From rforno at infowarrior.org Fri Sep 16 10:57:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Sep 2016 15:57:30 -0000 Subject: [Infowarrior] - =?utf-8?q?Russia_bans_Pornhub=2C_YouPorn=E2=80=94?= =?utf-8?q?tells_citizens_to_=E2=80=9Cmeet_someone_in_real_life=E2=80=9D?= Message-ID: <03DF78BF-50EC-4659-8D7E-1BB5B898078B@infowarrior.org> Russia bans Pornhub, YouPorn?tells citizens to ?meet someone in real life? Tom Mendelsohn (UK) - 9/16/2016, 10:15 AM http://arstechnica.com/tech-policy/2016/09/russia-bans-pornhub-youporn-tells-citizens-to-meet-someone-in-real-life/ Two of the biggest porn sites in the world have been blocked by Russia's media regulator, a decision which has apparently prompted uproar on the country's social media. Weirder yet, Roskomnadzor, the body that enacted the bans (whose name translated into English is the Federal Service for Supervision of Communications, Information Technology and Mass Media), has been actively engaged in sassing members of the Russian public who complain. The regulator dropped the banhammer on Tuesday, applying rules which had previously been imposed by two separate regional courts. Any Russian citizen visiting PornHub or YouPorn is now redirected to a simple message telling them that the sites have been blocked "by decision of public authorities." Sexually explicit material isn't illegal in the country, but according to the BBC's Vitaliy Shevchenko, the law confusingly appears to ban "the illegal production, dissemination, and advertisement of pornographic materials and objects." In a now infamous post, Roskomnadzor quoted itself in reply to frustrated porn fans, retweeting what it said during a previous round of bans in 2015: "Dear Lyolya, as an alternative you could try and meet someone in real life." And in its retweet this week, it added: "Dear lovers of the Internet, this piece of advice still stands." This much-mocked tweet apparently attracted a reply from the original Lyolya, who asked why the watchdog hadn't ?come up with something new.? Undeterred, Roskomnadzor asked him whether it was possible "to enter the same river twice." The Russian government routinely censors chunks of the Web; Roskomnadzor maintains a blacklist that numbers in the thousands, encompassing sites banned for breaching child protection laws and the country's vague extremism provisions. Sites which criticise the Vladimir Putin administration have been shut down, and at one point the country was denied access to Wikipedia. For its part, Pornhub has a savvy social media operation of its own, and has made a novel attempt to circumvent the ban: It later told users that pornhub.ru hadn't been blocked. This post originated on Ars Technica UK -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 16 18:29:55 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Sep 2016 23:29:55 -0000 Subject: [Infowarrior] - NYPD Says Talking About Its IMSI Catchers Would Make Them Vulnerable to Hacking Message-ID: <685D9594-5C11-499F-8CA2-00F603953ABF@infowarrior.org> NYPD Says Talking About Its IMSI Catchers Would Make Them Vulnerable to Hacking Written by Joseph Cox September 16, 2016 // 10:25 AM EST https://motherboard.vice.com/read/nypd-says-talking-about-its-imsi-catchers-would-make-them-vulnerable-to-hacking Typically, cops don't like talking about IMSI catchers, the powerful surveillance technology used to monitor mobile phones en masse. In a recent case, the New York Police Department (NYPD) introduced a novel argument for keeping mum on the subject: Asked about the tools it uses, it argued that revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking. Civil liberties activists are not convinced. Christopher Soghoian from the American Civil Liberties Union (ACLU) wrote in an affidavit as part of a petition against the NYPD?s decision not to share this information, ?It would be a serious problem if the costly surveillance devices purchased by the NYPD without public competitive bidding are so woefully insecure that the only thing protecting them from hackers is the secrecy surrounding their model names.? The New York Civil Liberties Union (NYCLU), an affiliate of the ACLU, has been trying to get access to information about the NYPD?s IMSI catchers under the Freedom of Information Law. These devices are also commonly referred to as ?stingrays?, after a particularly popular model from Harris Corporation. Indeed, the NYCLU wants to know which models of IMSI catchers made by Harris the police department has. ?Public disclosure of this information, and the amount of taxpayer funds spent to buy the devices, directly advances the Freedom of Information Law?s purpose of informing a robust public debate about government actions,? the NYCLU writes in a court filing. The group has requested documents that show how much money has been spent on the technology. Read More: Privacy Activists Launch Database to Track Global Sales of Surveillance Tech After the NYPD withheld the records, the FOI request was escalated to a lawsuit, which is where the NYPD?s strange argument comes in (among others). ?Public disclosure of the specifications of the CSS [cell site simulator] technologies in NYPD's possession from the Withheld Records would make the software vulnerable to hacking and would jeopardize NYPD's ability to keep the technologies secure,? an affidavit from NYPD Inspector Gregory Antonsen, dated August 17, reads. Antonsen then imagines a scenario where a ?highly sophisticated hacker? could use their knowledge of the NYPD's Stingrays to lure officers into a trap and ambush them. But Soghoian responded in his affidavit, ?There is no legitimate cybersecurity justification to keeping secret the names of the particular Harris products used by the NYPD.? The financial documents requested by the NYCLU won't include the sort of detail needed by a hacker to break into or otherwise tamper with these devices, and the group has said the NYPD can redact extra information, such as which network the devices target. According to Soghoian, none of the purchase or invoice records for Stingrays he has seen have revealed which specific software updates an agency has used??just as records revealing that an agency had purchased iPhones for officers would not reveal which particular iOS security updates the agency had or hadn't installed on those devices,? he adds. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Sep 17 17:31:06 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Sep 2016 22:31:06 -0000 Subject: [Infowarrior] - How Journalists Can Fight Politicians' War on Truth Message-ID: <4979509C-AB45-445D-9D78-EA669C1C301F@infowarrior.org> How Journalists Can Fight Politicians' War on Truth Dan Gillmor http://www.theatlantic.com/politics/archive/2016/09/politicians-war-on-truth/500282/ NBC News? Matt Lauer?s performance as moderator of a recent public forum featuring Donald Trump and Hillary Clinton has led to some modest journalistic soul-searching. If journalists want the public to retain even an ounce of respect for their craft, they should do more than that?and they should start right now, by declaring a boycott on bullshit. Lauer, among other things, allowed Trump to lie repeatedly without making much attempt to set the record straight. But Lauer was only doing what so many others have done throughout this political cycle. His haplessness surely has led the moderators of the upcoming presidential debates to ask themselves how they?ll handle Trump?s proclivity for rapid-fire lying or, for that matter, the more occasional dissembling from Hillary Clinton. Perhaps the debate hosts will emulate what journalists have done in at least some cases: telling their audiences that a candidate is lying, assuming they?ve done enough homework to know. (Fox News? Chris Wallace has explicitly said he won?t do this.) The problem is that simply calling out lies is not enough. Once the lie is spoken out loud, even a quick rebuttal?assuming it?s issued on the spot?doesn?t undo all the damage. This is partly because repeating a lie, which is generally part of the debunking process, can reinforce it. Moreover, a phenomenon called confirmation bias leads people who want to believe something to believe it even more after they?ve been shown they?re wrong. So maybe it?s time for journalists who care to try some new, stronger tactics to fight back against the war on truth that Trump and so many others have been waging this year. Nothing they do is going to fix this problem, but doing more of the same guarantees that nothing will change. For the debates, I?d propose an experiment for a brave TV news channel or website. Put the entire program on a time delay, say 10 minutes. This would give the news channel time to do the following: ? Have teams of experts on the topics likely to be discussed examine the veracity of candidates? claims. ? If they determine that a candidate is lying, programmers kill the sound going to viewers? TVs and other screens. While the line can be difficult to draw, I?d do this only for brazen lies?such as Trump?s easily proved lie that he publicly opposed the Iraq War before it started?not standard policy overpromises. ? During the silences, of which there would no doubt be many, viewers would see the candidate?s lips moving. But there would be an overlay of text saying, ?He?s talking about [insert subject] but making false statements; here?s the truth about this subject: ... ? and so on. ? Although the sound would remain on during the can?t-possibly-be-kept promises, another overlay would explain that reality, and why. There?s more, but those give you the basic idea. The point is not to expose the viewers of that particular forum to the lies in the first place, at least not on first viewing. I take for granted that many viewers would go back and listen to the lies directly. But they?d have some appropriate context even if they did. Again, this would be an experiment?one of many, I?d hope. Others might include a split screen that denounces the lies on one side immediately after they?re uttered on the other. But that again gives the liars what they want in the first place. I?m betting that no major TV outlet would entertain any of my suggestions. Ratings are ratings, after all. And the ongoing success of tabloid news is testament to giving the public what it wants: infotainment. Call me old-fashioned. I believe in journalism?s crucial role as a counterbalance to untrammeled power and false propaganda. When journalists see a blatant, systemic dysfunction in American political culture, they have an obligation that transcends money. Media people have to do something to regain some control over their integrity. People have the right to lie. And other people have the right to listen to them, and believe the lies if they choose. Improved media literacy might reduce the latter group by instilling critical-thinking skills more widely. But journalists can at the very least make an effort not to make things worse, as so many are doing today. Whatever they try, media people have to do something to regain some control over their integrity. Right now they?re being played for suckers by manipulators whose propaganda skills are vastly better than journalists? apparent ability to do their jobs. As it happens, I favor Hillary Clinton in this race. But this isn?t about advancing the interests of a particular candidate. When she lies, she should be held to the same standard. It's about changing the structural incentives for all candidates?and for journalists. Debates are only one part of the problem. There?s absolutely no excuse for TV news channels to let campaign surrogates lie on air. A simple policy change would fix that: Lie once, and you never appear on our programs again. Period. Maybe there?s an endless supply of dishonest surrogates, but maybe not. And text-based media outlets can do their part when candidates or surrogates lie. Don?t publish the lie. Do explain what topic the candidate was addressing. Explain that the candidate was lying. Tell the truth about that topic. Or ignore it entirely. I can think of a lot of objections to my boycott of bullshit, some better than others. At some level the press has a duty to report what would-be presidents say. But when people like Trump so thoroughly smash through the boundaries that have prevailed in the past?exploiting the media?s greatest vulnerabilities in the process?isn?t there some obligation to decline to do business as usual? Given the ability of candidates to put videos and other media online themselves, no member of the public who wants to hear everything they say will be refused. Moreover, we can count on at least some media outlets to run the debates live and without comment. My plea, again, is that some journalists, somewhere, do something to counteract the poison spreading through our political system. Nor is this a blanket condemnation of all American political journalists. At least a few have done good work in this campaign, and the audible angst in the craft suggests we?ll see more. But their efforts are drowning in the massive journalistic malpractice by others. The craft doesn?t have much credibility left to squander, and a lot to regain. Journalists need to try some new approaches, before it?s too late. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Sep 18 10:28:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Sep 2016 15:28:56 -0000 Subject: [Infowarrior] - Fwd: HP pre-programmed failure date of unofficial/non-HP ink cartridges in its printers References: Message-ID: -- It's better to burn out than fade away. > Begin forwarded message: > > From: "Dan > > http://www.myce.com/news/hp-pre-programmed-failure-date-unofficial-non-hp-ink-cartridges-printers-80457/ > > Posted 16 September 2016 19:20 CEST by Jan Willem Aldershoff > > > Investigation of an online printer ink retailer shows that HP has programmed a date in its printer firmware on which unofficial non-HP cartridges would fail. Thousands of HP printers around the world started to show error messages on the same day, the 13th of September 2016. > > On that date HP printers with non-HP cartridges started to show the error message, ?One or more cartridges appear to be damaged. Remove them and replace them with new cartridges?. On HP?s support forums numerous complaints were posted and Dutch online retailer 123inkt also received a large amount of complaints on that day and decided to investigate the issue. > > After an investigation on their test printers they found a large scale issue with their private label brand cartridges with several HP printers. When they emailed their customers asking them if they wanted to check if their printer also had issues, they received replies from more than 1,000 customers confirming the issue. > > Further investigation with many printer models showed the issue resided in the firmware of the printers and 123inkt.nl contacted HP about the issue. HP stated it wasn?t aware of the issue. Consumers who complained to HP were told the error was caused by using non-HP cartridges. A day later HP withdrew that statement and explained the issues were a side effect of an firmware update. > > However, the company didn?t release a firmware update at any date near the 13th of September. The printers with issues received a firmware update in March 2016 for the last time, and that firmware was developed in 2015. Also printers with firmware released before March 2016 suffered from the issue and even worse, also printers without any internet access started to reject non-HP cartridges. > > Therefore it?s very unlikely that a firmware update caused the issues and the only other logical explanation is that HP programmed a date in its firmware on which non-HP cartridges would no longer be accepted. > > When 123inkt contacted the supplier of their private label cartridges, they also confirmed the issue. The private label supplier started to work on a solution and for several HP printers they developed new chips which are currently in production. > > On its website 123inkt concludes, ?This problem is not unique. Printer manufacturers regularly release firmware updates which are said to enhance the printer?s performance or address security issues. The (un) intended result, however, is that the use of cheaper private label cartridges is made difficult and / or that error messages are caused. This time the problem was not the result of an update to improve the operation of the printer, but HP apparently programmed a date in its firmware on which the issues should start, the September 13, 2016.? > > A temporarily workaround is flashing firmware from 2014 but, according to 123inkt, this can?t be easily performed by regular consumers. The retailer calls for HP to at least make the old firmware available to its customers. > From rforno at infowarrior.org Sun Sep 18 10:29:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Sep 2016 15:29:31 -0000 Subject: [Infowarrior] - WaPo uses, then discards, Snowden Message-ID: <01A973D3-4D74-41B2-8B0F-FC955242CC79@infowarrior.org> @ggreenwald -- WPost acheives a 1st in media history: a paper calls for *imprisonment of its own source (after accepting Pulitzer) No pardon for Edward Snowden https://www.washingtonpost.com/opinions/edward-snowden-doesnt-deserve-a-pardon/2016/09/17/ec04d448-7c2e-11e6-ac8e-cf8e0dd91dc7_story.html -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Sep 18 10:46:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Sep 2016 15:46:30 -0000 Subject: [Infowarrior] - =?utf-8?q?Media_Template_for_Responding_to_Trump?= =?utf-8?b?4oCZcyBMaWVz?= Message-ID: <370CA1E7-A1F1-4346-82F9-F63C377E7454@infowarrior.org> (The difference is, HRC lies in conventional ways since she's a conventional politician. Trumpy has no such conventions and his sentiments are based on whatever he's feeling at any given minute. Ergo, different techniques. --rick) Media Template for Responding to Trump?s Lies September 18, 2016 10:30am by Barry Ritholtz http://ritholtz.com/2016/09/media-template-responding-lies-donald-trump How should the media respond when a Presidential candidate is caught lying? I don?t mean the small political prevarications that all politicians engage in ? I refer to the uniquely outsized bullshit that has been dominating this election cycle. So far, the mainstream press has been doing a mostly terrible job. However, that may be changing. To wit: Presidential candidate Donald Trump held a news conference Friday morning, where he: 1) Promoted his commercial interests in a hotel; 2) Admitted Barack Obama was born in United States; 3) Blamed the birther movement on Hilary Clinton. Like so much else this election season, the media has been flummoxed in responding to such Trumpian absurdities like these. While some news outlets have acquitted themselves well ? the Washington Post?s deep dive into Trump?s fabrications of his charitable stands out ? most of his unprecedented stream of falsities, exaggerations and outright lies has twisted them into knots. Until Friday. For the first time, a major media outlet responded to the Trump modus operandi appropriately. The New York Times called out his prevarications with an intelligent parry and counter-thrust, responding to the candidate?s histrionic absurdities with proper journalistic clarity. On line late in the afternoon, they published the column Donald Trump Clung to ?Birther? Lie for Years, and Still Isn?t Apologetic, and in print the next day it was the above the fold front page headline for the Saturday paper. Michael Barbaro?s blistering analysis of the Trump birther issue was one of the first to not dance around the truth. Rather than engage in the usual contortions to appear fair when responding to an outright lie, the writer placed Trump?s words into proper context. The result was a spectacularly accurate assessment of an historically important lie. Perhaps even more important, the ?paper of record? unwittingly created a template for other journalists wrestling with the unique challenges of covering Trump?s many fabrications. I have found such templates to be helpful in the past. Here is that template; journalists covering the campaign are encouraged to copy and paste this for future use .... Template for Reporters Covering Donald Trump Trump false statement Identify history of prior false claims, by listing lies in Chronological order 2011: Tells a lie [insert description] 2012: Still a lie when it was repeated [insert description] 2014: Still lying [insert description] 2016: Amazingly, lying still [insert description] Contextualize how Trump managed to never get called out on the lie; reference the social impact of these false statements, including overtones of racisms. Point out facts that demonstrated to any rational person Trump?s statements were obvious lies prior to listed dates. Reference Trump?s embrace of conspiracy, use flowery language to describe the toxicity of the lie. Mention how good minded associates of his are embarrassed by it. Point out how he worked to ?mainstream? a fringe falsehood. Social media reference, where facts do not matters. Explain how the lie was repeated on live television, unchallenged by fact-checking. Reference the various light weight shows where the lie was repeated, without serious challenges from light weight anchors. Rhetorical questions about motivations: Media attention? Racism? Cynicism? Calculated political stunt? Point out how his aides and advisors say he has moved on, even as he keeps repeating the lie. Reference his skillful manipulation of television. Describe the lie being replaced with an even more bizarre new deception. Describe the narcissism involved. Reference the lies with interesting turns of phrase: casual elasticity with the truth; exhausted an army of fact-checkers; insidious, calculated calumny Repeat reference to underlying racism coursing through the lie. Use an Obama quote to show Trumps lack of eloquence or statesmanship. ? End ? When you are confronted with a pathological liar running for public office, this is how media should respond. With context and history, with literary flourishes and honesty. Journalists should save this template for future usage. Each and every bizarre falsehood that challenges the fabric of our democracy ? be it about his income or his taxes, or about the charitable gifts he never was party to or the litigation he was, this is how the reporters covering the campaign should respond. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Sep 18 10:57:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Sep 2016 15:57:43 -0000 Subject: [Infowarrior] - more on ... Re: Fwd: HP pre-programmed failure date of unofficial/non-HP ink cartridges in its printers In-Reply-To: <20160918154110.GA10714@gsp.org> References: <20160918154110.GA10714@gsp.org> Message-ID: <66C8AA61-248B-4266-9E6B-8D6F29C355AC@infowarrior.org> And lets' not forget Lexmark, too. They had their own DRM fun a few years ago. -- It's better to burn out than fade away. > On Sep 18, 2016, at 11:41, Rich K > > We now have two useless Epson printers thanks to similar DRM technology. > One of them quit in the middle of printing a page, with an error saying > that the ink cartridge was not recognized. It was an Epson cartridge. > It was working just fine for two months before this happened. At least > I didn't make the same mistake with this one as I did with the other one: > I replaced all of first one's cartridges with new Epson ones. That was > a waste of a time and money. This one? I just unplugged it. > > Of course we can't use those multi-function printers for anything else, > i.e., this problem also disables the scanner and fax and so on. > > So that's $500 worth of paperweights. Thanks Epson. Thanks DRM. From rforno at infowarrior.org Mon Sep 19 09:10:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Sep 2016 14:10:43 -0000 Subject: [Infowarrior] - Sorting Through the Snowden Aftermath Message-ID: <03E1721F-2DC2-4C0E-8D61-92E1CE9AE68A@infowarrior.org> Sorting Through the Snowden Aftermath Posted on Sep.19, 2016 in Intelligence, Oversight, Snowden by Steven Aftergood http://fas.org/blogs/secrecy/2016/09/snowden-aftermath/ Public discussion of the Edward Snowden case has mostly been a dialog of the deaf, with defenders and critics largely talking past each other at increasing volume. But the disagreements became sharper and more interesting over the past week. ?Mr. Snowden is not a patriot. He is not a whistleblower. He is a criminal,? wrote the members of the House Intelligence Committee in a startling September 15 letter to the President, urging him not to pardon Snowden, contrary to the urging of human rights groups. ?The public narrative popularized by Snowden and his allies is rife with falsehoods, exaggerations, and crucial omissions,? the House Intelligence Committee wrote in the executive summary of an otherwise classified report on Snowden?s disclosures. Remarkably, however, the House Committee report itself included numerous false statements and misrepresentations, according to an analysis by Barton Gellman, who had reported on Snowden?s disclosures for the Washington Post. ?The report is not only one-sided, not only incurious, not only contemptuous of fact. It is trifling,? wrote Gellman, who identified several apparent errors and falsehoods in the House Committee summary. What is perhaps worse than what?s contained in the House document, though, is what is missing from it: Congressional intelligence overseers missed the opportunity to perform any reflection or self-criticism concerning their own role in the Snowden matter. The fact that U.S. intelligence surveillance policies had to be modified in response to the public controversy over Snowden?s disclosures was a tacit admission that intelligence oversight behind closed doors had failed to fulfill its role up to that point. But since the Committee has been unwilling to admit any such failure, it remains unable to take the initiative to rectify its procedures. Last week, a coalition of non-governmental organizations proposed various changes to House rules that they said would help to improve the quality of intelligence oversight and make it more responsive to congressional needs and to the public interest. Meanwhile, several human rights organizations launched a campaign to urge President Obama to pardon Snowden. ?Thanks to his act of conscience, America?s surveillance programs have been subjected to democratic scrutiny, the NSA?s surveillance powers were reined in for the first time in decades, and technology companies around the world are newly invigorated to protect their customers and strengthen our communications infrastructure,? the petition website said. ?Snowden should be hailed as a hero. Instead, he is exiled in Moscow, and faces decades in prison under World War One-era charges that treat him like a spy.? However, aside from that oblique reference to the Espionage Act of 1917, the petition campaign does not acknowledge any defect in Snowden?s conduct or weigh counterarguments. (A somewhat more nuanced defense of a pardon was presented by Tim Edgar in Lawfare. A substantial rebuttal to the pardon proposal was offered by Jack Goldsmith also in Lawfare.) But of course what complicates the Snowden matter is that his disclosures exceeded the boundaries of ?democratic scrutiny? and went well beyond any identifiable ?act of conscience.? ?The fact is, many of Snowden?s documents bore no resemblance to whistleblowing as the phrase is broadly understood,? wrote Fred Kaplan in a review of the new Oliver Stone movie about Snowden in Slate. Rather, he said, they represented ?an attempt to blow U.S. intelligence operations.? Advocacy journalist Glenn Greenwald replied with a debater?s point that Snowden is innocent of any such offense since he (Snowden) did not directly disclose anything at all to the public! Instead, he gave documents to newspapers that reported on his material, and those papers are responsible for any inappropriate disclosures. ?Snowden himself never publicly disclosed a single document, so any programs that were revealed were the ultimate doing of news organizations,? according to Greenwald. In an oddly mercenary argument, he also wrote that it was hypocritical of the Washington Post editorial board to oppose a pardon for Snowden, considering that the Post had gained ?untold millions of clicks? from his disclosures, and therefore somehow owed him a debt of loyalty. But an effort to shift responsibility away from Snowden on to news reporters and editors proves too much. It implies that Snowden is not a whistleblower at all, since he himself didn?t blow any whistles, his journalistic collaborators did. It seems more sensible to conclude that Snowden is responsible for his own actions as well as for the directly foreseeable consequences of those actions. In an interesting response to Jack Goldsmith, Marcy Wheeler wrote that it is possible to comprehend ? if not to reconcile ? the sharply opposing views of the Snowden case if they are understood as a clash between professed American values (such as openness, privacy, and internet freedom) and American interests and actions (such as global surveillance and projection of military power). The former, ?cosmopolitan? view presumes, however, that the favored values transcend, and can be sustained apart from, their -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Sep 20 06:21:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2016 11:21:31 -0000 Subject: [Infowarrior] - How Pirates Shaped The Internet As We Know It Message-ID: How Pirates Shaped The Internet As We Know It from the talk-like-a-pirate-day dept Today is "International Talk like a Pirate Day." While it's a lot of fun to act like a pirate, drink rum and catch up on Errol Flynn movies, piracy is also a serious issue with real economic and legal significance. As electronic devices become an increasingly ubiquitous part of our lives, the content we consume has moved from analog to digital. This has made copying ? as well as pirating ? increasingly easy and prevalent. Adding fuel to the flames of this rising "pirate generation" has been the content industry's recalcitrant and often combative attitude toward digital markets. Piracy, and the reactions to it, has had an immense impact on the daily lives of ordinary Americans, shaping their digital experience by determining how they can share, transfer and consume content. < - > https://www.techdirt.com/articles/20160919/17184435565/how-pirates-shaped-internet-as-we-know-it.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Sep 20 06:38:06 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2016 11:38:06 -0000 Subject: [Infowarrior] - Was the Terror Coverage More Explosive Than the Bombs? Message-ID: <4844AB44-9CDF-492A-BCE0-11BCF522A810@infowarrior.org> Was the Terror Coverage More Explosive Than the Bombs? Goaded by politicians and cable, a safer-than-ever America goes into full red alert mode. By Jack Shafer September 19, 2016 http://www.politico.com/magazine/story/2016/09/terrorism-nyc-bomb-media-coverage-news-214263 In a rational world, we would interpret the inept crimes of accused pipe bomber Ahmad Khan Rahami as evidence that 15 years after the big one, the terrorist threat in America is akin to a brush fire?the kind of thing that inevitably flares up and causes some damage before the experts put it out. Instead, thanks to the cable news channels and some in the Web and print space, we?ve turned it into a mighty conflagration. Donald Trump, ever the opportunist, sounded this alarm Saturday shortly after the bomb went off in Manhattan?s Chelsea district. ?Nobody knows exactly what?s going on. But boy, we are living in a time?we better get very tough, folks,? Trump said, when the shrapnel was still sizzling. The cable news channels jumped on the story in a galvanic fashion for a number of reasons. First, the story happened in their New York backyard. It is an unwritten rule of assaults, murders, natural disasters and other injurious acts that their news potential is inversely proportional to the distance from the news organization?s headquarters. For example, if a pipe bomb went off in Kansas City, the news response of the New York-based networks would be middling. But if a New York City cop broke his toe kicking a suspect in the butt, we?d be just a few chyrons away from a breaking news alert. Second, the detonation of one bomb is an indicator that additional bombs might exist until proved otherwise. In this case, they did, in alarming numbers. The multiplicity of devices?one bomb exploded in New Jersey on Saturday morning, a second bomb was found (undetonated) in Manhattan, and then early Monday in New Jersey a third bomb went off in the face of a police robot?gave the story additional velocity like booster stages on a rocket. Third, the date 9/11 has made us all a little anxious about a repeat attack in September, and this anxiety helps to stoke coverage of any such incident?especially in New York. Even if the networks were based in Chicago, the story would have become big news: Terrorism is to New York as hurricanes are to Miami. Even the near-misses are big stories. So, measured by the usual yardsticks, nobody can deny that the New York bombing story and the capture of the accused were big stories. I?d be the last person to say the press ?over-covered? an incident in which 29 people were injured. But neither am I carrying a load of dread that the next pipe bomb will ignite in my world?the Washington, D.C., metro area, another bull's-eye for terrorists. Living, as I do, in a rational world, I interpret the clumsy bombing and misfire, and the speedy apprehension of the suspect, as evidence that the genuine threat from terrorists is low. Very low. I feel safe unless I start watching TV, after which, if I let my reptilian brain take over, I feel a bit panicked. You probably feel the same way. After all, there?s no cost to overreacting to the minor threat of terrorism. The payoff for overreacting could be the preservation of your life. President Barack Obama has tried to convey this gist of the low threat a number of times, but whenever he tries to assure the country, it comes out sounding like he?s counseling us to put our heads in the sand. Then, opportunists like Trump do us no favor by inflating the event into something it isn?t. ?Once again someone we were told is OK turns out to be a terrorist who wants to destroy our country & its people?how did he get thru system?? Trump tweeted Monday afternoon. The fact that the 28-year-old Rahami, born in Afghanistan, is the naturalized son of an immigrant seems not to have penetrated Trump's coiffure. If Rahami ?got through the system,? he did so as a youth. The current spate of violence doesn?t even come close to the volume of bombings recorded by FBI statisticians in an 18-month period spanning 1971 and 1972, Bryan Burrough reports in his book Days of Rage. Despite more than 2,500 domestic bombings in that period, the nation did not lose its marbles; no demagogue campaigned on the peril they posed. Because fear is not rational, wonks never get too far with the public by explaining that backyard swimming pools, quick drives to the supermarket for bread and milk, obesity or falling furniture are more likely to put your in death?s cross hairs than an act of terrorism. In the current atmosphere, every terror-motivated crime has come to feel like a dire assault on the homeland, exploding in the news with much more success than the actual bombs involved. Though the fear is understandable, the result has a huge distorting effect on our national psyche and politics. The culture appears to be too scarred by the 9/11 attacks to place pressure-cooker bombs of the type that Rahami is alleged to have built in their proper perspective. Maybe the next generation, one with no direct memory of the attack, can guide us out of our paranoia. The fact is, everywhere you look in modern life, we?re safer. Airline flight is safer, cars are ridiculously safe, violent crime has fallen through the floor, the food supply has never been safer, and consumer devices come with so many safety doodads attached that it takes an act of determined negligence to cut off a finger or put out an eye. Helmeted to avoid concussions, GPS'ed up the wing-wang to make it impossible to get lost in the forest, protected by surveillance cameras around the clock, we now live in a fully airbagged world, where accidental death is blocked by technology at almost every juncture. The paradox of all this safety is that it ends up making a lot of us feel all the more unsafe when we?re reminded that random tragedies do happen?and to clamor for an even bigger airbag when they do, even though the rational mind tells us we?ve reached a diminishing point of returns on that investment. I?m not counseling anybody to ?get over? 9/11 and slough off new attacks as if they?re pinpricks. But neither am I encouraging everybody to throw themselves into a full 9/11 wallow every time a bomb explodes, even if it blows up right in Manhattan. The low, low risk that a terrorist attack might injure you may not deserve the round-the-clock coverage the current incident is getting. It deserves some, and the press should feel free to pick on the 9/11 scab as much as it likes?but it?s not too much to ask the press to toss a little ointment and a bandage on the wound every now and then. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Sep 20 06:50:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2016 11:50:37 -0000 Subject: [Infowarrior] - Apple trying to patent the paper bag Message-ID: <05B5CE65-6970-4854-9025-6C66C68F1A6C@infowarrior.org> INNOVATION! (It's the best, most beautiful, most powerful paper bag you've ever seen....) In defense of Apple owning the concept of a paper bag By Russell Brandom @russellbrandom Sep 19, 2016, 6:19p http://www.theverge.com/2016/9/19/12981950/apple-paper-bag-elegant-simple-refined -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Sep 20 07:40:19 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2016 12:40:19 -0000 Subject: [Infowarrior] - The Success of the Voter Fraud Myth Message-ID: <0E73D0B7-2888-405B-AF71-C96D113E15CF@infowarrior.org> The Success of the Voter Fraud Myth The Editorial Board http://www.nytimes.com/2016/09/20/opinion/the-success-of-the-voter-fraud-myth.html How does a lie come to be widely taken as the truth? The answer is disturbingly simple: Repeat it over and over again. When faced with facts that contradict the lie, repeat it louder. This, in a nutshell, is the story of claims of voting fraud in America ? and particularly of voter impersonation fraud, the only kind that voter ID laws can possibly prevent. Last week, a Washington Post-ABC News poll found that nearly half of registered American voters believe that voter fraud occurs ?somewhat? or ?very? often. That astonishing number includes two-thirds of people who say they?re voting for Donald Trump and a little more than one-quarter of Hillary Clinton supporters. Another 26 percent of American voters said that fraud ?rarely? occurs, but even that characterization is off the mark. Just 1 percent of respondents gave the answer that comes closest to reflecting reality: ?Never.? As study after study has shown, there is virtually no voter fraud anywhere in the country. The most comprehensive investigation to date found that out of one billion votes cast in all American elections between 2000 and 2014, there were 31 possible cases of impersonation fraud. Other violations ? like absentee ballot fraud, multiple voting and registration fraud ? are also exceedingly rare. So why do so many people continue to believe this falsehood? Credit for this mass deception goes to Republican lawmakers, who have for years pushed a fake story about voter fraud, and thus the necessity of voter ID laws, in an effort to reduce voting among specific groups of Democratic-leaning voters. Those groups ? mainly minorities, the poor and students ? are less likely to have the required forms of identification. Behind closed doors, some Republicans freely admit that stoking false fears of electoral fraud is part of their political strategy. In a recently disclosed email from 2011, a Republican lobbyist in Wisconsin wrote to colleagues about a very close election for a seat on the State Supreme Court. ?Do we need to start messaging ?widespread reports of election fraud? so we are positively set up for the recount regardless of the final number?? he wrote. ?I obviously think we should.? Sometimes they acknowledge it publicly. In 2012, a former Florida Republican Party chairman, Jim Greer, told The Palm Beach Post that voter ID laws and cutbacks in early voting are ?done for one reason and one reason only? ? to suppress Democratic turnout. Consultants, Mr. Greer said, ?never came in to see me and tell me we had a fraud issue. It?s all a marketing ploy.? The ploy works. During the 2012 election, voter ID laws in Kansas and Tennessee reduced turnout by about 2 percent, or about 122,000 votes, according to a 2014 analysis by the Government Accountability Office. Turnout fell the most among young people, African-Americans and newly registered voters. Another study analyzing elections from 2006 through 2014 found that voting by eligible minority citizens decreased significantly in states with voter ID laws and ?that the racial turnout gap doubles or triples in states? with those laws. There are plenty of shortcomings in the American voting system, but most are a result of outdated machines, insufficient resources or human error ? not intentional fraud. All of these are made only worse by shutting down polling places or eliminating early voting hours, measures frequently supported by Republican legislators. Those efforts are especially galling in a nation where, on a good day, only 60 percent of eligible voters show up to the polls. The truth is that those who created the specter of voter fraud don?t care about the integrity of the voting system; they want to undermine the rights of legitimate voters because that helps them win elections. The scary thing is how many Americans have bought into this charade. It shouldn?t be surprising that the Republican Party?s standard-bearer, Donald Trump, has elevated the lie about voting fraud and ?rigged elections? to a centerpiece of his campaign. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Sep 20 07:41:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2016 12:41:32 -0000 Subject: [Infowarrior] - Transition of Oversight of the IANA Functions: What is at Stake Message-ID: <0C7E4701-5D01-45FC-9CB7-D96264074598@infowarrior.org> Transition of Oversight of the IANA Functions: What is at Stake http://www.circleid.com/posts/20160914_transition_of_oversight_of_the_iana_functions_what_is_at_stake/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Sep 21 19:06:24 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Sep 2016 00:06:24 -0000 Subject: [Infowarrior] - Court: With 3D printer gun files, national security interest trumps free speech Message-ID: <9D75F7B8-9AF4-4036-BC51-073C47871471@infowarrior.org> Court: With 3D printer gun files, national security interest trumps free speech http://arstechnica.com/tech-policy/2016/09/court-groups-3d-printer-gun-files-must-stay-offline-for-now/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Sep 22 10:00:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Sep 2016 15:00:22 -0000 Subject: [Infowarrior] - =?utf-8?q?Yahoo_Will_Reveal_=E2=80=98Massive?= =?utf-8?q?=E2=80=99_Loss_of_User_Data=2C_Recode_Says?= Message-ID: <13384237-D056-4BA6-A443-6F6DEEFEB434@infowarrior.org> Yahoo Will Reveal ?Massive? Loss of User Data, Recode Says Edwin Chan edwininla Jordan Robertson jordanr1000 September 22, 2016 ? 3:07 AM EDT Updated on September 22, 2016 ? 8:45 AM EDT http://www.bloomberg.com/news/articles/2016-09-22/yahoo-will-soon-reveal-massive-loss-of-user-data-recode-says Yahoo! Inc. is preparing to disclose a ?massive? data breach of its main service, Recode reported, just as Verizon Communications Inc. prepares to take over the ailing internet company?s core assets. The break-in was ?widespread and serious? and is expected to be disclosed this week, the tech news website said, citing several anonymous sources close to the situation as saying. Yahoo didn?t respond to phone and e-mailed requests for comment outside of normal business hours. Such a revelation would confirm earlier reports that the same hacker who?d stolen data from LinkedIn was now selling information from 200 million Yahoo accounts on a dark web marketplace. The data up for sale included user names, scrambled passwords and birth dates and likely dated from 2012, Motherboard reported in August, citing the cyber-attacker, who went by the name Peace. Yahoo said at the time it was investigating the claim. It?s worth noting, however, that many of the stolen accounts in a sample of data obtained by Motherboard were no longer in use and had been canceled. The sale of all of the data for just under $2,000 also suggested that the information itself was of little value, either because most of it was obsolete, made-up, or useless because the hackers had already attacked legitimate accounts and exhausted their need for the data. Whatever the scale of the alleged breach, the incident shows the danger of large datasets spilling into the hacker underground and being used for criminal purposes for years without the breached companies knowing or taking minimal action based on whatever data hackers tell them was taken. LinkedIn said in May that it was investigating whether a breach of more than 6 million users? passwords in 2012 was bigger than originally thought, following a hacker?s attempt to sell what was purported to be login codes for 117 million accounts. The company said that it appeared more data was taken in the initial compromise and that the company was just learning about the larger amount through the hacker?s posting. Like many Internet companies that have been breached, LinkedIn only reset passwords of everyone it believed was part of the breach at the earlier time, which amounted to 6.5 million users. It?s unclear what steps, if any, Yahoo has taken since learning about the alleged compromise. Reports of the security breach come just as Chief Executive Officer Marissa Mayer is about to close a deal that ends the once-dominant internet firm?s independence. Verizon is acquiring its internet assets for $4.8 billion, bringing the web portal together with longtime rival AOL. The telecommunications company will pick up services that still draw 1 billion monthly users, including mail, news and sports content and financial tools. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 23 07:51:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Sep 2016 12:51:31 -0000 Subject: [Infowarrior] - Probe of leaked U.S. NSA hacking tools examines operative's 'mistake' Message-ID: Exclusive: Probe of leaked U.S. NSA hacking tools examines operative's 'mistake' By Joseph Menn and John Walcott | SAN FRANCISCO/WASHINGTON http://www.reuters.com/article/us-cyber-nsa-tools-idUSKCN11S2MF A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters. The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers. The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible. Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland. But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews. NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said. That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them. Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other's missteps. Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment. After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia. That could have helped identify rival powers? hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations. Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said. In this case, as in more commonplace discoveries of security flaws, U.S. officials weigh what intelligence they could gather by keeping the flaws secret against the risk to U.S. companies and individuals if adversaries find the same flaws. Critics of the Obama administration's policies for making those decisions have cited the Shadow Brokers dump as evidence that the balance has tipped too far toward intelligence gathering. The investigators have not determined conclusively that the Shadow Brokers group is affiliated with the Russian government, but that is the presumption, said one of the people familiar with the probe and a fifth person. One reason for suspecting government instead of criminal involvement, officials said, is that the hackers revealed the NSA tools rather than immediately selling them. The publication of the code, on the heels of leaks of emails by Democratic Party officials and preceding leaks of emails by former U.S. Secretary of State Colin Powell, could be part of a pattern of spreading harmful and occasionally false information to further the Russian agenda, said Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies. "The dumping is a tactic they've been developing for the last five years or so," Lewis said. "They try it, and if we don't respond they go a little further next time." (Reporting by Joseph Menn in San Francisco and John Walcott in Washington; Editing by Jonathan Weber and Grant McCool) -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 23 21:22:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Sep 2016 02:22:35 -0000 Subject: [Infowarrior] - W3C Refuses To Protect Security Researchers Studying DRM-Enabling Web Extension Message-ID: <906196FD-86FC-4331-B2BA-B120137B59D1@infowarrior.org> W3C Refuses To Protect Security Researchers Studying DRM-Enabling Web Extension, Claims WHATWG by Lucian Armasu September 23, 2016 at 3:35 PM - Source: WHATWG Blog http://www.tomshardware.com/news/w3c-refuses-protection-security-researchers,32748.html#xtor=RSS-181 Ian Hickson, who edits the HTML specification at the Web Hypertext Application Technology Working Group (WHATWG), called out the World Wide Web Consortium (W3C) for not offering security researchers legal protection when they report bugs in web DRM schemes. Hickson previously oversaw the standardization of the HTML5 specification at the W3C and also protested the W3C?s adoption of the DRM-enabling Encrypted Media Extensions (EME). EME?s Failed Promise Over the past few years, the W3C has been working on implementing an HTML extension that would bring DRM to the web. The EME standard was mainly promoted by Netflix. At the time, the company was trying to eliminate the need for the Silverlight plugin, which Microsoft was about to kill. The promise of EME was that users would be able to stream Netflix videos without having to install any other plugin or app on their computers. However, things didn?t go quite as promised, as according to Hickson, EME is itself a plug-in mechanism for proprietary DRM modules. You could also see that Firefox, for instance, has to load up both Adobe (Primetime) and Google?s (Widevine) DRM plugins for video to work. Therefore, EME didn?t get rid of plugins, but instead changed what plugins we need in order to play DRM-protected media. Instead of installing a Flash or Silverlight plugin, we?d now install the DRM plugins from other companies. Making The Legal Illegal Beyond EME?s failures, there?s also a long debate about how DRM isn?t stopping copyright infringements at all, but instead is used as a tool to control distributors and prevent people from using content in otherwise legally permissible ways (fair use doctrine in the U.S.). However, Hickson?s biggest problem with EME and its enabling of DRM on the web is with how the DMCA makes it illegal for security researchers to disclose vulnerabilities in DRM software without a vendor?s permission. Vendors may not always respond well to others finding vulnerabilities in their software. Sometimes, that may lead to software being vulnerable for too long if the bugs are hidden from the public. According to Hickson, browser security is bad enough as it is, and browsers are constantly getting exploited. Chilling the research on browser security would make things worse. WHATWG?s Proposal The WHATWG proposed that the W3C require each company working on the EME specification to sign an agreement in which they agree not to sue security researchers studying EME. According to the group, the W3C already requires a similar agreement for patents, and this new agreement would be an extension to that. The W3C has so far refused to require this, so Hickson?s group is now calling the W3C out for endangering the health of the web as a whole. Hickson?s letter to the W3C was co-signed by other WHATWG members such as Simon Pieters from Opera and Anne van Kesteren from Mozilla. The EFF (a member of the W3C) also called out the W3C earlier this year over the same issue. It has also been leading a parallel fight to kill Section 1201 of the DMCA once and for all, so that security researchers and anyone else would be free to tinker with DRM-enabled devices without fear of legal repercussions. W3C?s Charter Renewal The reason there are now new calls on W3C to agree to this ?DRM nonaggression covenant? is because the W3C?s charter will expire in less than a week, and it will have to be renewed. The last time the proposal to protect EME security researchers was made, the W3C board rejected it. The movement to fix this issue has grown much larger since then. There are now 20 W3C members who are willing to block the new charter unless the W3C agrees to protect security researchers from DMCA lawsuits, according to the EFF. So far, only a single browser vendor is supporting the EFF's and WHATWG's proposal--Brave, the new browser from Mozilla?s former CEO, Brendan Eich. Google and Microsoft were the co-creators of the Encrypted Media Extension, along with Netflix, so chances are they will also be among the last to support the DMCA protection agreement. We have contacted the W3C for an official response. About the author Lucian Armasu @lucian_armasu Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Sep 25 13:53:39 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Sep 2016 18:53:39 -0000 Subject: [Infowarrior] - =?utf-8?q?How_=E2=80=98if_you_see_something=2C_sa?= =?utf-8?q?y_something=E2=80=99_became_our_national_motto?= Message-ID: <5DE9C0E0-AD06-4DBA-A580-3E06254A2D63@infowarrior.org> How ?if you see something, say something? became our national motto By Hanson O'Haver https://www.washingtonpost.com/posteverything/wp/2016/09/23/how-if-you-see-something-say-something-became-our-national-motto/ This past week, Harry Bains became something of an American hero when he, in his words, ?saw something and said something.? The New Jersey bar owner spotted Ahmad Khan Rahami, the alleged terrorist charged with littering bombs across New York and New Jersey, sleeping in the doorway of his business. He immediately called the cops. ?If you see something, say something? has become the unofficial slogan of post-9/11 America. The mantra, posted on billboards and public transportation, turns us all into amateur anti-terrorism crusaders. Any of us, it suggests, could foil the next Osama bin Laden, as long as we stay alert. That?s not always a good thing. The expression makes us vigilant, but it also makes us paranoid. It?s turned us into a country of people who see danger lurking inside every forgotten backpack, making an in?cred?ibly remote risk feel imminent. Americans shouldn?t be encouraged to live in unreasonable fear. ?If you see something, say something? was born on Sept. 12, 2001. New Yorker and advertising executive Allen Kay came up with the phrase without a client in mind ? he wanted to create something positive in the days after the attack on the twin towers. ?The model that I had in my head was ?Loose Lips Sink Ships,??? Kay told the New York Times. ?I wasn?t born during World War II, but I sure knew the phrase and so did everybody else.? He jotted the idea on an index card and kept it in his office. A few months later, when the MTA needed a safety slogan, he passed it on. In 2002, the phrase was one of several warnings the agency focus-grouped for a new ad campaign on city subways and buses. Others included ?Be suspicious of things that look suspicious? and ?If you see a package without a person, don?t keep it to yourself.? ?If you see something, say something? was the favorite, and the agency adopted it that December. It got attention. Reports of suspicious packages in New York grew from 814 in 2002 to 37,614 in 2006. Since then, the MTA has spent $2 million to $3 million a year on slogan-adorned placards for trains, subway cars and buses, as well as radio and TV ads. In 2007, the agency even trademarked the slogan. ?If you see something, say something? has since been adopted by the Department of Homeland Security, the Transportation Security Agency, Amtrak, and cities like Chicago, San Francisco and Melbourne, Australia. The MTA doesn?t charge other entities that want to use the slogan, though it will reject applicants that want to broaden the focus too much. According to the Times, the MTA refused to license ?if you see something, say something? to a university that wanted to use it to tackle dorm burglaries. In recent months, a retooled campaign in New York featured the faces of locals who saw and said something. Is this really such a good thing? Today, the New York Police Department receives roughly 100 suspicious-package calls a day (that number has surged since the Chelsea bombing last weekend). The vast majority of those tips generate no terrorism leads. In fact, it?s not clear that the tip line has ever prevented an attack; authorities refuse to say. According to a New York Times analysis, no terrorist has been stopped because of the tipline. Some people even use the hot line to call in phony bomb threats. I worry, too, about a slogan that forces people to constantly imagine the worst. Today, 75 percent of Americans see terrorism as a ?critical concern,? according to a Public Religion Research Institute (PRRI)/Religion News Service poll, and nearly half are worried that they or someone in their families will be a victim of terrorism. ?The fear level seems terribly high given the actual likelihood of this happening to an individual. That speaks to the deep-seated feelings of anxiety that people have,? PRRI research director Dan Cox told USA Today. This even though since Sept. 11, 2001, terrorism in the United States has been extremely limited. According to New America, just 94 people have been killed in America by violent jihadist attacks in the past 15 years; 48 have been killed in far-right-wing attacks. In the same period, more than 500,000 people have died in car accidents. Identifying a real threat becomes even harder in a place like New York, where unaccompanied tanks of liquid nitrogen covered in warning signs are a regular sidewalk sight. Packages sit on doorsteps; should we really trust that it was FedEx that placed them there? Not to mention curbside piles of old luggage, discarded appliances and all those trash bags that could be hiding God knows what. It?s hard to look anywhere in New York and not see ?exposed wiring or other irregularities? ? on the MTA?s list of things that should prompt concern. Suggestions that we report suspicious behavior inadvertently encourage racial profiling. For example, college student Khairuldeen Makhzoomi, 26, was kicked off a Southwest Airlines flight in California after another passenger reported him for speaking Arabic. Texas ninth-grader Ahmed Mohamed was handcuffed at school after he brought in a homemade digital clock that looked, to some, like a homemade bomb. And if everyone who saw something said something, New York would cease to function. Case in point: investigations of suspicious packages have at times been a leading cause of subway delays. After 9/11, America vowed to never forget. But that doesn?t mean we should obsess constantly about the next attack. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Sep 25 15:33:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Sep 2016 20:33:31 -0000 Subject: [Infowarrior] - OT: Why Donald Trump Should Not Be President Message-ID: <9BCE905C-0651-4A1D-8582-8F9D56B8E633@infowarrior.org> Why Donald Trump Should Not Be President The Editorial Board http://www.nytimes.com/2016/09/26/opinion/why-donald-trump-should-not-be-president.html When Donald Trump began his improbable run for president 15 months ago, he offered his wealth and television celebrity as credentials, then slyly added a twist of fearmongering about Mexican ?rapists? flooding across the Southern border. From that moment of combustion, it became clear that Mr. Trump?s views were matters of dangerous impulse and cynical pandering rather than thoughtful politics. Yet he has attracted throngs of Americans who ascribe higher purpose to him than he has demonstrated in a freewheeling campaign marked by bursts of false and outrageous allegations, personal insults, xenophobic nationalism, unapologetic sexism and positions that shift according to his audience and his whims. Now here stands Mr. Trump, feisty from his runaway Republican primary victories and ready for the first presidential debate, scheduled for Monday night, with Hillary Clinton. It is time for others who are still undecided, and perhaps hoping for some dramatic change in our politics and governance, to take a hard look and see Mr. Trump for who he is. They have an obligation to scrutinize his supposed virtues as a refreshing counterpolitician. Otherwise, they could face the consequences of handing the White House to a man far more consumed with himself than with the nation?s well-being. Here?s how Mr. Trump is selling himself and why he can?t be believed. A financial wizard who can bring executive magic to government? Despite his towering properties, Mr. Trump has a record rife with bankruptcies and sketchy ventures like Trump University, which authorities are investigating after numerous complaints of fraud. His name has been chiseled off his failed casinos in Atlantic City. Mr. Trump?s brazen refusal to disclose his tax returns ? as Mrs. Clinton and other nominees for decades have done ? should sharpen voter wariness of his business and charitable operations. Disclosure would undoubtedly raise numerous red flags; the public record already indicates that in at least some years he made full use of available loopholes and paid no taxes. Mr. Trump has been opaque about his questionable global investments in Russia and elsewhere, which could present conflicts of interest as president, particularly if his business interests are left in the hands of his children, as he intends. Investigations have found self-dealing. He notably tapped $258,000 in donors? money from his charitable foundation to settle lawsuits involving his for-profit businesses, according to The Washington Post. A straight talker who tells it like it is? Mr. Trump, who has no experience in national security, declares that he has a plan to soundly defeat the Islamic State militants in Syria, but won?t reveal it, bobbing and weaving about whether he would commit ground troops. Voters cannot judge whether he has any idea what he?s talking about without an outline of his plan, yet Mr. Trump ludicrously insists he must not tip off the enemy. Another of his cornerstone proposals ? his campaign pledge of a ?total and complete shutdown? of Muslim newcomers plus the deportation of 11 million undocumented immigrants across a border wall paid for by Mexico ? has been subjected to endless qualifications as he zigs and zags in pursuit of middle-ground voters. Whatever his gyrations, Mr. Trump always does make clear where his heart lies ? with the anti-immigrant, nativist and racist signals that he scurrilously employed to build his base. He used the shameful ?birther? campaign against President Obama?s legitimacy as a wedge for his candidacy. But then he opportunistically denied his own record, trolling for undecided voters by conceding that Mr. Obama was a born American. In the process he tried to smear Mrs. Clinton as the instigator of the birther canard and then fled reporters? questions. Since his campaign began, NBC News has tabulated that Mr. Trump has made 117 distinct policy shifts on 20 major issues, including three contradictory views on abortion in one eight-hour stretch. As reporters try to pin down his contradictions, Mr. Trump has mocked them at his rallies. He said he would ?loosen? libel laws to make it easier to sue news organizations that displease him. An expert negotiator who can fix government and overpower other world leaders? His plan for cutting the national debt was far from a confidence builder: He said he might try to persuade creditors to accept less than the government owed. This fanciful notion, imported from Mr. Trump?s debt-steeped real estate world, would undermine faith in the government and the stability of global financial markets. His tax-cut plan has been no less alarming. It was initially estimated to cost $10 trillion in tax revenue, then, after revisions, maybe $3 trillion, by one adviser?s estimate. There is no credible indication of how this would be paid for ? only assurances that those in the upper brackets will be favored. If Mr. Trump were to become president, his open doubts about the value of NATO would present a major diplomatic and security challenge, as would his repeated denunciations of trade deals and relations with China. Mr. Trump promises to renegotiate the Iran nuclear control agreement, as if it were an air-rights deal on Broadway. Numerous experts on national defense and international affairs have recoiled at the thought of his commanding the nuclear arsenal. Former Secretary of State Colin Powell privately called Mr. Trump ?an international pariah.? Mr. Trump has repeatedly denounced global warming as a ?hoax,? although a golf course he owns in Ireland is citing global warming in seeking to build a protective wall against a rising sea. In expressing admiration for the Russian president, Vladimir Putin, Mr. Trump implies acceptance of Mr. Putin?s dictatorial abuse of critics and dissenters, some of whom have turned up murdered, and Mr. Putin?s vicious crackdown on the press. Even worse was Mr. Trump?s urging Russia to meddle in the presidential campaign by hacking the email of former Secretary of State Clinton. Voters should consider what sort of deals Mr. Putin might obtain if Mr. Trump, his admirer, wins the White House. A change agent for the nation and the world? There can be little doubt of that. But voters should be asking themselves if Mr. Trump will deliver the kind of change they want. Starting a series of trade wars is a recipe for recession, not for new American jobs. Blowing a hole in the deficit by cutting taxes for the wealthy will not secure Americans? financial future, and alienating our allies won?t protect our security. Mr. Trump has also said he will get rid of the new national health insurance system that millions now depend on, without saying how he would replace it. The list goes on: He would scuttle the financial reforms and consumer protections born of the Great Recession. He would upend the Obama administration?s progress on the environment, vowing to ?cancel the Paris climate agreement? on global warming. He would return to the use of waterboarding, a torture method, in violation of international treaty law. He has blithely called for reconsideration of Japan?s commitment not to develop nuclear weapons. He favors a national campaign of ?stop and frisk? policing, which has been ruled unconstitutional. He has blessed the National Rifle Association?s ambition to arm citizens to engage in what he imagines would be defensive ?shootouts? with gunmen. He has so coarsened our politics that he remains a contender for the presidency despite musing about his opponent as a gunshot target. Voters should also consider Mr. Trump?s silence about areas of national life that are crying out for constructive change: How would he change our schools for the better? How would he lift more Americans out of poverty? How would his condescending appeal to black voters ? a cynical signal to white moderates concerned about his racist supporters ? translate into credible White House initiatives to promote racial progress? How would his call to monitor and even close some mosques affect the nation?s life and global reputation? Would his Supreme Court nominees be zealous, self-certain extensions of himself? In all these areas, Mrs. Clinton has offered constructive proposals. He has offered bluster, or nothing. The most specific domestic policy he has put forward, on tax breaks for child care, would tilt toward the wealthy. Voters attracted by the force of the Trump personality should pause and take note of the precise qualities he exudes as an audaciously different politician: bluster, savage mockery of those who challenge him, degrading comments about women, mendacity, crude generalizations about nations and religions. Our presidents are role models for generations of our children. Is this the example we want for them? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Sep 26 06:07:34 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Sep 2016 11:07:34 -0000 Subject: [Infowarrior] - Google embraces the log-in, leaving cookies behind in new advertising updates Message-ID: <836786C0-6C20-467E-8EA8-9100014B55F8@infowarrior.org> Google embraces the log-in, leaving cookies behind in new advertising updates Ingrid Lunden https://techcrunch.com/2016/09/26/google-ads/?ncid=rss Google has been focusing for years now on finding better ways to track and measure ads as we switch from one device to another to consume media like TV, music or written articles like this one. And now, to coincide with Ad Week in New York this week, Google is revealing its latest moves in that effort: over the next few months the company will expand Brand Lift from measuring online video to cover TV; it?s letting businesses ad Google Maps data and photos to their ads; and in a very Facebook-like move, it is moving away from cookies and using logged-in data to track and market to users across multiple devices, apps and sites. To be clear, these are updates to existing products for Google, but taken together they are a sign of how the company is trying to shift how it identifies people in an ever-changing digital world that includes smartphones alongside computers and more traditional screens like TVs; and how it?s trying to harness more of its immense footprint across services like maps, email and Android to stay on top in advertising. Google has traditionally relied on cookies and mobile IDs to identify and track users for remarketing lists. But this isn?t effective enough for cross-device and cross-channel campaigns, which is why the company has been making the switch to logged-in data, something it first started to kick off a year ago with its launch of Customer Match, which matched up a businesses email lists with Google?s own databases of logged in users to figure out more about their customers and advertise to them more directly. Google is not throwing out cookies and declaring them completely stale, but it?s a clear move away from them. ?I call it the depreciation of the cookie,? McGowan, himself an ex-Googler who used to head up ad strategy at the company, told me. The reason for the shift has less to do with trends like the rise of ad blockers, which impacts the effectiveness of things like cookies. This could feasibly become an issue over time, but relatively speaking today these are used by a very small part of the population today. More to the point is the rise of Facebook and the growth of its own ad network and Facebook Custom Audiences, based on its own logged-in user data. Google may not have ever managed to build a successful social network of its own, but Gmail alone has over 1 billion logged-in users, and when you start to add in data from other services like Android, YouTube, Maps and Google Now (all of which also tie into your ID), you can see how Google has reached a tipping point where the cookie may not be as appetising as it used to be. The three updates today all point to how Google is upping its game with stronger ad tech to meet today?s media consumption trends. Brand Lift is a product that has been around since 2011 but up to now most of the updates have been around improving what and how it measures online video ads largely around the world?s biggest online video property, Google-owned YouTube. Given the work that other companies like Twitter have made to integrate and match up its online network with ?offline? or simultaneous TV watching (in order to better demonstrate to advertisers that it really does pay to have a presence on Twitter), it seems almost overdue and surprising that it?s only today that Google is extending Brand Lift to TV. Less surprising are Google?s claims of what it is finding from early tests of the product: it says that YouTube generates nearly twice as many searches per impression than TV. (This makes sense, since you are already online and it?s very easy to simply click on a video ad.) Regardless, there has been a longstanding disconnect between how popular offline media like TV and print remain for advertising (they still account for a majority of ad spend), and where it is that people are actually consuming that media. Advertisers would like to see more proof of what?s being viewed and where, and so this could help bridge that gap a little big more. Google says that initially it will work in the U.S. only but that it will extend to globally ?soon.? The second update points to another way that Google will be drawing in its Maps product closer to its advertising business. This is aimed at mobile advertising, and builds on location-based advertising that Google already provides, as well as metrics that Google already measures about whether a person who has searched for a store actually visits it and buys something. This is already a fairly extensive business for the search giant: based on data it already collects, Google says that today some 30% of smartphone users who visit a website or app on their phone buy something in a store within 24 hours. For starters, Google will now load up location-based interstitial and display ads with more actual location data. Based on a trial Google ran with Home Depot in a 15-mile radius of a Home Depot store it will work like this: advertisers will first target ads based on the physical location of where a user is doing a search. Google will draw on not just the location and a person?s previous search history, but also any other data it happens to have about that user and his/her interests based on its trove of ?lookalike? audience data. Then when the ad is served, users will get more location information around the company in question, including map links to make the visit a little more frictionless. And after a user visits a physical location, if they have their phone on them, Google will be able to track that and feed this back to the advertiser to measure the impact. To improve attribution, some of the other data points that Google picks up include ?micro-conversions? (like whether a user ever selected click-to-call from a search or Maps search; whether a user has ever tried to search for store directions; etc.) and also ?macro-conversions? (actual store sales). The third update, around cross-device remarketing ? will be how Google makes its ads more ubiquitous across different screens and different devices. Covering both the Google Display Network and DoubleClick Bid Manager, Google says it will give advertisers more transparency and control over how this is done. It will also give it a stronger play against the likes of Facebook?s own strong data set around its own users. Google?s example of how this will work is a Halloween campaign: in the morning a user may see an ad for a sale on costumes in the morning while reading the news on her smartphone. In the evening, when on a tablet, that same user can now be served an ad from the same company while browsing on a tablet or computer, this time with a specific offer. In the past, advertisers could serve ads in this way only across specific devices because of the use of cookies and Android IDs, and otherwise the best that they could get was data on how their ads were being viewed. Now, with logged-in data, it looks like control of the ad experience will extend to a far wider range of places to track and sell to you. On that note, while it sounds potentially a little more big brother, it also means that you can opt out of the tracking by logging out. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Sep 29 17:36:24 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Sep 2016 22:36:24 -0000 Subject: [Infowarrior] - U.S. set to hand over Internet address book Message-ID: <3EA88A3D-D5D1-40C5-9A56-B3E74824A81F@infowarrior.org> U.S. set to hand over Internet address book Elizabeth Weise, USATODAY 6:23 p.m. EDT September 29, 2016 http://www.usatoday.com/story/tech/news/2016/09/29/icann-iana-internet-address-book-autonomous-department-of-commerce-ip-address-transition-internet-corporation-for-assigned-names-and-numbers/91281960/ SAN FRANCISCO ? The United States doesn?t own the Internet, but it?s held the oversight contract for the organization that runs its address book for many years. That?s set to change Friday. The U.S. contract with the non-profit organization in charge of all Internet domain names expires then. At that point it will become independent and autonomous, owned by international stakeholders in the Internet community. These include technical, industry and governmental advisory committees, internet users and telecommunications experts. The move has been opposed by some officials and lawmakers like Sen. Ted Cruz who say America is ?giving away the Internet.? On Thursday the attorneys general of Arizona, Oklahoma, Texas and Nevada filed a lawsuit asking a Federal district court to block the transition, alleging that it amounts to giving up U.S. government property, among other complaints. At issue is oversight of the Internet Corporation for Assigned Names and Numbers, or ICANN. Created in 1988, the non-profit is based in Los Angeles. One of its main jobs, done by ICANN's Internet Assigned Numbers Authority department, is to coordinate the Domain Name System that matches address such as usatoday.com with their actual computer addresses, in this case 66.61.174.185. To do that and other work, ICANN has a budget of more than $126 million a year. Started with a clipboard It began as a simple list of what names were assigned to what numbers, known as Internet Protocol addresses and was originally kept on a clipboard by Jon Postel, a famed computer scientist at the University of Southern California. Jon Postel, shown in this undated photo, the Internet pioneer who wielded enormous influence managing technical details of the global computer network. Postel kept the original list of names and numbers that evolved into today's Internet address system. (Photo: Associated Press) The 28-year-old contract for ICANN has been held by the U.S. Commerce Department's National Telecommunications and Information Administration but is not scheduled to be renewed on Sept. 30 when it comes to an end. At that point ICANN will become an autonomous non-profit. Very little will change with the handover. The staff and protocols will remain the same. The only thing that changes is that the Department of Commerce will no longer be approving every change to the domain name root file, the master list of Internet addresses that allows the Internet to function. ICANN was always meant to become independent. However, under President George W. Bush, the Department of Commerce backed away from that, saying in 2005 that it would ?maintain its historic role in authorizing changes or modifications to the authoritative root zone file.? Snowden legacy Efforts to make it truly neutral and global came back into the fore in 2013, after National Security Agency whistleblower Edward Snowden's revelations about the depth of U.S. Internet surveillance. That pushed ICANN to being working on a new transition proposal. Some in the United States argue that the Internet has always belonged to the United States and that the handover is illegal and dangerous. Cruz, a Republican from Texas and a former candidate for the GOP presidential nomination, has been very vocal in his belief that the move will harm the freedom of the Internet. ?The likes of Russian President Vladimir Putin, Iran?s Ayatollah Ali Khamenei and Chinese President Xi Jinping should not dictate what can be read, written, distributed, bought and sold on the Internet,? he wrote in an op-ed for The Washington Post when the plan was first discussed. A last-ditch effort by Cruz to stop it from taking effect failed this week when it was not included in a stop-gap spending bill to keep the government open. Who owns the Internet? A U.S. Government Accountability Office report issued September 12 found that the Internet "address book" was not U.S. government property. Others dispute that such censorship would even be possible. The new entity that is scheduled to take over control on October 1 is run through consensus and includes multiple stakeholders from many countries, said Milton Mueller, a professor in the school of public policy at the Georgia Institute of Technology and a long-time participant in ICANN?s volunteer advisory groups. ?It?s not like Russia and China suddenly have more power than anyone else. All the governments in the room have to agree to give advice to ICANN, but it?s non-binding. ICANN can not take the advice, particularly if all the other stakeholder groups strongly object to it,? said Mueller. ?Their argument has been that ?We are the bulwark of freedom in the world and if we let go of this, the Internet will go to hell.? How much of them really believe that and how many are just exploiting this to make the Obama administration look bad isn?t clear to me,? said Mueller. While the Department of Commerce had been very hands off in its oversight of the contract, at least it provided a sort of safety valve, said Mark Grabowski, a professor of Internet law at Adelphi University, in Garden City, New York. ?You knew if anything really went wrong you?d have the U.S. government to step in,? he said. He expects any chances to be very gradual. ?We really won?t know for three to five years whether this was something to worry about or not, whether the proponents can truthfully say ?We told you so,? or the people who were critical had a point,? Grabowski said. Read or Share this story: http://usat.ly/2dqhHDW -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 30 20:42:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 01 Oct 2016 01:42:54 -0000 Subject: [Infowarrior] - New U.S. 'secret' clearance unit hires firm linked to 2014 hacks Message-ID: <9264262E-FD42-4FC9-A7C0-42B98B198DEF@infowarrior.org> You really can't make this stuff up..... --rick U.S. | Fri Sep 30, 2016 | 5:14pm EDT New U.S. 'secret' clearance unit hires firm linked to 2014 hacks By Mark Hosenball | WASHINGTON http://www.reuters.com/article/us-usa-security-background-idUSKCN1202M6 A U.S. government bureau set up to do "secret" and "top secret" security clearance investigations has turned for help to a private company whose login credentials were used in hack attacks that looted the personal data of 22 million current and former federal employees, U.S. officials said on Friday. Their confirmation of the hiring of KeyPoint Government Solutions by the new National Background Investigations Bureau (NBIB) comes just days ahead of the bureau's official opening, scheduled for next week. Its creation was spurred, in part, by the same hacks of the Office of Personnel Management that have been linked to the credentials of KeyPoint, one of four companies hired by the bureau. The officials asked not to be named when discussing sensitive information. KeyPoint representatives did not respond to requests for comment sent by email and left on the company CEO's voice-mail. A spokesman for OPM said the agency in the past has said in public statements and in congressional testimony that a KeyPoint contractor's stolen credentials were used by hackers to gain access to government personnel and security investigations records in two major OPM computer breaches. Both breaches occurred in 2014, but were not discovered until April 2015, according to investigators. OPM Director Katherine Archuleta resigned in mid-2015 amid scrutiny of the agency's cybersecurity practices. KeyPoint is one of four companies hired by the new NBIB to do field interviews for security clearance investigations, OPM and officials said earlier in September. One U.S. official familiar with the hiring of KeyPoint said personnel records were hacked in 2014 from KeyPoint and, at some point, its login credentials were stolen. But no evidence proves, the official said, that the KeyPoint credentials used by the OPM hackers were stolen in the 2014 KeyPoint hack. Earlier this month, OPM said it was awarding four contracts for "investigative fieldwork" to KeyPoint, CACI Premier Technology Inc, SCRA LLC and Securitas Critical Infrastructure Services. OPM said the four companies were the only ones to bid for the investigation contracts. A congressional investigator noted that after OPM fired one major investigations contractor, the agency's backlog in processing clearance investigations increased. OPM officials said on Thursday one aim for NBIB is to reduce processing time for "top secret" clearances to 80 days from 170 days and for "secret" clearances to 40 days from 120 days. (Editing by Kevin Drawbaugh and Dan Grebler) -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Sep 1 07:43:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 Sep 2016 12:43:48 -0000 Subject: [Infowarrior] - Dropbox hack leads to leaking of 68m user passwords Message-ID: Dropbox hack leads to leaking of 68m user passwords on the internet Wednesday 31 August 2016 06.43 EDT Last modified on Thursday 1 September 2016 05.36 EDT https://www.theguardian.com/technology/2016/aug/31/dropbox-hack-passwords-68m-data-breach Popular cloud storage firm Dropbox has been hacked, with over 68m users? email addresses and passwords leaking on to the internet. The attack took place during 2012. At the time Dropbox reported a collection of user?s email addresses had been stolen. It did not report that passwords had been stolen as well. The dump of passwords came to light when the database was picked up by security notification service Leakbase, which sent it to Motherboard. The independent security researcher and operator of the Have I been pwned? data leak database, Troy Hunt, verified the data discovering both his account details and that of his wife. Hunt said: ?There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can?t fabricate this sort of thing.? Dropbox sent out notifications last week to all users who had not changed their passwords since 2012. The company had around 100m customers at the time, meaning the data dump represents over two-thirds of its user accounts. At the time Dropbox practiced good user data security practice, encrypting the passwords and appears to have been in the process of upgrading the encryption from the SHA1 standard to a more secure standard called bcrypt. Half the passwords were still encrypted with SHA1 at the time of the theft. ?The bcrypt hashing algorithm protecting [the passwords] is very resilient to cracking and frankly, all but the worst possible password choices are going to remain secure even with the breach now out in the public,? said Hunt. ?Definitely still change your password if you?re in any doubt whatsoever and make sure you enable Dropbox?s two-step verification while you?re there if it?s not on already.? The original breach appears to be the result of the reuse of a password a Dropbox employee had previously used on LinkedIn, the professional social network that suffered a breach that revealed the password and allowed the hackers to enter Dropbox?s corporate network. From there they gained access to the user database with passwords that were encrypted and ?salted? ? the latter a practice of adding a random string of characters during encryption to make it even harder to decrypt. Dropbox reset a number of users? passwords at the time, but the company has not said precisely how many. The hack highlights the need for tight security, both at the user end ? the use of strong passwords, two-step authentication and no reuse of passwords ? and for the companies storing user data. Even with solid encryption practices for securing users? passwords, Dropbox fell foul of password reuse and entry into its company network. Leading security experts recommend the use of a password manager to secure the scores of unique and complex passwords needed to properly secure the various login details needed for daily life. But recent attacks on companies including browser maker Opera, which stores and syncs user passwords, and password manager OneLogin, have exposed the dangers of using the tool. Picking the right password manager is just as crucial and using one in the first place. A Dropbox spokesperson said: ?There is no indication that Dropbox user accounts have been improperly accessed. Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012. We can confirm that the scope of the password reset we completed last week did protect all impacted users.? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 2 07:46:34 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Sep 2016 12:46:34 -0000 Subject: [Infowarrior] - Want to Lead? Talk to the Media Message-ID: <481219B6-097A-4717-9CAC-054B607D0211@infowarrior.org> (c/o MM) Want to Lead? Talk to the Media http://www.defenseone.com/ideas/2016/09/want-lead-talk-media/131243/?oref=d-river By Robert T. Hastings, Jr. Read bio September 1, 2016 American voters deserve to be informed by their candidates and generals. Press conferences, specifically those held by political candidates, are ?probably the best way to guarantee the public?s interest is served,? wrote Brian Beutler in The New Republic. That?s true. Beutler was referring to Hillary Clinton and her campaign?s almost pathological desire to avoid holding a press conference. Of course, there?s no law that makes them compulsory for political candidates. She?s not obligated. But from my perspective as a voter and the Pentagon?s former senior public affairs official, it sure would be nice to know how the former secretary of state ? who aspires to highest office in the world ? will handle tough questions in an uncontrolled environment. This isn?t about law. It?s about our values. Unfortunately, Donald Trump is no better. While Trump holds press availabilities nearly non-stop, his antipathy toward the press has a chilling effect on reporters. He blackballs entire outlets, even reputable, storied organizations like The Washington Post. He beats them into submission (figuratively), while his followers are abusive (literally). On Thursday, one Trump supporter spit on NBC?s Katy Tur. This is unacceptable. But the real losers aren?t in the media. The real losers are American voters. We?re not getting the information to which we?re entitled because both candidates have failed to respect the important role the press plays in our society. Before serving as a political appointee in the Department of Defense, I served over 20 years in uniform. So I understand politics, secrecy, and the need to be careful about what information is shared with the public ? especially when it?s not in the proper context. But here?s what gets me spun up: in government, we have an obligation to be truthful and forthright. Period. An informed public is essential to the framework of our democracy. Whether you?re a young Army public affairs officer or a seasoned political campaign manager, you can?t just do what your boss tells you to every time. You have to speak up. We have a tradition of transparency in this country and those in public service must live up to it. As a captain, I went in and said as much to three-star generals. And, yes, you win some and lose some. But the default must always be toward maximum disclosure to the public with minimum delay. That?s a bedrock principle of American democracy. Civil servants, political appointees, and campaign operatives must understand this. Since leaving government, this problem?this hostility toward the media?is something I?ve now heard expressed many times by colleagues in the press and in federal service. Written responses to questions are replacing in-person or even phone interviews. Prepared statements are replacing actual statements, or press briefings. Background briefings are replacing on-the-record attribution. Social media postings are replacing true media engagement. While we see it most plainly with our current presidential candidates, the last several years have seen a steady retreat by many government agencies under the Obama administration away from engagement and transparency. Likewise, it?s not just political rhetoric the public needs to know. Another current test of transparency facing the White House and the military is the war on ISIS, which has operated for two years under unprecedented secrecy due to the president?s heavy dependence on special operations forces and the military?s refusal to embed journalists under their protection in dangerous Iraq and Syria, even at training bases. I hope it?s not too late to change this. Both presidential campaigns have that opportunity. Perhaps they would do well to remember what President John F. Kennedy once said many years ago: ?A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.? Our leaders should not fear the people?or the press. Robert T. Hastings, Jr., served as acting assistant secretary of defense for public affairs from 2008 to 2009. He also served more than 20 years in the U.S. Army as a helicopter pilot, retiring as a colonel. He is currently the executive vice president for communications and government affairs at Bell Helicopter. The views expressed in this column are his alone and do not necessarily reflect those of his employer. Follow Bob on Twitter at @RTHastingsJr. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 2 07:48:55 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Sep 2016 12:48:55 -0000 Subject: [Infowarrior] - OT: Good luck with that. Message-ID: <3CBAD068-9CCF-430A-B7EE-A25C083956A8@infowarrior.org> Trump volunteers must read[1] sign a 2271-word contract to never disparage anything Trump-related, ever. Paras 2 and 3 are particularly amusing, if not unenforceable and/or maybe even illegal? Maybe someone should make *him* sign something similar regarding ethnic groups, come to think of it. [1] Not only read, but read/understand what essentially is a ToS document. (Which few people in the world actually do anyway.) Volunteers Must Pledge Oath To Never Disparage Trump Or Family http://crooksandliars.com/2016/09/volunteers-must-pledge-oath-never The pledge: https://talk.donaldjtrump.com/User/NonDisclosureAgreement -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 2 13:23:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Sep 2016 18:23:12 -0000 Subject: [Infowarrior] - DHS's New Election Cybersecurity Committee Has No Cybersecurity Experts Message-ID: <432B9AB2-205B-4A27-A3D4-9194E16C5FA0@infowarrior.org> Surprised, I am not. Expected, this was. --- rick DHS's New Election Cybersecurity Committee Has No Cybersecurity Experts https://www.techdirt.com/articles/20160902/06412735425/dhss-new-election-cybersecurity-committee-has-no-cybersecurity-experts.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Sep 5 16:11:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Sep 2016 21:11:18 -0000 Subject: [Infowarrior] - =?utf-8?q?The_FBI=E2=80=99s_latest_mission=3A_Be_?= =?utf-8?q?cool_enough_to_recruit_hackers?= Message-ID: (Dear Director Comey: Try eliminating your agency's historic culture of smug arrogance and inability to work well with others as well, and you might get some good fresh talent. --rick) washingtonpost.com The FBI?s latest mission: Be cool enough to recruit hackers By Andrea Peterson https://www.washingtonpost.com/news/the-switch/wp/2016/09/02/the-director-of-the-fbi-explains-his-agencys-quest-to-be-cool-enough-to-recruit-hackers/ The FBI has struggled for years to attract enough fresh hacker talent to defend America's computers. One problem? A culture clash between elite coders who are attracted to casual ? or even rebellious workplaces ? and the agency's bureaucratic reputation. Or, as FBI Director James B. Comey recalled his daughter's explanation of the issue at a recent speech: ?Dad, the problem is you?re 'the Man,' " she said. "Who would want to work for 'the Man?' ? His daughter was right, he said. But the agency is trying to get more hip to attract recruits who will help the agency keep pace with a digital landscape in constant flux, according to Comey. "We?re working very hard inside the FBI to be a whole lot cooler than you may think we are," he said during his remarks at a Symantec Government Symposium this week. The agency hasn't added "beanbags and granola and a lot of whiteboards" ? stereotypical hallmarks of West Coast start-up culture ? at least not yet, Comey said. "But we?re working very hard at marching in that direction, so that when this talent comes into our organization we are open to having them make us better ? in a way that connects us and them to our mission more closely," he said. Despite outreach at high profile hacker conferences like Black Hat and DefCon, recruitment of tech whiz kids by law enforcement and intelligence agencies has been hampered in recent years. One issue is that they have to compete with private sector gigs that can offer better salaries and benefits. But fallout over surveillance programs revealed in Snowden documents and the FBI's legal battle to get Apple to help it break into a locked iPhone used by one of the shooters in the San Bernardino, Calif., attacks has also made government work a hard sell to some. And another cultural staple of hacker culture has further limited the FBI's recruitment pool: Marijuana use. Comey even addressed the issue during remarks at the White Collar Crime Institute in 2014, according to the Wall Street Journal. "I have to hire a great workforce to compete with those cybercriminals, and some of those kids want to smoke weed on the way to the interview," he said. The FBI was "grappling with the question" of how to approach cannabis and coders at the time, he said. But current hiring rules still require applicants to be pot-free for three years before joining the agency ? so it doesn't look like the FBI's quest for cool has pushed it to change its tune about blazed candidates just yet. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Sep 6 06:32:15 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Sep 2016 11:32:15 -0000 Subject: [Infowarrior] - German spies violated law, must delete XKeyscore database Message-ID: <0C48877A-054C-45DE-8CBB-FC3BFF48B44E@infowarrior.org> German spies violated law, must delete XKeyscore database?watchdog Glyn Moody (UK) - 9/5/2016, 10:02 PM http://arstechnica.com/tech-policy/2016/09/german-spies-broke-law-must-delete-xkeyscore-database-says-watchdog/ Germany's spies seriously violated the country's laws multiple times, according to a secret report from its federal data protection commissioner Andrea Vo?hoff. The legal analysis, leaked to Netzpolitik, was made in July 2015 following a visit by data protection officials to Bad Aibling in southern Germany, in the wake of Edward Snowden's revelations about surveillance activities there. Bad Aibling is jointly run by Germany's intelligence agency, the Bundesnachrichtendienst (BND), and the NSA. As well as listing 18 serious legal violations, and filing 12 formal complaints?the German data watchdog's most severe legal instrument?the secret report said that the BND created seven databases without the appropriate legal approval. As a result, commissioner Vo?hoff said that all seven databases should be deleted, and could not be used again. Significantly, one of the illegal databases used the XKeyscore software, sometimes called the NSA's Google. As Ars reported last year, it was known that the BND had a copy of this program, but the Netzpolitik leak appears to provide details of the huge scale on which it was used: For the SIGINT [signal intelligence] collection, i.e. as so-called front-end system, XKEYSCORE?using freely definable and linkable selectors [keywords]?scans [?] the entire Internet traffic worldwide, i.e. all meta and content data contained in Internet traffic, and saves selected Internet traffic data (e-mails, chats, content from public social media, media, as well as non-public?i.e. not visible to the normal user?messages in Web forums, etc.) and hence all persons appearing in this Internet traffic (sender, receiver, Web forum member, member of social networks, etc.). In real time, XKEYSCORE makes these Internet traffic data?attributed to its users?readable and analysable for an agent. One consequence of scanning the entire Internet is that information about many innocent individuals was gathered, according to the report: Because of its [?] systematic conception, XKEYSCORE?indisputedly?collects [?] also a great number of personal data of irreproachable persons. The BND is not capable of substantiating their number [?]. In one case I checked, the ratio was 1:15, i.e. for one target person, personal data of fifteen irreproachable persons were collected and stored, which were?indisputedly?not required by the BND to fulfill its tasks [?]. Vo?hoff said that the BND not only broke German law by using XKeyscore, but also because it sent the information it gathered to the US: "The content and metadata collected via XKEYSCORE are transferred to the NSA, following an automatic clearing of information falling under the G-10 law (G-10 assessment). These transmissions are additional severe violations of fundamental rights." The data transfer was on a huge scale?some 14 million items every day. As Ars reported a year ago, handing over data to the NSA was part of the deal for the BND to obtain the XKeyscore software. The new leak provides details about how the BND tried to sanitise the information it sent to the NSA, using a data filtering system called DAFIS, which was supposed to remove all data originating from German citizens and individuals as required by article 10 of the German constitution. However, the data protection commissioner concluded that filtering wasn't perfect which meant that transfers had breached German law. The report reveals that the BND built another database that was even bigger than the one generated using XKeyscore, known as VERAS 6, which stored all metadata of every communication for three months. As a result, the BND was once again breaking the law by storing information about innocent members of the public: "By diverting and collecting all metadata of all traffic on a communication line, the BND also stores and uses metadata of communication traffic by irreproachable persons which are not necessary to fulfill the BND?s mission. This means metadata of irreproachable persons is also stored in VERAS 6 and used for metadata analysis." According to the secret report, the BND was not limited to a few "hops" of metadata to connect individuals, but could extend the graph indefinitely: "All persons having a connection to a directly relevant person, or if their metadata are stored because of a geographical perspective are indirectly relevant for the BND. The connection to a directly relevant person can be established over any amount of hops. VERAS 6 does not have a restriction. " The construction of social graphs in this way will also be possible in the UK thanks to the Investigatory Powers Bill, which will require ISPs to store everyone's metadata. The similarity between the UK and German government's approach to spying in fact runs deeper. Just as the so-called Snoopers' Charter aims to put surveillance activities by UK spies on a firmer legal footing, so the German government has proposed a new law that would effectively legalise the activities criticised so harshly by Vo?hoff in the leaked report. According to Netzpolitik, the legislative package is scheduled to be adopted this year and will probably come into effect at the start of 2017. Meanwhile, peers in the House of Lords will return on Monday afternoon to continue to scrutinise the IPB at committee stage following summer recess. This post originated on Ars Technica UK -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Sep 7 09:54:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Sep 2016 14:54:00 -0000 Subject: [Infowarrior] - Hillary Clinton Thinks Real-World Military Responses To Hacking Attacks Are A Nifty Idea Message-ID: <3BC69A49-A0EE-4A66-B8CC-A290560B8AE9@infowarrior.org> Hillary Clinton Thinks Real-World Military Responses To Hacking Attacks Are A Nifty Idea from the bombing-for-the-lulz dept https://www.techdirt.com/articles/20160901/14363235418/hillary-clinton-thinks-real-world-military-responses-to-hacking-attacks-are-nifty-idea.shtml While hacking and "cybersecurity" threats have long been used to justify awful government policy, the entire concept is clearly about to be turbocharged. With the rise in hacking attacks on the DNC, many were quick to call for renewed cyberattacks on Russia despite the fact that hard, transparent proof of Russian nation state involvement remains hard to come by (the idea being unsound either way). But in a speech last week, Presidential hopeful Hillary Clinton took things one step further by suggesting that she'll make it an administration goal to respond to cyberattacks with real-world military force: "As President, I will make it clear that the United States will treat cyberattacks just like any other attack. We will be ready with serious political, economic, and military responses," she told the attendees, largely made up of veterans and their supporters. "We are going to invest in protecting our governmental networks and our national infrastructure," she continued. "I want us to lead the world in setting the rules in cyberspace. If America doesn't, others will." There are several things wrong with this narrative. The US government and Western media seem to frequently go out of their way to imply that the United States is an innocent little hacking daisy, nobly defending itself from a wide variety of evil international threats. But as we saw with Stuxnet, the United States is very often the country doing the attacking, often with major negative impact on countries, companies and civilians worldwide. That the US has the moral high ground on cybersecurity is little more than a stale meme, and it needs to be put out of its misery. And granted, while Clinton was clearly trying to appeal to her veteran audience at the American Legion National Conference (most of whom likely can't tell a terabyte from T-Mobile), America's moral cybersecurity superiority was on proud display all the same: "We need to respond to evolving threats from states like Russia, China, Iran and North Korea," Clinton said in the speech. "We need a military that is ready and agile so it can meet the full range of threats and operate on short notice across every domain ? not just land, sea, air and space but also cyberspace. "You've seen reports. Russia's hacked into a lot of things, China has hacked into a lot of things. Russia even hacked into the Democratic National Committee, maybe even some state election systems. So we have got to step up our game. Make sure we are well defended and able to take the fight to those who go after us." Again, you'll note that the United States is portrayed as an innocent and noble defender of cybersecurity freedom, when it's the one often engaging in frequently-unprovoked attacks the world over. Of course, Clinton and friends are well aware that the vast majority of the time it's impossible to know where an attack came from, and any hacker worth his or her salt simply doesn't leave footprints. That makes a real-world military or economic response to a nebulous, usually-unprovable threat simply idiotic. You'd assume Clinton knows this and was just doing some light pandering to the audience. But this rhetoric alone is still dangerous in that it opens the door wide to using hacking -- much like communism and Islamic extremism and numerous "isms" before them -- as a nebulous, endlessly mutable justification for a litany of bad US behavior. You could, for example, covertly hack a government, publicize its hacking response to your hack, using the press to help you justify military action. Given the US and global media's historical complicity in helping governments begin wars with jack shit for evidence, it shouldn't be hard to see how hacking is going to be a useful bad policy bogeyman du jour for decades to come. Despite some repeated, painful lessons on this front stretching back generations, forcing the government to show its math before it resorts to violence is simply not the US media's strong suit. And with hacking and cybersecurity being subjects the press and public are extra-violently ignorant about, we've created the opportunity for some incredible new sleight of hand when it comes to framing and justifying US domestic and international policy. If history is any indication, by next time this year we'll be blaming everything under the sun on Russian hackers because after all, two anonymous senior government officials said so. Healthy skepticism will be our ally as we stumble down the rabbit hole. While it's no surprise that Russia, like the United States is deeply-involved in nation state hacking, you'll note that actual evidence linking the Putin Administration to the recent rise in US hacking attacks remains fleeting. Most reports simply cite a single anonymous US government source, or security firms with a vested interest in selling services and products. That's not to say Putin and friends aren't busy hacking the US, but whether a country is responding to similar attacks by the United States (pdf) -- or is actually involved at all -- is rather important to transparently document before you begin trotting out awful new policies or worse, real world bombs. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Sep 8 09:42:21 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Sep 2016 14:42:21 -0000 Subject: [Infowarrior] - DRM products are defective by design. Time to tell users what they're buying Message-ID: DRM products are defective by design. Time to tell users what they're buying The Electronic Frontier Foundation is calling for the labelling of products encumbered with digital rights management ? an increasingly important issue as we trust technology with our lives Cory Doctorow in Los Angeles Thursday 8 September 2016 09.00 EDT https://www.theguardian.com/technology/2016/sep/08/drm-product-labelling-ftc-electronic-frontier-foundation Digital products are weird: they are inert without software to animate them, and software is so technologically and legally weird that it can be very hard to know exactly what you?re buying. But there just might be some clarity on the horizon, thanks to documents I recently filed with the Federal Trade Commission (FTC), signed by the Electronic Frontier Foundation (EFF), several publishers and public interest groups and 20 EFF supporters with important (and alarming!) stories to tell. In 1998, the US Congress enacted the Digital Millennium Copyright Act (DMCA), whose Section 1201 makes it a felony to bypass or tamper with ?access controls? (today we call these ?DRM? or ?digital rights management?). Originally this was used to ensure that no one reconfigured their games console to play unofficial games (meaning that the console maker could extract fees from games companies without fear of competition) and that DVD players weren?t modified to play out-of-region discs. But software proliferated and the DMCA wasn?t far behind. Manufacturers of all descriptions realised they could control competition and create a powerful, state-enforced lock-in by skinning their products with DRM, and DRM crept into cat-litter pans, thermostats, cars, tractors, voting machines, coffee machines, pacemakers, and, of course, ebooks, video games, music and videos. Add DRM to a car and you can control which mechanics can access its diagnostics and fix it. Add DRM to, say, a cat-litter pan and you can force customers to buy fresh perfume cartridges on the regular, ensuring a continuing revenue stream ? any attempt to bypass the perfume-checking function (refilling the cartridge with unscented water, replacing it with a third-party cartridge) can be detected with software and stopped cold. Any customer or competitor who bypasses the system is a potential felon. What for-profit company wouldn?t take advantage of such a sweet offer from the government? I?ve battled DRM for decades. It offends me because I believe that when you buy things, you should be able to use and adapt them in ways that suit your needs, even if that cuts into the bottom line of the manufacturer. It scares me, too: laws like DMCA 1201 have been used to punish and threaten security professionals who have revealed defects in products. As DRM creeps into products that we literally entrust with our lives, we absolutely cannot afford to have structural impediments to the speedy disclosure of information about defects that make those products unfit for use. When you fight DRM, its advocates will tell you that people don?t mind DRM ? after all, look at all the DRM-encumbered products they buy! It?s true that a lot of people buy DRM-locked products, but that doesn?t mean they don?t mind it. It could just as easily mean that they don?t realise that they?re getting DRM when they buy, or that they don?t know which DRM they?re getting and what it does. In EFF?s request for an FTC investigation into DRM labelling practices, we highlight the stories of 20 Americans who bought products where they were not notified of the existence of DRM ? or were partially notified, but with insufficient detail about what the DRM was taking away from them. These people found that the games they bought permanently disabled their DVD recorder drives, or that their travel books couldn?t be read while travelling, or that the videos they purchased wouldn?t play back on their monitors or in their classrooms. In our open letter on DRM labelling ? a letter signed by a diverse coalition of rights holders, public interest groups, and publishers ? we ask the FTC to take action to ensure that people know what they?re getting when they buy products encumbered with DRM. DRM-free publishers love this idea, because where DRM-labelling prevails, customers overwhelmingly favour DRM-free products. But DRM-encumbered publishers should also love this, because they keep telling us that people don?t mind DRM. One significant challenge to DRM labelling is that the restrictions imposed by DRM can be incredibly complex ? a video may play back on most manufacturers? displays, but not all, and not at every resolution, and not if the video player believes that it is running in a virtual machine or has been relocated to a different country. What?s more, most modern DRM is designed for ?renewability? ? which is a DRM-vendor euphemism for a remote kill-switch. These DRM tools phone home periodically for updates, and install these updates without user intervention, and then disable some or all of the features that were there when you bought the product. Apple repeatedly did this with iTunes, while Nintendo designed the 3DS game system to render itself permanently inoperable if an update detected evidence of tampering. This means that any solution the FTC comes up with will require extensive disclosures from the more baroque DRM schemes ? which is as it should be. You can?t consent without being informed, and the entire basis for taking away our rights with DRM products is that we?re consenting when we ?choose DRM?. All of this is just a sticking plaster, of course. The real solution is to reform the laws that protect DRM ? DMCA 1201 in the US, EUCD Article 6 in the EU, among others ? to ensure that doing legal things with your own property remains legal. The fact that this principle needs legal protection tells you how bonkers the whole thing is. That?s why EFF has filed a lawsuit against the US government seeking to invalidate Section 1201 of the DMCA. Until that judgment is in, though, labelling serves an important purpose: warning customers when they?re buying a product that?s defective by design. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Sep 8 14:55:15 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Sep 2016 19:55:15 -0000 Subject: [Infowarrior] - Fwd: HP sells a software business References: <20160908192110.68F83A06E5A@palinka.tinho.net> Message-ID: <0F27BB8E-E42F-41B3-8FEF-BC242311ABCD@infowarrior.org> > Begin forwarded message: > > From: dan > > [ isn't this about half of HP's employee base? ] > > > http://www.bbc.co.uk/news/business-37303066 > > UK tech firm Micro Focus is buying the software business of a > division of Hewlett-Packard for $8.8bn. > > The deal makes Micro Focus one of the UK's biggest tech companies, > with total annual revenues of $4.5bn. > > It is acquiring assets from Hewlett Packard Enterprise (HPE), > including former UK tech champion Autonomy which HP bought in an > ill-fated deal in 2011. > > Micro Focus was promoted to the FTSE 100 last week, replacing ARM > after it was bought by Japan's Softbank. A string of acquisitions > has turned Micro Focus, based in Berkshire, England, from being a > relatively small player to being worth over 5bn, with revenues > doubling in 2015. > > Shares in Micro Focus closed 14.5% higher at 22.38 after jumping > as much as 21%, making it the biggest riser on the FTSE 100. > From rforno at infowarrior.org Thu Sep 8 18:22:55 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Sep 2016 23:22:55 -0000 Subject: [Infowarrior] - WH names first federal CISO Message-ID: <3C27A44E-D0EB-40DC-A904-72FC69762A98@infowarrior.org> (x-posted) http://federalnewsradio.com/people/2016/09/white-house-names-first-federal-chief-information-security-officer/ White House names first federal chief information security officer The White House named Brigadier General (retired) Greg Touhill as the first federal chief information security officer, and Grant Schneider as the first acting deputy CISO. Touhill comes to the new role from the Homeland Security Department, where he is the deputy assistant secretary for cybersecurity and communications in the Office of Cybersecurity and Communications (CS&C). Schneider has been on detail to the Office of Management and Budget since 2014 after serving seven years as the chief information officer at the Defense Intelligence Agency. The White House announced the creation of a federal CISO in the Cybersecurity National Action Plan in February. ?In his new role as Federal CISO, Greg will leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies,? wrote Michael Daniel, the Special Assistant to the President and Cybersecurity Coordinator and Tony Scott, the federal chief information officer, in a Sept. 8 blog post. ?Greg will lead a strong team within OMB who have been at the forefront of driving policy and implementation of leading cyber practices across federal agencies, and is the team that conducts periodic cyberstat reviews with federal agencies to insure that implementation plans are effective and achieve the desired outcomes.? Touhill has spent the last two-and-a-half years at DHS where he also served as acting director of the National Cyber and Communications Integration Center (NCCIC) for a time. Before coming to DHS, Touhill served as CIO and director of C4 systems for the U.S. Transportation Command, CIO of the Air Mobility Command and director of C4S for the U.S. Central Command Air Forces. Touhill served in the Air Force for 21 years before retiring in May 2005. Schneider, who many in the community thought was the leading candidate to be federal CISO, has been at OMB on detail for two years, which would end in October. He served as federal cybersecurity advisor at OMB, spent time at the Office of Personnel Management working on its cyber challenges and since January has been the director of government cybersecurity for the National Security Council. The federal community has been waiting and wondering about the status of the federal CISO since the White House first announced its plans in February. The concern has been how much impact this person could have in a short amount of time. OMB says the federal CISO is a political position and the deputy CISO is a career position. Touhill will have about four-and-a-half months as Federal CISO. This becomes the fifth initiative to get traction under the CNAP, including the request for the $3.1 billion IT Modernization Fund and the cybersecurity workforce strategy. ?Strong cybersecurity depends on robust policies, secure networks and systems and, importantly, a cadre of highly skilled cybersecurity talent,? Daniel and Scott wrote. ?Building on the Cybersecurity Workforce Strategy to identify, recruit, and retain top talent, the CISO will play a central role in helping to ensure the right set of policies, strategies, and practices are adopted across agencies and keeping the federal government at the leading edge of 21st century cybersecurity.? Industry reaction to the White House naming Touhill is positive. ?Gen. Touhill is a great choice for our country?s first-ever federal chief information security officer,? said Tanium vice president, Ralph Kahn in an email comment. ?He knows how to bring the public and private sectors together to tackle the challenge of securing our nation?s networks while always looking around the bend to the newest threats and solutions. We look forward to working with him.? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 9 11:26:58 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Sep 2016 16:26:58 -0000 Subject: [Infowarrior] - Wells Fargo Opened a Couple Million Fake Accounts Message-ID: (the whole article is worth reading. --rick) Wells Fargo Opened a Couple Million Fake Accounts Sep 9, 2016 6:30 AM EDT By Matt Levine Two basic principles of management, and regulation, and life, are: ? You get what you measure. ? The thing that you measure will get gamed. Really that's just one principle: You get what you measure, but only exactly what you measure. There's no guarantee that you'll get the more general good thing that you thought you were approximately measuring. If you want hard workers and measure hours worked, you'll get a lot of workers surfing the internet until midnight. If you want low banking bonuses and measure bonus-to-base-salary ratios, you'll get high base salaries. Measurement is sort of an evil genie: It grants your wishes, but it takes them just a bit too literally. Anyway, yesterday Wells Fargo was fined $185 million by various regulators for opening customer accounts without the customers' permission, and that is bad, but there is also something almost heroic about it. There's a standard story in most bank scandals, in which small groups of highly paid traders gleefully and ungrammatically conspire to rip-off customers and make a lot of money for themselves and their bank. This isn't that. This looks more like a vast uprising of low-paid and ill-treated Wells Fargo employees against their bosses. The Consumer Financial Protection Bureau, which fined Wells Fargo $100 million, reports that about 5,300 employees have been fired for signing customers up for fake accounts since 2011. Five thousand three hundred employees! You'd have a tough time organizing 5,300 people into a conspiracy, which makes me think that this was less a conspiracy and more a spontaneous revolt. The Los Angeles City Attorney, which got $50 million (the Office of the Comptroller of the Currency got the other $35 million), explained the employees' grievances in a complaint last year: < -- > https://www.bloomberg.com/view/articles/2016-09-09/wells-fargo-opened-a-couple-million-fake-accounts -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 9 11:28:03 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Sep 2016 16:28:03 -0000 Subject: [Infowarrior] - OpEd: WTF WFC Message-ID: WTF WFC Posted September 9, 2016 by Joshua M Brown http://thereformedbroker.com/2016/09/09/wtf-wfc/ So angry at Wells Fargo I?m thinking about closing all fourteen of my checking accounts there. ?? ? Downtown Josh Brown (@ReformedBroker) September 9, 2016 I was going to do my regular linkfest today but it occurred to me that there?s nothing else worth talking about in the wake of yesterday?s bombshell reports about Wells Fargo. The recently created Consumer Financial Protection Bureau (CFPB) fined the bank $185 million for a widespread fraud wherein salespeople ? thousands and thousands of them ? opened around 2 million unnecessary new accounts for its customers in order to meet internal sales targets. Wells Fargo then fired 5300 employees who were involved. Fifty-three-hundred employees. When I first read the story, I almost couldn?t believe it. Almost. But then I remembered everything I?ve been told by people working at the major banks. How they?re regularly whipped to cross-sell loans to their wealth management customers, credit cards to their banking clients, insurance products to their brokerage accounts, etc. It?s bad. These are the metrics that Wall Street wants to see and they?re the yardstick by which executives are judged. So the decree goes out across the land and the rank-and-file employee incentives are set accordingly. And then, as these things always go, someone takes it too far. In this case, a lot of someones. Is this the Super Bowl of identity theft? How do we even process this? If 5300 employees are involved ? and needed to be terminated ? along with millions of accounts, then many people higher up in the food chain had to be aware. Or at least deliberately unaware: ?Don?t loop me in, just hit the goddamn targets.? I have a few thoughts as this thing unfolds publicly? ? Are you f***ing serious? Was the Great Financial Crisis so long ago that all chasteness and propriety are already out the window? This scam has been apparently going on for five years, according to the articles covering the story. Which means it began within a few months of the end of the crisis and all of the congressional hearings and investigations that occurred in its wake. These people are fearless. ? The Chairman & CEO of Wells Fargo made $19.3 million last year, most of which came in the form of ?performance bonus? pay. He made the same the year before. And what?s even better is that the company gets a write-off for paying that bonus in the form of stock options as opposed to cash, which means its effectively subsidized by taxpayers. Here?s how that works. ? Of the 5300 people fired, how many were just following orders, being pushed by upper management to do this in order to satisfy whomever is up the tree diagram from them? How many even knew they were doing something wrong? Were any senior people shown the door? Who is the highest ranking executive, if any, to have been thrown out? ? You guys know who pays the $185 million fine, right? Not the executives. The shareholders. That?s you. Wells Fargo is America?s most valuable bank by market cap at $250 billion. It?s held by Vanguard, BlackRock, Fidelity and virtually every other fund company in existence, which means you are indirectly a shareholder if you have a 401(k). Lots of ordinary investors hold the common stock of Wells Fargo in their personal accounts outright. Many more own it in mutual funds or ETFs. You?re paying. You. ? Speaking of shareholders, do you know who the biggest holder is? None other than Warren Buffett?s Berkshire Hathaway. He has almost 9% of the company, holding roughly 440 million shares. In another era, Buffett found himself embroiled in a financial scandal as the Chairman of investment bank Salomon Brothers. There was a Treasury-fixing scam and Buffett found himself testifying before congress in 1991 about it. He said this: ?Lose money for the firm, and I will be understanding; lose a shred of reputation for the firm, and I will be ruthless.? Okay, I think this qualifies as ?a shred of reputation??I wonder how the ruthless part will manifest itself. We know he?s not going to sell his stake, as he?s a great admirer of the bank and its business. So who feels the wrath of Warren? ? What happened here seems to be wholly consistent with one of the continuing messages of this blog ? incentives explain everything. For gods sake I wrote about it yesterday! And a month ago! If you tie people?s pay or employment to a given outcome, you?re going to get more of that outcome. Which is fine, but there will be unintended consequences that may or may not be foreseen. In this case, ruthless new account opening targets led to 2 million fraudulently created accounts. Which is unbelievable, unfathomable. Until you remember that just a decade ago the same thing was happening with lending and mortgages. ? This is way worse than JP Morgan?s ?London Whale? thing. That didn?t touch anyone outside of a handful of traders in a remote office. This one involves ordinary people, lots of ?em. The scope of it is amazing, even if the dollar amount is not terribly consequential. Just the idea that something like this could be so widespread, within one of the most respected companies in America, is mind-boggling. Anyway, these are some of the thoughts I had in reaction to the whole thing. But now, the punchline: As of this writing, just before the market opens, Wells Fargo shares are flat. I wouldn?t be surprised if it actually ended higher on the day. The fine is paid, a lot of people get fired and everyone learns a lesson, for at least a few minutes. Then business as usual. A smaller financial institution or brokerage firm would be bankrupted for something like this. For something much less than this. Wells, however, will be just fine. That?s just the way it is. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 9 21:53:21 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Sep 2016 02:53:21 -0000 Subject: [Infowarrior] - Report: New Feinstein-Burr encryption effort in works Message-ID: <304BEAC6-9934-4B91-94EC-D23CF15C891D@infowarrior.org> Report: New Feinstein-Burr encryption effort in works By Joe Uchill - 09/09/16 05:04 PM EDT http://thehill.com/policy/cybersecurity/295236-report-new-feinstein-burr-encryption-effort-in-works Legislation from Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) meant to curb the use of encryption rendering data unable to be accessed by law enforcement is being revived, a security blog reports. Julian Sanchez, a Cato Institute fellow who co-edits the Just Security blog, says he has seen a moderately rewritten version of the Compliance with Court Orders Act that the senators have been circulating. The Feinstein?Burr legislation as introduced in April was intended to make sure law enforcement and intelligence agencies could read encrypted data with a warrant. The bill stated that, if data were encrypted ?by a feature, product, or service owned, controlled, created, or provided? by some technology company, that company had to be able to decrypt the data or provide ?technical assistance.? The new bill, says Sanchez, narrows that focus to encryption ?controlled? by a company, striking the words ?owned,? ?created? and ?provided.? The bill exempts critical infrastructure and no longer applies to intelligence agencies or the military. It also says companies only have to give reasonable efforts to decrypt data. The original Feinstein?Burr caused a stir in a tech industry that believes putting ?backdoors? into encryption fundamentally makes all data vulnerable, including all internet commerce. Online banking, for example, encrypts data as it goes from customer to bank and back to prevent eavesdropping criminals from stealing passwords or altering transfer orders. The computer security community consensus is that there is no way to provide a backdoor securely because it adds a new key that can be stolen; many note that extremely sensitive NSA cyberweapons were hacked despite the NSA?s strength in protecting leaks. It also makes computer code more complex in ways that increase the odds hackers might find ways to break the encryption on their own. These concerns, paired with an unenthusiastic public, ultimately torpedoed the bill. But many high-profile legislators, including Burr, Feinstein and Sen. John McCain (R-Ariz.), argue that without some compromise, law enforcement will be unable to retrieve valuable evidence. Sanchez, who opposed the original bill, notes in the blog that the second bill is ?[p]otentially a good deal narrower than the original version of the bill, and therefore not subject to all the same objections that [the first] met with. Still a pretty bad idea.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Sep 10 17:52:28 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Sep 2016 22:52:28 -0000 Subject: [Infowarrior] - Remembering Lives and Liberties Lost 15 Years Ago Message-ID: <439C1F78-ADA6-4C79-9EFC-5A789B37BD48@infowarrior.org> September 11: Remembering Lives and Liberties Lost 15 Years Ago http://reason.com/blog/2016/09/09/september-11-remembering-lives-and-liber Fifteen years later, we really do have "nothing to fear but fear itself" Ronald Bailey|Sep. 9, 2016 6:00 pm The terrorist hijackings of four airline flights and subsequent crashes into the World Trade Center towers, the Pentagon and a field in Pennsylvania took place 15 years ago this weekend. We still mourn the nearly 3,000 Americans who were murdered then and share the sorrow of those who lost family and friends. Those attacks, however, changed our country in ways that have significantly undermined our cherished liberties. The indignity of imposing TSA security theater at airports is the least of it. Security checkpoints are everywhere requiring citizens to show ID and undergo screenings by metal detectors in order to enter practically all public and many private buildings. But even worse are the secret erosions of our rights as citizens not to be surveilled by our government. We now know that the federal government is engaged in pervasive unconstitutional domestic spying on essentially all Americans. The monetary costs of "Homeland Security" are estimated to run about $75 billion per year. The "black budget" of the federal government's "intelligence community" exceeds $52 billion annually. The percentage of it that is spent on spying on Americans is not clear, but is certainly billions, if not tens of billions. Since the September 11 atrocities, 94 Americans have been killed in domestic attacks by violent jihadists, which are the kind of attacks against which our elaborate security apparatus purports to protect us. And doubtlessly, some of those efforts have been effective. For example, the conservative Heritage Foundation maintains a database that claims that there have been 89 jihadist plots in the U.S., including both successful and thwarted ones since 9/11. It should be noted that many of the plots in the Heritage database were instigated in "sting" operations by uncover law enforcement agents. In any case, the New America Foundation lists 10 in which people were killed. To get some idea of the risks to American lives that have allegedly been fended off by surrendering our liberties and our tax dollars, let's do a few rough calculations. For a worst case scenario, let's assume that the 79 unsuccessful terrorist attacks had been instead as bad as the Orlando Florida massacre earlier this year, that is, 49 dead. If all those plots had succeeded that would mean 3,871 Americans would been killed by jihadists over the past 15 years. That would mean that your chance of being killed in a terrorist attack would be 1 in 83,182 during that time. While not directly comparable, that's in the same ballpark as your lifetime risk of dying in a shark attack or of a lightning strike. To get a far more reasonable estimation, let's average the number of deaths per successful terrorist attack since 9/11. That would be about 9 deaths multiplied by 79 attacks yielding 711 deaths since 9/11. Your risk of dying of terrorism would therefore be 1 in 452,883 over the past 15 years. Another way to think about it is about 2.5 million Americans die annually which adds up to 37.5 million since 9/11, which means that actual jihadist attacks have accounted for only 0.00025 percent of deaths in the U.S. over the past 15 years. Forgetting for the moment the costs to our liberties, let us calculate the cost per life saved by the vast amounts our government spends on anti-terror security. Researchers at Brown University estimate that Homeland Security expenditures have been $548 billion higher - this is not counting the $5 trillion in post-9/11 war expenditures - than the trajectory they were on prior to the 9/11 attacks. This means that homeland security spending has been about $142 million per death averted, assuming my high calculation of 3,871 possible terrorism deaths since 9/11. That rises to $771 million per life saved from terrorism using my lower figure of 711 deaths. The usual threshold for setting the benefits and costs of a safety regulation is about $10 million per life saved. Setting aside mere tax dollars, the costs of 9/11 to our liberties are incalculable. Instead of calming and urging us to defend our values, our leaders opted to instill fear and ultimately have given the terrorists their greatest victory: The ongoing of corrosion of our individual freedoms and constitutional rights. As we solemnly remember those who died 15 years ago of those despicable atrocities, let us renounce fear and vow to defend our liberties against all enemies foreign and domestic. Ronald Bailey is a science correspondent at Reason magazine and author of The End of Doom (July 2015). -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Sep 10 17:53:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Sep 2016 22:53:26 -0000 Subject: [Infowarrior] - more on ... Re: Wells Fargo Opened a Couple Million Fake Accounts In-Reply-To: <20160910140317.GA5800@gsp.org> References: <20160910140317.GA5800@gsp.org> Message-ID: <09B9E6F7-D3CC-405F-B929-7757D1FCA4A9@infowarrior.org> -- It's better to burn out than fade away. > On Sep 10, 2016, at 10:03, xxxxxx.... > > How in the world did their internal (and external) auditors miss this? > Or were they in on it? > > If they missed it, have they been fired? > If they're in on it, have they been fired? > > Are we really supposed to believe these were 5K independent actors? > That there was no organization, no structure to this? > > If there's enough evidence for WF to fire 5K people, then is there > enough evidence to prosecute 5K people? > > Who's getting the bonuses for terminating 5K employees and thereby > reducing overhead? > > Why should we believe that this is the first/only time this has happened? > > Is anybody looking very closely at WF's peers? > > How many minutes until the class-action lawsuit is filed? > > ---xxxxx (who was briefly a WF customer when I inherited my dad's small > portfolio, but bailed quickly -- something that WF made it as hard as > possible to do) > From rforno at infowarrior.org Sun Sep 11 09:18:16 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Sep 2016 14:18:16 -0000 Subject: [Infowarrior] - Fifteen Years After 9/11, Neverending War Message-ID: Fifteen Years After 9/11, Neverending War Alex Emmons 2016-09-11T02:10:49+00:00 https://theintercept.com/2016/09/10/fifteen-years-after-911-neverending-war/ In the days after the Sept. 11, 2001, terrorist attacks, when Congress voted to authorize military force against the people who ?planned, authorized, committed, or aided? the hijackings, few Americans could have imagined the resulting manhunt would span from West Africa all the way to the Philippines, and would outlast two two-term presidents. Today, U.S. military engagement in the Middle East looks increasingly permanent. Despite the White House having formally ended the wars Iraq and Afghanistan, thousands of U.S. troops and contractors remain in both countries. The U.S. is dropping bombs on Iraq and Syria faster than it can make them, and according to the Pentagon, its bombing campaign in Libya has ?no end point at this particular moment.? The U.S. is also helping Saudi Arabia wage war in Yemen, in addition to conducting occasional airstrikes in Yemen and Somalia. Fifteen years after the September 11 attacks, it looks like the war on terror is still in its opening act. The drawdown of U.S. forces in Iraq and Afghanistan only revealed how little war has achieved and how much damage it has inflicted. In Afghanistan, the Taliban now holds more territory than it has at any point since 2001. One poll from 2016 found that more than 90 percent of young people in Iraq now consider the United States an ?enemy? of their country. The Islamic State, which was largely created by the U.S. invasion of Iraq, controls vast swaths of territory in Iraq, Syria, and Libya, and has demonstrated an emboldened capability to orchestrate attacks in Europe. In June, CIA Director John Brennan told Congress that ?despite all our progress against ISIL on the battlefield and in the financial realm, our efforts have not reduced the group?s terrorism capability and global reach.? Al Qaeda, the original enemy, today controls territory in Yemen and Somalia, but it is no longer considered a priority. In the span of one year, for example, the U.S.-backed war in Yemen quadrupled the size of al Qaeda in the Arabian Peninsula ? the terror group?s most dangerous offshoot. The CIA has continued to arm Syrian rebels, despite the fact that those weapons have found their way to a former al Qaeda affiliate. Retired General David Petraeus, formerly the commander of U.S. forces in Iraq and Afghanistan, actually suggested arming al Qaeda directly to help fight ISIS. Despite the lack of progress, the last 15 years of war have come at a horrific cost. The U.S. lost nearly 2,300 service members in Afghanistan, and nearly 4,500 in Iraq. Hundreds of thousands were forever damaged. Those figures do not include at least 6,900 U.S. contractors and at least 43,000 Afghan and Iraqi troops who lost their lives. The death toll in the countries the U.S. attacked remains untallied, but conservative estimates range from the hundreds of thousands to well over a million. Add to that the hundreds of people tortured in U.S. custody, and thousands killed by U.S. drones in Yemen, Pakistan, and Somalia. The financial cost of the War on Terror is incalculable. The Iraq and Afghan wars, including the medical costs for veterans, are estimated to end up costing the U.S. at least $4 trillion dollars. Intelligence budgets have doubled, on top of more than $800 billion spent on ?homeland security.? Billions of dollars have been wasted on fruitless projects ? like a failed plan to install radiation detectors at airports, which cost the government $230 million. The Department of Homeland Security wasted $1.1 billion on a ?virtual fence? of sensors along the Mexican border before scrapping the program. The examples go on and on. The CIA paid one contractor $20 million to build a program that could discover encoded terrorist messages in Al Jazeera news broadcasts. Just last year, the Pentagon spent $43 million on one gas station in Afghanistan. Two contract psychologists were paid $80 million for designing the CIA?s torture program. After 15 years, the only winners in the War on Terror have been the contractors. At home, the War on Terror has become a Constitutional nightmare. The U.S. has adopted a practice of indefinitely detaining terror suspects. Police departments across the country secretly import military grade spy equipment. Courts have ruled that families cannot sue to get their children off government kill lists. NSA whistleblower Edward Snowden revealed that the U.S. has become the largest surveillance state in history. In the 2016 presidential campaigns, torture has become one party?s applause line, in no small part due to President Obama?s failure to prosecute the architects of the Bush-era torture program. Bombing multiple countries in the Middle East has become business as usual, and often goes unreported. On August 1, for example, the day the Obama administration announced a new bombing campaign against ISIS in Libya, American journalists were far more occupied with post-convention election polls than they were with the new war. All of this foreshadows a war that could stretch 10, 20, or 50 more years. As the U.S. shifts its strategy towards bombing and away from ground troops, media engagement with the wars diminishes, and it is all too easy to forget about our permanent state of war. But the victims of U.S. violence are unlikely to forget, creating a potentially endless supply of new enemies. Top Photo: The Tribute in Light illuminates the sky behind the 9/11 Memorial on September 10, 2014. Contact the author: Alex Emmons?alex.emmons@?theintercept.comt at AlexanderEmmons -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Sep 11 10:02:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Sep 2016 15:02:32 -0000 Subject: [Infowarrior] - The Case Against James Comey Message-ID: <78B92203-8A2E-4137-83C8-5D53DE7601A6@infowarrior.org> The Case Against James Comey By Riley Roberts With hard, hooded eyes and a pugilistic bearing, J. Edgar Hoover?s official portrait glowers?face fixed in a bulldog scowl?down the hallways of the FBI?s Washington headquarters. Even the building itself?a crumbling brutalist cathedral, windowless at street level and wreathed in security cameras?seems to evoke something of the man, its namesake, who bent the bureau to his will during the terms of eight presidents, from Coolidge to Nixon. Hoover never so much as crossed the threshold of the office where his latest successor, James Comey, now works. Yet the edifice and the institution remain haunted by Hoover?s legacy of unchecked power, which rendered him judge, jury and executioner of anyone who came into his sights. The FBI?s history is divided into two distinct epochs: Hoover and post-Hoover. After Hoover?s death in office in 1972, Congress enacted laws designed to curtail the abuses?from illegal wiretaps and ?black bag? jobs to campaigns of intimidation and blackmail?that defined his 48-year reign. Of the six directors who have followed, all but one have projected far lower profiles, eschewing the dramatic assertions of power that made Hoover so dangerous. Only James Comey, the seventh and current FBI director, has strayed from this well-worn path. On the surface, there are few direct parallels between Comey, a widely respected former prosecutor, and his most infamous predecessor. Where Hoover was pugnacious and inscrutable?lurching, hunched and furtive, between power and paranoia?the 55-year-old Comey is affable and open, with a reputation for honesty and a well-known aversion to politics. Yet there is a growing consensus that Comey has wielded the powers of the directorship more aggressively than anyone since Hoover?to the consternation, and even anger, of some of his colleagues. Since taking office, Comey has repeatedly injected his views into executive branch deliberations on issues such as sentencing reform and the roots of violence against police officers. He has undermined key presidential priorities such as crafting a coherent federal policy on cybersecurity and encryption. Most recently, he shattered longstanding precedent by publicly offering his own conclusions about the FBI?s investigation into Hillary Clinton?s email. (The FBI did not respond to a request for comment.) It would be difficult to argue?in terms of temperament, manner, or motivation?that he is, or ever will be, the next J. Edgar Hoover. But increasing numbers of critics believe he has displayed a worrying disregard for the rules and norms that have constrained all but one of his predecessors, straying with blithe confidence?and with increasing regularity?across the fine line that separates independence from unaccountability. These concerns were only whispered about until July, when the FBI director?s public disposition of the Hillary Clinton email investigation stoked national controversy. Since then, even some of Comey?s supporters have been forced to concede that his exercise of power has been without precedent in the post-Hoover era. Among dozens of current and former Justice Department officials, this realization has given way to a rising sense of alarm: that our next president will find Comey just as untouchable as Hoover once was?and perhaps nearly as troublesome. ?[Comey] is totally acting inappropriately,? says criminal defense attorney Nick Akerman, a former U.S. attorney and special assistant Watergate prosecutor. ?There?s no question about it.? < - > http://www.politico.com/magazine/story/2016/09/james-comey-fbi-accountability-214234 -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Sep 12 14:18:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Sep 2016 19:18:38 -0000 Subject: [Infowarrior] - Stingray manuals published Message-ID: <2636D1B1-32BF-47C2-8A35-75FFB588F2C1@infowarrior.org> Long-Secret Stingray Manuals Detail How Police Can Spy on Phones Sam Biddle 2016-09-12T18:33:47+00:00 Harris Corp.?s Stingray surveillance device has been one of the most closely-guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile-phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet. < - > https://theintercept.com/2016/09/12/long-secret-stingray-manuals-detail-how-police-can-spy-on-phones/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Sep 13 07:21:52 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Sep 2016 12:21:52 -0000 Subject: [Infowarrior] - Adblock Plus is Launching an Ad Exchange Message-ID: <1753D639-F097-425D-9C7B-958D2A8DE472@infowarrior.org> Adblock Plus is Launching an Ad Exchange ?Acceptable Ads Platform? will let advertisers reach users of ad blockers, with help from Google and AppNexus Jack Marshall Sept. 13, 2016 8:00 a.m. ET http://www.wsj.com/articles/adblock-plus-is-launching-an-ad-exchange-1473768022 Eyeo GmbH, the company behind the popular online ad blocking software Adblock Plus, said Tuesday it?s launching an online advertising service to help marketers place ?acceptable? ads in front of users with ad blockers turned on. Eyeo has partnered with ad tech firm ComboTag to create an automated ad marketplace, often referred to as an ad exchange, the companies said. Publishers can sign up for the marketplace, called the ?Acceptable Ads Platform,? and use it to sell and place ad space on their webpages. ?Acceptable ads? are allowed to pass through Adblock Plus?s filters by default, provided they aren?t too intrusive or disruptive to users. The Acceptable Ads Platform will contain only ads that abide by its Acceptable Ads criteria, which dictate the size, placement and labelling of ads, Eyeo said. Google Inc. and ad tech specialist AppNexus will also have a hand in helping to sell ad space from the new platform, by offering it up to potential buyers through their own online ad exchanges. All of the companies in the chain, including Eyeo, ComboTag, Google and AppNexus will take a cut of the revenue generated from the ads they help to sell and place on publishers? sites through the program. The remainder will be passed to publishers, Eyeo said. In a statement, Google said, ?We review the validity and quality of inventory made available on our platform, but have no knowledge of ComboTag or Eyeo?s SSP arrangements.? An AppNexus spokesperson confirmed that the company is helping to sell ad space from the Acceptable Ads Platform across its platform. Ad buying behemoth WPP has an ownership stake in both AppNexus and ComboTag. Many publishers have railed against ad blocking as a technology that robs them of ad revenue. Some industry executives have had harsh words for Adblock Plus, whose business model they say effectively involves putting up a barrier to ads on publishers? sites, and then asking for payment to take that barrier down. Eyeo disputes that assessment and says it is just looking out for the best interests of web users who are tired of being overwhelmed by internet advertising that slows down their web surfing and pitches products they don?t want. The company is billing its new ad exchange as a way to help publishers recoup ad revenues lost because of ad blocking, by ?monetizing ad blocker users with alternative, less intrusive ads.? ?There are two ecosystems of online consumers out there right now: the one composed of people who block intrusive ads and the other where people do not,? Eyeo Chief Executive Till Faida said in a statement. ?The Acceptable Ads Platform lets publishers reach the former group without changing anything about how they?re reaching the latter.? Over a quarter of U.S. internet users now employ online ad-blocking software on their desktop computers, according to recent research commissioned by the Interactive Advertising Bureau. Ad-blocking affects some websites more than others. Some gaming-related websites, for example, say their audiences now block large portions of their advertising. The Acceptable Ads Platform has been in beta for around a month with a dozen publisher sites, according to ComboTag chief executive Guy Tytunovich. During that time the prices of the ads it has sold via Google and AppNexus have ?skyrocketed,? Mr. Tytunovich said, because advertisers are eager ?to tap into users that are tech savvy and blocking advertising.? In total ads from some 700 companies, including advertisers, publishers and ad networks, meet Eyeo?s acceptable ads policy, a spokesperson for the company said. Eyeo already accepts payment from around 70 companies in exchange for letting their ads through its filter. The Acceptable Ads Platform could allow Eyeo to scale up that ?whitelisting? process, which could result in more revenue for the company. ComboTag?s Mr. Tytunovich said his company has devised an automated tool to quickly and easily determine whether or not ads meet Eyeo?s Acceptable Ads criteria. Whitelisting ads used to take weeks, but now happens in seconds, the companies said. Advertisers will not be able to target ads via the Acceptable Ads Platform using the granular behavioral data many have become accustomed too, however, to preserve user privacy and security. Rather, they?ll have a limited set of information with which to target their ads, including the domain on which an ad would appear; the device, browser and operating system on which it?s being loaded; and the geographical location it?s being loaded from. Eyeo declined to disclose which companies are on its ?whitelist??those that escape ad-blocking. According to a person familiar with the company?s business relationships, paying customers of Eyeo include Google Inc., Microsoft Corp. and Taboola. Write to Jack Marshall at Jack.Marshall at wsj.com -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Sep 13 14:21:27 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Sep 2016 19:21:27 -0000 Subject: [Infowarrior] - IOS 10 OTA update reportedly bricking phones Message-ID: Warning: iOS 10 is reportedly screwing up people?s phones [Update] by Bryan Clark ? in Apple After releasing iOS 10 earlier today, some users are reporting ?bricked? devices after attempting to update to the new operating system. Most of the issues seem to come from over-the-air (OTA) updates, meaning a device that attempts to download and install the update without plugging it in ? something Apple used to require. The issues seem fairly widespread. The OTA update begins and leaves users staring at a ?Connect to iTunes? screen that forces a complete firmware re-install. If you forego the wiping and re-installation of iOS from your iPhone or iPad, you?re left with a bricked and completely useless device. < - > http://thenextweb.com/apple/2016/09/13/warning-ios-10-is-reportedly-screwing-up-peoples-phones/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Sep 15 14:15:25 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Sep 2016 19:15:25 -0000 Subject: [Infowarrior] - FBI Agents Can Pose as Journalists, Inspector General Says Message-ID: <35EF401D-DDB3-4AC9-AE45-80FEB18FA4AE@infowarrior.org> FBI Agents Can Pose as Journalists, Inspector General Says Alan Neuhauser Staff Writer http://www.usnews.com/news/articles/2016-09-15/fbi-agents-can-pose-as-journalists-inspector-general-says FBI agents may impersonate journalists while conducting undercover investigations, and an agent who posed as an editor with the Associated Press during a 2007 investigation did not violate agency policies, the Department of Justice Office of the Inspector General found in a report released Thursday. The conclusion sparked consternation across social media by journalists, civil rights groups and some legal experts, who have argued that the practice ? by its very existence ? threatens to heighten public mistrust of reporters, damage journalists' credibility and have a chilling effect on sources and whistleblowers who may fear that their contacts in the media are actually undercover agents. "The Associated Press is deeply disappointed by the Inspector General?s findings, which effectively condone the FBI?s impersonation of an AP journalist in 2007," Associated Press Vice President Paul Colford said in a statement. "Such action compromises the ability of a free press to gather the news safely and effectively and raises serious constitutional concerns." The inspector general's report acknowledged that the practice calls for "a higher level of approval" by FBI supervisors than was in place in 2007. Policies on impersonating journalists at the time were "less than clear," it found. However, a new interim policy adopted this June ? one that permits agents to pose as journalists so long as they get approval from two high-ranking officials and an undercover review committee at headquarters ? meets that requirement. "We believe the new interim policy on undercover activities that involve FBI employees posing as members of the news media is a significant improvement to FBI policies that existed," the inspector general wrote in the 26-page report. The Associated Press and the American Civil Liberties Union, however, maintain the new measures are insufficient. "The FBI guidelines adopted in 2016 in response to this incident still permit the FBI to impersonate news organizations and other third parties without their consent in certain cases, and fail to address the host of other dangers associated with FBI hacking," ACLU legislative counsel Neema Singh Guliani sad in a statement. The review stemmed from a June 2007 investigation into a series of bomb threats sent by email to Timberline High School outside Seattle. The emails sparked repeated evacuations over the course of a week. The culprit, later found to be a 15-year-old student, masked his location by using proxy servers, and local law enforcement ultimately appealed to the FBI for help. An agent with the FBI's cybercrime task force, posing as an editor for the Associated Press, contacted the suspect by email, eventually sending the teen fake news articles and photographs that hid a trace program: As soon as the boy clicked one of the photos, his location was revealed to agents. He confessed shortly after his arrest, and he pleaded guilty July 18. It wasn't until seven years later that the FBI's methods were revealed: Christopher Soghoian, an activist and principal technologist at the ACLU, and previously a technologist at the Federal Trade Commission, tweeted a link in October 2014 to internal documents posted to the website of the Electronic Frontier Foundation, which had been obtained through a Freedom of Information Act request in 2011. Buried on pages 61 and 62 were apparent copies of fake Seattle Times news stories the agents were then planning to email. The Seattle Times broke the story that day. It soon spread nationwide. The Associated Press sent a letter to then-Attorney General Eric Holder, protesting the method. Other newspapers also expressed concern, joined by groups like the Committee to Protect Journalists and the ACLU. FBI Director James Comey has previously called the practice "lawful and, in a rare case, appropriate:" "That technique was proper and appropriate under Justice Department and FBI guidelines at the time," he wrote in a New York Times op-ed in November 2014. "Every undercover operation involves 'deception,' which has long been a critical tool in fighting crime. The FBI?s use of such techniques is subject to close oversight, both internally and by the courts that review our work." Updated on Sept. 15, 2016: This story has been updated to include comments from the Associated Press and ACLU. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Sep 16 10:52:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Sep 2016 15:52:11 -0000 Subject: [Infowarrior] - AP, other media sue FBI for details on iPhone hacking tool Message-ID: <25E00B55-2C4E-40B8-9392-607A4D9A4935@infowarrior.org> AP, other media sue FBI for details on iPhone hacking tool https://apnews.com/ac3d757a04eb49d7ad7c88e7d1a6a7ce/AP,-other-media-sue-FBI-for-details-on-iPhone-hacking-tool WASHINGTON (AP) ? The Associated Press and two other news organizations sued the FBI on Friday to learn who the government paid and how much it spent to hack into an iPhone in its investigation into last year's San Bernardino, California, massacre. The lawsuit seeks records about the FBI's contract with an unidentified vendor who provided a tool to unlock the phone belonging to Syed Rizwan Farook, who with his wife killed 14 people at a holiday gathering of county workers in December 2015. Gannett Co., which owns USA Today, and Vice Media LLC joined the complaint with the AP, seeking to learn more about the mysterious transaction that cut short a legal dispute in which the government sought to force Apple Inc. to unlock the phone. "Understanding the amount that the FBI deemed appropriate to spend on the tool, as well as the identity and reputation of the vendor it did business with, is essential for the public to provide effective oversight of government functions and help guard against potential improprieties," said the suit, filed in U.S. District Court for the District of Columbia under the U.S. Freedom of Information Act. In rejecting earlier requests to divulge the information, the government said revealing the records could affect "enforcement proceedings," but did not elaborate. The case stems from the FBI's announcement in March that it had purchased a tool to unlock the iPhone, aborting the court fight with Apple that had in turn triggered a debate about the proper balance between electronic privacy and national security. The FBI for weeks had maintained that only Apple could help it unlock the phone. At the Justice Department's request, a magistrate judge in February directed Apple to create software that would bypass security features on the phone so that the FBI could get into the device and scour it for potential evidence. Apple contested the order, saying the FBI's demand set a dangerous precedent and could undercut security protections for its customers. The two sides were headed for a court showdown when Justice Department officials revealed that a party outside the U.S. government brought it a potential solution to unlock the phone. The FBI said a week later it successfully unlocked the phone using the tool. The suit cites media reports as saying investigators did not find any links to foreign extremist groups. The FBI would not say how much the solution cost or reveal how it worked. It also refused to share the information with Apple, which had expressed concern that circumventing its security protections could compromise its products. The suit by the media organizations argues that there was no legal basis to withhold the information and challenges the adequacy of the FBI's search for relevant records. It also said the public has a right to know whether the vendor has adequate security measures, is a proper recipient of government funds and will act only in the public interest. It was the third suit the AP has filed against the Obama administration under the Freedom of Information Act. -- It's better to burn out than fade away.