From rforno at infowarrior.org Fri Dec 15 23:13:16 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Dec 2017 05:13:16 -0000 Subject: [Infowarrior] - CDC gets list of forbidden words: fetus, transgender, diversity Message-ID: CDC gets list of forbidden words: fetus, transgender, diversity By Lena H. Sun and Juliet Eilperin December 15 at 6:53 PM The Trump administration is prohibiting officials at the nation?s top public health agency from using a list of seven words or phrases ? including ?fetus? and ?transgender? ? in any official documents being prepared for next year?s budget. Policy analysts at the Centers for Disease Control and Prevention in Atlanta were told of the list of forbidden words at a meeting Thursday with senior CDC officials who oversee the budget, according to an analyst who took part in the 90-minute briefing. The forbidden words are ?vulnerable,? ?entitlement,? ?diversity,? ?transgender,? ?fetus,? ?evidence-based? and ?science-based.? In some instances, the analysts were given alternative phrases. Instead of ?science-based? or ?evidence-based,? the suggested phrase is ?CDC bases its recommendations on science in consideration with community standards and wishes,? the person said. In other cases, no replacement words were immediately offered. The question of how to address such issues as sexual orientation, gender identity and abortion rights ? all of which received significant visibility under the Obama administration ? has surfaced repeatedly in federal agencies since President Trump took office. Several key departments ? including Health and Human Services, which oversees the CDC, as well as Justice, Education, and Housing and Urban Development ? have changed some federal policies and how they collect government information about lesbian, gay, bisexual and transgender Americans. < - > https://www.washingtonpost.com/national/health-science/cdc-gets-list-of-forbidden-words-fetus-transgender-diversity/2017/12/15/f503837a-e1cf-11e7-89e8-edec16379010_story.html?tid=ss_tw From rforno at infowarrior.org Fri Dec 15 23:24:05 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Dec 2017 05:24:05 -0000 Subject: [Infowarrior] - =?utf-8?q?Mozilla_Slipped_a_=E2=80=98Mr=2E_Robot?= =?utf-8?q?=E2=80=99-Promo_Plugin_into_Firefox_and_Users_Are_Pissed?= Message-ID: <123D12E9-1A84-4ACF-9D41-E9A64EE3F430@infowarrior.org> Mozilla Slipped a ?Mr. Robot?-Promo Plugin into Firefox and Users Are Pissed Kate Conger https://gizmodo.com/mozilla-slipped-a-mr-robot-promo-plugin-into-firefox-1821332254 Mozilla sneaked a browser plugin that promotes Mr. Robot into Firefox?and managed to piss off a bunch of its privacy-conscious users in the process. The extension, called Looking Glass, is intended to promote an augmented reality game to ?further your immersion into the Mr. Robot universe,? according to Mozilla. It was automatically added to Firefox users? browsers this week with no explanation except the cryptic message, ?MY REALITY IS JUST DIFFERENT THAN YOURS,? prompting users to worry on Reddit that they?d been hit with spyware. ?I have no idea what it is or where it came from. I freaked out a bit and uninstalled it immediately,? one user wrote on Reddit. Without an explanation included with the extension, users were left digging around in the code for Looking Glass to find answers. Looking Glass was updated for some users today with a description that explains the connection to Mr. Robot and lets users know that the extension won?t activate without explicit opt-in. ?Mozilla folks, what you did with this addon this was stupid and moronic. Most users are not programmers; most people don?t watch Mr. Robot; and most people are not going to waste a bunch of time tracking down stupid crap like this,? another user wrote on Reddit. Mozilla?s updated description of the plug-in. Mozilla justified its decision to include the extension because Mr. Robot promotes user privacy. ?The Mr. Robot series centers around the theme of online privacy and security,? the company said in an explanation of the mysterious extension. ?One of the 10 guiding principles of Mozilla?s mission is that individuals? security and privacy on the internet are fundamental and must not be treated as optional. The more people know about what information they are sharing online, the more they can protect their privacy.? It is currently unclear what user-privacy considerations Mozilla management made before deciding to auto-install the Mr. Robot plugin into Firefox. A representative told Gizmodo the company is looking into the issue. Even some of Mozilla?s own employees aren?t happy about the extension. Steve Klabnik, a software developer at Mozilla, said that employees had been told that Firefox would do a promotion with Mr. Robot, but weren?t clued in to the details. ?How can we claim to be pro-privacy while surreptitiously installing software on people?s computers?? he tweeted. ?More importantly, how did management not see this as a problem?? If you don?t want some random Mr. Robot-themed game installed in your browser, you can remove it by going to your Firefox menu, clicking Add Ons, going to the extensions tab, and removing Looking Glass. And if you do want a Mr. Robot game in your browser... congrats. It?s already there. Update, 4:15 p.m.: ?Firefox worked with the Mr. Robot team to create a custom experience that would surprise and delight fans of the show and our users. It?s especially important to call out that this collaboration does not compromise our principles or values regarding privacy. The experience does not collect or share any data,? Jascha Kaykas-Wolff, chief marketing officer of Mozilla, said in a statement to Gizmodo. ?The experience was kept under wraps to be introduced at the conclusion of the season of Mr. Robot. We gave Mr. Robot fans a unique mystery to solve to deepen their connection and engagement with the show and is only available in Firefox.? From rforno at infowarrior.org Sat Dec 16 17:22:13 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Dec 2017 23:22:13 -0000 Subject: [Infowarrior] - Pentagon Reaffirms Policy on Scientific Integrity Message-ID: <4BB19BBC-7579-4863-B56B-C5CE9854E967@infowarrior.org> Pentagon Reaffirms Policy on Scientific Integrity https://fas.org/blogs/secrecy/2017/12/dod-integrity/ ?It is DoD policy to support a culture of scientific and engineering integrity,? according to a Department of Defense directive that was reissued last week. This is in large part a matter of self-interest, since the Department depends upon the availability of competent and credible scientists and engineers. ?Science and engineering play a vital role in the DoD?s mission, providing one of several critical inputs to policy and systems acquisition decision making. The DoD recognizes the importance of scientific and engineering information, and science and engineering as methods for maintaining and enhancing its effectiveness and its credibility with the public. The DoD is dedicated to preserving the integrity of the scientific and engineering activities it conducts.? Several practical consequences flow from this policy that are spelled out in the directive, including: ?Permitting publication of fundamental research results ?Making scientific and engineering information available on the Internet ?Making articulate and knowledgeable spokespersons available to the media upon request for interviews on science and engineering The policy further states that: ?Federal scientists and engineers may speak to the media and to the public about scientific and technical matters based on their official work with appropriate coordination with the scientists? or engineers? organizations. ?DoD approval to speak to the media or the public shall not be unreasonably delayed or withheld. ?In no circumstance may DoD personnel ask or direct scientists or engineers to alter or suppress their professional findings, although they may suggest that factual errors be corrected. The reaffirmation of such principles, which were originally adopted in 2012, does not guarantee their consistent application in practice. But it does provide a point of reference and a foothold for defending scientific integrity in the Department. See Scientific and Engineering Integrity, DoD Instruction 3200.20, July 26, 2012, Incorporating Change 1, December 5, 2017. From rforno at infowarrior.org Sat Dec 16 18:04:37 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Dec 2017 00:04:37 -0000 Subject: [Infowarrior] - Mozilla backpedals after Mr. Robot-Firefox misstep Message-ID: Mozilla backpedals after Mr. Robot-Firefox misstep The privacy-promoting nonprofit says mea culpa after distributing an extension to its Firefox browser that made people worry they'd been hacked. by Stephen Shankland December 16, 2017 1:33 PM PST https://www.cnet.com/news/mozilla-backpedals-after-mr-robot-firefox-misstep/ From rforno at infowarrior.org Tue Dec 19 09:47:03 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Dec 2017 15:47:03 -0000 Subject: [Infowarrior] - Unravelling Konami's Arcade DRM Message-ID: Unravelling Konami's Arcade DRM http://mon.im/2017/12/konami-arcade-drm.html From rforno at infowarrior.org Tue Dec 19 13:29:03 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Dec 2017 19:29:03 -0000 Subject: [Infowarrior] - A Federal Ban on Making Lethal Viruses Is Lifted Message-ID: A Federal Ban on Making Lethal Viruses Is Lifted The N.I.H. will create expert panels to assess controversial research into creating pathogens that easily infect humans. By DONALD G. McNEIL Jr.DEC. 19, 2017 https://www.nytimes.com/2017/12/19/health/lethal-viruses-nih.html?_r=0 Federal officials on Tuesday ended a moratorium imposed three years ago on funding research that alters germs to make them more lethal. Such work can now proceed, said Dr. Francis S. Collins, the head of the National Institutes of Health, but only if a scientific panel decides that the benefits justify the risks. Some scientists are eager to pursue these studies because they may show, for example, how a bird flu could mutate to more easily infect humans, or could yield clues to making a better vaccine. Critics say these researchers risk creating a monster germ that could escape the lab and seed a pandemic. Now, a government panel will require that researchers show that their studies in this area are scientifically sound and that they will be done in a high-security lab. The pathogen to be modified must pose a serious health threat, and the work must produce knowledge ? such as a vaccine ? that would benefit humans. Finally, there must be no safer way to do the research. ?We see this as a rigorous policy,? Dr. Collins said. ?We want to be sure we?re doing this right.? In October 2014, all federal funding was halted on efforts to make three viruses more dangerous: the flu virus, and those causing Middle East respiratory syndrome (MERS) and severe acute respiratory syndrome (SARS). But the new regulations apply to any pathogen that could potentially cause a pandemic. For example, they would apply to a request to create an Ebola virus transmissible through the air, said Dr. Collins. There has been a long, fierce debate about projects ? known as ?gain of function? research ? intended to make pathogens more deadly or more transmissible. In 2011, an outcry arose when laboratories in Wisconsin and the Netherlands revealed that they were trying to mutate the lethal H5N1 bird flu in ways that would let it jump easily between ferrets, which are used to model human flu susceptibility. Tensions rose in 2014 after the Centers for Disease Control and Prevention accidentally exposed lab workers to anthrax and shipped a deadly flu virus to a laboratory that had asked for a benign strain. That year, the N.I.H. also found vials of smallpox in a freezer that had been forgotten for 50 years. When the moratorium was imposed, it effectively halted 21 projects, Dr. Collins said. In the three years since, the N.I.H. created exceptions that funded ten of those projects. Five were flu-related, and five concerned the MERS virus. That virus is a coronavirus carried by camels that has infected about 2,100 people since it was discovered in 2012, and has killed about a third of them, according to the World Health Organization. Critics of such research had mixed reactions. ?There?s less than meets the eye,? said Richard H. Ebright, a molecular biologist and bioweapons expert at Rutgers University. Although he applauded the requirement for review panels, he said he would prefer independent panels to government ones. He also wanted the rules to cover all such research rather than just government-funded work, as well as clearer minimum safety standards and a mandate that the benefits ?outweigh? the risks instead of merely ?justifying? them. Marc Lipsitch, an epidemiologist who directs the Center for Communicable Disease Dynamics at the Harvard School of Public Health, called review panels ?a small step forward.? Recent disease-enhancing experiments, he said, ?have given us some modest scientific knowledge and done almost nothing to improve our preparedness for pandemics, and yet risked creating an accidental pandemic.? Therefore, he said, he hoped the panels would turn down such work. Michael T. Osterholm, director of the Center for Infectious Disease Research and Policy at the University of Minnesota, said he believed some laboratories could do such work safely, but wanted restrictions on what they could publish. ?If someone finds a way to make the Ebola virus more dangerous, I don?t believe that should be available to anybody off the street who could use it for nefarious purposes,? he said. ?Physicists long ago learned to distinguish between what can be publicly available and what?s classified,? he added, referring to nuclear weapons research. ?We want to keep some of this stuff on a need-to-know basis.? From rforno at infowarrior.org Thu Dec 21 09:40:32 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2017 15:40:32 -0000 Subject: [Infowarrior] - =?utf-8?q?Ice_tea_company_rebrands_as_=E2=80=9CLo?= =?utf-8?q?ng_Blockchain=E2=80=9D_and_stock_price_triples?= Message-ID: <3D2145BE-02D0-4F04-B78A-A9AC087ED736@infowarrior.org> Ice tea company rebrands as ?Long Blockchain? and stock price triples "Blockchain technologies are creating a fundamental paradigm shift," company says. Timothy B. Lee - 12/21/2017, 9:54 AM https://arstechnica.com/tech-policy/2017/12/iced-tea-company-stock-triples-after-adding-blockchain-to-name/ The Long Island Ice Tea Corporation is exactly what it sounds like: a company that sells people bottled iced tea and lemonade. But today the company announced a significant change of strategy that would start with changing its name to "Long Blockchain Corporation." The company was "shifting its primary corporate focus towards the exploration of and investment in opportunities that leverage the benefits of blockchain technology," the company said in a Thursday morning press release. "Emerging blockchain technologies are creating a fundamental paradigm shift across the global marketplace," the company said. The stock market loved the announcement. Trading opened Thursday morning more than 200 percent higher than Wednesday night's closing price. The company isn't getting out of the iced tea business. "The Company will continue to operate Long Island Brand Beverages, LLC as a wholly-owned subsidiary," the company writes in its press release. The new blockchain efforts are only in their "preliminary stages," the press release says, and will likely involve investing or forming partnerships with other companies. One potential partner is providing "blockchain infrastructure for the financial services industry." Another is building a "new smart contract platform for building decentralized applications." The former Long Island Ice Tea Company is following the lead of other companies that have seen their value skyrocket after announcing blockchain-related moves. One small financial technology company saw its value skyrocket after it announced a blockchain-related acquisition. In October, a biotech company saw its value skyrocket after it renamed itself "Riot Blockchain." The move is reminiscent of the late 1990s, when companies could see their stock prices soar if they added ".com" to their names. From rforno at infowarrior.org Thu Dec 21 11:50:04 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2017 17:50:04 -0000 Subject: [Infowarrior] - Happy Holidays, list! Message-ID: <6EF4DCA1-939A-4A06-8A7F-FBE4A9EC04A3@infowarrior.org> Sending my traditional holiday greeting to the list.... --rick The video is worth watching, for full effect: https://www.youtube.com/watch?v=xW7EL3_xL9s Bernard: Before you go home for the holidays, Minister, Sir Humphrey has something to say to you. Sir Humphrey: Minister, Just one thing. I wonder if I might crave your momentary indulgence in order to discharge a, by-no-means disagreeable obligation, which is over the years become more-or-less, an established practice within government circles, as we approach the terminal period of the year, calendar of-course not financial. In fact not to put a too fine a point on it, week 51, and submit to you, with all appropriate deference for your consideration at a convenient juncture, a sincere and sanguine expectation and indeed confidence. Indeed one might go so far to say, hope, that the aforementioned period may be, at the end of the day, when all relevant factors have been taken into consideration, susceptible of being deemed to be such as, to merit the final verdict of having been, by-no-means unsatisfactory in it?s overall outcome and in the final analysis to give grounds for being judged, on mature reflection to have been conducive to generating a degree of gratification, which will be seen in retrospect to have been significantly higher than the general average. [ crosstalk ] Jim Hacker: Humphrey, are you saying Happy Christmas? Sir Humphrey [shocked]: Yes Minister! (Ganked from one of my favorite sitcom series of the 1980s that ran on BBC --- "Yes (Prime) Minister.") From rforno at infowarrior.org Fri Dec 22 18:27:27 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Dec 2017 00:27:27 -0000 Subject: [Infowarrior] - Bruce McCandless, first to fly untethered in space, dies at 80 Message-ID: NASA astronaut Bruce McCandless, first to fly untethered in space, dies at 80 by Associated Press https://www.nbcnews.com/news/us-news/nasa-astronaut-bruce-mccandless-first-fly-untethered-space-dies-80-n832236 HOUSTON ? NASA astronaut Bruce McCandless, the first person to fly freely and untethered in space, has died. He was 80. McCandless died Thursday in California, NASA's Johnson Space Center announced Friday. No cause of death was given. He was famously photographed in 1984 flying with a hefty spacewalker's jetpack, alone in the cosmic blackness above a blue Earth. He traveled more than 300 feet away from the space shuttle Challenger during the spacewalk. McCandless said he wasn't nervous about the historic spacewalk. "I was grossly over-trained. I was just anxious to get out there and fly. I felt very comfortable ... It got so cold my teeth were chattering and I was shivering, but that was a very minor thing," he told the Daily Camera in Boulder, Colorado, in 2006. McCandless helped develop the jetpack and was later part of the shuttle crew that delivered the Hubble Space Telescope to orbit. McCandless also served as the Mission Control capsule communicator in Houston as Neil Armstrong and Buzz Aldrin walked on the moon in 1969. Born in Boston, McCandless graduated from Woodrow Wilson Senior High School in Long Beach, California. He graduated from the Naval Academy, earned a master's degree in electrical engineering from Stanford University and a master's degree in business administration from the University of Houston at Clear Lake in 1987. He was a naval aviator who participated in the Cuban blockade in the 1962 missile crisis. McCandless was selected for astronaut training during the Gemini program, and he was a backup pilot for the first manned Skylab mission in 1973. Survivors include his wife, Ellen Shields McCandless of Conifer, Colorado, two children and two grandchildren. Sen. John McCain, R-Ariz., said he was "deeply saddened" by McCandless's death, and he recalled attending the United States Naval Academy together as both were members of the Class of 1958. ?As an undistinguished graduate of that class, I always looked up to Bruce," McCain said, "not only for his incredible intellect, but also for his character and integrity, which embodied the highest values of the United States Navy." From rforno at infowarrior.org Tue Dec 26 07:15:01 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Dec 2017 13:15:01 -0000 Subject: [Infowarrior] - The Virtual Dementia Tour Message-ID: <9D262B4B-0D9E-4F0D-AE32-00E2450AC6BD@infowarrior.org> This is a great idea for caregivers and families. Even though I'm no longer caring for a dementia patient, I would give this a try sometime simply for my own edification. --rick Loud banging, foot pain, and flashes of light - my eight minutes as a dementia patient https://www.washingtonpost.com/local/social-issues/loud-banging-foot-pain-and-flashes-of-light-my-eight-minutes-as-a-dementia-patient/2017/12/25/955774da-e685-11e7-ab50-621fe0588340_story.html From rforno at infowarrior.org Tue Dec 26 07:35:55 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Dec 2017 13:35:55 -0000 Subject: [Infowarrior] - NYU grad student maps POTUS' media ragetweets Message-ID: Trump Twitter spreadsheet tracks ?a perpetual campaign against the press? By Jonathan Peters, CJR December 21, 2017 SINCE DECLARING HIS PRESIDENTIAL CANDIDACY in 2015, Donald Trump has posted nearly 1,000 tweets critical of the press. To be precise, as of this writing, it?s 990 tweets since June 16, 2015. For perspective, if you?re feeling lighthearted: That?s more than the number of goals Wayne Gretzky scored in his NHL career, more than the number of airports in Japan and China combined, and more than the number of Pok?mon across all generations of the franchise. Trump?s prolificacy on Twitter is well documented, and some of his press-related tweets have captured vast public attention. For example, Trump tweeted in July a doctored video in which he wrestled a man whose head had been replaced by the CNN logo. It got hundreds of thousands of retweets. Off Twitter, of course, Trump has waged a rhetorical war on the press, threatening to sue various newspapers and calling journalists ?the most dishonest human beings on Earth,? all while characterizing as ?fake news? any story he dislikes. That?s what prompted an NYU master?s student to start tracking Trump?s tweets critical of the press. ?I took it on as a labor of love and hate, and I suffered through his tweets every few days to log them,? says Stephanie Sugars, who is pursuing a joint MA in journalism and international relations. ?It seemed important to maintain a record of what has appeared to be a deliberate and sustained campaign to discredit the media as an institution.? Sugars was working as a researcher at the Committee to Protect Journalists last spring when she created the Trump-tweet spreadsheet that she recently shared with me. She was helping to launch a website that documents press freedom incidents in the US. (CJR is a partner.) Originally, she and others at CPJ thought it would include not only arrests and equipment seizures but also anti-press social media posts. < - > https://www.cjr.org/united_states_project/trump-twitter-spreadsheet-press-attacks.php From rforno at infowarrior.org Wed Dec 27 06:13:28 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Dec 2017 12:13:28 -0000 Subject: [Infowarrior] - Facebook Transparency Report: Lots Of Government Surveillance, Bad Copyright Takedown Requests Message-ID: Facebook Transparency Report: Lots Of Government Surveillance, Bad Copyright Takedown Requests Facebook, which was a bit late to the party, recently released its latest transparency report. In a break from earlier versions of the report, the social media giant has finally moved beyond only detailing requests for information by the government and its alphabet agencies and is now including intellectual property requests and statistics as well. There is a decent amount of information in both sections of the report, but on matters of both intellectual property requests and government information requests, an analysis of the numbers leads to some troubling conclusions. Let's deal with the IP section first. The headline of much of the media reporting on this has been about the 377,000 or so requests Facebook got to take down content based on IP issues, with well over half of those specifically being about copyright. It's not a small number and some are using it to make the case that Facebook is Mos Eisley when it comes to copyright infringement: a hive of scum and villainy. Tragically for those arguments, the validity of those requests makes this all seem far less impactful. < - > https://www.techdirt.com/articles/20171219/04001838839/facebook-transparency-report-lots-government-surveillance-bad-copyright-takedown-requests.shtml From rforno at infowarrior.org Wed Dec 27 06:13:34 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Dec 2017 12:13:34 -0000 Subject: [Infowarrior] - Fwd: Kremlin trolls burned across the Internet as Washington debated options References: Message-ID: <50C7DC2B-825C-434B-AE91-0B1385B8D8C4@infowarrior.org> > Begin forwarded message: > > From: Monty Solomon > Subject: Kremlin trolls burned across the Internet as Washington debated options > Date: December 26, 2017 at 9:19:49 AM EST > > > Kremlin trolls burned across the Internet as Washington debated options > > The Russian disinformation threat went uncontested as it metastasized. > > https://www.washingtonpost.com/world/national-security/kremlin-trolls-burned-across-the-internet-as-washington-debated-options/2017/12/23/e7b9dc92-e403-11e7-ab50-621fe0588340_story.html > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Wed Dec 27 06:18:24 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Dec 2017 12:18:24 -0000 Subject: [Infowarrior] - Library of Congress will no longer archive all public tweets, citing longer character limits Message-ID: <861EAD54-D53B-414C-BD56-A6F6A6E5AA1B@infowarrior.org> My two initial snarky responses: a) no worries, NSA has them already plus the private ones, and b) maybe the LoC is indirectly acknowledging the dumpster fire that Twitter 'content' has become these days. --rick Library of Congress will no longer archive all public tweets, citing longer character limits Posted 4 hours ago by Catherine Shu (@catherineshu) https://techcrunch.com/2017/12/26/library-of-congress-will-no-longer-archive-all-public-tweets-citing-longer-character-limits/?ncid=rss The Library of Congress announced today that it will no longer add every public tweet to its archives, an ambitious project it launched seven years ago. It cited the much larger volume of tweets generated now, as well as Twitter?s decision to double the character limit from 140 to 280. Instead, starting on Jan. 1, the Library will be more selective about what tweets to preserve, a decision it explained in a white paper. ?Generally, the tweets collected and archived will be thematic and event-based, including events such as elections, and themes of ongoing national interest, e.g. public policy,? the Library wrote. (In other words, all of President Donald Trump?s tweets will most likely be preserved, but probably not your breakfast pics). In 2010, the Library began saving all public tweets ?for the same reason it collects other materials?to acquire and preserve a record of knowledge and creativity for Congress and the American people,? its announcement said. This included the backlog of all public tweets since Twitter launched in 2006, which the company donated. The volume and longer length of tweets now means collecting every single public one is no longer practical. Furthermore, the Library only archives text and the fact that many tweets now contain images, videos or links means a text-only collection is no longer as valuable. ?The Library generally does not collect comprehensively,? it explained. ?Given the unknown direction of social media when the gift was first planned, the Library made an exception for public tweets. With social media now established, the Library is bringing its collecting practice more in line with its collection policies.? Other projects the Library has embarked on in order to ensure that the experiences and memories of ordinary people are part of the historical record include the American Folklife Center, which runs the Veterans History Project and collects dialect recordings, among other initiatives. From rforno at infowarrior.org Sun Dec 31 08:26:50 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Dec 2017 14:26:50 -0000 Subject: [Infowarrior] - Fwd: Exfiltration of personal data by session-replay scripts References: Message-ID: <4773AE2D-0CF2-4B83-B72B-CC4022CE12B2@infowarrior.org> > Begin forwarded message: > > From: Monty Solomon > Subject: Exfiltration of personal data by session-replay scripts > Date: December 31, 2017 at 7:32:34 AM EST > > Exfiltration of personal data by session-replay scripts > https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Sun Dec 31 08:27:21 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Dec 2017 14:27:21 -0000 Subject: [Infowarrior] - Fwd: Web trackers exploit browser login managers References: <930DE095-7043-4428-8888-49483C8E91CC@roscom.com> Message-ID: > Begin forwarded message: > > From: Monty Solomon > Subject: Web trackers exploit browser login managers > Date: December 31, 2017 at 7:32:49 AM EST > > No boundaries for user identities: Web trackers exploit browser login managers > https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ > > Ad targeters are pulling data from your browser?s password manager > https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Sun Dec 31 08:27:34 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Dec 2017 14:27:34 -0000 Subject: [Infowarrior] - USG's embattled email surveillance program proves resilient Message-ID: <36369A51-CE31-4F5C-BC48-1F60EC77533E@infowarrior.org> U.S. government's embattled email surveillance program proves resilient http://www.latimes.com/politics/la-na-pol-government-surveillance-emails-20171213-story.html Evan Halper Ever since Edward Snowden revealed the extent to which the U.S. government searches and reads the email of millions of people ? and the complicity of telecom and tech companies in the effort ? demands that the massive surveillance program be reined in have been intense across party lines. Yet with the imminent expiration of the legal authority that allows law enforcement to monitor the email of foreigners and many Americans, lawmakers are no closer to overhauling the surveillance process than they were when Snowden, the now-fugitive former National Security Agency contractor, sought asylum in Russia four years ago. Congress is paralyzed on the contentious national security challenge. Lawmakers appear most likely to throw their hands up and leave in place, for now, the machinery of online surveillance by extending the Dec. 31 expiration date of the existing authority, potentially for years. Lawmakers have burned endless hours trying to find a fix aimed at easing public concerns that the program has grown evermore Orwellian. The tech industry worries that American government snooping will motivate clients to move their business abroad. Yet they can?t agree on a solution. Civil libertarians on the right and left who demand searches be limited and accompanied by warrants clash with national security hawks who say any such modifications would endanger Americans. The pressure from law enforcement to keep the program unchanged has been strong. ?We need every tool and every authority we?ve got to keep people safe,? FBI Director Christopher Wray said at a House Judiciary Committee hearing last week. ?I would implore the committee and the Congress not to begin rebuilding the wall that existed prior to 9/11.? The Trump administration has signaled that even if Congress fails to act, an obscure legal ruling could allow it to keep the program in place for at least several months. Those negotiating the issue on Capitol Hill now anticipate Congress will just grant a two-year extension of the status quo. It would be tacked on to the budget bill Congress must pass this month to keep government open. Lawmakers would have little choice but to approve it. A broad coalition of civil rights, internet freedom and free market advocacy groups is warning lawmakers that punting will have consequences. ?This is an issue that concerns people across party lines, and they want Congress to have this debate,? said Neema Singh Guliani, legislative counsel for the ACLU. ?They don?t want something snuck through at the last minute without vetting.? Even as action to change the program is stalling in Congress, hand-wringing over it isn?t. Sen. Dianne Feinstein (D-Calif.), whose steadfast advocacy for the surveillance program had long put her at odds with Democratic activists back home, is among those shifting course. As a high-ranking member of the Intelligence Committee, the issue is prominent on Feinstein?s plate as she faces a primary battle. She is now calling for warrants to be required before law enforcement can access the emails found through one of the most controversial and legally precarious types of searches, in which the NSA scrapes databases for messages of Americans who may have had incidental contact with ? or merely mentioned ? foreigners on watch lists. Some experts read the legal authority to search and read emails of Americans, known as Section 702, to go even further. For example, if an American participates in or promotes an event abroad as benign as a climate change protest or an academic conference on international affairs, they could get swept into the surveillance, according to the interpretations. The government doesn?t always limit its probes to issues of national security. The FBI might use ?backdoor searches? in pursuit of a tax-evasion case, for example. The information may not be usable as evidence in a criminal complaint, but it can be used to help the FBI find other information that is. ?This improperly obtained information has been used in court against Americans charged with crimes that have nothing to do with national security,? said Rep. Jackie Speier (D-Hillsborough) at a congressional hearing last week. The FBI won?t say how often that happens, only that it is infrequent. It told the federal Privacy and Civil Liberties Oversight Board in 2014 that it is ?extremely unlikely? that an agent pursuing a case unrelated to national security would find their target?s email in the Section 702 database. The assurance did not impress privacy advocates, who note that law enforcement searches of the 702 databases targeted at Americans have surged. The Office of the Director of National Intelligence revealed in April that more than 30,000 such searches were conducted last year. ?This is not just an abstract legal concern,? said a recent letter to Congress from the advocacy groups coalition, which warned the intelligence report revealed a ?strikingly high number? of searches of Americans. The groups recently found themselves in an unexpected place: praising their longtime nemesis Feinstein, after she joined the push for warrant requirements in a closed session of the Senate Intelligence Committee. Feinstein argued that ?Americans have a reasonable expectation of privacy in their communications? and that the 4th Amendment requires the government to show probable cause before reading private email messages, according to a committee report made public. But most of the committee was not persuaded, and Feinstein ultimately joined her colleagues in voting to advance a plan that reauthorizes the surveillance authority without the new warrant requirement. Other Democrats, including California Sen. Kamala Harris, voted against the bill. The political odd couple of Sens. Ron Wyden, an Oregon Democrat, and Rand Paul, a Kentucky Republican, have found common ground in their distaste for warrantless searches. In the House, tea party activists have joined liberals in crusading to limit the opaque online intelligence gathering. The full House has twice voted in recent years to restrict the type of data collection that concerns Feinstein. The House Judiciary Committee included such a restriction in the reauthorization measure it recently advanced. But the House Intelligence Committee left it out. There are so many competing visions for how to reshape the program that none of them right now appear to have enough support to reach the desk of President Trump, who has signaled little interest in restricting the monitoring. Trump?s own disputes with intelligence agencies have further complicated the debate. Politically compromising and possibly illegal communications between Trump associates and Russian nationals intercepted by intelligence officials before Trump took office have moved the president?s allies to demand their own tweaks to Section 702. They would prohibit intelligence agencies from revealing to other government officials ? or ?unmasking? ? the identities of Americans whose communications with foreigners are monitored through the surveillance program. After the provision was tucked into what had been a bipartisan House Intelligence Committee plan to make some reforms to Section 702, Democrats abandoned the bill. The ranking Democrat on the committee, Rep. Adam Schiff of Burbank, lamented that the provision has imperiled the measure, as Republicans don?t have enough support to pass it through the House on their own. But they may ultimately have saved Schiff a lot of grief. The bill he was poised to vote for is not popular among activists influential in his district. They complain it does not go far enough in restricting warrantless surveillance. Schiff is unmoved. ?If we put a warrant requirement on the front end for everything, there are a number of circumstances where we would want law enforcement and intelligence agencies to do searches, but they would lack probable cause,? Schiff said. ?Some groups will not be satisfied with anything short of a blanket warrant requirement. I fear that could lead to a reluctance to conduct searches in national security cases, and a stove-piping of information.? From rforno at infowarrior.org Sun Dec 31 08:31:00 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Dec 2017 14:31:00 -0000 Subject: [Infowarrior] - UK gov threatens to tax tech giants over extremism Message-ID: <1614318F-B412-4D49-AFFC-8C8FEE270FDE@infowarrior.org> thenational.ae UK government threatens to tax tech giants over extremism Claire Corkery https://www.thenational.ae/world/europe/uk-government-threatens-to-tax-tech-giants-over-extremism-1.691784 Britain?s security minister has threatened technology firms such as Facebook, YouTube and Google with punitive taxation if they fail to cooperate with the government on fighting online extremism. Ben Wallace said that Britain was spending hundreds of millions on human surveillance and de-radicalisation programmes because tech giants were failing to remove extremist content online quick enough. Mr Wallace said the companies were ?ruthless profiteers?, despite sitting ?on beanbags in T-shirts?, who sold on details of its users to loan companies but would fail to give the same information to the government. He said that enforcing tax measures should be looked at as an option to punish firms that do not work hard enough to remove radical content, such as Facebook-owned messaging service WhatsApp. ?Because of encryption and because of radicalisation, the cost of that is heaped on law enforcement agencies,? Mr Wallace told the Sunday Times. ?I have to have more human surveillance. It?s costing hundreds of millions of pounds. ?If they [tech firms] continue to be less than co-operative, we should look at things like tax as a way of incentivising them or compensating for their inaction. ?Because content is not taken down as quickly as they could do, we?re having to de-radicalise people who have been radicalised. That?s costing millions. They [the firms] can?t get away with that and we should look at all options, including tax.? Facebook's policy director Simon Milner said the security minister was "wrong" to say that the company puts profit before safety. "We?ve invested millions of pounds in people and technology to identify and remove terrorist content. The Home Secretary and her counterparts across Europe have welcomed our coordinated efforts which are having a significant impact," Mr Milner said in a statement. "But this is an ongoing battle and we must continue to fight it together, indeed our CEO recently told our investors that in 2018 we will continue to put the safety of our community before profits.? In response to Mr Wallace's comments, a YouTube spokesperson said: ?Violent extremism is a complex problem and addressing it is a critical challenge for us all. We are committed to being part of the solution and we are doing more every day to tackle these issues. "Over the course of 2017 we have made significant progress through investing in machine learning technology, recruiting more reviewers, building partnerships with experts and collaboration with other companies through the Global Internet Forum." The UK government has repeatedly warned tech companies that more needed to be done to tackle online extremism. Facebook, which owns WhatsApp, and YouTube joined Microsoft and Twitter to form the Global Internet Forum to Counter Terrorism in June. Ritchie B Tongo/ EPA In August, Amber Rudd, the UK?s home secretary visited Silicon Valley to impress on internet companies the need to act more quickly, while prime minister Theresa May said terrorist content should be removed from the web within two hours in a speech in September. Earlier this month, Google-owned YouTube said it would be increasing the number of teams which would identify and remove unsuitable footage from its channels in 2018. YouTube said that nearly 70 per cent of violent extremist content was removed within 8 hours of it being uploaded and the company was working to accelerate that speed. However, research by the UK government suggests that three quarters of ISIL propaganda is viewed within three hours of being uploaded to online platforms, reaching its target audience long before authorities could react. In June, Facebook, YouTube, Microsoft and Twitter formed the Global Internet Forum to Counter Terrorism aimed at cooperating to deal with the spread of online radicalisation. Pressure on tech companies from the UK government has increased in 2017, after five terror attacks in London and Manchester left 36 people dead and hundreds more injured. From rforno at infowarrior.org Fri Dec 1 06:57:50 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Dec 2017 12:57:50 -0000 Subject: [Infowarrior] - Fwd: The Promise and Peril of POTUS' Cyber Strategy References: <1033535604.7003949.1512130437854@mail.yahoo.com> Message-ID: > Begin forwarded message: > > From: Mark > > The Promise and Peril of Trump?s Cyber Strategy > By Joseph Marks > November 30, 2017 > http://www.defenseone.com/technology/2017/11/promise-and-peril-trumps-cyber-strategy/144187/ > > Is Donald Trump?s cybersecurity policy humming along at the 10-month mark of his administration, a rare space of continuity amid myriad shifts and realignments? Or is Trump blazing a new path that could set dangerous precedents in cyberspace and leave the internet more ungovernable in the future? > > The answer, according to cyber analysts and former officials in Republican and Democratic administrations, might be both. > > When it comes to basic management of the government?s cybersecurity responsibilities, they say, it might be difficult to distinguish Trump?s cybersecurity program from his predecessor?s. > > When it comes to shaping and enforcing international rules of the road in cyberspace, however, the Trump administration may be taking a step back from the U.S.?s historic role, a move experts worry could cede ground to an anti-Democratic model for the internet championed by U.S. adversaries such as Russia and China. > > Here?s the good part. > > The top officials leading Trump?s cyber policy?including Tom Bossert and Rob Joyce at the White House and Jeanette Manfra at the Homeland Security Department?are seasoned professionals with lengthy government resumes and are highly respected by their peers. > > Their policies?including a May executive order and a series of Homeland Security Department directives?are uncontroversial and largely in lockstep with government cybersecurity priorities that stretch back into the Obama administration or even earlier, former officials say. > > ? Get the best international military business news each week in the Global Business Brief from Marcus Weisgerber. Sign up here. > > In general, the administration has focused on shoring up federal agencies? cybersecurity, creating consequences for digital lapses and improving the security of critical infrastructure, such as hospitals, banks and airports. > > The Trump team has even broken new ground on these fronts. It won praise from industry when Homeland Security banned Russian anti-virus software made by Kaspersky Lab from government systems. Transparency advocates cheered when it offered an updated policy for how the government decides whether to hoard or disclose newfound software bugs. > > The administration also could close policy loops that the Obama administration never did, such as developing a rigorous cyber deterrence policy that outlines clear consequences for criminals and adversary nations that commit cyber crimes against the U.S., said Frank Cilluffo, director of George Washington University?s Center for Cyber and Homeland Security and a Bush administration cyber adviser. > > These policies aren?t perfect, the experts say, but cybersecurity isn?t about perfection. It?s about marginal improvements and balancing risk. Compared with analysts? fears about Trump?s bellicose language when he first took office?including a signal he might shift responsibility for domestic cybersecurity to the military?we?re in a pretty good place, they say. > > ?If you think about executive orders and the like, there?s not that ?holy crap, who wrote that?? moment like with immigration,? said Peter Singer, a senior fellow who leads the cybersecurity program at the New America think tank. ?Generally, I?m thinking: ?This is reasonable; this is sensible.?? > > The Divergence > When the focus shifts from the government?s day-to-day cyber protections to the U.S. role in global cyberspace, however, the Trump administration?s record suggests a much greater divergence. > > To begin with, there?s the State Department cyber coordinator?s office, which former Secretary Hillary Clinton established in 2011. The office represents the U.S. at bilateral and multilateral cyber negotiations and advocates cyber best practices to allies and developing nations belatedly entering the digital age. > > Current Secretary of State Rex Tillerson shuttered that office in August as part of a larger budget and bureaucracy trimming exercise. > > There?s also the United Nations? Group of Governmental Experts in cybersecurity, a group of 20-some nations, including the U.S., China and Russia, that meets periodically to iron out how international law and other rules of the road, known colloquially as ?norms,? apply in cyberspace. > > When that group?s most recent round of meetings ended without any meaningful progress earlier this year, Bossert, the White House Homeland Security Adviser, announced the U.S. would shift to a more coalition of the willing model to pursue cyber norms. > > Finally, there?s the elephant in the room: Trump?s continuing caginess about acknowledging Russia?s role in a hacking campaign and influence operation aimed at sowing chaos during the 2016 presidential election. > > Taken together, these shifts could undermine U.S. leadership in cyberspace and fundamentally change what the digital world looks like a decade from now, former officials said. > > A Brief History of Global Cyber Norms > The argument during the Obama administration went something like this: > > Nations will use the internet to spy on each other and that can?t be stopped. But, nations should also agree that this meddling in the internet should not extend to undermining businesses, damaging critical infrastructure like nuclear and energy plants, or putting citizens and their information at risk. > > When nations fail to honor these cyber norms, the U.S. argued, other nations should ensure they suffer consequences. That could mean a retaliatory cyber strike, but more often means economic sanctions, legal indictments or military action. > > Trump officials, including Bossert and Joyce, have embraced that broad argument, using phrases nearly identical to their Obama administration predecessors. But the structure itself is undermined by the administration?s actions, former officials say. > > Without the State Department cyber coordinator?s office, for example, there?s no organization in government that?s solely responsible for advocating the U.S. view of what cyberspace should look like. > > That leadership void leaves emerging and non-aligned nations more vulnerable to Chinese and Russian notions of the internet. Those include strong government control over what internet content their citizens see and rules that bar foreign companies from providing some internet services or force them to disclose their source code. > > What?s more, when the State Department first launched the coordinator?s office it was the first of its kind in the world. Now, six years later, roughly 20 nations have launched similar offices in their foreign ministries following the U.S. lead. > > ?The office itself has become a global norm and now it?s not there,? New America?s Singer said. ?Those other 20 offices are like: ?Are we now the voice of the free world on this issue??? > > Deputy Secretary of State John Sullivan told the House Foreign Affairs Committee in September that State ultimately plans to elevate its cyber mission despite closing the coordinator?s office, but he did not provide details or a timeline. State has not made any public moves on the cyber front since that hearing. > > Seemingly unconvinced by Sullivan, Foreign Affairs Committee Chairman Ed Royce, R-Calif., and ranking member Eliot Engel, D-N.Y., introduced a bill that requires the cyber office to be re-installed with greater authority. That bill passed the committee this month without a formal vote. > > Bush administration cyber adviser Frank Cilluffo largely supports the Trump administration?s cyber efforts thus far and says he supports more aggressive bilateral cyber negotiations, though he doesn?t believe the administration should abandon multilateral efforts, such as the Group of Governmental Experts. > > He acknowledged, however, that the State Department has not communicated clearly enough about its cyber plans. > > ?If the actual intent is simply to eliminate [the cyber coordinator?s] position and not build something as robust in its place, then I deeply oppose that,? Cilluffo said. > > The Cozy Bear in the Room > It?s Trump?s unwillingness to consistently acknowledge Russia?s culpability for meddling in the 2016 election, however, that does the most damage by far to American efforts to impose rules upon global cyberspace, former officials of both parties said. > > Failing to consistently advocate for good behavior in cyberspace is one thing, they said. Failing to impose consequences for bad behavior is another. > > Russia?s behavior, both during the 2016 election and since then?including meddling in European elections and breaching previously off-limits targets such as energy and nuclear plants?is the most egregious flouting of global cyber norms to date, they said. And, because there can?t be presidential buy-in, there have been, so far, few consequences. > > Even Russian sanctions that Congress passed over the president?s disapproval have yet to be fully implemented. > > ?We would like our allies and partners and as much of the international community as possible to see that responding to cyber threats is legitimate and, in order to make that case, you can?t fail to respond to what is clearly the number one cybersecurity challenge of the day,? said Jim Miller, a former undersecretary of defense for cyber policy during the Obama administration and president of the consultancy Adaptive Strategies. > > The result of this is two-fold. In the short term, it signals to Russia that it can continue to play fast and loose with pro-democratic cyber norms that the U.S. and other western nations have tried to establish. Second, it signals to other nations and non-state actors that similar cyber mischief will go unpunished. > > ?It?s not just Russia,? New America?s Singer said. ?It?s every other state and non-state group out there thinking: ?Hey, I could do this and get away with it.? My fear is that we?re trading the short term for the long term. I give credit to all the staffers and to the cyber governance things that are happening in certain areas. But there?s a larger contradiction here that sets us up poorly for the long term.? > > By Joseph Marks // Joseph Marks covers cybersecurity for Nextgov. He previously covered cybersecurity for Politico, intellectual property for Bloomberg BNA and federal litigation for Law360. He covered government technology for Nextgov during an earlier stint at the publication and began his career at Midwestern newspapers covering everything under the sun. He holds a bachelor?s degree in English from the University of Wisconsin in Madison and a master?s in international affairs from Georgetown University. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Fri Dec 1 06:59:24 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Dec 2017 12:59:24 -0000 Subject: [Infowarrior] - Google does not know multilingual people exist Message-ID: <51936209-C17F-4314-AD74-5CF2E74550DE@infowarrior.org> (h/t MP) Google does not know multilingual people exist posted by Thom Holwerda on Sun 26th Nov 2017 22:57 UTC http://www.osnews.com/story/30101/Google_does_not_know_multilingual_people_exist It's time to address a longstanding issue with Google, and as these things often go, it has to do with Silicon Valley not knowing multilingual people are a thing. A long, long time ago, searching for stuff on Google in different languages was a breeze. If you typed www.google.nl in your address bar, you went to Dutch Google. If you typed www.google.com, you went to English Google. If you typed www.google.de, you went to German Google. You may notice a pattern here - the country code determined your Google Search language. Crude, but effective. Years ago, however, Google, ever on the lookout to make its users' lives easier, determined, in its endless wisdom, that it would be a great idea to automatically determine your search language based on your location. Slightly more recently, Google seems to have started using not your location, but the information it has on you in your Google account to determine the language you wish to search in when you load Google Search, and on top of that, it tries to guess your search language based on the query you entered. Regardless of whether I go to www.google.nl or to www.google.com, Google standardises to Dutch. The language menu in Tools is entirely useless, since it only gives me the option to search in "Every language" or "Only pages written in Dutch". When I type in a longer, clearly English query, it will switch to showing English results for said query. However, with shorter queries, single-word queries, brands, or other terms that might transcend a specific language, Google simply doesn't know what to do, and it becomes a game of Guess What Language This Query Is Parsed As. As I've detailed before, Silicon Valley doesn't get out much, so they don't realise hundreds of millions of people around the world lead multilingual lives, speaking and searching in several different languages on a daily basis. Many Americans speak both Spanish and English on a daily basis, for instance, and dozens of millions of Europeans speak both their native language as well as English. Especially younger European generations have friends from all over the world, and it's likely they converse in today's lingua franca. Of course, for me personally, the situation is even more dire. I am a translator, and especially when working on more complex translations, I need to alternate between English and Dutch searches several times a minute. I may need to check how often a term is used, what it means exactly, if a technical term is perhaps left untranslated in Dutch, and so on. I need to be able to explicitly tell Google which language to search in. In its blind, unfettered devotion to machine learning and artificial intelligence, Google has made it pretty much impossible for me to use, you know, Google. Meanwhile, DuckDuckGo has a really neat little switch right at the top of its search results, which I can click to switch between English and Dutch - I don't even have to retype the query or reload the site from the address bar. The dropdown menu next to it gives me access to every single other language DuckDuckGo is available in. It's difficult to overstate how this feature has turned web search from a deeply frustrating experience into the frictionless effort it's always supposed to have been. This tiny, simple, elegant little feature is what has drawn me towards using DuckDuckGo. I'm willing to accept slightly less accurate search results if it means I don't have to fight with my search engine every single day to get it to search in the language I want it to. I will continue to harp on Silicon Valley for barely even paying lip service to multilingual users, because it frustrates our entire user experience on a daily basis. To make matters worse, virtually all popular tech media consist of Americans who only speak English, assuring that this issue will never get the attention it needs. From rforno at infowarrior.org Sat Dec 2 10:46:41 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 02 Dec 2017 16:46:41 -0000 Subject: [Infowarrior] - After 37 years, Voyager 1 has fired up its trajectory thrusters Message-ID: <8CA05E8F-6F2D-4C0F-925F-8646DB26ACB6@infowarrior.org> After 37 years, Voyager 1 has fired up its trajectory thrusters < - > At present, the Voyager 1 spacecraft is 21 billion kilometers from Earth, or about 141 times the distance between the Earth and Sun. It has, in fact, moved beyond our Solar System into interstellar space. However, we can still communicate with Voyager across that distance. This week, the scientists and engineers on the Voyager team did something very special. They commanded the spacecraft to fire a set of four trajectory thrusters for the first time in 37 years to determine their ability to orient the spacecraft using 10-millisecond pulses. After sending the commands on Tuesday, it took 19 hours and 35 minutes for the signal to reach Voyager. Then, the Earth-bound spacecraft team had to wait another 19 hours and 35 minutes to see if the spacecraft responded. It did. After nearly four decades of dormancy, the Aerojet Rocketdyne manufactured thrusters fired perfectly..... < - > https://arstechnica.com/science/2017/12/after-37-years-voyager-has-fired-up-its-trajectory-thrusters/ From rforno at infowarrior.org Sun Dec 3 08:16:21 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Dec 2017 14:16:21 -0000 Subject: [Infowarrior] - =?utf-8?b?SeKAmW0gb24gVHJ1bXDigJlzIHZvdGVyIGZy?= =?utf-8?q?aud_commission=2E_I=E2=80=99m_suing_it_to_find_out_what_it?= =?utf-8?b?4oCZcyBkb2luZy4=?= Message-ID: I?m on Trump?s voter fraud commission. I?m suing it to find out what it?s doing. Why is a presidential advisory panel on elections operating in such secrecy? https://www.washingtonpost.com/outlook/im-on-trumps-voter-fraud-commission-im-suing-it-to-find-out-what-its-doing/2017/11/30/1034574c-d3b0-11e7-95bf-df7c19270879_story.html By Matthew Dunlap November 30 Matthew Dunlap, a member of the Presidential Advisory Commission on Election Integrity, is Maine?s secretary of state. On Nov. 9, I filed a complaint in U.S. District Court in Washington, seeking to obtain the working documents, correspondence and schedule of the Presidential Advisory Commission on Election Integrity. What?s remarkable about my lawsuit is that I?m a member of the commission, and apparently this is the only way I can find out what we?re doing. The commission was formed in May to answer monster-under-the-bed questions about ?voter fraud,? but the implicit rationale for its creation appears to be to substantiate President Trump?s unfounded claims that up to 5 million people voted illegally in 2016. Chaired by Vice President Pence, the commission has the chance to answer questions about potential fraud and to highlight best practices to enhance voter confidence in our election systems. Yet it isn?t doing that. Instead, the commission is cloaking itself in secrecy, completely contrary to federal law. Recommendations for changes in public policy ? whether you agree with them or not ? ought to come through an open, public discussion where any American can weigh in. As the secretary of state in Maine, I was asked to serve on this 12-member commission by Pence?s office. Although I?m a Democrat, I accepted because I believed that membership would allow me to defend the election process from a position of authority, as a fully informed and engaged participant in the president?s review. The commission has met just twice, but it?s made some waves anyway. Even before we first convened, a June 28 memo, signed by commission Vice Chairman Kris Kobach, prompted fury by requesting detailed voter information from the chief elections officers of all 50 states. The Mississippi secretary of state, Republican Delbert Hosemann, invited the commission to ?jump in the Gulf of Mexico,? one of many colorful responses. Perhaps more striking is that the memo wasn?t written by staff ? it was written by individuals who were later named to the commission but who were working outside of government at the time. The letter went out immediately after our first conference call, indicating that Kobach?s data-gathering effort was underway before the commission formed. But no one told members of the commission that; I learned about it from the press. At our first meeting, at the White House complex in July, Trump made clear his motivation for convening the commission: ?This issue is very important to me because, throughout the campaign and even after it, people would come up to me and express their concerns about voter inconsistencies and irregularities, which they saw. In some cases, having to do with very large numbers of people in certain states.? The second meeting, held in New Hampshire in September, was electrified by unsubstantiated charges of rampant voter fraud in that state leveled by Kobach, a longtime proponent of the theory that voter fraud is a pressing danger, who also serves as Kansas secretary of state. Strangely, his charges had less to do with how voters in New Hampshire had conducted themselves than with the structure of the state?s election laws, which Kobach apparently dislikes. But neither the agenda for that meeting nor the list of witnesses invited to speak was vetted by the commission as a whole before the public session ? it just appeared. I?ve served on many boards and commissions in my nearly 20 years in politics. I?ve never seen a session where members learned about what would happen in a meeting only when the agenda became public. Since that meeting, there has been total silence from the leaders and staff of the commission about work happening behind the scenes. After repeated instances of learning about the commission?s activities only because reporters asked me about them, I sent a letter to Executive Director Andrew Kossack on Oct. 17 asking for information ? including communications between the commissioners and federal agencies ? about what the body I?m supposed to be a part of is doing. My request was simple: ?I am seeking information because I lack it; I am asking questions because I do not know the answers. I am a keen observer of the public discourse, and it has been made manifestly clear that there is information about this commission being created and shared among a number of parties, though apparently not universally. Thus, I am in a position where I feel compelled to inquire after the work of the Commission upon which I am sworn to serve, and am yet completely uninformed as to its activities.? More than a week later, on Oct. 25, I received the following reply: ?I am consulting with counsel regarding a response to your request to ensure any response accords with all applicable law.? That same day, I was forwarded a fundraising email from the conservative Minnesota Voters Alliance touting its invitation to present at our December meeting ? the first I had heard that such a meeting was even being contemplated, much less scheduled. When I asked Kossack about our future meetings, he replied that no meeting was scheduled for December. I have yet to hear anything further Our itinerary isn?t the only thing I can?t get clear information about. More than a month ago, The Washington Post reported on the arrest in Maryland of a researcher for the commission on charges of possession of child pornography. I can?t get answers about the disposition of the case: Is this researcher still employed by the commission? Has he been placed on leave? Has he resigned? I have no idea, as I have not received a response to my query to the commission. The commission was established by executive order under the auspices of the Federal Advisory Commission Act (FACA), which requires notice of our public meetings, disclosure of our work product and the opportunity for public participation. FACA was written precisely so Americans would know what the government is doing and what it is considering, so we could participate in that process. One of the agencies that some commissioners have been reportedly working with is the Department of Homeland Security, which oversees the implementation of the Real ID Act and has designated state election systems as ?critical infrastructure.? DHS may decide to enter the field of elections management, under the ubiquitous mantle of ?national security.? Without transparency about the commission?s actions, how can you find out if a policy is being developed that may require you to have a Real ID-compliant driver?s license to vote? Or whether you?ll have to prove American citizenship at the polls? How will you know about proposed changes to voter registration deadlines or new restrictions on absentee balloting? Of course, this is politics. But remember, we as American citizens are supposed to own the process. The desire to prevail in an election campaign has led to some sad episodes of voter intimidation and suppression in our country?s history. The Presidential Advisory Commission on Election Integrity should endeavor to challenge those fears and answer them, not add to them. Twitter: @MESecOfState From rforno at infowarrior.org Sun Dec 3 08:55:22 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Dec 2017 14:55:22 -0000 Subject: [Infowarrior] - Apple iOS 11 security 'downgrade' decried as 'horror show' Message-ID: Apple iOS 11 security 'downgrade' decried as 'horror show' Ability to reset iTunes Backup passwords unravels layered protection, claims researcher By Thomas Claburn in San Francisco 1 Dec 2017 at 22:33 https://www.theregister.co.uk/2017/12/01/apple_ios_11_security_downgrade_decried_as_horror_show/ After rapidly patching a flaw that allowed anyone with access to a High Sierra Mac to obtain administrative control, Apple still has more work to do to make its software secure, namely iOS 11, it was claimed this week. Oleg Afonin, a security researcher for password-cracking forensic IT biz Elcomsoft, in a blog post on Wednesday called iOS 11 "a horror story" due to changes the fruit-themed firm made to its mobile operating system that stripped away a stack of layered defenses. What's left, he argued, is a single point of failure: the iOS device passcode. With an iOS device and its passcode ? a barrier but not a particularly strong one ? an attacker can gain access not only to the device, but to a variety of linked cloud services and any other hardware associated with the device owner's Apple ID. Before the release of iOS 11, Alfonin explained in a phone interview with The Register, there were several layers of protection in iOS. "I feel they were pretty adequate for what they were," he said. "It seems like Apple abandoned all the layers except the passcode. Now the entire protection scheme depends on that one thing." What changed was the iOS device backup password in iTunes. In iOS 10 and earlier, users could set a unique password to secure an encrypted backup copy of the data on an iPhone. That password travelled with the hardware and if you attempted to connect the iPhone to a different computer in order to make another backup via iTunes, you'd have to supply the same backup password. In iOS 11, everything changed. As Apple explains in its Knowledge Base, "With iOS 11 or later, you can make a new encrypted backup of your device by resetting the password." That's a security problem because device backups made through iTunes contain far more data than would be available just through an unlocked iPhone. And that data can be had through the sort of forensic tools Elcomsoft and other companies sell. "Once an intruder gains access to the user?s iPhone and knows (or recovers) the passcode, there is no single extra layer of protection left," Alfonin explains in his post. "Everything (and I mean, everything) is now completely exposed. Local backups, the keychain, iCloud lock, Apple account password, cloud backups and photos, passwords from the iCloud Keychain, call logs, location data, browsing history, browser tabs and even the user?s original Apple ID password are quickly exposed." So the risk goes beyond the compromised phone and any associated Apple devices: Apple's iCloud Keychain could include, say, Google or Microsoft passwords. Alfonin in his post suggested "Apple gave up" in the wake of complaints from police, the FBI, and users. Asked whether he had any reason to believe the change was made to appease authorities, he said, "I don't believe this was made for the police. I believe it was just user complaints." Nonetheless, the iOS change has significant implications for those who deal with authorities, at border crossings for example. "If I cross the border, I may be forced to reveal my passcode," he said, noting that many thousands of electronic device searches happen every year. With that passcode, authorities could create their own device backup and store it, which would allow them to go back and extract passwords unrelated to the device itself later on. "If that happens they have access to everything, every password I have," he said. Alfonin said with iOS 11, Apple's entire protection scheme has fallen apart. He likened the situation to the 2014 iCloud hack known as Celebgate. "Those iCloud accounts were protected with just passwords," said Alfonin. "We have a similar situation today. If it's just one single thing, then it's not adequate protection." To fix the issue, Alfonin suggests going back to the way things were. "It was a perfectly balanced system," he said. "I don't think anybody complained seriously. The ability to reset an iTunes Backup password is not necessary. If they revert it back to the way it was in iOS 10, that would be perfect." Of course, this is just Alfonin and Elcomsoft's opinion. Others in the world of infosec were not convinced by his arguments ? for example, Dino Dai Zovi, cofounder of cloud security biz Capsulate8, was having none of it: Note that they don't require just an unlocked device or unlocked device and authenticating with Touch ID. You need to enter the passcode on an unlocked already trusted device to reset passwords and such. ? Dino A. Dai Zovi (@dinodaizovi) December 1, 2017 Apple did not respond to a request for comment. ? From rforno at infowarrior.org Sun Dec 3 08:59:38 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Dec 2017 14:59:38 -0000 Subject: [Infowarrior] - All You Need to Know About Bitcoin's Rise, From $0.01 to $11, 000 Message-ID: All You Need to Know About Bitcoin's Rise, From $0.01 to $11,000 By Olga Kharif https://www.bloomberg.com/news/articles/2017-12-01/understanding-bitcoin-s-rise-0-01-to-11-000-quicktake-q-a From rforno at infowarrior.org Sun Dec 3 10:05:31 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Dec 2017 16:05:31 -0000 Subject: [Infowarrior] - WSJ: Banks Build Line of Defense for Doomsday Cyberattack Message-ID: Banks Build Line of Defense for Doomsday Cyberattack The Sheltered Harbor project is meant to ensure that every U.S. bank has a protected, unalterable backup that can be used to serve customers in case of a major hack Telis Demos Dec. 3, 2017 7:00 a.m. ET U.S. banks have quietly launched a doomsday project they hope will prevent a run on the financial system should one of them suffer a debilitating cyberattack. The effort, which went live earlier this year and is dubbed Sheltered Harbor, currently includes banks and credit unions that have roughly 400 million U.S. accounts. The effort requires member firms to individually back up data so it can be used by other firms to serve customers of a disabled bank. While most people worry about their money being stolen in a hack, banks fear something more sinister: an attacker destroying, or even simply locking, data. Such moves could cripple a bank, leaving it unable to operate for hours, days, or perhaps much longer. If people suddenly can?t access their accounts and money at one bank, customers at other banks could panic, thinking they might be vulnerable, too. This could prompt them to withdraw funds as a precaution and, in a worst-case scenario, spark a run on the wider banking system. ?So far, most people think about cyber in terms of having a credit card stolen,? said Stuart Madnick, a professor of information technologies at the MIT Sloan School of Management. ?What you?re talking about now is a nuclear attack: If you can?t get to the ATM and get it to work.? < - > ?This level of vulnerability to cyberattack didn?t exist in 2008,? said Paul Bracken, a professor at the Yale School of Management who has developed war-game scenarios with banks since the 1990s. ?The question is how you handle...new ports to enter the system.? One answer was Sheltered Harbor, whose participants range from small, local institutions to giants such as Bank of America Corp., Citigroup Inc., and JPMorgan Chase JPM 0.26% & Co. Its 34-member board is composed of representatives of individual big banks, groups of smaller firms, trade associations, clearinghouses and broker-dealers. The project was hatched by Phil Venables, chief operational risk officer at Goldman Sachs, and James Rosenthal, Morgan Stanley?s former chief operating officer. Both are now co-chairs of Sheltered Harbor. The idea is to ensure that every U.S. bank has the kind of backups that some of the biggest banks have been using since the 1990s: protected in vaults, whether digital or physical, and unalterable once recorded. To participate, banks pay fees ranging from $250 to $25,000 a year, depending on their size. Members must follow specific guidelines on formatting data, creating a backup vault and submitting to audits. The goal is to make it feasible for backed-up data to start being used to cover an affected institution?s customers within 48 hours. < - > https://www.wsj.com/articles/banks-build-line-of-defense-for-doomsday-cyberattack-1512302401 From rforno at infowarrior.org Sun Dec 3 20:36:14 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Dec 2017 02:36:14 -0000 Subject: [Infowarrior] - =?utf-8?q?OT=3A_Nukes=2C_We=E2=80=99re_Not_Prepar?= =?utf-8?q?ed_for_the_Scale_of_=28Mass=29_Casualties?= Message-ID: Nuclear War with N. Korea: We?re Not Prepared for the Scale of Casualties By Cham Dallas On 12/3/17 at 10:12 AM Cham Dallas is the director of the Institute for Disaster Management at the University of Georgia. http://www.newsweek.com/nuclear-war-n-korea-were-not-prepared-scale-casualties-729656 The global impact of nuclear war?in perception and reality?took a significant, unprecedented and highly negative turn in the summer of 2017 with North Korea?s acquisition of a thermonuclear weapon. Those of us in the field of emergency preparedness shudder with the realization that a growing number of nations are joining the global thermonuclear arms race. This reality is fraught with consequences that most people do not recognize, and frankly do not want to know. Keep up with this story and more by subscribing now In a nutshell, thermonuclear weapons, colloquially known as H-bombs, produce much larger yields of destructive power than the nuclear weapons that countries tested in the early days of nuclear weapon development. For example, the nuclear bombs that the U.S. dropped on Japan in 1945 were in the 15 to 20 kiloton yield. This means that they had the destructive power of an equivalent of 15,000 to 20,000 tons of dynamite. In addition to killing about 100,000 people, these weapons cause thousands of traumatic injuries, thousands of radiation injuries and hundreds of thermal burn victims. Compare that to a thermonuclear weapon which is in the range of 75 to 49,000 kilotons of destructive power. Used on a densely populated urban center like New York City or Tokyo, just one weapon would kill millions of people and produce millions of casualties. Those numbers are devastating enough, but the real nightmare is that the number of thermal burn casualties greatly multiply with a thermonuclear weapon relative to a simple nuclear weapon. 6th November 1952: A mushroom cloud begins formation after the first H-Bomb explosion (US) at Eniwetok Atoll in the Pacific. Three Lions/Getty A typical serious thermal burn injury in a well staffed hospital takes three to four medical personnel per patient to provide adequate care. When we have hundreds of thousands of surviving burn patients due to an urban thermonuclear detonation, we are not going to be able to treat even a tiny fraction of them. Until now, only wealthy and advanced nations ? the United States, Russia, China, the United Kingdom, France and Israel ? were able to produce these massively destructive thermonuclear weapons. Now, with poor and unstable North Korea joining the thermonuclear club, other small nations may realize that this previously difficult threshold may be within their technical reach. Even worse, nations around the world know that the Earth is getting to be a much more dangerous place when a nation like North Korea has such weapons, and many will perceive that their national safety now depends on procuring these terrible devices as well. In academic journals and in the media, there is talk of India acquiring thermonuclear weapons on the fast track, which will pressure Pakistan to do the same. The sense of urgency is even touching nations that previously eschewed the development of nuclear weapons. Even Japan ? which by its constitution is significantly restricted in its armaments and has no nuclear weapons at all ? could use its enormous stockpile of nuclear waste to rapidly develop an equally enormous stockpile of thermonuclear weapons. Despite repeated headlines about the growing possibility of nuclear war, most people, curiously, avoid thinking or talking about it. In over a thousand lectures on nuclear war medical response, I find even medical audiences do not want to address the issue. In fact, I recently published an assessment of U.S. and Asian emergency medical responders? hypothetical response to a nuclear event which found a striking lack of knowledge about patients affected by radiation after nuclear war and a strong reluctance to treat them, even though it is far less dangerous than treating infectious disease patients. This fear of radiation is just as pronounced in the general population. We had a very hard time getting the medical and public health community to adequately address this issue even when we were focused on the smaller, Hiroshima-sized weapons, where it is feasible to mount a credible response. Now, we have to discuss the grim prospect of responding to the global thermonuclear arms race that we are now in ? and currently losing. While nuclear nonproliferation remains a top priority, the preparation for responding to the actual use of these terrible weapons is now a regrettable necessity that we must confront. From rforno at infowarrior.org Mon Dec 4 06:53:07 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Dec 2017 12:53:07 -0000 Subject: [Infowarrior] - =?utf-8?q?How_Silicon_Valley_Became_the_FCC_Chair?= =?utf-8?q?=E2=80=99s_Scapegoat?= Message-ID: <59FD552D-11A3-4BA5-9527-CC552311163F@infowarrior.org> How Silicon Valley Became the FCC Chair?s Scapegoat In a speech last week about open internet regulations, Ajit Pai stoked anti-tech sentiment. By Joshua Brustein December 4, 2017, 6:00 AM EST https://www.bloomberg.com/news/articles/2017-12-04/how-silicon-valley-became-the-fcc-chair-s-scapegoat The debate over internet regulation has steadily morphed over the last few years from an insular fight between telecom experts into a standard-issue political screaming match. The process seemed to devolve fully over the last week, starting when Federal Communications Commission Chairman Ajit Pai released his plan to roll back Obama-era open internet rules on Nov. 22, the day before Thanksgiving. The proposal was a logical candidate for a pre-holiday news dump. Significant public support has built over the last three years for net neutrality, the principle that internet providers shouldn?t give preferential treatment to certain websites and services. If internet providers have this power, the argument goes, they could smother views they don?t like, or services that compete with their own. The energy to prevent this is coming nearly entirely from the Democratic side, and resulted in the strongest-ever net neutrality protections in the form of the 2015 Open Internet rules. Most Republicans thought the rules were unnecessary, and hated that the FCC claimed greater regulatory power over companies like Comcast Corp. and AT&T Inc. in implementing them. For some reason, restoring the lost power of huge telecom companies hasn?t lit a fire in grassroots circles on the right, a point that Pai?s political allies have been acknowledging privately for months. So the FCC chair came back from Thanksgiving looking to create a spark. In a speech on Tuesday, Pai angrily denounced celebrities and tech companies who have been criticizing his plans to undo the 2015 rules. Hollywood is always a good scapegoat, of course, and Republicans looking to stir up anger in 2017 do well to frame their issues as a response to the unchecked power of Silicon Valley. According to Pai, the big tech platforms are the true threat to freedom of speech and open competition on the internet, and giving them any additional leverage is a mistake. ?They might cloak their advocacy in the public interest, but the real interest of these internet giants is in using the regulatory process to cement their dominance in the internet economy,? he said on Tuesday. The next day he followed up by criticizing Twitter for blocking messages and cancelling conservative accounts. ?When it comes to an open internet, Twitter is part of the problem,? he said. This isn?t a new tactic for Pai. ?He had the same complaints about us being shills? for internet companies, said Tom Wheeler, the FCC chairman who ushered in the 2015 rules. Anger towards tech on the right has only grown since then. ?I?ve spoken with Republican offices, and they see a lot of these issues through the lens of payback for tech companies,? said Brent Skorup, a research fellow at the Mercatus Center, a research organization at George Mason University with a free market bent. He supports Pai?s approach. An irony to the Silicon Valley scapegoating is that people from both sides of the debate say that the biggest internet companies have been less than fully engaged in the net neutrality debate. It has been a point of consistent grumbling from the most enthusiastic net neutrality advocates. If Comcast started charging web services for faster internet speeds, Facebook Inc. and Alphabet Inc.?s Google would have no trouble paying the tolls. Smaller companies might, however, leaving them at further competitive disadvantage. There?s a pro net-neutrality school of thought that the rules are needed to prevent the internet giants from gaining an even greater advantage over smaller companies. A perfectly consistent philosophy for internet regulation would be to support net neutrality to reign in monopolistic internet providers while also supporting new rules that would reign in monopolistic tech companies. In fact, it?s the position staked out by one of the Democratic lawmakers who has been most vocal on tech in recent years, Minnesota Senator Al Franken. ?As tech giants become a new kind of internet gatekeeper, I believe the same basic principles of net neutrality should apply here: no one company should have the power to pick and choose which content reaches consumers and which doesn?t,? he said in a speech to the Open Markets Institute, a research and advocacy group focused on antitrust issues, last month. (The chances that Franken will play a leading role have clearly diminished in recent weeks, obviously, but the framework would be there for someone else to pick up.) Don?t expect Pai to follow up his critique of Silicon Valley with any regulatory action. His main impact on the FCC since taking the agency over has been to have it do less in nearly every instance. Republicans presumably wouldn?t want the agency get into the business of policing speech. ?It?s hard to imagine what substantive thing he would do, aside from throwing gasoline on the fire and letting some conservative take the charge from there,? said Zach Graves, director of technology and innovation policy at R Street Institute, a libertarian-leaning think tank focused on tech issues. ?He probably can?t be the person to lead this.? But stoking the fire is an end in itself. Pai has the votes to upend the way the federal government treats competition on the internet. His chosen plan has made many people very angry. So he?s taken the default strategy of anyone involved in American politics circa 2017 ? whip up some anger of his own. From rforno at infowarrior.org Mon Dec 4 06:55:07 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Dec 2017 12:55:07 -0000 Subject: [Infowarrior] - Joint Staff Strategic Multilayer Assessment: Influence in an Age of Rising Connectedness Message-ID: <1756E09E-9C0E-40C0-AF7A-310459231CEA@infowarrior.org> Joint Staff Strategic Multilayer Assessment: Influence in an Age of Rising Connectedness Page Count: 103 pages Date: August 2017 Restriction: None Originating Organization: Joint Staff J39 File Type: pdf File Size: 3,238,589 bytes https://publicintelligence.net/sma-influence-connectedness/ PDF @ https://info.publicintelligence.net/SMA-InfluenceConnectedness.pdf From rforno at infowarrior.org Mon Dec 4 09:20:09 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Dec 2017 15:20:09 -0000 Subject: [Infowarrior] - Speaking in Baltimore tomorrow evening Message-ID: <9012809C-7E4C-4687-95AE-9522B68B8C19@infowarrior.org> For anyone interested, I'll be helping kick off the inaugural season of the Baltimore area Great Talks speakers series tomorrow evening. -- rick http://greattalk.org/ Cyber Wars, the Secrets, the Spies DATE: Tuesday, December 5, 2017 @ 7pm VENUE: Maryland Institute College of Art (MICA) Brown Center, Falvey Hall 1301 W. Mt Royal Avenue Baltimore, MD 21217 http://greattalk.org/ Panel: THOMAS DRAKE FORMER NSA SENIOR EXECUTIVE AND WHISTLEBLOWER RICHARD FORNO ASSISTANT DIRECTOR, UMBC CENTER FOR CYBERSECURITY MICHAEL HICKS PROFESSOR & SOFTWARE SECURITY RESEARCHER DANA PRIEST - MODERATOR PULITZER PRIZE-WINNING JOURNALIST (Washington Post) From rforno at infowarrior.org Mon Dec 4 14:13:41 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Dec 2017 20:13:41 -0000 Subject: [Infowarrior] - "Crypto" Is Being Redefined as Cryptocurrencies Message-ID: <5AD3A748-59B0-4564-A12A-10310A068DBB@infowarrior.org> "Crypto" Is Being Redefined as Cryptocurrencies https://www.schneier.com/blog/archives/2017/12/crypto_is_being.html I agree with Lorenzo Franceschi-Bicchierai, "Cryptocurrencies aren't 'crypto'": Lately on the internet, people in the world of Bitcoin and other digital currencies are starting to use the word "crypto" as a catch-all term for the lightly regulated and burgeoning world of digital currencies in general, or for the word "cryptocurrency" -- which probably shouldn't even be called "currency," by the way. [...] To be clear, I'm not the only one who is mad about this. Bitcoin and other technologies indeed do use cryptography: all cryptocurrency transactions are secured by a "public key" known to all and a "private key" known only to one party? -- this is the basis for a swath of cryptographic approaches (known as public key, or asymmetric cryptography) like PGP. But cryptographers say that's not really their defining trait. "Most cryptocurrency barely has anything to do with serious cryptography," Matthew Green, a renowned computer scientist who studies cryptography, told me via email. "Aside from the trivial use of digital signatures and hash functions, it's a stupid name." It is a stupid name. From rforno at infowarrior.org Mon Dec 4 17:13:59 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Dec 2017 23:13:59 -0000 Subject: [Infowarrior] - Ajit Pai Attacked Hollywood & Silicon Valley Because Even Republicans Are Against His Net Neutrality Plan Message-ID: Ajit Pai Attacked Hollywood & Silicon Valley Because Even Republicans Are Against His Net Neutrality Plan from the that's-a-temper-tantrum,-not-leadership dept We were mystified last week when FCC chair Ajit Pai decided to attack both Hollywood and Silicon Valley because some (not all) people in both communities have spoken out against his plans to gut net neutrality. The attacks were weird on multiple levels. Regarding Hollywood, the comments were strangely personal -- picking out a list of entertainers, often taking their comments out of context, and attacking them in very personal ways. It was, to say the least, unbecoming of an FCC chair to directly pick on entertainers for voicing their opinions. The attacks on Silicon Valley were... even stranger. First, he claimed that the demand to keep net neutrality was really a ploy by the largest internet companies (i.e. Google & Facebook) to keep their dominant position. But that ignores the fact that without net neutrality, they're well positioned to further entrench their position. More importantly, it totally ignores the fact that neither Google nor Facebook have been strong advocates of net neutrality (and, in many cases, have pushed back against net neutrality). Bloomberg now has an article up explaining why Pai would make these attacks: apparently even among Republican activists, there's effectively no support for his plan to kill net neutrality. So, rather than (1) admit he's made a huge mistake or (2) give good reasons for his plan, he thought he'd pull a sort of Trumpian game of blaming other people that Republicans are supposed to hate, in the (not very accurate) stereotypical view of the US from the reality distortion field known as Washington DC. < - > https://www.techdirt.com/articles/20171204/09513338736/ajit-pai-attacked-hollywood-silicon-valley-because-even-republicans-are-against-his-net-neutrality-plan.shtml From rforno at infowarrior.org Mon Dec 4 17:14:00 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Dec 2017 23:14:00 -0000 Subject: [Infowarrior] - =?utf-8?q?FCC_won=E2=80=99t_delay_vote=2C_says_ne?= =?utf-8?q?t_neutrality_supporters_are_=E2=80=9Cdesperate=E2=80=9D?= Message-ID: FCC won?t delay vote, says net neutrality supporters are ?desperate? Pai says FTC will protect consumers?but FTC could lose its regulatory authority. Jon Brodkin - 12/4/2017, 2:51 PM https://arstechnica.com/tech-policy/2017/12/fcc-chair-refuses-to-delay-net-neutrality-vote-despite-pending-court-case/ From rforno at infowarrior.org Mon Dec 4 17:15:47 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Dec 2017 23:15:47 -0000 Subject: [Infowarrior] - Home Security Company Says No One Linking To Its Website Is Allowed To Disparage It Message-ID: <53A86166-997E-4032-945F-FCADA24D40D4@infowarrior.org> Home Security Company Says No One Linking To Its Website Is Allowed To Disparage It from the lol-no dept With a federal law in place forbidding this sort of stuff, and an internet full of documentation detailing just how badly things go for companies that institute these policies, why on earth would ADT Security add this clause to its Terms of Use? For those of you who can't see the tweet, soon-to-be-former ADT customer scriptjunkie has been informed via dialog box ADT's Terms of Use have changed. ADT's Terms of Use contain a Streisand Precursor: if you link to ADT's site, you promise not to do several things, including: Will not disparage ADT, ADT's products or services, or any of ADT's affiliates or their products or services This isn't even legal in this day and age, but hiding it in a bunch of words users will likely never read is a great way to fly under the federal law radar. This, of course, only lasts until someone points it out on the internet and, while linking to ADT's site, points out the clause is stupid, the company is stupid for deploying it, and the company's lawyers are just as stupid for suggesting it/signing off on it. < - > https://www.techdirt.com/articles/20171204/07455638731/home-security-company-says-no-one-linking-to-website-is-allowed-to-disparage-it.shtml From rforno at infowarrior.org Tue Dec 5 06:46:16 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2017 12:46:16 -0000 Subject: [Infowarrior] - =?utf-8?q?WH_Weighing_Plans_for_Private_Spies_to_?= =?utf-8?q?Counter_=E2=80=9CDeep_State=E2=80=9D_Enemies?= Message-ID: <7A5236F5-5711-4AA3-BFAD-FD760791E325@infowarrior.org> Sounds like Rumsfeld's failed Office of Special Plans on steroids. BoingBoing says Prince threatened to sue the Intercept for running the story, which sort of adds credence to it, imho. --rick White House Weighing Plans for Private Spies to Counter ?Deep State? Enemies Matthew Cole, Jeremy Scahill December 4 2017, 10:24 p.m. The Trump administration is considering a set of proposals developed by Blackwater founder Erik Prince and a retired CIA officer ? with assistance from Oliver North, a key figure in the Iran-Contra scandal ? to provide CIA Director Mike Pompeo and the White House with a global, private spy network that would circumvent official U.S. intelligence agencies, according to several current and former U.S. intelligence officials and others familiar with the proposals. The sources say the plans have been pitched to the White House as a means of countering ?deep state? enemies in the intelligence community seeking to undermine Trump?s presidency. The creation of such a program raises the possibility that the effort would be used to create an intelligence apparatus to justify the Trump administration?s political agenda. ?Pompeo can?t trust the CIA bureaucracy, so we need to create this thing that reports just directly to him,? said a former senior U.S. intelligence official with firsthand knowledge of the proposals, in describing White House discussions. ?It is a direct-action arm, totally off the books,? this person said, meaning the intelligence collected would not be shared with the rest of the CIA or the larger intelligence community. ?The whole point is this is supposed to report to the president and Pompeo directly.? < - > https://theintercept.com/2017/12/04/trump-white-house-weighing-plans-for-private-spies-to-counter-deep-state-enemies/ From rforno at infowarrior.org Tue Dec 5 07:06:27 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2017 13:06:27 -0000 Subject: [Infowarrior] - How the Kremlin Tried to Pose as American News Sites on Twitter Message-ID: How the Kremlin Tried to Pose as American News Sites on Twitter Twitter has suspended dozens of accounts masquerading as U.S. news sources that had more than 500,000 followers. By Selina Wang December 5, 2017, 6:00 AM EST The Kremlin-backed Russian Internet Research Agency operated dozens of Twitter accounts masquerading as local American news sources that collectively garnered more than half-a-million followers. More than 100 news outlets also published stories containing those handles in the run-up to the election, and some of them were even tweeted by a top presidential aide. These news imposter accounts, which are part of the 2,752 now-suspended accounts that Twitter Inc. has publicly disclosed to be tied to the IRA, show how the Russian group sought to build local communities of followers to disseminate messages. Many of the news imposter accounts amassed their following by tweeting headlines from real news sites, while others sought to represent certain communities. They targeted a diverse set of regions across the political spectrum, including Chicago, Los Angeles, Seattle, San Francisco and Boston. Several of the accounts were impersonating local news outlets in swing states, like @TodayPittsburgh, @TodayMiami and @TodayCincinnati. There were about 40 news imposter accounts out of the 2,752 Twitter accounts that the company identified as being tied to the IRA. Twitter has deactivated all of those accounts and removed any data on the accounts from third-party sources. Information on the details of the accounts was gathered from Meltwater, a data intelligence firm that monitors social media. Details on the contents of the tweets are from Facebook posts that were synced with the users? Twitter accounts. Some of the followers of the accounts could be bots, and the same bots or users could have followed multiple imposter accounts. Twitter did not verify any of the 2,752 accounts, according to a company spokeswoman. Twitter says it's taking steps to stop malicious actors on its platform. < --- > https://www.bloomberg.com/news/articles/2017-12-05/how-the-kremlin-tried-to-pose-as-american-news-sites-on-twitter From rforno at infowarrior.org Tue Dec 5 13:30:27 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2017 19:30:27 -0000 Subject: [Infowarrior] - Army launches direct commissions for cyber Message-ID: Army leaders launch program to recruit more cyber warriors By Morgan Chalfant - 12/05/17 02:03 PM EST http://thehill.com/policy/cybersecurity/363349-army-leaders-launch-program-to-recruit-more-cyber-warriors The U.S. Army is officially launching a new program aimed at recruiting more cyber operators in order to fill existing gaps in the force. The service is implementing a new pilot program to directly commission civilians with technology and cybersecurity backgrounds as cyber operations officers who will provide support for the branch?s Cyber Mission Force teams. The effort signals the urgency within the Army to recruit more technology-savvy operators as cyber operations gain significance in the U.S. military. ?We?ve been building the force for the last four years,? Lt. Gen. Paul Nakasone, commander of U.S. Army Cyber Command, told reporters at a briefing on the program Tuesday afternoon. ?We?ve got a pretty good feel for the ? gaps that we have.? The program will allow programmers, web developers and others in technology fields to apply to be directly commissioned as an officer in U.S. Army Cyber. In order to apply, individuals must have at least four-year degrees in computer science or related tech fields, in addition to filling a set of other requirements. Army direct commissions are aimed at recruiting civilians with high-demand skills into the service. Direct commissions were previously limited to those in the legal, medical, and chaplain corps. Being directly commissioned as an officer comes with immediate perks, including the ability to give orders and eligibility for increased pay and benefits. Nakasone said Tuesday that the service is hoping to recruit its first class of cyber operators by February. Those admitted into the program will need to complete a six-week direct commissioning course at Fort Sill, Okla., followed by a 12-week cyber officer course at Fort Gordon, Ga. The pilot program will run for five years, and leaders hope to recruit up to five new cyber officers each year. Army cyber officers are responsible for developing tools, writing programs and algorithms, and performing research to support the service?s Cyber Mission Force teams. The federal government has broadly struggled to recruit and retain officials serving in technology and cyber-related roles, given steep competition with the private sector. Federal tech officials hosted the first ever government-wide event to recruit IT and cyber personnel last month. Cyber operations have become a growing priority in the U.S. military as adversaries have increasingly turned to cyberspace to conduct operations. President Trump in August moved to boost U.S. Cyber Command, the Pentagon?s offensive cyber operations unit, spinning it out into a full combatant command. The other military branches are also looking to actively recruit more cyber professionals to become part of the joint cyber force. ?This is just a new way of doing business,? Nakasone said Tuesday. ?We?re looking for talent.? From rforno at infowarrior.org Wed Dec 6 06:21:19 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 06 Dec 2017 12:21:19 -0000 Subject: [Infowarrior] - Budwiser's awesome "take down" notice to competitor Message-ID: <9754A77D-1294-492B-ABF1-924160B83268@infowarrior.org> THIS is a perfect IP takedown notice. Movie studios and other fan-related institutions, take a lesson here! --rick Where Credit's Due: Budweiser Goes The Cool And Funny Route On Microbrewery's 'Dilly Dilly' Craft IPA https://www.techdirt.com/articles/20171204/18102138740/where-credits-due-budweiser-goes-cool-funny-route-microbrewerys-dilly-dilly-craft-ipa.shtml I like to give credit where credit is due. When it comes to the myriad posts we've written about Budweiser or its parent company Anheuser-Busch, the credit has mostly been to do with being intellectual property bullies and all around megalith caricatures. That said, the company's actions surrounding a recent case of actual trademark infringement show the company not to be without humor or grace when it actually tries. Minneapolis brewery, Modist Brewery, recently unveiled a new double IPA it decided to call "Dilly Dilly." If that isn't ringing any bells, you must not have seen the series of kingly ads for Bud Light that I find funny, although I can't describe exactly why. <-> n case you can't see the video, the "messenger" from Budwesider states the following. ?Hear ye, hear ye!? he began. ?Dear friend of the crown, Modist Brewery Company, congratulations on the new brew: Dilly Dilly Mosaic Double IPA ...? the man read. ?We are duly flattered by your royal tribute. However, ?Dilly Dilly? is the motto of our realm. So we humbly ask that you keep this to a limited edition one-time-only run. This is by order of the king. Disobedience shall be met with additional scrolls, then a formal warning, and finally, a private tour of the pit of misery.? To make sure the disposition of the message was clear, the messenger goes on to gift two Super Bowl tickets to the brewery, as the game will be in Minnesota this year. Rather than being the bully, Budweiser added some humor to its request that the brewery, which knew about the trademark, simply not continue the run of the IPA under the infringing name past the limited run, and it managed to do so in an entertaining and congenial way. As far as cease and desists go, this is about as good as it gets. And Budweiser is earning high praise in the press for all this, extending its branding message and bathing the Bud Light product in positive coverage. That's a pretty good look and a welcome departure for a company not known for being so human and accommodating. https://www.techdirt.com/articles/20171204/18102138740/where-credits-due-budweiser-goes-cool-funny-route-microbrewerys-dilly-dilly-craft-ipa.shtml From rforno at infowarrior.org Wed Dec 6 12:44:31 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 06 Dec 2017 18:44:31 -0000 Subject: [Infowarrior] - =?utf-8?q?Former_US_State_Department_cyber_man=3A?= =?utf-8?q?_We_didn=E2=80=99t_see_the_Russian_threat_coming?= Message-ID: <405B21D2-E829-4810-9DD9-F4383832624E@infowarrior.org> Security Former US State Department cyber man: We didn?t see the Russian threat coming Cyber no longer domain of techies, says ex-diplomat By John Leyden 6 Dec 2017 at 15:35 https://www.theregister.co.uk/2017/12/06/black_hat_eu_cyber/ Black Hat Cyber threats have evolved from been a solely technical issues to core issues of government policy, according to a senior US lawyer and former cyber diplomat. Chris Painter, former co-ordinator for cyber issues at the US State Department, told delegates at the Black Hat EU conference that cyber issues have emerged as a core topic for governments worldwide. ?Cyber is now seen as a core issue for defence policy, foreign policy and more? it?s not just a technical issue. ?Cyberspace is a new domain of war and all countries are involved in it,? he added. The US, China and Russia have agreed that the rules of international law apply in cyberspace, so the rules of war apply to cyber attacks. That means that an attack on civilian infrastructure such as a dam would be considered as warranting reprisals, but the situation is more complicated than that in practice. ?A lot of malign activity is occurring below the high threshold of what could be classified as an act of war,? Painter explained. ?We?re doing a poor job at deterrence in cyberspace. The credibility of response is OK but timeliness is a problem partly because of attribution.? Painter argued that although you can never have absolute certainty in attribution, by using a combination of technical and political analysis it?s possible to have a high degree of confidence about who is behind particular attacks, especially if they are long term campaigns. Launching missiles in response to a cyber attack is unlikely unless there is a loss of life involved. This means that response boils down to applying diplomatic or political pressure on governments. ?We need to expand the tool set,? Painter concluded. One thing that is already possible in greater international co-operation, something that can be achieved through diplomatic channel. Painter explained how whilst at the US State Department he struck a deal to get help from other countries in taking down nodes of a botnet that was attacking US banks in return for a promise of co-operation from the US in the event of those countries needing assistance at some future date. Painter also outlined efforts to promote norms - or "rules of the road" - in cyberspace. He also examined challenges that lie ahead and the need for the policy and technical communities to work together globally to meet those challenges. ?We didn?t see the Russian threat coming,? Painter said. ?Tech people need to tell policy people about the next coming threat.? The former White House and US State Department official made his comments during an opening keynote presentation at the Black Hat Europe conference in London on Wednesday. ? From rforno at infowarrior.org Sun Dec 10 16:34:02 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Dec 2017 22:34:02 -0000 Subject: [Infowarrior] - First US bitcoin futures start trading at 6PM Eastern Message-ID: <5B579763-C931-44A8-853A-DD35BA486500@infowarrior.org> No thank you!!!! --rick First US bitcoin futures start trading at 6PM Eastern You can bet on digital currency values through an official exchange. Jon Fingas, @jonfingas 1h ago in Internet https://www.engadget.com/2017/12/10/first-us-bitcoin-futures-start-trading/ Bitcoin is one step closer to becoming a part of the mainstream financial world. Cboe is launching the first US bitcoin futures exchange at 6PM Eastern, giving speculators a chance to bet on the value of the cryptocurrency through a listed (XBT), regulated entity. You don't use a digital wallet or otherwise require bitcoins -- instead, you trade and settle futures contracts using cash, with a $10 minimum price interval and a $1 transaction fee from January onward. There aren't any price limits, and you can short your futures (that is, immediately sell them in hopes of turning a quick profit) if your broker allows it. This isn't going to be as huge as the expected Nasdaq bitcoin futures exchange. Also, don't be surprised if your brokerage of choice either doesn't allow bitcoin futures trading or limits what you can do. Charles Schwab, TD Ameritrade and others are barring trades at the moment, while Interactive Brokers is both preventing customers from shorting futures and setting a minimum margin of 50 percent. Goldman Sachs is open to them, but only expects to approve futures trading for some of its clients. Still, Cboe's exchange could be important. The regulation and added transparency may give more legitimacy to bitcoin, particularly among institutions and investors who see it as a wild experiment. Also, it could help calm down bitcoin's extreme volatility in recent months. A single bitcoin is worth about $15,550 as of this writing, or roughly $10,000 more than it was worth in mid-October -- those kinds of increases (and the crashes that follow) aren't healthy for a financial industry that needs some predictability. As futures have historically calmed markets down once introduced, there's a chance bitcoin could enjoy much-needed stability. From rforno at infowarrior.org Tue Dec 12 09:13:32 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Dec 2017 15:13:32 -0000 Subject: [Infowarrior] - SIGINT for Anyone The Growing Availability of Signals Intelligence in the Public Domain Message-ID: <790BFB23-6D76-463B-833E-3C335482210D@infowarrior.org> https://www.rand.org/pubs/perspectives/PE273.html SIGINT for Anyone The Growing Availability of Signals Intelligence in the Public Domain https://www.rand.org/pubs/perspectives/PE273.html This Perspective examines and challenges the assumption that signals intelligence (SIGINT) is an inherently governmental function by revealing nongovernmental approaches and technologies that allow private citizens to conduct SIGINT activities. RAND researchers relied on publicly available information to identify SIGINT capabilities in the open market and to describe the intelligence value each capability provides to users. They explore the implications each capability might provide to the United States and allied governments. The team explored four technology areas where nongovernmental SIGINT is flourishing: maritime domain awareness; radio frequency (RF) spectrum mapping; eavesdropping, jamming, and hijacking of satellite systems; and cyber surveillance. They then identified areas where further research and debate are needed to create legal, regulatory, policy, process, and human capital solutions to the challenges these new capabilities provide to government. This was an exploratory effort, rather than a comprehensive research endeavor. The team relied on unclassified and publicly available materials to find examples of capabilities that challenge the government-only paradigm. They identified ways these capabilities and trends may affect the U.S. government in terms of emerging threats, policy implications, technology repercussions, human capital considerations, and financial effects. Finally, they identified areas for future study for U.S. and allied government leaders to respond to these changes. From rforno at infowarrior.org Tue Dec 12 15:53:49 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Dec 2017 21:53:49 -0000 Subject: [Infowarrior] - OT: Politifact names the 2017 'Lie of the Year' Message-ID: Politifact names Trump claim that Russian election interference is 'made-up' as 'Lie of the Year' By Avery Anapol - 12/12/17 04:43 PM EST http://thehill.com/homenews/administration/364524-politifact-names-trump-claim-that-russian-election-interference-is Politifact on Tuesday named ?Russian election interference is a ?made-up story? as its 2017 ?Lie of the Year.? The fact-checking website said that despite ?a mountain of evidence? that Russia interfered in the 2016 presidential election, President Trump continues to insist that it did not. ?Trump continually asserts that Russia?s meddling in the 2016 election is fake news, a hoax or a made-up story, even though there is widespread, bipartisan evidence to the contrary,? Politifact?s Angie Drobnic Holan writes. As Special Counsel Robert Mueller?s investigation into whether the Trump campaign colluded with Russia has ramped up, the president and his lawyers have repeatedly said that there was ?no collusion.? In an interview with NBC in May, Trump said that the concept of Russian interference was ?made up? by Democrats as an ?excuse? for losing the election. ?You know, this Russia thing with Trump and Russia is a made up story,? he said at the time. ?It?s an excuse by the Democrats for having lost an election that they should have won ... This was an excuse for having lost an election.? Politifact writes that Trump?s insistence that there was ?no collusion? implies that he does believe Russia interfered, just not involving him personally. ?Trump could acknowledge the interference happened while still standing by the legitimacy of his election and his presidency ? but he declines to do so,? Holan writes. ?Sometimes he?ll state firmly there was "no collusion" between his campaign and Russia, an implicit admission that Russia did act in some capacity. Then he reverts back to denying the interference even happened.? A new poll found that the majority of Americans believe that Trump has tried to derail the investigation, and more than half say that the Trump campaign tried to collude with Russia. The Politifact readers? poll also chose Trump?s claim as ?the year?s most significant falsehood.? From rforno at infowarrior.org Wed Dec 13 10:19:58 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Dec 2017 16:19:58 -0000 Subject: [Infowarrior] - Two plead guilty in development of Mirai cyberweapon Message-ID: <17EA4A6D-A3A9-4744-BD97-4819A1188C45@infowarrior.org> Two plead guilty in development of Mirai cyberweapon By Joe Uchill - 12/13/17 11:08 AM EST http://thehill.com/policy/cybersecurity/364687-two-plead-guilty-in-development-of-mirai-cyberweapon Two defendants have pleaded guilty to creating Mirai, a tool used to throw websites offline that was released to the public and eventually used against Twitter, The New York Times and Netflix. Paras Jha and Josiah White pleaded guilty to charges stemming from Mirai in Alaska last week, according to court documents unsealed on Tuesday. Mirai launches distributed denial of service attacks (DDoS), coordinated floods of traffic so large they overwhelm victim's servers and force them to crash or severely slow. Mirai generated the traffic by creating networks of hacked internet-connected devices, like security cameras, and have each contact a target at the same time. Mirai served as an automated platform for hacking the devices and built networks so big they broke several records for the size of DDoS attacks. The most famous victims of the Mirai attacks were security journalist Brian Krebs and the internet infrastructure company Dyn. Dyn, which serves as a switchboard that connects users with sites such as Twitter, the New York Times, Netflix, Etsy and others, brought its clients down with it. Jha and White admitted to taking part in the design of Mirai, with Jha also admitting to participating in selling access to the botnet for others to use in attacks and promoting Mirai on criminal web forums. One of the accounts used to promote the service was "Ana Senpai," an account that eventually posted the source code for users to download for free. From rforno at infowarrior.org Thu Dec 14 08:31:26 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2017 14:31:26 -0000 Subject: [Infowarrior] - POTUS daily intel updates structured to avoid upsetting him: report Message-ID: <88EA2566-A4F6-4C27-8DD0-1753DC2940DF@infowarrior.org> Such a delicate doiley, this guy. Sheesh.... ---rick http://thehill.com/homenews/administration/364844-trump-daily-intel-updates-structured-to-avoid-upsetting-him-report Trump daily intel updates structured to avoid upsetting him: report By Rebecca Savransky - 12/14/17 07:43 AM EST 151 President Trump's daily intelligence updates are reportedly set up oftentimes in an effort not to displease him. The Washington Post reported that U.S. officials would not say whether recent information on Russia had been included in the president's daily briefing. A former senior intelligence official familiar with the matter said intelligence about Russia that could upset Trump is sometimes just included in the written assessment. The order in which the information is presented could also be altered to try not to upset Trump, according to the Post. ?If you talk about Russia, meddling, interference ? that takes the PDB off the rails,? a second former senior U.S. intelligence official said, referring to the president's daily briefing. A spokesman for the Office of the Director of National Intelligence said the briefings are ?written by senior-level, career intelligence officers." They "always provides objective intelligence ? including on Russia ? to the president and his staff," spokesman Brian Hale said, according to the Post. Andrew Weiss, a former adviser on Russia in the George H.W. Bush and Bill Clinton administrations, said Russian President Vladimir Putin "has to believe" that the election-meddling campaign "was the most successful intelligence operation in the history of Russian or Soviet intelligence." ?It has driven the American political system into a crisis that will last years," he said. Throughout his time in office, Trump has repeatedly dismissed the investigation into Russian election interference. He has referred to the probe as a "witch hunt" and repeatedly denied collusion. Special counsel Robert Mueller's probe into Russian election interference has continued to escalate in recent weeks. Earlier this month, Trump's former national security adviser, Michael Flynn, pleaded guilty to lying to FBI. As part of the plea agreement, Flynn agreed to cooperate fully with Mueller's investigation. From rforno at infowarrior.org Thu Dec 14 08:32:56 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2017 14:32:56 -0000 Subject: [Infowarrior] - Fwd: The National Security Strategy Commits the US to a Lonelier and Less Generous Course References: <508740708.4355836.1513252549276@mail.yahoo.com> Message-ID: > Begin forwarded message: > > From: Mark M > > The National Security Strategy Commits the US to a Lonelier and Less Generous Course > By David Frum // David Frum is a senior editor at the Atlantic > > December 13, 2017 > > http://www.defenseone.com/ideas/2017/12/national-security-strategy-commits-us-lonelier-and-less-generous-course/144517/ > > > The Trump administration unveils a National Security Strategy next week, but National-Security Adviser H.R. McMaster provided an advance glimpse of the plan on Tuesday. > > A helpful way to understand where this still-new administration is leading is to compare McMaster?s bullet-pointed speech to the final strategy documents released by two previous administrations, in 2015 and 2006, and note what is changing. McMaster spoke at a Washington conference hosted by Policy Exchange, a U.K. think tank that I chaired from 2014 until earlier this year. Granted, his short speech inevitably abridged the long-form document. Yet even allowing for that, the differences can be seen. > > The Obama administration?s 2015 document addressed in some detail epidemics and climate change. The Bush administration committed the United States to supporting human dignity, opening societies, and supporting the building of democracy. The main lines of the Trump approach jettison these concerns. If McMaster fairly summarized the new approach, the United States will soon formally commit itself to a lonelier and less generous course. > > The new Trump policy is headed by four priorities: defending the homeland, protecting American prosperity, sustaining peace through strength, and advancing American influence. All these themes were present in 2006 and 2015 too, but the differences in emphasis in 2017 are crucial. The two previous presidencies spoke of American economic interests as both shared and expanding. The Trump approach is narrower and gloomier: American prosperity is to be protected, not enlarged; foreign economies are seen as rivals, not partners. McMaster spoke of fighting back against currency manipulation and unfair trade. Which is important as far as it goes?and indeed such themes have been struck before. But what is missing this time, if the advance summary is indicative, is awareness of the American economy as integrated into a global system, giving the U.S. an interest in the health of the whole. > > ?The American consumer cannot sustain global demand?growth must be more balanced,? cautioned the Obama report of 2015. ?U.S. markets and educational opportunities will help the next generation of global entrepreneurs sustain momentum in growing a global middle class.? The Bush administration wrote in 2006: ?The United States promotes the enduring vision of a global economy that welcomes all participants and encourages the voluntary exchange of goods and services based on mutual benefit, not favoritism.? > > ? Subscribed to The D Brief? Get the latest top national security and global military news delivered to your inbox every morning. Sign up here. > > McMaster?s speech nodded to the reduction of poverty worldwide over the past two decades. But there was no sense that this transformation represented a crucial and positive change in the strategic environment, one offering opportunities for Americans as well as risks. America under the leadership of Donald Trump seems much more intent on preserving the legacy of the past than building with others the possibilities of the future. > > Within the Trump administration, McMaster has been a leading?if not always successful?champion of alliances and allies. He did his utmost to coax and cajole Donald Trump to endorse NATO?s mutual defense Article V during Trump?s visit to NATO headquarters in June. (To the dismay and surprise of McMaster and other top aides, Trump spontaneously omitted the key passage of the speech.) The very fact that McMaster chose to unveil the strategy at a joint event with his U.K. counterpart, Mark Sedwill, symbolizes his own commitment to internationalism. The United States, he said, drew strength from coalitions with other strong and independent nation-states?although that last comment may also have been an expression of the Trump administration?s unconcealed dislike for the European Union. > > And yet, every salute was joined to a scold. McMaster insisted more than once upon ?cooperation with reciprocity??a phrase seemingly intended to signal a new approach and emphasis. Where once the U.S. perceived itself as the single largest beneficiary of the rules-based international order undergirded by American power, Team Trump seems to be absorbing the president?s perception of the United States as an imposed-upon dupe. In his Roy Moore endorsement speech in Pensacola, Florida, Trump repeated his tweeted demands that U.S. allies pay cash in return for American protection. It?s unlikely that the demand will be so crudely stated in an NSC document?but the grievance has been absorbed and has impressed itself on U.S. policy. > > Most startling is the repudiation of a values component to U.S. foreign policy. Here of course the Trump foreign-policy vision faces an insuperable problem: The single most daunting problem for American soft power and global influence is the president himself. Trump is almost unanimously reviled within America?s democratic allies. Confidence not only in him personally, but in American leadership generally, has starkly collapsed. Only 29 percent of Australians, 24 percent of Japanese, 22 percent of Canadians and British, 14 percent of the French, and 11 percent of Germans trust Trump to do the right thing in world affairs. In South Korea, he is trusted only by 17 percent?even as Trump tries to build a coalition against North Korea that will crucially depend on South Korean support. (Periodically threatening trade war against South Korea surely does not help.) > > Worryingly, McMaster cited Trump?s Warsaw speech as an example of how this administration would extend its influence. The most immediate effect of that speech was to empower Poland?s increasingly authoritarian government to proceed with an attack on freedom of the press and independence of the judiciary. As Anne Applebaum wrote in The Washington Post on July 16: > > Last week, only days after Trump?s visit, [Poland?s Law and Justice party] passed a bill that will politicize the National Council of the Judiciary, the constitutional body that selects judges. Then it went further: Without public hearings, it introduced another bill that, if signed into law, would enable the justice minister, in breach of the constitution, to dismiss?immediately?all of the members of Poland?s highest court. > > Those plans were eventually beaten back by the largest public protests in Poland since Solidarity days?but no thanks to Trump. ?The United States?s message has encouraged Law and Justice to isolate itself in Europe, safe in its belief that America has its back.? > > Trump?s defense of Western values in Poland was not a defense of democracy or liberty, but an eruption of chauvinist boasting about the merits of European culture as compared to that of unnamed but inferior others. > > We write symphonies. We pursue innovation. We celebrate our ancient heroes, embrace our timeless traditions and customs, and always seek to explore and discover brand-new frontiers. We reward brilliance. We strive for excellence, and cherish inspiring works of art that honor God. We treasure the rule of law and protect the right to free speech and free expression. > > We empower women as pillars of our society and of our success. We put faith and family, not government and bureaucracy, at the center of our lives. And we debate everything. We challenge everything. We seek to know everything so that we can better know ourselves. > > And above all, we value the dignity of every human life, protect the rights of every person, and share the hope of every soul to live in freedom. That is who we are. Those are the priceless ties that bind us together as nations, as allies, and as a civilization. > > What we have, what we inherited from our?and you know this better than anybody, and you see it today with this incredible group of people?what we've inherited from our ancestors has never existed to this extent before. And if we fail to preserve it, it will never, ever exist again. > > This is not language to win friends and influence people even inside Europe, much less the rest of the world. The day may come when the United States needs cooperation from partners without a symphonic tradition and who do not share ancestors with Donald Trump. The day may even possibly come when the U.S. needs cooperation from partners who do not agree that the country that elected Trump as its president strives for excellence and rewards brilliance quite so much as it boasts it does. > > This problem is inherent and inescapable. It will demand tact and ingenuity to resolve. Apparently, based on the words read today by one of the most formidable soldier-intellectuals of recent times, the national-security strategy of the United States is to pretend that the problem does not exist at all. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Thu Dec 14 08:47:15 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2017 14:47:15 -0000 Subject: [Infowarrior] - FCC Set To Repeal 'Net Neutrality' Rules For Internet Providers Message-ID: FCC Set To Repeal 'Net Neutrality' Rules For Internet Providers December 14, 20175:30 AM ET Alina Selyukh https://www.npr.org/sections/thetwo-way/2017/12/14/570526390/fcc-set-to-repeal-net-neutrality-rules-for-internet-providers The Federal Communications Commission votes Thursday on the proposed repeal of "net neutrality" rules. After weeks of heated controversy and protests, U.S. telecom regulators are slated to repeal so-called net neutrality rules, which restrict the power of Internet service providers to influence loading speeds for specific websites or apps. The Republican majority of the Federal Communications Commission is expected to vote along party lines on Thursday to loosen Obama-era regulations for Internet providers. The rules, put in place in 2015, ban cable and telecom companies from blocking or slowing down any websites or apps. They also prohibit broadband providers from striking special deals that would give some websites or apps "priority" over others. In undoing the regulations, the FCC plans to reassert only one of the net neutrality requirements: that Internet providers ? such as Comcast, Verizon and AT&T ? have to disclose to their users what exactly they do to web traffic. This would essentially shift all enforcement to the Federal Trade Commission, which polices violations rather than pre-empts them through regulations. Broadband companies have been saying that they do not intend to block, slow down or prioritize any web traffic as a result of this repeal. Net neutrality activists, however, have been rallying widespread protests against the vote, saying the repeal will empower broadband companies to act as gatekeepers of the Internet. If the FCC votes to repeal the rules, advocacy groups are expected to press Congress to stop the vote from taking effect under the Congressional Review Act. Consumer interest groups are also expected to pursue a lawsuit to challenge Thursday's FCC decision, which would be the fourth related court case in a decade. (An appeal of the 2015 rules by AT&T, CenturyLink and a telecom trade group is pending at the Supreme Court.) Large tech companies ? such as Netflix, Google and Facebook ? have long spoken in support of strict net neutrality rules. However, as they've grown in size, their advocacy has been more muted, putting on the forefront smaller competitors like Etsy and Vimeo, which argue that startups stand to lose the most on an Internet that allows for special "priority" traffic deals. The Internet Association, which represents dozens of tech companies, in a statement called Pai's repeal "a departure from more than a decade of broad, bipartisan consensus on the rules governing the internet" and amounted to "relying" on Internet providers "to live to their own 'promises.' " FCC Chairman Ajit Pai, who voted against the rules in 2015, has portrayed the Obama-era regulations ? which put broadband providers under the strictest-ever FCC oversight ? as government "micromanaging the Internet." As he told NPR's Morning Edition in November, "The Internet wasn't broken in 2015 when these heavy-handed regulations were adopted." Pai and broadband companies have argued that the regulations have stifled innovation and investment in broadband networks. Editor's Note: NPR's legal counsel has filed comments with the FCC on behalf of the public radio system, opposing the repeal of the 2015 net neutrality rules. You can read them here. From rforno at infowarrior.org Thu Dec 14 13:58:48 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2017 19:58:48 -0000 Subject: [Infowarrior] - FCC Repeals U.S. Net Neutrality Rules Message-ID: <2891AFFB-3E0D-4E32-A867-58F8497D2E7D@infowarrior.org> (Ajit Pai is a smug-faced ignorant political hack twitwaffle. But I repeat myself. --rick) FCC Repeals U.S. Net Neutrality Rules ? By Ernesto ? on December 14, 2017 https://torrentfreak.com/fcc-repeals-u-s-net-neutrality-rules-171214/ The FCC has repealed U.S. net neutrality rules. As a result of today's vote, Internet providers have the freedom to restrict, or charge for, access to certain sites and services if they please. This also means that BitTorrent throttling and blocking could become commonplace once again, as it was a decade ago. In recent months, millions of people have protested the FCC?s plan to repeal U.S. net neutrality rules, which were put in place by the Obama administration. However, an outpouring public outrage, critique from major tech companies, and even warnings from pioneers of the Internet, had no effect. Today the FCC voted to repeal the old rules, effectively ending net neutrality. Under the net neutrality rules that have been in effect during recent years, ISPs were specifically prohibited from blocking, throttling, and paid prioritization of ?lawful? traffic. In addition, Internet providers could be regulated as carriers under Title II. Now that these rules have been repealed, Internet providers have more freedom to experiment with paid prioritization. Under the new guidelines, they can charge customers extra for access to some online services, or throttle certain types of traffic. Most critics of the repeal fear that, now that the old net neutrality rules are in the trash, ?fast lanes? for some services, and throttling for others, will become commonplace in the U.S. This could also mean that BitTorrent traffic becomes a target once again. After all, it was Comcast?s ?secretive? BitTorrent throttling that started the broader net neutrality debate, now ten years ago. Comcast?s throttling history is a sensitive issue, also for the company itself. Before the Obama-era net neutrality rules, the ISP vowed that it would no longer discriminate against specific traffic classes. Ahead of the FCC vote yesterday, it doubled down on this promise. ?Despite repeated distortions and biased information, as well as misguided, inaccurate attacks from detractors, our Internet service is not going to change,? writes David Cohen, Comcast?s Chief Diversity Officer. ?We have repeatedly stated, and reiterate today, that we do not and will not block, throttle, or discriminate against lawful content.? It?s worth highlighting the term ?lawful? in the last sentence. It is by no means a promise that pirate sites won?t be blocked. As we?ve highlighted in the past, blocking pirate sites was already an option under the now-repealed rules. The massive copyright loophole made sure of that. Targeting all torrent traffic is even an option, in theory. That said, today?s FCC vote certainly makes it easier for ISPs to block or throttle BitTorrent traffic across the entire network. For the time being, however, there are no signs that any ISPs plan to do so. If they do, we will know soon enough. The FCC requires all ISPs to be transparent under the new plan. They have to disclose network management practices, blocking efforts, commercial prioritization, and the like. And with the current focus on net neutrality, ISPs are likely to tread carefully, or else they might just face an exodus of customers. Finally, it?s worth highlighting that today?s vote is not the end of the road yet. Net neutrality supporters are planning to convince Congress to overturn the repeal. In addition, there are is also talk of taking the matter to court.