI Message-ID: The NSA hack proves Apple was right to fight the FBI Paul Szoldra Aug 21, 2016, 11.10 PM http://www.businessinsider.in/The-NSA-hack-proves-Apple-was-right-to-fight-the-FBI/articleshow/53800874.cms After the unprecedented breach of hacking tools and exploits stolen from the US National Security Agency's elite hacking unit, some privacy advocates see it as clear vindication of Apple in its fight with the FBI earlier this year. "The component of the government that is supposed to be absolutely best at keeping secrets didn't manage to keep this secret effectively," Nate Cardozo, a senior staff attorney with the Electronic Frontier Foundation, told Business Insider. In February, a judge ordered Apple to help the FBI unlock an iPhone that was used by Syed Rizwan Farook, one of two attackers who killed 14 people in a December terrorist attack in San Bernardino, California. That order set off a vigorous debate between law enforcement officials seeking evidence and technologists worried over broader implications for personal privacy. While the company's legal team fought the order, Apple CEO Tim Cook published a letter arguing against being forced to build a so-called "backdoor" that would subvert the encryption that not only kept the shooter's phone secure, but millions of other users of Apple's smart phones. Most in the technology community rallied around Apple at the time, arguing that weakened encryption might help government investigators, but it would also make customers vulnerable to hackers. Now, with a massive top-secret archive of some of the NSA's own exploits having been leaked online, it appears they were right. "The NSA's stance on vulnerabilities seems to be based on the premise that secrets will never get out. That no one will ever discover the same bug, that no one will ever use the same bug, that there will never be a leak," Cardozo said. "We know for a fact, that at least in this case, that's not true." The government eventually backed down from its fight with Apple in late March, after investigators said they were able to unlock the shooter's phone with the "a assistance of a third party." It never disclosed who that was or how it broke into the phone. Exactly how the FBI got into the phone is yet another case where the government is holding on to "zero days," or software exploits that are completely unknown to companies and users. These exploits, when found, are typically disclosed to vendors so they can fix the problem, used by hackers to break into systems more easily, or sold on the black market. But Cardozo believes the FBI's exploit of the San Bernardino shooter's iPhone 5C, its still-unknown exploit of the Tor web browser in another case, and NSA's apparent hoarding of exploits that have now been made public, raises a larger issue around the legalities of government hacking. "When the government finds, creates, or discovers a vulnerability in a system, there are essentially two things they can do: They can disclose it, or they can use it," he said. "But the rules around that are completely broken." There are some guidelines around how the government is supposed to deal with vulnerabilities in what is called the Vulnerabilities Equities Process, a framework that is supposed to outline how and when it would make sense to disclose a vulnerability to an affected company if the larger security risk is greater than the reward it could yield. But the VEP is just non-binding guidance created by the Obama administration - not an executive order or law - which has no legal standing. "We need rules, and right now there aren't any," Cardozo said. "Or at least none that work." -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Aug 22 17:55:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Aug 2016 22:55:32 -0000 Subject: [Infowarrior] - Hill intel committees quiet on Shadow Brokers leak Message-ID: Where Are NSA?s Overseers on the Shadow Brokers Release? Published August 19, 2016 | By emptywheel As Rayne has been noting, a group calling itself the Shadow Brokers released a set of NSA hacking tools. The release is interesting for what it teaches us about NSA?s hacking and the speculation about who may have released so many tools at once. But I?m just as interested by Congress? reticence about it. Within hours of the first Snowden leak, Dianne Feinstein and Mike Rogers had issued statements about the phone dragnet. As far as I?ve seen, Adam Schiff is the only Gang of Four member who has weighed in on this > U.S. Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee, also spoke with Mary Louise. He said he couldn?t comment on the accuracy of any reports about the leak. > > But he said, ?If these allegations were true, I?d be very concerned about the impact on the intelligence community. I?d also obviously want to know who the responsible parties were. ? If this were a Russian actor ? and again, this is multiple ?ifs? here ? we?d have to ask what is causing this escalation.? Say, Congressman Schiff. Aren?t you the ranking member of the House Intelligence Committee and couldn?t you hold some hearings to get to the bottom of this? Meanwhile, both Feinstein (who is the only Gang of Four member not campaigning for reelection right now) and Richard Burr have been weighing in on recent events, but not the Shadow Brokers release. The Shadow Brokers hack should be something the intelligence ?oversight? committees publicly engage with ? and on terms that Schiff doesn?t seem to have conceived of. Here?s why: < - > https://www.emptywheel.net/2016/08/19/where-are-nsas-overseers-on-the-shadow-brokers-release/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Aug 22 18:07:45 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Aug 2016 23:07:45 -0000 Subject: [Infowarrior] - Tech slams Homeland Security on social media screening Message-ID: <1392F6AF-D05D-41B6-BBC2-719407B0670A@infowarrior.org> politico.com Tech slams Homeland Security on social media screening By Issac J. Bailey http://www.politico.com/story/2016/08/social-media-screening-privacy-227287 Internet giants including Google, Facebook and Twitter slammed the Obama administration on Monday for a proposal that would seek to weed out security threats by asking foreign visitors about their social media accounts. The Department of Homeland Security for months has weighed whether to prompt foreign travelers arriving on visa waivers to disclose the social media websites they use ? and their usernames for those accounts ? as it seeks new ways to spot potential terrorist sympathizers. The government unveiled its draft plan this summer amid widespread criticism that authorities aren't doing enough to monitor suspicious individuals for signs of radicalization, including the married couple who killed 14 people in December?s mass shooting in San Bernardino, Calif. But leading tech companies said Monday that the proposal could "have a chilling effect on use of social media networks, online sharing and, ultimately, free speech online." The companies? main trade group, the Internet Association, said the government's draft rule would grant customs officials unprecedented access to foreigners' private lives, since users often post sensitive details ? from their political beliefs to their sexuality ? on social media pages. It could also cause trouble for U.S. travelers if other countries follow Washington's lead, the group argued. "Should the U.S. Government advance with the DHS proposal it is probable that other countries will make similar requests of visitors entering their country, including U.S. citizens," the companies wrote in comments to the agency. "This will be true for democratic and non-democratic countries alike, including those that do not have the same human rights and due process standards as the U.S." A spokeswoman for U.S. Customs and Border Protection, which is part of DHS, said the agency is now reviewing the comments on the proposed rule, which was published in the Federal Register in June. She stressed, though, that any disclosure would be "optional." A spokeswoman for the State Department, which has also worked on the measure, did not respond to a request for comment. The government's efforts follow months of criticism, particularly from Capitol Hill, following the San Bernardino attacks. Even though FBI Director James Comey batted down reports that one of the shooters has openly expressed support for jihad on social media before she applied for a U.S. visa, many members of Congress still seized on the incident to push the Obama administration to screen foreigners more aggressively. Like the tech companies, groups like the Center for Democracy and Technology have flagged privacy concerns with DHS? proposal. In comments filed Monday, Emma Llans?, the director of CDT's Free Expression Project, said it would be "unnecessarily invasive" to ask foreign travelers to turn over their account information. The ACLU, the Electronic Frontier Foundation and the New America Foundation teamed up Monday to issue a similar takedown: "This program would invade individual privacy and imperil freedom of expression ... [and] lead to a significant expansion of intelligence activity," they said in joint comments. And the public interest group Access Now delivered 2,300 signatures on a petition opposing the DHS effort. Even though the government would ask travelers to voluntarily disclose their accounts, Access Now argued that foreigners would feel immense pressure to comply and could find themselves unfairly targeted as a result. "The choice to hand over this information is technically voluntary," said Nathan White, the group's senior legislative manager, in a statement. "But the process to enter the U.S. is confusing, and it's likely that most visitors will fill out the card completely rather than risk additional questions from intimidating, uniformed officers ? the same officers who will decide which of your jokes are funny and which ones make you a security risk." -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 23 06:28:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Aug 2016 11:28:50 -0000 Subject: [Infowarrior] - What It Looks Like When The Terrorists Win: The JFK Stampede Over Fans Cheering For Usain Bolt Message-ID: <88470DEC-FCA6-49B8-AE90-DFF485D48148@infowarrior.org> What It Looks Like When The Terrorists Win: The JFK Stampede Over Fans Cheering For Usain Bolt https://www.techdirt.com/articles/20160822/09082135304/what-it-looks-like-when-terrorists-win-jfk-stampede-over-fans-cheering-usain-bolt.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 23 07:06:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Aug 2016 12:06:43 -0000 Subject: [Infowarrior] - EFF: With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy: A Deep Dive Message-ID: <759BC2F9-7A5D-4ADC-92A1-7207247BCB10@infowarrior.org> With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy: A Deep Dive https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 23 11:25:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Aug 2016 16:25:37 -0000 Subject: [Infowarrior] - WikiLeaks revealed private info for 'hundreds' of innocents Message-ID: WikiLeaks revealed private info for 'hundreds' of innocents https://www.engadget.com/2016/08/23/ap-report-condenms-wikileaks/ WikiLeaks will tell you that it's providing valuable transparency while respecting the privacy of innocent people, but the Associated Press isn't convinced that it's walking that fine line. It just published a report showing that Julian Assange and crew published sensitive details for "hundreds" of innocent people, including financial records, identity details and medical files. Among the examples, it identified teen rape victims. Many of last year's leaked Saudi Arabia cables exposed details that could potentially ruin lives in the conservative country, such as the name of a man arrested for being gay and people who've secretly gone into debt. WikiLeaks, not surprisingly, has gone on the defensive in light of the report. It asserts that the AP story is "ridiculous," a "re-run" of a 2015 story that's pointless when the Saudi government already has the details. The group is also floating a conspiracy theory, suggesting that US journalists are trying to discredit its activities now that it has published emails tarnishing the Democratic National Committee and "presumptive winner" Hillary Clinton. It's true that WikiLeaks didn't leak the Saudi cables itself (it just made them easier to search), and AKP party data that contained sensitive Turkish voting info was uploaded by someone else (who has since deleted it). Many of the details aren't new, for that matter. Even so, the report still isn't flattering -- it contradicts Assange's promises of a "harm minimization policy" that protects medical records and other private details that aren't necessary for exposing government corruption and overreach. However much good WikiLeaks might be doing, it's not being very discriminate in what it allows on its site. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 23 19:53:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Aug 2016 00:53:09 -0000 Subject: [Infowarrior] - The Beloit College Mindset List for the Class of 2020 Message-ID: <416CC652-1DDE-4B50-9520-7A2BD99910C7@infowarrior.org> Let's all feel old together! --rick https://www.beloit.edu/mindset/2020/ The Beloit College Mindset List for the Class of 2020 Students heading into their first year of college this year are mostly 18 and were born in 1998. Among those who have never been alive in their lifetime are Frank Sinatra, Phil Hartman, Matthew Shepard, Sonny Bono, and Flo-Jo. Since they arrived on this planet?. ? There has always been a digital swap meet called eBay. ? Grandpa has always been able to reach for the Celebrex. ? They never heard Harry Caray try to sing during the seventh inning at Wrigley Field. ? There have always been Cadillac Escalades, but they just don't seem to be all that into cars. ? West Nile has always been a virus found in the U.S. ? Vladimir Putin has always been calling the shots at the Kremlin. ? The Sandy Hook tragedy is their Columbine. ? Cloning has always been a mundane laboratory procedure. ? Elian Gonzalez, who would like to visit the U.S. again someday, has always been back in Cuba. ? The United States has always been at war. ? Euros have always been the coin of the realm...well, at least part of the realm. ? Serena Williams has always been winning Grand Slam singles titles. ? SpongeBob SquarePants has always lived at Bikini Bottom. ? The Ali/Frazier boxing match for their generation was between the daughters of Muhammad and Joe. ? They have never had to watch or listen to programs at a scheduled time. ? James P. Hoffa has always been president of the International Brotherhood of Teamsters. ? Surprise: There has always been sex in the city. ? John Hinckley has always been able to get out of the hospital to go for a walk. ? Each year they've been alive the U.S. population has grown by more than one million Latinos. ? TV ads for casinos have always been permitted to mention that there is actually gambling going on in there. ? Vaccines have always been erroneously linked to autism. ? Laws against on-the-job harassment have always applied to parties of the same sex. ? Even as the national mood gets glummer, there has always been an annual prize for the most humorous American. ? Catholics and Lutherans have always been in agreement on how to get to heaven. ? To greet them with some cheery news, when they were born, India and Pakistan became nuclear powers. ? If you want to reach them, you?d better send a text?emails are oft ignored. ? They disagree with their parents as to which was the ?first? Star Wars episode. ? ?Nanny cams? have always been available to check up on the babysitter. ? NFL coaches have always had the opportunity to throw a red flag and question the ref. ? Bada Bing ? Tony and Carmela Soprano and the gang have always been part of American culture. ? They have no memory of Bob Dole promoting Viagra. ? Books have always been read to you on audible.com. ? Citizens have always been able to register to vote when they get their driver?s license. ? Bluetooth has always been keeping us wireless and synchronized. ? X-rays have always been digital allowing them to be read immediately. ? Exxon and Mobil have been one company?and it doesn?t own any gas stations. ? They have always eaten irradiated food. ? A Bush and a Clinton have always been campaigning for something big. ? Physicians have always had unions. ? Some have always questioned the sexual orientation of certain Teletubbies. ? Snowboarding has always been an Olympic sport. ? Students have always questioned where and by whom their sweatshirts are made. ? While chads were hanging in Florida, they were potty training in all 50 states. ? Presidents have always been denied line item veto power. ? Nigeria has always been a constitutional republic with a civilian government. ? The once-feared Thalidomide has always been recognized as a cancer fighting drug. ? DreamWorks has always been making animated creatures heroic and loveable. ? Deceased men have always been able to procreate. ? John Elway and Wayne Gretzky have always been retired. ? They have never seen billboard ads for cigarettes. ? The New York Stock Exchange has never reported its ups and downs in fractions. ? Airline tickets have always been purchased online. ? There have always been iMacs on desks. ? Instant, tray-less ice cubes have never been a novelty. ? Robots have always been surgical partners in the O.R. ? Peregrine falcons have never been on the endangered species list. ? Outstanding women basketball players have always had their own Hall of Fame in Knoxville, Tenn. ? Newt who? ? War films have always shown horrific battle scenes inspired by Saving Private Ryan. ? Michael J. Fox has always spoken publicly about having Parkinson's disease. Copyright? 2016 Beloit College Mindset List is a registered trademark -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Aug 25 07:50:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Aug 2016 12:50:10 -0000 Subject: [Infowarrior] - Let's call it Comey Syndrome. Or Vanceanoia. Message-ID: <424D750E-3EC5-4CA2-B32F-668E20735A38@infowarrior.org> Let's call it Comey Syndrome. Or Vanceanoia. And it's spreading like a virus. https://www.techdirt.com/articles/20160823/11163835316/canadian-law-enforcement-want-government-to-force-people-to-turn-over-their-passwords.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 2 08:26:40 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 02 Aug 2016 13:26:40 -0000 Subject: [Infowarrior] - How to deal with Trump, trolls and aggressively emotive untruths online Message-ID: <80E7C40D-8B57-428A-9BE1-21BF8FCB6C36@infowarrior.org> How to deal with Trump, trolls and aggressively emotive untruths online Tom Chatfield https://www.theguardian.com/culture/2016/aug/02/how-to-deal-with-trump-trolls-online As the past few decades have shown, the trolling mindset is awesomely well adapted to a digital age. It ignores rational argument. It ignores evidence. It misreads, deliberately. It uses anything and everything somebody says against them. To argue with trolls is to lose ? to give them what they want. A troll is interested in impact to the exclusion of all else. Trolls themselves are hairy Nordic creatures who live under bridges, but trolling doesn?t take its name from them. It comes from the Old French verb troller, meaning to hunt by wandering around in the hope of stumbling upon prey. The word made its way into English as a description of similar fishing tactics: slowly towing a lure in hope of a bite. Then, in the early 1990s, a Usenet group took up the term to describe some users? gleeful baiting of the naive: posting provocative comments in hope of attracting an outraged ?bite?, then winding up their unwitting victim as thoroughly as possible. In this, trolling is a form of bullshit art. ?The essence of bullshit,? argues the philosopher Harry Frankfurt in his 2005 book of the same name, ?is not that it is false but that it is phony?. Both a liar and an honest person are interested in the truth ? they?re playing on opposite sides in the same game. A bullshitter, however, has no such constraint. As Frankfurt puts it, a bullshitter ?is neither on the side of the true nor on the side of the false ? He does not care whether the things he says describe reality correctly. He just picks them out, or makes them up, to suit his purpose?. Once again, impact is all. The total absence of knowledge or expertise is no barrier to bullshit. In fact, it helps. The artistry lies in knowing your audience, and saying whatever is needed in order to achieve a desired effect. ?Clickbait? Here?s another neat neologism: clickbait. In use since 2011, it brings trolling?s fishing metaphor into explicit play. Online media thrives on clicks. More is always better. Headlines drive clicks ? meaning the data-driven optimization of linguistic click-enticement is now one of journalism?s finest arts. You Won?t Believe How Little Many Stories Have To Do With Their Headlines. Content itself is beside the point ? as the very use of words like content suggests. The moment you start labelling every single piece of writing in the world ?content?, you have conceded its interchangeability: its primary purpose as mere grist to the metrical mill. Dangle the tasty lure, and wait for the fish to bite. Absence of knowledge or expertise is no barrier to bullshit. The art is knowing your audience, saying whatever is needed We live in an age of ever-increasing bullshit. Whenever someone, somewhere decides to pass a passionate comment on something they know nothing about, the whiff of bullshit is in the air ? mingled, if their comments are engineered to provoke, with the stink of troll. ?Trollshitting? We need a new phrase for this kind of aggressively emotive untruth; though hardly a new human phenomenon, it wields particular power in an age of endlessly recycled outrage. Then again, shutting up about Trump and all other professional trollshitters (a potty-mouthed portmanteau is the best I can do for now) might be a better tactic. Bullshit is a kind of conjurer?s incantation. Breaking its spell is a matter not so much of truth ? however much we might like to believe it ? as of disenchantment. Host of HBO?s Last Week Tonight excoriated the GOP nominee?s comments about Khizr and Ghazala Khan, parents of US soldier killed on duty in Iraq Like trolling, attention is its lifeblood: without a consenting audience, each withers. And the less time we waste on headlines and hand waving, the more we can focus on what?s actually going on. In the end, bullshit itself is bullshit ? someone else?s wishes for your thoughts. Don?t take the bait. Step back. Pick your words and your battles carefully ? and never trust a headline that could have been written by satirical algorithm. ? Tom Chatfield is a British author. His book ?Netymology: a linguistic celebration of the digital world? is published by Quercus US on 2 August -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 2 15:20:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 02 Aug 2016 20:20:13 -0000 Subject: [Infowarrior] - Air Force Declares F-35A Ready for Combat Message-ID: (My sympathies to the pilots who fly this thing. And to the bean-counters who fret about losing one IN combat because the unit costs are so high. And to the guys on the ground who know the F-35 can never ever replace the venerable A-10 in supporting them. --rick) Air Force Declares F-35A Ready for Combat Valerie Insinna, Defense News 4:03 p.m. EDT August 2, 2016 http://www.defensenews.com/story/breaking-news/2016/08/02/f35-ioc-air-force-operational-acc-combat/87948142/ WASHINGTON ? The US Air Force on Tuesday declared its first squadron of F-35As ready for battle, 15 years after Lockheed Martin won the contract to make the plane. The milestone means that the service can now send its first operational F-35 formation ? the 34th Fighter Squadron located at Hill Air Force Base, Utah ? into combat operations anywhere in the world. The service, which plans to buy 1,763 F-35As, is the single-largest customer of the joint strike fighter program, which also includes the US Marine Corps, US Navy and a host of governments worldwide. The Air Force, which follows the Marine Corps in approving F-35s for operations, had a five-month window between Aug. 1 and Dec. 31 to proclaim initial operational capability (IOC). After notifying Congress, Air Combat Command (ACC) head Gen. Herbert ?Hawk? Carlisle signed off on the declaration on Aug. 2. In a briefing with reporters Tuesday afternoon, Carlisle stressed that although the F-35A is not perfect, the aircraft has significantly improved from the early days of the program. More importantly, its stealth, electronic warfare and sensor fusion capabilities are urgently needed for future conflicts. "Given the national security strategy, we need it," he said. "You look at the potential adversaries out there, or the potential environments where we have to operate this airplane, the attributes that the F-35 brings ? the ability to penetrate defensive airspace, the ability to deliver precision munitions with a sensor suite that fuses data from multiple information sources ? is something our nation needs." The service?s top leaders also sounded off in support of the declaration. Air Force Chief of Staff Gen. David Goldfein and Air Force Secretary Deborah Lee James both labeled it "an important milestone." ?The F-35A brings an unprecedented combination of lethality, survivability and adaptability to joint and combined operations, and is ready to deploy and strike well-defended targets anywhere on Earth,? Goldfein said in a statement. F-35 Program Executive Officer Lt. Gen. Christopher Bogdan said the IOC declaration sends a message to US friends and foes: "The F-35 can do its mission." Still, challenges abound. For example, during a recent interim readiness assessment, operational testers found the F-35A's scope did not always display data in an intuitive manner, necessitating that the pilot hone in on a data point to get more information, Carlisle told reporters. The Air Force, together with the joint program office, hopes to fix that issue in 2017 with its 3F software, which will give the the aircraft its full war-fighting capability, including the ability to launch certain types of weapons such as the Small Diameter Bomb. Other 3F changes, like improved pilot interfaces and displays, will make the plane easier to operate, he said. To reach the IOC milestone, Hill Air Force Base needed at least 12 combat-ready jets capable of global deployment to provide what officials have termed basic close-air support, air interdiction, and limited suppression and destruction of enemy air defense missions. Also required were enough pilots, maintainers and equipment to support the squadron. Asked to spell out what the difference was from the F-35's basic close-air support capability and a full close-air support capablity, Carlisle declined to go into specifics. "Basically it doesn't have necessarily all of the attributes" of the A-10, which was built for close-air support, he said. For instance, the airplane was not designed with an infrared pointer. Getting to the point where the Air Force could meet its IOC requirements was not exactly easy, as the F-35 program hit a few unforeseen snags this year. Bogdan announced in the spring that the joint program office had identified instances of ?software instability? that would cause the jets to have trouble booting up and, once the software was running, prompt the random shutdown of sensors. Then, Lockheed in June disclosed that the latest version of the plane?s Autonomic Logistics Information System, ALIS 2.0.2, would not be available until at least October. ALIS is the F-35?s maintenance backbone, and is used for everything from mission planning to ordering spare parts. The F-35 appeared to turn the corner after seven planes from Hill deployed to Mountain Home Air Force Base in Idaho. There, pilots and maintainers confirmed they could successfully operate and repair the plane away from home base, even with an earlier version of ALIS. They also demonstrated that Lockheed?s software update had fixed software instability problems, reporting zero glitches during the 88 sorties flown. After that deployment, Carlisle said the current version of ALIS would not be a ?limiting factor? that would keep the F-35 from becoming operational. The squadron at Hill then completed its own checklist, which included tasks such as ensuring enough pilots were combat-ready and subjecting them to an oral examination. On July 27, members of Hill Air Force Base?s 34th Fighter Squadron told the press they had amassed 12 modified F-35As and 21 combat-mission-ready pilots and completed all the paperwork needed to make an IOC declaration. Todd Harrison, a defense analyst with the Center for Strategic and International Studies, said declaring IOC is a sign the F-35 program has moved beyond the well-known cost overruns and development issues that marked so much of the fifth-generation fighter's development. "I?m sure there will still be kinks that come up in the system in the coming years, but for the most part I think this means the program has stabilized, they?re on a good trajectory, [and] most of the potential for major cost overruns and technological challenges are now behind us," he said. Critics of the program have said declaring IOC is more of a marketing move than an actual operational one, as the service set the IOC requirements itself. Harrison acknowledged that view but said IOC is still an important step forward. "It?s not doing everything they wanted it to do. It?s had all kinds of problems along the way. But they are at the point now where it is stabilizing, so it?s still a milestone of progress." The Road Ahead Carlisle said in July that even though he would feel comfortable sending the F-35 to a fight as soon as the jet becomes operational, ACC has formed a ?deliberate path? where the aircraft would deploy in stages: first to Red Flag exercises, then as a ?theater security package? to Europe and the Asia-Pacific. The fighter probably won?t deploy to the Middle East to fight the Islamic State group any earlier than 2017, he said, but if a combatant commander asked for the capability, ?I?d send them down in a heartbeat because they?re very, very good.? The ACC commander reiterated that sentiment Tuesday, stating that he would deploy the F-35 if its capabilities were needed. Deployments to Europe and the Asia-Pacific, which Carlisle would like to see within 18 months, would help boost partner nations' confidence in the airframe, he said. Over the next several years, the Air Force plans to stand up two more operational squadrons at Hill. That will entail growing the F-35 maintainer corps from the 222 currently trained personnel to almost 700 maintainers, said Lt. Col. Steven Anderson, deputy commander of the 388th Maintenance Group. ?We?ve got at least another 150 in the training pipeline,? he said last week. ?On average, it?s 12 months to take a fourth-gen legacy aircraft maintainer and turn them into a fifth-generation maintainer, so those maintainers that are in the pipeline now will be standing up our next couple squadrons.? Burlington Air National Guard Base in Vermont is set to become the second operational base ? and the first Air National Guard base ? to host the F-35, and will receive 18 joint strike fighters to replace its F-16s, Richard Meyer, the Air Force?s deputy chief of the F-35 system management division, said in a July 29 interview. Around 2020, Eielson Air Force Base in Fairbanks, Alaska, will get two squadrons of 24 F-35s. Those aircraft are not slated to replace any fourth-generation fighters at the base and will bring added capability, he said The Air Force?s first overseas base, RAF Lakenheath in England, will follow about a year afterward. Lakenheath will be home to two F-35 squadrons in addition to the F-15E and F-15C squadrons it already has. The service is still evaluating which installations to select for the fifth, sixth and seventh operational bases, Meyers said. The fifth and sixth bases will be Air National Guard bases, while the seventh will be one of four reserve bases that currently host F-16 or A-10 squadrons: Homestead Air Reserve Base in Florida, Whiteman Air Force Base in Missouri, Davis-Monthan Air Force Base in Arizona or Naval Air Station Joint Reserve Base Fort Worth in Texas, which is home to Air Force F-16s. "You have to do an environmental assessment to ensure the base meets all the requirements of the environment of the new plane,? Meyers said. That assessment entails evaluating whether new military construction is needed and whether existing facilities need any alterations to be able to support the aircraft. ?It just takes a while," he added. F-35 manufacturer Lockheed Martin congratulated the service on meeting the IOC milestone. "With the F-35A, the Air Force now has a fighter combining next-generation radar-evading stealth, supersonic speed, fighter agility and advanced logistical support with the most powerful and comprehensive integrated sensor package of any fighter aircraft in history," the company said in a statement. Pratt & Whitney, which produces the F135 engine used in all three variants of the jet, also sent a statement congratulating the service. Aaron Mehta in Washington contributed to this report. Email: vinsinna at defensenews.com Twitter: @ValerieInsinna Read or Share this story: http://defnews.ly/2aKGXHE -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Aug 3 08:18:15 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 03 Aug 2016 13:18:15 -0000 Subject: [Infowarrior] - If true, be afraid. Message-ID: <2B177747-3295-4094-B158-F9E2A7D604A7@infowarrior.org> (Disclosure: Registered independent, dislike both mainstream candidates.) We all know there's more than enough media noise surrounding the 2016 campaign, and I've been very good in not adding to everyone's misery by posting much if any stuff, even security-related, from the campaigns. However, although anonymously-sourced (so far) I think the following is worth relaying for your situational awareness ... take as you will. Perhaps this candidate figures if he nukes enough land around the world he can buy it up cheaply to develop and sell more golf courses. -- rick August 03, 2016, 08:26 am Scarborough: Trump asked advisor why US can't use nuclear weapons http://thehill.com/blogs/ballot-box/presidential-races/290217-scarborough-trump-asked-about-adviser-about-using-nuclear Donald Trump asked a foreign policy adviser multiple times in an hour-long briefing why the U.S. can?t use its nuclear weapons, MSNBC anchor Joe Scarborough said Wednesday morning. Scarborough revealed the story while he was interviewing former CIA Director Michael Hayden on "Morning Joe" about Trump's campaign. ?Several months ago, a foreign policy expert went to advise Donald Trump,? Scarborough said. ?And three times he asked about the use of nuclear weapons ? three times he asked. At one point, ?If we have them, why can?t we use them?? ? ?That?s one of the reasons why he doesn?t have foreign policy experts around him,? Scarborough added. Watch Scarborough discuss the revelation in the video above. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Aug 3 08:24:46 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 03 Aug 2016 13:24:46 -0000 Subject: [Infowarrior] - FBI took months to warn Democrats of suspected Russian role in hack: sources Message-ID: <76385954-6BAD-4E06-B8E9-BAEE8719C84E@infowarrior.org> FBI took months to warn Democrats of suspected Russian role in hack: sources WASHINGTON/SAN FRANCISCO | By Mark Hosenball, John Walcott and Joseph Menn The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters. And in months of follow-up conversations about the DNC's network security, the FBI did not warn party officials that the attack was being investigated as Russian espionage, the sources said. The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of confidential emails and documents stolen, one of the sources said. Instead, Russian hackers whom security experts believe are affiliated with the Russian government continued to have access to Democratic Party computers for months during a crucial phase in the U.S. presidential campaign, the source said. As late as June, hackers had access to DNC systems and the network used by the Democratic Congressional Campaign Committee, a group that raises money for Democratic candidates and shares an office with the DNC in Washington, people with knowledge of the cases have said. A spokeswoman for the FBI said she could not comment on a current investigation. The DNC did not respond to requests for comment. < - > http://www.reuters.com/article/us-usa-cyber-democrats-reconstruct-idUSKCN10E09H -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Aug 3 08:34:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 03 Aug 2016 13:34:32 -0000 Subject: [Infowarrior] - In Memoriam: LOGO creator Seymour Papert 1928-2016 Message-ID: <06D77D1D-B98A-43AF-AC55-CB1C4981FF01@infowarrior.org> ACM News In Memoriam: Seymour Papert 1928-2016 By Lawrence M. Fisher August 2, 2016 http://m.cacm.acm.org/news/205495-in-memoriam-seymour-papert-1928-2016/fulltext Seymour Papert, a South African-born American mathematician, computer scientist, and educator who anticipated the use of computers to educate children and stimulate their creativity, died at his home in Blue Hill, Maine, on July 31, 2016, at the age of 88. Papert?s career encompassed research and development into areas as seemingly diverse as child development, artificial intelligence, and educational technologies. Born in 1928 in Pretoria, South Africa, Papert attended the University of the Witwatersrand in South Africa, where he earned a B.A. in philosophy in 1949, followed by a Ph.D. in mathematics in 1952. His studies took him to Cambridge University in the U.K., where he earned a second Ph.D. in mathematics, then to the University of Geneva, where he worked with Swiss clinical psychologist Jean Piaget, whose theories about the ways children make sense of the world changed Papert?s view of children and learning. From Switzerland, Papert came to the U.S., joining the Massachusetts Institute of Technology (MIT) as a research associate in 1963. He became a professor of applied mathematics at that institution in 1967, and shortly after was appointed co-director of the Artificial Intelligence Lab (later known as the Computer Science and Artificial Intelligence Laboratory, or CSAIL) by founding director Marvin Minsky, with whom he wrote the book,"Perceptrons: an introduction to computational geometry." Papert used Piaget's work in his development of the Logo programming language, which he created with AI researcher Wally Feurzeig. Papert saw the creation of Logo as a way to improve the way children think and solve problems, insisting a simple programming language that children could learn could also have advanced functionality for expert users. In 1981, Papert and several others at MIT started Logo Computer Systems Inc. (LCSI), which he served as board chair for over 20 years. Working with LCSI, Papert designed a number of award-winning programs, including LogoWriter educational software and Lego/Logo, which could manipulate robotic Lego bricks attached to a computer (a precursor to Lego Mindstorms, kits containing software and hardware for the creation of customizable, programmable robots). In 1985, Papert and Minsky joined former MIT president Jerome Wiesner and professor Nicholas Negroponte as founding faculty members of the the MIT Architecture Machine Group, later known as the MIT Media Lab. He went on to create the Epistemology and Learning Research Group, where he worked on the development of a theory on learning called constructionism (which advocates student-centered, discovery learning in which students use what they already know to acquire more knowledge), which built upon the work of Piaget in Constructivism learning theories. Papert rethought how schools should work, based on these theories of learning, and was known for focusing on the impact of new technologies on learning in general, and in schools as learning organizations in particular. A proponent of the Knowledge Machine, a hypothetical concept intended to enable children to explore any situation and engage them, Papert also was one of the principals for the One Laptop Per Child initiative to manufacture and distribute inexpensive laptop computers to children in developing nations (he declined to use Mac OS X on the computers, despite the operating system being offered for use free of charge by Apple co-founder, chairman, and CEO Steve Jobs, because it was not open source and could not be tinkered with; Linux was selected instead.) Papert was married several times. His third wife was Sherry Turkle, Abby Rockefeller Mauz? Professor of the Social Studies of Science and Technology at MIT; together they wrote the influential paper "Epistemological Pluralism and the Revaluation of the Concrete," which offered the following: Women's access to science and engineering has historically been blocked by prejudice and discrimination. Here we address sources of exclusion determined not by rules that keep women out, but by ways of thinking that make them reluctant to join in. Our central thesis is that equal access to even the most basic elements of computation requires an epistemological pluralism, accepting the validity of multiple ways of knowing and thinking. In 2006, Papert (then 78) was attending 17th International Commission on Mathematical Instruction (ICMI) Study conference in Hanoi, Vietnam, when he was struck by a motorcycle and received a serious brain injury. Following emergency surgery in Hanoi, he was transferred to Boston, and later to a hospital closer to his home. He did not return to his home until 2008, and then had to go through extensive rehabilitation (based on some of the principles of hands-on learning he had pioneered) to overcome "some complicated speech problems." Papert's work has been invaluable to other researchers in the fields of education and computer science. For example, he influenced the work of mathematician, educator, learning technologist, and computer scientist Uri Wilensky in the design of the NetLogo agent-based programming language and integrated modeling environment, and collaborated with him on the study of knowledge restructurations. Papert also influenced the work of learning sciences researcher Idit Harel Caperton, co-authoring articles and the book Constructionism with her, and chairing the advisory board of MaMaMedia, an educational consulting firm Harel founded that specializes in applications of constructionist learning theory. In addition, Papert influenced 2003 ACM A.M. Turing Award recipient Alan Kay and his Dynabook concept of a laptop-like device for students (which he put forth in 1972), and worked with Kay on a number of projects. Papert was the recipient of a Guggenheim fellowship in 1980, a Marconi International fellowship in 1981, the Software Publishers Association Lifetime Achievement Award in 1994, and the Smithsonian Award from Computerworld in 1997. Yann LeCun, director of AI research at Facebook and founding director of the New York University Center for Data Science, said he was quite a fan of Papert, "despite his role in killing the first wave of neural nets." He said the book Papert wrote with Minsky, Perceptrons, may have "had a hand in killing the first wave of neural nets, but it wasn't Papert's intention. I suppose we can blame it all on Marvin, who remained quite critical of neural nets all his life." (Minsky died earlier this year.) The French-born LeCun, who said he "never had the pleasure to meet" Papert, "but I wish I had," recalled studying electrical engineering at Ecole Superieure d'Ing?nieur en Electrotechnique et Electronique in Paris around 1980 when he stumbled on a book containing "a transcript of a 1975 debate between the developmental psychologist Jean Piaget and linguist Noam Chomsky and their respective teams of supporters. In my na?ve thoughts about artificial intelligence, I had come to the realization that intelligence could not be hand-crafted, but had to be the result of learning. Needless to say, when reading the book, I was rooting for Piaget, and was very skeptical of Chomsky's arguments. "One chapter in this book was a transcript of Seymour Papert's talk (and the ensuing debate). Papert was on Piaget's team, having worked with him in the late ?50s. In his talk, he was praising the learning abilities of the Perceptron, a simple machine capable of learning. I found this concept so fascinating that I spent entire days at the INRIA library (near Versailles) every week of the following months, searching for everything I could find about the Perceptron, its ancestors, and its descendant. I realized that (1) there were lots of interesting ideas about neural nets, learning, and self-organization in the heydays of Cybernetics in the ?50s, (2) almost no one was working on learning machines any more by 1982 (except a few Japanese researchers like Amari and Fukushima), (3) Minsky and Papert wrote the book that killed the whole field!" However, LeCun said, "I was hooked." He said Papert's book Mindstorms came out in 1980, just after he had read Perceptrons, "and he became one of my intellectual heroes. I became fascinated by his work on child development and education (very much inspired by Piaget), the LOGO language, the Lego Mindstorms (named after his book), etc. "In short, Papert is the person who triggered my lifelong interest in learning machines." Mehran Sahami, a professor and Associate Chair for Education in the computer science department at Stanford University, and the Robert and Ruth Halperin University Fellow in Undergraduate Education at Stanford, as well as co-chair of ACM?s Education Board, said Papert "was truly an intellectual giant, making deep contributions to many areas in computing. "His pioneering work in constructionist learning spawned generations of learning scientists focused on helping children learn about computing and using computing as a means for learning. Millions of people have learned to program and use computers as a means for creative expression thanks to Papert's work. "It's simply not possible to overstate his impact on the field." Many papers by Papert may still be accessed on his website. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Aug 3 08:59:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 03 Aug 2016 13:59:57 -0000 Subject: [Infowarrior] - =?utf-8?q?Pok=C3=A9mon_GO_Player=27s_Guide/Malwar?= =?utf-8?q?e?= Message-ID: <1C80F4C9-8D6A-4D29-B2DE-14D191810D51@infowarrior.org> (c/o DM) Appendix:Pok?mon GO Player's Guide/Malware Notify me about Pok?mon GO Plus! From Bulbapedia, the community-driven Pok?mon encyclopedia. < Appendix:Pok?mon GO Player's Guide Pok?mon GO has become very popular, incredibly so. For this reason, many people got it on release date. There was a problem, however. It was only released in very limited areas. As a result, many people wanted the software early. Then, it got so popular that the servers were slow and froze often. The Pok?mon Company International didn't want to release the software in any more regions until these problems were fixed. It is for these reasons that people downloaded Pok?mon GO in less-than-legitimate means. And when people do that, then there are those that want to profit from it by putting potentially dangerous malware into Pok?mon GO. This guide will determine whether your version is dangerous, and what to do about it if it is. < - > http://bulbapedia.bulbagarden.net/wiki/Appendix:Pok%C3%A9mon_GO_Player%27s_Guide/Malware -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Aug 3 13:41:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 03 Aug 2016 18:41:33 -0000 Subject: [Infowarrior] - Report: Operating Systems Should Actively Block Pirated Downloads Message-ID: <129A2805-EA0A-4473-8425-E4661C67BF9B@infowarrior.org> Report: Operating Systems Should Actively Block Pirated Downloads ? By Ernesto ? on August 3, 2016 https://torrentfreak.com/rightsholders-want-microsoft-ban-pirated-software-windows-160803/ Apple, Google and Microsoft, are in an ideal position to deter piracy, according to a new report published by Black Market Watch and the Global Initiative against Transnational Organized Crime. The controversial report opts for voluntary or mandatory blocking of pirated content on the operating system level. When Windows 10 was launched last year, rumors spread that the operating system was equipped with a built-in piracy kill switch. According to some reports, this would allow Microsoft to nuke all torrents downloaded from The Pirate Bay, and more. A scary outlook, but also a massive exaggeration, for now. The controversy originated from a single line in Microsoft?s Service Agreement which allows the company to download software updates and configuration changes that may prevent people from ?playing counterfeit games.? Technically this allows Microsoft to block people from playing pirated games across Windows 10 and other services, but thus far there is no indication that this is happening. However, this week the issue was highlighted again in a report published by Black Market Watch and the Global Initiative against Transnational Organized Crime, which made several recommendations on how online piracy could be tackled in Sweden. While most of the media attention focused on the role of ISPs, there is an even more controversial proposal that has been largely overlooked. According to the report, pirated content should be banned on the operating system level. ?Other players that possess the potential ability to limit piracy are the companies that own the major operating systems which control computers and mobile devices such as Apple, Google and Microsoft,? one of the main conclusions reads. ?The producers of operating systems should be encouraged, or regulated, for example, to block downloads of copyright infringing material,? the report adds. The report references last year?s Windows 10 controversy, noting that these concerns were great enough for some torrent sites to block users with the new operating system. While Sweden doesn?t have enough influence to make an impact on these global software manufacturers, applying pressure through the international community and trade groups may have some effect. ?Sweden?s ability to influence this as a single state is small, but it can take action through the EU and the international community. Copyright holders can also play a role in promoting this through international industry associations,? the report notes. For now, it?s unlikely that the plan will become reality in the near future. Yesterday, Swedish ISP Bahnhof responded to the report by saying that it doesn?t want to act as piracy police, and Apple, Google and Microsoft are not going to be happy with this role either. However, it?s clear that anti-piracy proposals are getting more extreme year after year. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Aug 3 17:23:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 03 Aug 2016 22:23:30 -0000 Subject: [Infowarrior] - Comcast Says It Wants to Charge Broadband Users More For Privacy Message-ID: <52252C8B-EB7C-42F3-B438-1949C1E6F815@infowarrior.org> Comcast Says It Wants to Charge Broadband Users More For Privacy by Karl Bode Wednesday Aug 03 2016 10:56 EDT http://www.dslreports.com/shownews/Comcast-Says-It-Wants-to-Charge-Broadband-Users-More-For-Privacy-137567 Comcast this week informed the FCC that it should be able to charge broadband users looking to protect their privacy more money. The FCC has been crafting some new privacy rules for broadband that would force ISPs to disclose exactly what they're collecting and selling, while also providing working opt-out tools. But the FCC also wants to take aim at efforts by some ISPs to make privacy a premium option. AT&T, for example, charges its U-verse broadband customers significantly more if they want to opt out of snoopvertising. In a new filing with the FCC (pdf), Comcast argues that charging consumers more money to opt out of snoopvertising should be considered a "perfectly acceptable" business practice. "A bargained-for exchange of information for service is a perfectly acceptable and widely used model throughout the U.S. economy, including the Internet ecosystem, and is consistent with decades of legal precedent and policy goals related to consumer protection and privacy," Comcast said in the filing. The company proceeds to claim that banning such options "would harm consumers by, among other things, depriving them of lower-priced offerings." In short, Comcast is arguing that protecting your own privacy should be a paid luxury option, and stopping them from doing so would raise broadband rates. But as we've noted for years it's the lack of competition that keeps broadband prices high. It's also the lack of competition that prevents users upset with broadband privacy practices from switching to another ISP. That's why the FCC thinks some basic privacy rules of the road might be a good idea. AT&T was the first major broadband provider to charge users more to protect their privacy when it launched its gigabit broadband service in Austin in late 2014. Users have to pay AT&T a $30 or more monthly premium if they want to opt out of AT&T's "Internet Preferences," a deep packet inspection program that tracks your browsing behavior around the Internet -- down to the second. But opting out of Internet Preferences can be a difficult option to even find if you're a new customer, quite intentionally buried in a labyrinth of website menu options. And few are likely to choose it given it dramatically raises a customer's monthly bill from between $531 and $800 the first year. AT&T has repeatedly tried to argue that they're not charging users for basic privacy, they're offering a "discount." The FCC reclassified ISPs as common carriers under Title II of the Communications Act last year. After defeating the broadband industry's court challenge of this move last June, the FCC is now looking to update legacy phone privacy rules in the act for the broadband era. Comcast, AT&T, Verizon and other large providers have repeatedly argued that privacy rules governing broadband connections are completely unnecessary. In contrast, consumer advocates argue that the decision to make privacy an expensive luxury option -- combined with Verizon and AT&T's decision to covertly modify wireless user packets to track customers around the Internet -- make it abundantly clear that the industry simply can't be trusted to self-regulate on the privacy front without significant consumer harm. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Aug 4 09:08:27 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 04 Aug 2016 14:08:27 -0000 Subject: [Infowarrior] - Copyright Office Says Hollywood Should Control Your TV Message-ID: <82FED63B-D9D7-4EC7-8889-19EF4C5EA8C4@infowarrior.org> (What's next for Washington? Reintroducing the moronic Fritz Hollings "Hollywood Hacking Bill" from years ago? -- rick) August 3, 2016 | By Mitch Stoltz Copyright Office Jumps Into Set-Top Box Debate, Says Hollywood Should Control Your TV https://www.eff.org/deeplinks/2016/08/copyright-office-jumps-set-top-box-debate-says-hollywood-should-control-your-tv The Federal Communications Commission has a plan to bring much-needed competition and consumer choice to the market for set-top boxes and television-viewing apps. Under the FCC?s proposed rule change, pay-TV customers would be able to choose devices and apps from anywhere rather than being forced to use the box and associated software provided by the cable company, ending cable companies? and major TV studios? monopoly in the field. But major entertainment companies are trying to derail this effort and keep control over TV technology. Central to their argument is a set of misleading claims about copyright law. Hollywood thinks that copyright holders should be able to use licensing agreements to place whatever restrictions they like on how people can access their content. Unfortunately, the Copyright Office has sent a letter to Congress supporting those claims. The letter is wrong as a matter of law, and it?s also bad policy. Rather than promote innovation, the Copyright Office offers ideas that would be hostile to choice and innovation in all kinds of information technology, not just pay TV. Congress and the courts have repeatedly rejected that vision, and so should the FCC. The FCC?s plan would let cable and satellite subscribers choose the devices and apps they can use to access pay TV content instead of being limited to the leased set-top boxes and walled-garden apps provided by the cable and satellite companies. That?s not just a great goal; it?s also the law?Congress ordered the FCC to pursue this goal all the way back in 1996, but cable companies and TV producers have fought against it for over 20 years. Choice and competition threaten cable and content companies? power to control what programming programming gets seen or ignored, how we can search for it, and who can build the hardware and software. Currently, that power over the design of personal TV technology derives from a confluence of unfair private agreements and monopoly power, not from copyright law. Copyright gives rightsholders power to control copying, but not technology design; in fact, that sort of control is antithetical to copyright?s purpose. Over thirty years ago, in Sony v. Universal, the Supreme Court refused to allow movie studios to ?extend [their] monopoly? into ?control over an article of commerce??the videocassette recorder??that is not the subject of copyright protection.? You can search all 280 pages of the Copyright Act, and you won?t find anything that says a copyright holder has the power to control search functionality, or channel placement, or to decide who can build a DVR or video app. Unlocking competition in pay TV hardware and software isn?t a copyright issue - it?s a competition issue. But the Copyright Office mistakenly suggests that a copyright holder ?generally has full control as to whether and how to exploit his or her work.? Once a copyright holder has released their work to paying customers, like cable subscribers, those customers have their own set of rights: to view TV programs at home or on the go, to skip around within the programs as they wish, to search for and organize the programs and other content they?re entitled to see, and to choose tools that enable them to do these things. The Copyright Office?s letter implies that cable and content companies could create new rights for themselves just by writing them into private contracts between each other: the right to control which ?platforms and devices? customers can use, the right to limit time-shifting and other fair uses, and the right to ?exclude? other software from a customer?s device. While private companies are free to negotiate conditions like these between each other, nothing in the law gives copyright holders the power to impose those conditions on the whole world, snuffing out the rights of users. If the law were actually as the Copyright Office says it is, the Internet as we know it would be impossible?or it would look a lot like today?s cable TV. Imagine that a popular news website made an agreement with your Internet service provider saying that no one should be able to save a local copy of a news article, or to email a link to a friend. Under the Copyright Office?s theory, it might be illegal for you, the subscriber, to do those things. And websites could create other rules dictating subscribers? activity just by putting them in a secret contract. When you apply the Copyright Office?s reasoning to media in which healthy competition exists, it?s easy to see the logic break down. Re-branding cable and content companies? private deals as ?copyright? issues risks stalling all sorts of efforts to promote competition and innovation that can lead to new markets for creative work. And it?s simply incorrect. Copyright law gives owners specific rights?namely, to control copying and redistribution of their works. Copyright holders cannot control the technologies that customers use to lawfully access their works, nor can they invent new restrictions and rights out of thin air. The Copyright Office should have seen through Hollywood?s attempt to shut out competition through a misinterpretation of copyright law. We hope the FCC does. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Aug 4 10:21:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 04 Aug 2016 15:21:09 -0000 Subject: [Infowarrior] - First Click: Apple should stop selling four-year-old computers Message-ID: (Agree completely. Apple is showing their main interest now is mass market consumer gadgetry (i-whatevs), not uber-innovative COMPUTERS. They're more Sony than Apple of yore. -- rick) First Click: Apple should stop selling four-year-old computers ? By Sam Byford ? on August 4, 2016 07:30 am http://www.theverge.com/2016/8/4/12373776/2012-macbook-pro-still-alive-not-dead-why#comments One thousand, five hundred and fourteen days. Or: four years, one month, and twenty-four days. That?s how long it?s been since Apple released the last MacBook Pro to come without a Retina display. The $1,199 13-inch model was powered by a 2.5GHz Core i5 Ivy Bridge processor, a solid option for a midrange laptop in June 2012. I got one that month and am actually typing this column on it right now, having performed open hard drive surgery last night to bring it back from the dead. Nothing unusual about that, of course ? technology moves on. Except it?s now August 2016, and Apple is inexplicably still selling the exact same laptop. For longtime Mac users, MacRumors? Buyer?s Guide is an online institution. The publication catalogs the release dates of each major Apple product line and contrasts them against the company?s usually predictable timeframe for updates, ultimately delivering a verdict on whether it?s better to buy now or wait. It?s a hugely useful resource that I?ve often pointed people to when asked for recommendations on laptop purchases. MacRumors lists almost every Mac as "Don't Buy" But right now, the Mac section of the guide makes for depressing reading. Apart from the 12-inch MacBook, which was refreshed in April, every single Mac line from the mini to the Pro is designated as "Don?t Buy" because of how long it?s been since Apple updated them. The Retina MacBook Pro is 442 days into its current cycle, despite refreshes coming every 268 days on average in the past. The Mac mini has gone 657 days since its last update, which was controversial in itself since Apple removed quad-core options and made the product harder to upgrade after purchase. And the Mac Pro, released in December 2013 following much "Can?t innovate any more, my ass"-fueled fanfare? It hasn?t received a single update since then. "This is without a doubt the future of the pro desktop," Phil Schiller said when announcing the Mac Pro on stage that year. Did he mean that this was the precise model Apple expects professional users to use literally forever? Apple iterates quickly and consistently in mobile because the rate of technological progress is so much more dramatic in that arena. The company does amazing work to keep its iPhones and iPads ahead of competitors, performance-wise. Simple Intel processor upgrades are less important to laptops these days, however, and I?m finding this 2012 MacBook Pro fine to work from right now ? faster than my 2015 MacBook, at least, which is enough for my needs. But that doesn?t mean it isn?t unconscionable for Apple to continue to sell outdated products to people who may not know any better. Is the company really saving that much money by using 2012 processors and 4GB of RAM as standard? Even an update to Intel?s Haswell chips from 2013 would have brought huge battery life improvements. Apple is bound by the whims of its suppliers to a certain extent, and it may not always make sense for the company to upgrade its products with every single new chip or GPU that comes out. But there?s a certain point at which it just starts to look like absentmindedness, and many Mac computers are well past that point now. there?s a certain point at which it just starts to look like absentmindedness If Apple needs to keep the non-Retina MacBook Pro around for certain users who really need a DVD drive, fine; I happen to like the chunky old design, and it?s good to have a Mac laptop in the lineup where you can still upgrade the RAM and storage. But there?s no excuse for selling four-year-old hardware for $1,099. (Yes, Apple charitably dropped the price by one hundred whole dollars two years ago.) The 2012 MacBook Pro still runs okay today, but not that okay. The issue pervades almost the entire Mac line. Professionals really do care about performance, so the nearly three-year wait for a new Mac Pro is exasperating to many ? not least Oculus founder Palmer Luckey, who says he?d like to support the Mac "when Apple makes a good computer" with modern GPUs. The Mac mini is similarly losing its relevance in the desktop space; I?d actually like to buy one soon, but I?d feel like an idiot. And it?s understandable not to update the MacBook Air with a Retina display given the shift to the new MacBook, but to continually ship it with an awful TN panel? The Air?s screen was subpar in 2012, which is why I got the bulkier but IPS-equipped Pro back then in the first place. Apple should be embarrassed to have it in its stores today. Signs point to a major MacBook Pro update coming later in the year, but nothing short of a complete overhaul for the entire Mac line will suffice. People that buy Apple products do so because they want the best; in hardware terms, at least, it?s hard to argue that most people buying a Mac today will be getting that. If Apple doesn?t want to keep its products reasonably current, that?s its prerogative. But if that truly is the case, maybe it shouldn?t sell them at all. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Aug 4 10:56:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 04 Aug 2016 15:56:32 -0000 Subject: [Infowarrior] - Hillary Clinton and Donald Trump's Cybersecurity Platforms, Compared Message-ID: <2DFC2102-666C-440E-BFB8-F22E26E7C003@infowarrior.org> Hillary Clinton and Donald Trump's Cybersecurity Platforms, Compared http://lifehacker.com/hillary-clinton-and-donald-trumps-cybersecurity-platfor-1784790979 -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Aug 4 14:54:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 04 Aug 2016 19:54:12 -0000 Subject: [Infowarrior] - International Olympic Committee bans GIFs Message-ID: (Not that I plan to watch, but at what point do the courts, media and/or tech industry say ENOUGH IS ENOUGH to these abusive IP maximalists? --rick) International Olympic Committee bans GIFs Cory Doctorow / 12:36 pm Thu Aug 4, 2016 http://boingboing.net/2016/08/04/international-olympic-committe.html They've "expressly prohibited" turning anything from the Olympics into "animated formats such as animated GIFs (i.e. GIFV), GFY, WebM, or short video formats such as Vines." You know what, I fucking surrender. Olympic corruption, greed and venality has been boundless for decades, but this kind of fantastic out-of-touchness literally leaves me wordless. > 2. Internet and Mobile Platforms Notwithstanding any other applicable limitation included in these NARs, Olympic Material must not be broadcast on interactive services such as "news active" or "sports active" or any other related Video on Demand services, which would allow the viewer to make a viewing choice within a channel and to thereby view Olympic Material at times and programs other than when broadcast as part of a News Program as set out in Clause 1 above. Additionally, the use of Olympic Material transformed into graphic animated formats such as animated GIFs (i.e. GIFV), GFY, WebM, or short video formats such as Vines and others, is expressly prohibited. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 5 07:08:01 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 05 Aug 2016 12:08:01 -0000 Subject: [Infowarrior] - Ryan: TPP doesn't have support for House vote Message-ID: Please let it be so!! Ryan: TPP doesn't have support for House vote this year http://thehill.com/policy/finance/290484-ryan-tpp-doesnt-have-enough-support-for-a-house-vote-this-year -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 5 07:16:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 05 Aug 2016 12:16:50 -0000 Subject: [Infowarrior] - Megaupload 2.0 Will Link File Transfers to Bitcoin Transactions Message-ID: Megaupload 2.0 Will Link File Transfers to Bitcoin Transactions ? By Andy ? on August 5, 2016 Kim Dotcom is teasing fresh information about his Megaupload 2.0 project set to launch in January 2017. Noting that every file transfer will be linked to a bitcoin transaction, Dotcom says the new platform will take decentralization, anonymity & encryption "to the next level". Following a few hints dropped early last month, Kim Dotcom later confirmed he was working on a brand new file-sharing platform with a familiar name. Now partially confirmed as Megaupload (or possibly Megaupload 2.0), the site is set to launch in January 2017, an event that will coincide with the 2012 closure of the original site and the massive police raid against its operators. Over the past few days Dotcom has taken to Twitter to drip feed various nuggets of information about his upcoming service. The first came on Tuesday when he said that he couldn?t wait to launch ?groundbreaking innovations? that will take Bitcoin ?mainstream.? After concentrating on his usual array of political tweets, a few hours ago Dotcom stepped on the Megaupload gas, underlining its links to Bitcoin. < - > https://torrentfreak.com/megaupload-2-0-will-link-file-transfers-bitcoin-transactions-160805/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 5 07:16:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 05 Aug 2016 12:16:50 -0000 Subject: [Infowarrior] - Torrentz Shuts Down, Largest Torrent Meta-Search Engine Says Farewell Message-ID: <022EE06A-C811-4DFA-A31E-FC7D5F56B237@infowarrior.org> Torrentz Shuts Down, Largest Torrent Meta-Search Engine Says Farewell - TorrentFreak By Ernesto Torrentz.eu, one of the world's largest torrent sites, has announced "farewell" to its millions of users. The meta-search engine, which hosted no torrents of its own but linked to other sites including The Pirate Bay, has decided to cease its operation. The surprise shutdown marks the end of an era. Founded in 2003, Torrentz has been a stable factor in the torrent community for over 13 years. With millions of visitors per day the site grew out to become one of the most visited torrent sites, but today this reign ends, as the popular meta-search engine has announced its shutdown. A few hours ago and without warning, Torrentz disabled its search functionality. At first sight the main page looks normal but those who try to find links to torrents will notice that they?re no longer there. < - > https://torrentfreak.com/torrentz-shuts-down-largest-torrent-meta-search-engine-says-farewell-160805/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 5 07:24:03 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 05 Aug 2016 12:24:03 -0000 Subject: [Infowarrior] - Sheriff Raids House to Find Anonymous Blogger Who Called Him Corrupt Message-ID: <29C7F660-35EC-4EBD-A4D5-0A32AFDF5353@infowarrior.org> Sheriff Raids House to Find Anonymous Blogger Who Called Him Corrupt Naomi LaChance Aug. 4 2016, 6:38 p.m. https://theintercept.com/2016/08/04/sheriff-raids-house-to-find-anonymous-blogger-who-called-him-corrupt/ After a watchdog blog repeatedly linked him and other local officials to corruption and fraud, the Sheriff of Terrebone Parish in Louisiana on Tuesday sent six deputies to raid a police officer?s home to seize computers and other electronic devices. Sheriff Jerry Larpenter?s deputies submitted affidavits alleging criminal defamation against the anonymous author of the ExposeDAT blog, and obtained search warrants to seize evidence in the officer?s house and from Facebook. The officer, Wayne Anderson, works for the police department of Houma, the county seat of Terrebone Parish ? and according to New Orleans? WWL-TV, formerly worked as a Terrebone Sheriff?s deputy. Anderson was placed on paid leave about an hour and a half after the raid on his house, Jerri Smitko, one of his attorneys, told The Intercept. She said that he has not yet been officially notified about why. Smitko said Anderson denies that he is the author of ExposeDat. But free speech advocates say the blogger ? whoever he or she is ? is protected by the First Amendment. ?The law is very clear that somebody in their private capacity, on private time, on their own equipment, has a First Amendment right to post about things of public concern,? Marjorie Esman, director of the ACLU of Louisiana, told The Intercept. Larpenter told WWL: ?If you?re gonna lie about me and make it under a fictitious name, I?m gonna come after you.? Esman said the Sheriff and his deputies were forgetting something. ?The laws that they?re sworn to uphold include the right to criticize and protest. Somehow there?s a piece in the training that leads to them missing that.? ExposeDAT calls itself a ?watchdog group,? posting articles that use public records to identify institutional corruption in the Parish. Since it launched in late June, it has accused various public officials and business owners of nepotism, tax evasion, polluting and misuse of government funds. It promises to ?introduce articles that explore the relationship between certain Public Officials and the flow of money in South Louisiana.? The Sheriff?s office, in order to obtain the warrants, said the blog had criminally defamed the Parish?s new insurance agent, Tony Alford, WWL reported. One ExposeDAT blog post titled ?Gordon Dove and Tony Alford?s Radioactive Waste Dumping,? briefly describes the relationship between Alford and the parish?s president, who jointly own a Montana trucking company that has been cited for dumping radioactive waste in Montana. That citation was originally reported in the Missoula, Mont., newspaper The Missoulian. In a post titled ?You Scratch Mine and I?ll Scratch Yours,? the blog uses public records to call attention to the fact that Sheriff Larpenter gave Alford a parish contract despite that fact that his wife manages Alford?s office. ?When decent, law abiding citizens try to speak out on matters of public importance, they?re treated like criminals,? Smitko said. ?If this is what happens to a police officer with 12 year of impeccable service what the hell kind of justice do criminals get?? The Sheriff?s office, the police department and the district attorney?s office did not return requests for comment. This isn?t the first time that Louisiana law enforcement officers have challenged those who criticize them. In 2012, Bobby Simmons, a former police officer, was arrested and jailed on a charge of criminal defamation for a letter he wrote to a newspaper regarding another police officer. The charge was later dropped, and Simmons filed a civil suit alleging that his civil rights were violated. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 5 07:26:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 05 Aug 2016 12:26:56 -0000 Subject: [Infowarrior] - =?utf-8?q?Bamford=3A_The_world=27s_best_cyber_arm?= =?utf-8?q?y_doesn=E2=80=99t_belong_to_Russia?= Message-ID: <34A66ADC-0BB0-4119-81C7-CB978A073679@infowarrior.org> Commentary: The world's best cyber army doesn?t belong to Russia By James Bamford http://www.reuters.com/article/us-election-intelligence-commentary-idUSKCN10F1H5 National attention is focused on Russian eavesdroppers? possible targeting of U.S. presidential candidates and the Democratic Congressional Campaign Committee. Yet, leaked top-secret National Security Agency documents show that the Obama administration has long been involved in major bugging operations against the election campaigns -- and the presidents -- of even its closest allies. The United States is, by far, the world?s most aggressive nation when it comes to cyberspying and cyberwarfare. The National Security Agency has been eavesdropping on foreign cities, politicians, elections and entire countries since it first turned on its receivers in 1952. Just as other countries, including Russia, attempt to do to the United States. What is new is a country leaking the intercepts back to the public of the target nation through a middleperson. There is a strange irony in this. Russia, if it is actually involved in the hacking of the computers of the Democratic National Committee, could be attempting to influence a U.S. election by leaking to the American public the falsehoods of its leaders. This is a tactic Washington used against the Soviet Union and other countries during the Cold War. In the 1950s, for example, President Harry S Truman created the Campaign of Truth to reveal to the Russian people the ?Big Lies? of their government. Washington had often discovered these lies through eavesdropping and other espionage. Today, the United States has morphed from a Cold War, and in some cases a hot war, into a cyberwar, with computer coding replacing bullets and bombs. Yet the American public manages to be ?shocked, shocked? that a foreign country would attempt to conduct cyberespionage on the United States. NSA operations have, for example, recently delved into elections in Mexico, targeting its last presidential campaign. According to a top-secret PowerPoint presentation leaked by former NSA contract employee Edward Snowden, the operation involved a ?surge effort against one of Mexico?s leading presidential candidates, Enrique Pe?a Nieto, and nine of his close associates.? Pe?a won that election and is now Mexico?s president. The NSA identified Pe?a?s cellphone and those of his associates using advanced software that can filter out specific phones from the swarm around the candidate. These lines were then targeted. The technology, one NSA analyst noted, ?might find a needle in a haystack.? The analyst described it as "a repeatable and efficient" process. The eavesdroppers also succeeded in intercepting 85,489 text messages, a Der Spiegel article noted. Another NSA operation, begun in May 2010 and codenamed FLATLIQUID, targeted Pena?s predecessor, President Felipe Calderon. The NSA, the documents revealed, was able ?to gain first-ever access to President Felipe Calderon's public email account.? At the same time, members of a highly secret joint NSA/CIA organization, called the Special Collection Service, are based in the U.S. embassy in Mexico City and other U.S. embassies around the world. It targets local government communications, as well as foreign embassies nearby. For Mexico, additional eavesdropping, and much of the analysis, is conducted by NSA Texas, a large listening post in San Antonio that focuses on the Caribbean, Central America and South America. Unlike the Defense Department?s Pentagon, the headquarters of the cyberspies fills an entire secret city. Located in Fort Meade, Maryland, halfway between Washington and Baltimore, Maryland, NSA?s headquarters consists of scores of heavily guarded buildings. The site even boasts its own police force and post office. And it is about to grow considerably bigger, now that the NSA cyberspies have merged with the cyberwarriors of U.S. Cyber Command, which controls its own Cyber Army, Cyber Navy, Cyber Air Force and Cyber Marine Corps, all armed with state-of-the-art cyberweapons. In charge of it all is a four-star admiral, Michael S. Rogers. Now under construction inside NSA?s secret city, Cyber Command?s new $3.2- billion headquarters is to include 14 buildings, 11 parking garages and an enormous cyberbrain ? a 600,000-square-foot, $896.5-million supercomputer facility that will eat up an enormous amount of power, about 60 megawatts. This is enough electricity to power a city of more than 40,000 homes. In 2014, for a cover story in Wired and a PBS documentary, I spent three days in Moscow with Snowden, whose last NSA job was as a contract cyberwarrior. I was also granted rare access to his archive of documents. ?Cyber Command itself has always been branded in a sort of misleading way from its very inception,? Snowden told me. ?It?s an attack agency. ? It?s all about computer-network attack and computer-network exploitation at Cyber Command.? The idea is to turn the Internet from a worldwide web of information into a global battlefield for war. "The next major conflict will start in cyberspace," says one of the secret NSA documents. One key phrase within Cyber Command documents is ?Information Dominance.? The Cyber Navy, for example, calls itself the Information Dominance Corps. The Cyber Army is providing frontline troops with the option of requesting ?cyberfire support? from Cyber Command, in much the same way it requests air and artillery support. And the Cyber Air Force is pledged to ?dominate cyberspace? just as ?today we dominate air and space.? Among the tools at their disposal is one called Passionatepolka, designed to ?remotely brick network cards.? ?Bricking? a computer means destroying it ? turning it into a brick. One such situation took place in war-torn Syria in 2012, according to Snowden, when the NSA attempted to remotely and secretly install an ?exploit,? or bug, into the computer system of a major Internet provider. This was expected to provide access to email and other Internet traffic across much of Syria. But something went wrong. Instead, the computers were bricked. It took down the Internet across the country for a period of time. While Cyber Command executes attacks, the National Security Agency seems more interested in tracking virtually everyone connected to the Internet, according to the documents. One top-secret operation, code-named TreasureMap, is designed to have a ?capability for building a near real-time interactive map of the global Internet. ? Any device, anywhere, all the time.? Another operation, codenamed Turbine, involves secretly placing ?millions of implants? ? malware ? in computer systems worldwide for either spying or cyberattacks. Yet, even as the U.S. government continues building robust eavesdropping and attack systems, it looks like there has been far less focus on security at home. One benefit of the cyber-theft of the Democratic National Committee emails might be that it helps open a public dialogue about the dangerous potential of cyberwarfare. This is long overdue. The possible security problems for the U.S. presidential election in November are already being discussed. Yet there can never be a useful discussion on the topic if the Obama administration continues to point fingers at other countries without admitting that Washington is engaged heavily in cyberspying and cyberwarfare. In fact, the United States is the only country ever to launch an actual cyberwar -- when the Obama administration used a cyberattack to destroy thousands of centrifuges, used for nuclear enrichment, in Iran. This was an illegal act of war, according to the Defense Department?s own definition. Given the news reports that many more DNC emails are waiting to be leaked as the presidential election draws closer, there will likely be many more reminders of the need for a public dialogue on cybersecurity and cyberwarfare before November. (James Bamford is the author of The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America. He is a columnist for Foreign Policy magazine.) -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 5 11:21:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 05 Aug 2016 16:21:43 -0000 Subject: [Infowarrior] - Take that, USOC. Message-ID: <9CBFA534-8223-4A49-A2C5-20B6461EAF67@infowarrior.org> Minnesota Carpet Cleaning Business Sues US Olympic Committee Over Its Ridiculous Social Media Rules https://www.techdirt.com/articles/20160804/20130135162/minnesota-carpet-cleaning-business-sues-us-olympic-committee-over-ridiculous-social-media-rules.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Aug 5 12:08:46 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 05 Aug 2016 17:08:46 -0000 Subject: [Infowarrior] - more on ... Fwd: Take that, USOC. References: <194DA235-11D1-4568-BB10-ADB168AADA58@umn.edu> Message-ID: <55AB5E82-E7A1-4A64-B4BF-A7A5CB0137B5@infowarrior.org> I have every expectation someone somewhere will do just that for any number of protestations.... -- It's better to burn out than fade away. > Begin forwarded message: > > From: H > > Quick thought, share anonymously if you like: How could this hashtag heavy handedness by the USOC possibly go wrong? Syria saw it first hand when #SummerinSyria was repurposed by those opposed to Assad. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Fri Aug 5 16:54:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 05 Aug 2016 21:54:12 -0000 Subject: [Infowarrior] - Obama prepares to boost U.S. military's cyber role: sources Message-ID: Homepage | Fri Aug 5, 2016 5:13pm EDT Obama prepares to boost U.S. military's cyber role: sources WASHINGTON | By Warren Strobel http://www.reuters.com/article/us-usa-cyber-idUSKCN10G254 The Obama administration is preparing to elevate the stature of the Pentagon?s Cyber Command, signaling more emphasis on developing cyber weapons to deter attacks, punish intruders into U.S. networks and tackle adversaries such as Islamic State, current and former officials told Reuters. Under the plan being considered at the White House, the officials said, U.S. Cyber Command would become what the military calls a "unified command" equal to combat branches of the military such as the Central and Pacific Commands. Cyber Command would be separated from the National Security Agency, a spy agency responsible for electronic eavesdropping, the officials said. That would give Cyber Command leaders a larger voice in arguing for the use of both offensive and defensive cyber tools in future conflicts. Both organizations are based at Fort Meade, Maryland, about 30 miles north of Washington, and led by the same officer, Navy Adm. Michael S. Rogers. A former senior intelligence official with knowledge of the plan said it reflects the growing role that cyber operations play in modern warfare, and the different missions of the Cyber Command and the NSA. The official spoke on condition of anonymity. A Cyber Command spokesman declined comment on the plan, and the NSA did not respond to requests for comment. Established in 2010, Cyber Command is now subordinate to the U.S. Strategic Command, which oversees military space operations, nuclear weapons and missile defense. U.S. officials cautioned that details of the plan, including some aspects of Cyber Command's new status, are still being debated. It was unclear when the matter will be presented to President Barack Obama for final approval, but the former senior intelligence official said it was unlikely anyone would stand in the way. A senior official, speaking on condition of anonymity, said the administration was "constantly reviewing if we have the appropriate organizational structures in place to counter evolving threats, in cyber space or elsewhere." "While we have no changes to this structure to announce, the relationship between NSA and Cyber Command is critical to safeguarding our nation?s security," the official said. The Pentagon acknowledged earlier this year that it has conducted cyber attacks against Islamic State, although the details are highly classified. "We are dropping cyberbombs. We have never done that before," Deputy Defense Secretary Robert Work said in April. The Washington Post reported last month that Pentagon leaders had been frustrated with the slow pace of Cyber Command's electronic offensive against Islamic State, militants who control parts of Iraq and Syria and have sympathizers and supporters worldwide. In response, Rogers created Joint Task Force Ares to develop new digital weapons against Islamic State and coordinate with the Central Command, which is responsible for combat operations in the Middle East and South Asia. The new task force has "the specific mission to accomplish cyberspace objectives in support of counter-ISIL operations," a Cyber Command statement said. Task Force Ares, it said, "comprises operations and intelligence professionals from each of the military services." James Lewis, a cyber security expert at the Center for Strategic and International Studies, said the plan that will be presented to Obama highlights how Cyber Command, reliant on the NSA in its early years, is developing its own work force and digital tools. "It reflects the maturing of Cyber Command and its own capabilities," Lewis said. Defense Secretary Ash Carter hinted at the higher status for Cyber Command in an April speech in Washington, in which he said the Pentagon is planning $35 billion in cyber spending over the next five years. "Adapting to new functions will include changes in how we manage ourselves in cyberspace," Carter said. NSA's primary mission is to intercept and decode adversaries' phone calls, emails and other communications. The agency was criticized for over-reach after former NSA contractor Edward Snowden revealed some of its surveillance programs. NSA's focus is gathering intelligence, officials said, often favoring the monitoring of an enemy's cyber activities. Cyber Command's mission is geared more to shutting down cyber attacks - and, if ordered, counter attacking. The NSA director has been a senior military officer since the agency's founding in 1952. Under the plan, future directors would be civilians, an arrangement meant to underscore that NSA is not subordinate to Cyber Command. (Additional reporting by Idrees Ali; Editing by John Walcott and Grant McCool) -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Aug 6 08:50:28 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 06 Aug 2016 13:50:28 -0000 Subject: [Infowarrior] - =?utf-8?q?NSA_denies_=E2=80=98Raiders_of_the_Lost?= =?utf-8?q?_Ark=27_stockpile_of_security_vulnerabilities?= Message-ID: <6CE33058-B415-48BD-8625-6CAFFFBF9C6E@infowarrior.org> (Of course, they're not stockpiled in a WAREHOUSE. Sorry, couldn't resist.... --rick) NSA denies ?Raiders of the Lost Ark' stockpile of security vulnerabilities Alex Hern https://www.theguardian.com/technology/2016/aug/06/nsa-zero-days-stockpile-security-vulnerability-defcon America?s National Security Agency (NSA) spends upwards of $25m in a year buying previously undisclosed security vulnerabilities ? known as zero days, because that?s the length of time the target has had to fix them ? but the large investment may not result in as much of a collection of hacking capabilities as is widely assumed. Jason Healey, a senior research scholar at Columbia University and director at the Atlantic Council policy thinktank, argues that the true number of zero days stockpiled by the NSA is likely in the ?dozens?, and that the agency only adds to that amount by a very small amount each year. ?Right now it looks like single digits,? he says, adding that he has ?high confidence in this assessment.? Healey presented the research at the Defcon hacking conference in Las Vegas to a packed crowd on the opening day of the event. ?I don?t know if we?ve got the right answer, but we?ve tried to run down every line of evidence that we can.? Threat posed by short-term rentals has always been high, but security researcher says it should now be considered one of the biggest risks of traveling The question of quite how many unpatched, undisclosed vulnerabilities the NSA has stockpiled cuts to the heart of a long-running concern the information security community has about the agency?s so-called ?dual mandate?: it is in charge of procuring intelligence about the actions of America?s enemies, a goal it often pursues through targeted hacking attacks, which are made easier by having knowledge of useful zero days, but at the same time, it is in charge of protecting the information security of the nation, a role which naturally entails warning vendors about unpatched security vulnerabilities it discovers. NSA claims its discloses 91% of vulnerabilities to vendors The same tension exists within the wider American government, Healey says. ?You see this tension between these agencies, and the government is certainly not of one mind on this ? Until 2010 it doesn?t seem like there was a government-wide policy to handle this.? Before beginning his talk, Healey asked the audience how many vulnerabilities they thought the NSA had stockpiled: hundreds, thousands, more than thousands or less than hundreds. The straw poll showed roughly even numbers guessing each possibility, something that underscores how little trust there is among hackers at large that the NSA will do the ?right thing? when it has knowledge of critical bugs. While emphasising that the closed nature of the NSA makes it hard to state anything categorically, Healey argues that all the available evidence supports the case that the agency actually has much less than the hundreds or thousands or vulnerabilities some in the audience thought it might. One key piece of evidence comes from the NSA itself, which in 2015 claimed that 91% of vulnerabilities it procured were eventually disclosed to the vendors whose products were at risk. Of the other 9%, at least some of those weren?t disclosed because they were fixed before they could be, the agency adds. Similarly, the White House has revealed that in one year since the current disclosure policy was implemented, it reviewed about 100 software vulnerabilities discovered by the NSA to determine if they should be disclose, and ?kept only about two?. Healey adds that in the autumn of 2014, he was personally told that every single vulnerability which had come up for review had been disclosed. ?We don?t have a stockpile of zero days? Aside from anything else, the figures fit with the comparatively low number of zero days found used in the wild in general. According to security researchers Symantec, just 54 were found through the whole of 2015, ?so single digits sounds reasonable?. Healey also cites Michael Daniel, a special assistant to the president and the US?s cybersecurity coordinator, to support the claim: ?The idea that we have these vast stockpiles of vulnerabilities stored up ? you know, Raiders of the Lost Ark-style ? is just not accurate,? Daniel has said. The figures don?t include the actions of other agencies, though. As the war between Apple and the FBI revealed, conventional law enforcement bodies also have an interest in securing unpatched vulnerabilities. When the FBI eventually bought one such zero day to break into the iPhone 5 at the heart of its fight with Apple ? for a reported $1m ? it managed to avoid government regulations about zero day disclosure by arguing that it only bought the use of a tool, not the zero day itself. ?To me,? Healey said, ?it seems to contravene pretty direct presidential guidance.? Similarly, they don?t include the actions of other governments. Around 30 are known to stockpile their own vulnerabilities, but only one ? Britain?s GCHQ ? is anywhere approaching public about their activities. GCHQ announced disclosure of 20 zero days last year. Healey closed with a plea to governments and to the hacker attendees of the conference: ?Normally in warfare if one side disarms themselves all they?ve done is disarm themselves. This is the one area where you can disarm governments, because once that information goes to a vendor, everyone is disarmed.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Aug 6 09:37:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 06 Aug 2016 14:37:54 -0000 Subject: [Infowarrior] - BBC to deploy detection vans to snoop on internet users Message-ID: <8A973001-BD4C-485D-B450-51E7E041E990@infowarrior.org> BBC to deploy detection vans to snoop on internet users http://www.telegraph.co.uk/news/2016/08/05/bbc-to-deploy-detection-vans-to-snoop-on-internet-users/ The BBC is to spy on internet users in their homes by deploying a new generation of Wi-Fi detection vans to identify those illicitly watching its programmes online. The Telegraph can disclose that from next month, the BBC vans will fan out across the country capturing information from private Wi-Fi networks in homes to ?sniff out? those who have not paid the licence fee. The corporation has been given legal dispensation to use the new technology, which is typically only available to crime-fighting agencies, to enforce the new requirement that people watching BBC programmes via the iPlayer must have a TV licence. < - > Under the Regulation of Investigatory Powers Act, the corporation is entitled to carry out surveillance of suspected licence-fee dodgers. The BBC confirmed that its newly developed detection techniques had been authorised under the legislation. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 9 09:25:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 09 Aug 2016 14:25:48 -0000 Subject: [Infowarrior] - RIP Kagi 1994-2016 Message-ID: http://kagi.com/ It is with sadness that we announce Kagi has ceased operations as of July 31st, 2016. For any product support issues, please contact the product developer directly. All final financial distributions are being managed by a third party. They will contact you via your primary Kagi email on August 31st, 2016 from this email address: do_not_reply at kagi.com. Please whitelist this email address in your spam filters. The final monthly data files will be transferred to product suppliers by August 20th, 2016. Per the Kagi privacy policy, customer data connected to the purchase of a product is shared with the supplier of that product so that they can provide product support. The database of customer data will not be sold or transferred to a third party. For the past ten years Kagi has been struggling to recover from financial losses due to a supplier fraud situation. We have reduced the debt but the recovery has failed and forced us to close. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Aug 9 12:21:06 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 09 Aug 2016 17:21:06 -0000 Subject: [Infowarrior] - Facebook Will Force Advertising on Ad-Blocking Users Message-ID: <26C58753-C9B0-4516-B3CE-272A573C3B71@infowarrior.org> Facebook Will Force Advertising on Ad-Blocking Users The social network will use technology to disguise ads on its desktop service from ad-blocking software Photo: Zuma Press By Jack Marshall Aug. 9, 2016 10:00 a.m. ET http://www.wsj.com/articles/facebook-will-force-advertising-on-ad-blocking-users-1470751204 Facebook is going to start forcing ads to appear for all users of its desktop website, even if they use ad-blocking software. The social network said on Tuesday that it will change the way advertising is loaded into its desktop website to make its ad units considerably more difficult for ad blockers to detect. ?Facebook is ad-supported. Ads are a part of the Facebook experience; they?re not a tack on,? said Andrew ?Boz? Bosworth, vice president of Facebook?s ads and business platform. User adoption of ad-blocking software has grown rapidly in recent years, particularly outside of the U.S. According to estimates by online advertising trade body the Interactive Advertising Bureau, 26% of U.S. internet users now use ad blockers on their desktop devices. Facebook declined to comment when asked on what portion of its desktop users have ad-blocking software installed. Facebook?s change will open up more online ad space for it to sell, although Mr. Bosworth said that wasn?t the motivation for the move. Facebook now garners 84% of its advertising revenue from mobile devices, which are less susceptible to ad blocking than desktop devices. ?This isn?t motivated by inventory; it?s not an opportunity for Facebook from that perspective,? Mr. Bosworth said. ?We?re doing it more for the principle of the thing. We want to help lead the discussion on this.? Nonetheless, Facebook stands to gain financially from showing ads to ad-blocking users. On the company?s second-quarter earnings call in July, Facebook executives said its ?ad load??the volume of ads its users typically see?was in a ?good zone.? That means it doesn?t think it can push many more ads to users than they already see during the time they are spending on the social network. Mr. Bosworth acknowledged that forcing ads onto people who have attempted to avoid them could irritate those users, but he said the company has invested heavily in ensuring advertising on Facebook is ?uninterruptive? and relevant. Facebook is also introducing more ways for users to control the type of advertising they see on the service. ?It just seems like a poor bargain to be forced to choose all or nothing. There?s a middle ground,? Mr. Bosworth said. Some ad-blocking software providers have faced fierce criticism from the media industry for their business models in recent months. Eyeo GmbH, the company behind popular desktop ad-blocking tool Adblock Plus, accepts payment from more than 70 companies in exchange for letting their ads through its filter. Mr. Bosworth said Facebook hasn't paid any ad-blocking software company to have its ads pass through their filters and that it doesn?t intend to. ?It?s not something that Facebook wants to be a part of. It?s not a business model that?s set out to serve the best interests of people,? he said. The IAB has also been extremely vocal about its disapproval of online ad blockers and their business models, with its CEO Randy Rothenberg describing Adblock Plus earlier this year as ?an old-fashioned extortion racket, gussied up in the flowery but false language of contemporary consumerism.? Facebook is an IAB member. From a technical standpoint, Facebook is able to circumvent ad blockers relatively easily because it loads ads into its service itself. Many online publishers and media companies rely on third-party companies to help display ads on their webpages and services, which can make them more easily identifiable to blocking technologies. As a result, a new breed of ?anti-ad-blocking? technology companies has emerged, hoping to cash in on the situation by selling software designed to help media companies and publishers counteract the effects of ad blocking. Write to Jack Marshall at Jack.Marshall at wsj.com -- It's better to burn out than fade away.