From rforno at infowarrior.org Tue Jun 27 20:19:10 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jun 2017 01:19:10 -0000 Subject: [Infowarrior] - New HMS Queen Elizabeth is 'running outdated Windows XP' Message-ID: <49CFE231-A028-4DF9-9BF7-3509B2AF348A@infowarrior.org> x-posted. (And we think our DOD IT procurement system is problematic.....yeesh, this is an epic fail with crumpets & tea. ---rick) HMS Queen Elizabeth is 'running outdated Windows XP', raising cyber attack fears Danny Boyle Ben Farmer, Defence Correspondent 27 June 2017 ? 10:26am http://www.telegraph.co.uk/news/2017/06/27/hms-queen-elizabeth-running-outdated-windows-xp-software-raising/ Fears have been raised that Britain?s largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP. As HMS Queen Elizabeth left its dockyard for the first time to begin sea trials, it was revealed the ?3.5billion aircraft carrier is apparently using the same software that left the NHS exposed. Screens inside a control room on the ship, which is the largest vessel ever built for the Royal Navy, reportedly displayed Microsoft Windows XP - copyright 1985 to 2001. But Michael Fallon, the Defence Secretary, insisted the ship's systems were safe because security around the computer software on the aircraft carrier is "properly protected". He told BBC Radio 4's Today programme: "It's not the system itself, of course, that's vulnerable, it's the security that surrounds it. "I want to reassure you about Queen Elizabeth, the security around its computer system is properly protected and we don't have any vulnerability on that particular score." The operating system was that which left the NHS and other organisations around the world vulnerable to a major WannaCry ransomware attack last month. It affected 300,000 computers in 150 countries. Windows XP is no longer supported by Microsoft, meaning it does not receive updates to protect users from new types of cyber hacks. A computer expert warned that Windows XP could leave HMS Queen Elizabeth vulnerable to cyber attack. "If XP is for operational use, it is extremely risky," Alan Woodward, professor of computing at the University of Surrey told The Times. "Why would you put an obsolete system in a new vessel that has a lifetime of decades?" A defence source told the newspaper that some of the on-boar hardware and software "would have been good in 2004" when the carrier was designed, "but now seems rather antiquated". However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade. And senior officers said they will have cyber specialists on board to defend the carrier from such attacks. Cdr Mark Deller, commander air on the Queen Elizabeth, told The Guardian: "The ship is well designed and there has been a very, very stringent procurement train that has ensured we are less susceptible to cyber than most." He added: "We are a very sanitised procurement train. I would say, compared to the NHS buying computers off the shelf, we are probably better than that. If you think more Nasa and less NHS you are probably in the right place." Captain Jerry Kyd, Commanding Officer, onboard the HMS Queen Elizabeth Credit: Jeff J Mitchell/Getty Sir Michael Fallon insisted the security around the computer software on the aircraft carrier is "properly protected". He told BBC Radio 4's Today programme: "It's not the system itself, of course, that's vulnerable, it's the security that surrounds it. "I want to reassure you about Queen Elizabeth, the security around its computer system is properly protected and we don't have any vulnerability on that particular score." It came after the 65,000 ton HMS Queen Elizabeth slipped out of Rosyth dockyard and into open water on Monday through an exit with only 14in clearance on either side and 20in of water under the keel. The aircraft carrier then edged along the Forth under three bridges, including the landmark rail bridge, with a little over six feet to spare. The trials mark the latest milestone in the nearly decade-long building of the Royal Navy?s two carriers, at a cost of more than ?6bn. The Navy is also preparing for the warship?s first appearance to attract a concerted Russian spying effort, with submarines, ships and planes try to get a good look at the UK?s new flagship. The aircraft carrier squeezes out of dock to begin sea trials Credit: Jeff J Mitchell/Getty Europe Cdr Fiona Percival, head of logistics on the ship said: ?[The Russians] will come and look, but they look at everything.? It came as the Defence Secretary taunted the Kremlin over fears it will attempt to spy on HMS Queen Elizabeth during its sea trials, saying Russia will envy Britain?s new flagship. Cdr Mark Deller, commander air, said the ship would be accompanied by a frigate or destroyer. He said: ?We will go where it?s best to go and not where it?s best for a Soviet nuclear to go, so the reality is we can probably look after ourselves as long as our escort is in the right place at the right time. You don?t have to hang around and endure it, you can move away and go somewhere else.? Sailors and engineers have worked round the clock getting the vessel ready. A total of 1,000 sailors and contractors will be onboard for the first six weeks of testing. Crew have spent hours each day carrying out safety drills for fires, flooding and personnel overboard. More than 650 doors and hatches have been checked to ensure they are watertight and fire safe. The warship under steam off the coast of Scotland Credit: BEN SHREAD/Ministry of Defence Ian Booth, managing director of the defence industry alliance behind the ships, said: ?The incident with the fire in London really brings it home to you, you don?t take chances with any incident on the ship, whether it be flooding or fire.? The first steel was cut on the carrier eight years ago but it will not be sent on operations until 2021. Early deployments are expected to see US Marines F-35B jets embarked alongside British planes, to make up for early shortages of UK jets. The radio mast has been lowered to allow the vessel to pass under a bridge Credit: Andrew Milligan/PA The Royal Navy has not had an aircraft carrier since the defence cuts of 2010. The arrival of the new carrier comes as the Navy is facing a budget black hole of around ?500m each year and the demands of manning the new ships have been accused of causing shortages elsewhere. Critics of the carriers have also claimed they are expensive white elephants that are too vulnerable to new high speed missiles. The carrier's flight deck is more than four acres in size Capt Jerry Kyd, commanding officer, said: ?There is nothing on the globe that is invulnerable, whether that?s a city, a car, an individual, or a ship. We are not shy in the military to understanding the risks and how we mitigate that in the theatre of war. ?If you look at all the premier nations around the world, why is it that every nation in the top tier is investing billions of dollars in aircraft carriers? Is it just us, or has everyone got it wrong? The reason being is that they provide the government, very simply, with an incredibly flexible tool. It?s not just about war-fighting. This is about deterrence, coercion, signalling, proving a huge sea base for disaster relief, humanitarian assistance, defence engagement.? He said 2021 ?will be the first time we will deploy this ship in anger?. Bosuns mate Scott Campbell guards the Navy's new warship Credit: Getty After trials begin this summer, the ship will move to its new home in Portsmouth this autumn. Trials for planes and helicopters will take place next summer. The flight deck is more than four acres in size and the ship can carry up to 36 F-35B stealth jump jets. From rforno at infowarrior.org Wed Jun 28 10:39:30 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jun 2017 15:39:30 -0000 Subject: [Infowarrior] - Hacker Behind Massive Ransomware Outbreak Can't Get Emails from Victims Who Paid Message-ID: <494CBB9E-B35E-4250-ACC4-1D867880FD2A@infowarrior.org> Hacker Behind Massive Ransomware Outbreak Can't Get Emails from Victims Who Paid https://motherboard.vice.com/en_us/article/new8xw/hacker-behind-massive-ransomware-outbreak-cant-get-emails-from-victims-who-paid A German email provider has closed the account of a hacker behind the new ransomware outbreak, meaning victims can't get decryption keys. On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. "If you see this text, then your files are no longer accessible, because they are encrypted," the ransom text reads. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service." From here, the hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That way, the hacker can release the specific key needed to unlock that individual victim's files. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately ? and blocked the account straight away. We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts is the necessary approach by providers in such cases." Just to be super-clear, Posteo clarified, "Since midday it is no longer possible for the blackmailers to access the email account or send emails," and "Sending emails to the account is no longer possible either." In other words, victims allegedly cannot contact the hacker by email, nor send the details necessary to unlock their files. In an email to Motherboard, Posteo said, "Please make no speculations about how high the chances are to decrypt files locked by ransomware if you pay a criminal." The company did not respond to questions asking how victims can contact the hacker. At the time of writing, around 20 victims have sent just under $5,500 to the hacker's bitcoin address. From rforno at infowarrior.org Wed Jun 28 14:57:50 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jun 2017 19:57:50 -0000 Subject: [Infowarrior] - U.S. to expand laptop ban to all flights that flunk safeguards Message-ID: <53082457-17EC-4FA0-9A00-E8C5733FFB93@infowarrior.org> U.S. to expand laptop ban to all flights that flunk safeguards By POLITICO Staff 06/28/2017 03:43 PM EDT http://www.politico.com/story/2017/06/28/trump-laptop-ban-airlines-worldwide-240056 The Trump administration is threatening to expand its laptop ban to all U.S.-bound flights from anywhere in the world for airlines that fail to take additional security measures against concealed explosives, DHS plans to announce Wednesday. The restrictions would also apply to checked luggage ? not just to the carry-on bags targeted by a more limited ban the U.S. imposed for some Middle Eastern airports in March. That additional provision would make the ban considerably more onerous for business travelers, but would also avoid the dangers of stacking laptops and their flammable lithium batteries inside planes' cargo holds. But the new measures could also allow several foreign-owned airlines to escape the existing laptop ban that the U.S. imposed in March for carry-on luggage from 10 airports in the Middle East and North Africa, if they adopt the additional screening procedures. The U.S. hasn?t announced when the new restrictions would take effect but said some airlines could adopt the enhanced security procedures as early as this summer. Like the initial ban, the expanded restrictions would apply to electronic devices larger than a cellphone, including laptops, tablets and e-readers. From rforno at infowarrior.org Thu Jun 29 07:00:22 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jun 2017 12:00:22 -0000 Subject: [Infowarrior] - Stepsister, Yes; Grandma, No: U.S. Sets Guidelines for Revised Travel Ban Message-ID: <59E9576D-0F0A-4AB3-9B1F-D4D6EEDB8662@infowarrior.org> Stepsister, Yes; Grandma, No: U.S. Sets Guidelines for Revised Travel Ban By GARDINER HARRIS and RON NIXONJUNE 28, 2017 https://www.nytimes.com/2017/06/28/us/politics/homeland-security-prepares-to-issue-travel-restrictions.html WASHINGTON ? Stepsiblings and half-siblings are allowed, but not nieces or nephews. Sons- and daughters-in-law are in, but brothers- and sisters-in-law are not. Parents, including in-laws, are considered ?close family,? but grandparents are not. The State Department issued new guidelines on Wednesday night to American embassies and consulates on how they should enforce a limited travel ban against foreign visitors from six predominantly Muslim countries. Enforcement of the guidelines will begin at 8 p.m. Eastern on Thursday. The guidelines followed the Supreme Court?s decision on Monday to allow parts of the Trump administration?s revised travel ban to move forward, while also imposing certain limits, as the court prepares to hear arguments in October on the scope of presidential power over border security and immigration. The court said the ban could not be imposed on anyone who had ?a credible claim of a bona fide relationship with a person or entity in the United States.? The meaning of ?bona fide relationship? was not precisely explained, and the phrase has created much uncertainty for migrants and others seeking to travel to the United States from the six countries ? Iran, Libya, Somalia, Sudan, Syria and Yemen ? singled out in President Trump?s revised travel ban, issued in March. (An earlier version of the ban included Iraq.) The Trump administration has now made the definition explicit. According to a diplomatic cable obtained by The New York Times, ?close family? is ?defined as a parent (including parent-in-law), spouse, child, adult son or daughter, son-in-law, daughter-in-law, sibling, whether whole or half. This includes step relationships.? But it went on to state that ?close family? does not include ?grandparents, grandchildren, aunts, uncles, nieces, nephews, cousins, brothers-in-laws and sisters-in-law, fianc?s and any other ?extended? family members.? It is not clear how the administration arrived at the new definitions. United States Citizenship and Immigration Services, an arm of the Department of Homeland Security, defines ?immediate relatives? as spouses, children under 21 and parents of adult citizens. A bona fide relationship with a ?U.S. entity,? according to the cable, ?must be formal, documented, and formed in the ordinary course, rather than for the purpose of evading the E.O.,? or executive order. The new guidelines make clear that someone who has accepted a job offer from a company in the United States or an invitation to deliver a lecture at an American university may enter, but that a nonprofit group may not seek out citizens of the affected countries and count them as clients for the purpose of getting around the ban. ?Also, a hotel reservation, whether or not paid, would not constitute a bona fide relationship with an entity in the United States,? the guidelines note. Immigration rights advocates who had challenged the travel ban in court said the ruling this week meant the vast majority of people seeking to enter the United States to visit a relative, accept a job, attend a university or deliver a speech would still be able to do so. But Omar Jadwat, the director of the American Civil Liberties Union?s immigrants? rights project, said on Thursday the new guidelines troubled him, particularly as they could be read as creating arbitrary definitions of family relationships. ?Initial reports suggest that the government may try to unilaterally expand the scope of the ban ? for example, by arbitrarily refusing to treat certain categories of familial relationships as ?bona fide,? ? he said. ?These reports are deeply concerning.? If the United States immediately starts enforcing new rules, Mr. Jadwat said, ?it means that everybody is going to be in the situation of kind of scrambling to understand whatever they put out, and work through the issues.? Correction: June 29, 2017 Because of an editing error, an earlier version of this article misstated the status of parents-in-law in the Trump administration?s new definition of ?close family.? They are included in that category, not excluded. From rforno at infowarrior.org Thu Jun 29 07:01:49 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jun 2017 12:01:49 -0000 Subject: [Infowarrior] - =?utf-8?q?London_Met_Police=E2=80=99s_18=2C000_Wi?= =?utf-8?q?ndows_XP_PCs_is_a_disaster_waiting_to_happen?= Message-ID: <92A74763-0A9B-40B6-8AD7-BE7DAE25FB8C@infowarrior.org> London Met Police?s 18,000 Windows XP PCs is a disaster waiting to happen by Sean Chan he majority of PCs used by the London Metropolitan Police are still running Windows XP, which has been completely unsupported since 2014. The London Metropolitan Police are still using around 18,000 PCs powered by Windows XP which truly is a horrifying number. The police force has already started upgrading its PCs from Windows XP ? but rather than upgrading to Windows 10, the force is upgrading the PCs to Windows 8.1 instead. The force was initially planning to get all of the Windows XP PCs to Windows 8 by March 2016 but that was a failed attempt. Right now, more than 14,000 PCs are powered by Windows 8.1 at the London Metropolitan Police service. And what about Windows 10? Only 8 PCs at the police force are powered by the most secure version of Windows right now. Steve O?Connell, the spokesman of the 0Conservative London Assembly said in a statement: < - > https://mspoweruser.com/london-metropolitan-polices-18000-windows-xp-pcs-is-a-disaster-waiting-to-happen/ From rforno at infowarrior.org Thu Jun 29 15:56:07 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jun 2017 20:56:07 -0000 Subject: [Infowarrior] - PBS access extended by carriers like T-Mobile Message-ID: <6D810C4F-2DC0-45C5-AFEB-DB37A49F2AB7@infowarrior.org> PBS access extended by carriers like T-Mobile T-Mobile and PBS partner to supply wireless coverage to millions of people in rural areas of America. Patrick Holland June 29, 2017 12:39 PM PDT https://www.cnet.com/news/pbs-is-made-possible-by-carriers-like-t-mobile/ Thursday, PBS announced a partnership with T-Mobile to supply wireless coverage and access to public television to rural parts of America. The wireless carrier T-Mobile will help cover the costs to expand coverage to millions of people in remote areas, ensuring availability of public television and programs like "Daniel Tiger's Neighborhood", "Masterpiece" and "PBS NewsHour". "Moves like this will help us expand our network into these underserved areas and give consumers a new level of wireless coverage and choice," said Neville Ray, T-Mobile's chief technology officer. Currently, federal legislation does not fund the cost for the low-power facilities that are needed for make local broadcasts reach remote rural areas. T-Mobile has pledged to cover these costs, which will lead to 38 million people getting wireless access that would otherwise not have it. FCC Chairman Ajit Pai commended the partnership saying, "Today's announcement is precisely the kind of cross-industry cooperation we need to ensure a smooth transition for broadcasters, wireless providers and American consumers." From rforno at infowarrior.org Thu Jun 29 19:34:33 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jun 2017 00:34:33 -0000 Subject: [Infowarrior] - POTUS 'voter fraud' commission wants to publicize your voting history Message-ID: <74A16CCB-9B45-4914-9B1D-23EC2AB25276@infowarrior.org> Trump?s voter-fraud commission wants to know voting history, party ID and address of every voter in the U.S. By Christopher Ingraham June 29 at 5:19 PM The chair of President Trump's Election Integrity Commission has penned a letter to all 50 states requesting their full voter-role data, including the name, address, date of birth, party affiliation, last four Social Security number digits and voting history back to 2006 of potentially every voter in the state. In the letter, a copy of which was made public by the Connecticut secretary of state, the commission head Kris Kobach said that ?any documents that are submitted to the full Commission will also be made available to the public.? On Wednesday, the office of Vice President Pence released a statement saying ?a letter will be sent today to the 50 states and District of Columbia on behalf of the Commission requesting publicly available data from state voter rolls and feedback on how to improve election integrity.? States began reacting to the letter on Thursday afternoon. "I have no intention of honoring this request," said Governor Terry McAuliffe of Virginia in a statement. "Virginia conducts fair, honest, and democratic elections, and there is no evidence of significant voter fraud in Virginia." Connecticut's Secretary of State, Denise Merrill, said she would "share publicly-available information with the Kobach Commission while ensuring that the privacy of voters is honored by withholding protected data." She added, however, that Kobach "has a lengthy record of illegally disenfranchising eligible voters in Kansas" and that "given Secretary Kobach's history we find it very difficult to have confidence in the work of this Commission." Under federal law, each state must maintain a central file of registered voters. States collect different amounts of information on voters. While the files are technically public records, states usually charge fees to individuals or entities who want to access them. Political campaigns and parties typically use these files to compile their massive voter lists. In May, Trump created a commission to investigate alleged acts of voter fraud after he claimed, without evidence, that 3 million to 5 million undocumented immigrants voted illegally in the 2016 election. The commission is chaired by Kobach, who is the Kansas secretary of state and a voter-fraud hard-liner.... < - > https://www.washingtonpost.com/news/wonk/wp/2017/06/29/trumps-voter-fraud-commission-wants-to-know-the-voting-history-party-id-and-address-of-every-voter-in-america/ From rforno at infowarrior.org Fri Jun 30 06:29:07 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jun 2017 11:29:07 -0000 Subject: [Infowarrior] - DOJ asks SCOTUS for Permission To Search Data Centers Anywhere In The World Message-ID: DOJ Asks The Supreme Court To Give It Permission To Search Data Centers Anywhere In The World from the world-is-[potentially]-yours dept Having been told "no" twice by the Second Circuit Court of Appeals, the DOJ is asking the Supreme Court to overturn the decision finding Microsoft did not need to hand over communications stored in foreign data centers in response to a US warrant. The Appeals Court told the DOJ that statutory language simply didn't agree with the premise pushed by the government: that US-issued warrants should allow the law enforcement to dig through "file cabinets" not actually located at the premises (United States) searched. The court noted jurisdictional limitations have always been part of the warrant process (although recent Rule 41 changes somewhat undercut this). That the information sought is digital rather than physical doesn't change this. The court suggested the DOJ take it up with Congress if it doesn't like the status quo. The DOJ has proposed legislation but likely feels a Supreme Court decision in its favor would be a swifter resolution. The DOJ's 207-page petition [PDF] actually only contains about 30 pages of arguments. The bulk of the petition is made up of previous court decisions and oral argument transcripts covering the DOJ's losses at the lower level. The Table of Contents gets right to the point, utilizing the section header "The panel's decision is wrong" to set the tone for its rehashed arguments. The DOJ quotes the dissenting judges from the Appeals Court's decision, one of which makes the ever-popular "appeal to 9/11" argument: < - > https://www.techdirt.com/articles/20170626/05205137665/doj-asks-supreme-court-to-give-it-permission-to-search-data-centers-anywhere-world.shtml From rforno at infowarrior.org Fri Jun 30 06:31:43 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jun 2017 11:31:43 -0000 Subject: [Infowarrior] - DHS To Expand Foreign Security Theater Message-ID: <8A5B8734-5993-44D4-B20B-2096EDBDA5B1@infowarrior.org> DHS To Expand Foreign Laptop Ban If Overseas Airlines Won't Make Their Security More Theatrical from the speak-loudly-and-keep-swinging-that-stick dept https://www.techdirt.com/articles/20170629/13513637699/dhs-to-expand-foreign-laptop-ban-if-overseas-airlines-wont-make-their-security-more-theatrical.shtml The DHS and TSA are just going to keep making things worse. Despite there being almost no evidence of terrorists targeting planes, the DHS is looking to expand its laptop ban to cover even more incoming flights from foreign airports. < - > And, as always, the burden will be borne by travelers. Airlines are being given some time to make these changes, but there doesn't appear to be a hard deadline for compliance. If foreign airlines don't live up to the DHS's expectations, passengers will presumably be informed about the fate of their electronic devices after they've already taken them to the airport. The DHS encourages foreign travelers to keep themselves apprised of these changes, but doesn't say how they're supposed to obtain this information when making travel plans. All that's being recommended is staying in "close contact" with their airline of choice, which sounds like the sort of pen pal relationship no one's in any hurry to engage in. < - > From rforno at infowarrior.org Fri Jun 30 06:40:48 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jun 2017 11:40:48 -0000 Subject: [Infowarrior] - Twitter is looking for ways to let users flag fake news, offensive content Message-ID: <741A1AE3-800C-49B3-830B-7B22CBE7A8BE@infowarrior.org> Twitter is looking for ways to let users flag fake news, offensive content By Elizabeth Dwoskin June 29 at 3:16 PM (Michael Nagle/Bloomberg News) Twitter is exploring adding a feature that would let users flag tweets that contain misleading, false or harmful information, according to two people familiar with the company's projects. The feature, which is still in a prototype phase and may never be released, is part of the company?s uphill battle against rampant abuse on its platform. It could look like a tiny tab appearing in a drop-down menu alongside tweets, according to the people, who spoke on the condition of anonymity because they were not authorized to release details of the effort. Twitter has been plagued by many issues, such as fake accounts that can be purchased outright for pennies and that spread automated messages and false stories. Extremists use the service as a recruiting tool, and hate-spewing trolls have threatened women and minorities. These long-standing problems gained new urgency in the aftermath of the presidential election, when critics and researchers pointed to the toxic effect of social media on the public debate. Two-thirds of American adults say fabricated news stories that spread on social media have caused a ?great deal of confusion? about basic facts and public events, according to a December poll from Pew Research Center. One estimate from the service Twitter Audit found that 59 percent of President Trump's followers are bots or fake accounts, while Hillary Clinton?s are 66 percent bots. (Twitter does not comment on third-party estimates.) Twitter spokeswoman Emily Horne said the company had ?no current plans to launch? the feature but said she would not comment on whether it was being tested. ?There are no current plans to launch any type of product along these lines,? she said. < - > https://www.washingtonpost.com/news/the-switch/wp/2017/06/29/twitter-is-looking-for-ways-to-let-users-flag-fake-news/ From rforno at infowarrior.org Fri Jun 30 13:13:39 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jun 2017 18:13:39 -0000 Subject: [Infowarrior] - =?utf-8?q?Global_NGO_coalition_from_five_nations_?= =?utf-8?q?demands_=E2=80=9CFive_Eyes=E2=80=9D_respect_encryption?= Message-ID: <17FF5C3C-839F-48EE-AEC9-3CC74561EF2C@infowarrior.org> Global coalition from five nations demands ?Five Eyes? respect encryption 30 June 2017 | 9:23 am https://www.accessnow.org/83-organizations-experts-5-nations-demand-five-eyes-respect-strong-encryption/ Today, 83 organizations and individuals from Australia, Canada, New Zealand, the United Kingdom, and the United States sent a letter to their respective governments insisting that government officials defend strong encryption. The letter comes on the heels of a meeting of the ?Five Eyes? ministerial meeting in Ottawa, Canada earlier this week. The ?Five Eyes? is a surveillance partnership of intelligence agencies consisting of Australia, Canada, New Zealand, the United Kingdom, and the United States. According to a joint communique issued after the meeting, officials discussed encryption and access to data. The communique states that ?encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism.? In the letter organized by Access Now, CIPPIC, and researchers from Citizen Lab, 83 groups and security experts wrote, ?we call on you to respect the right to use and develop strong encryption.? Signatories also urged the members of the ministerial meeting to commit to allowing public participation in any future discussions. Read the full letter here. The following quotes can be attributed as indicated: ?Massive surveillance operations conducted by the Five Eyes partnership inherently put the human rights of people around the world at risk. The joint communique commits to human rights and the rule of law, but provides no detail as to how these powerful, secretive spy agencies plan to live up to those commitments. We call for public participation and meaningful accountability now; otherwise, those commitments are empty.? ? Amie Stepanovich, U.S. Policy Manager at Access Now ?Our political leaders are putting people around the world at greater risk of crime when they call for greater powers to weaken our digital security. Security experts and cryptographers are as united in their views on encryption as scientists are on climate change. Politicians need to listen to them before they make decisions that could put us all at risk.? ? Jim Killock, ORG ?Attempting to undermine the free use and development of strong encryption technology is not only technologically misguided, it is politically irresponsible. Both law enforcement and intelligence agencies have access to more data?and more powerful analytical tools?than ever before in human history. Measures that undermine the efficacy or public availability of encryption will never be proportionate when weighed against their profound threat to global human rights: encryption is essential to the preservation of freedom of opinion, expression, dissent, and democratic engagement. Without it, meaningful privacy, trust, and safety in the digital sphere would not be possible.? ? Lex Gill, Research Fellow, Citizen Lab, Munk School of Global Affairs ?Encryption protects billions of ordinary people worldwide from criminals and authoritarian regimes. Agencies charged with protecting national security shouldn?t be trying to undermine a cornerstone of security in the digital age.? ? Cynthia Wong, Senior Internet Researcher, Human Rights Watch ?Encryption is used by governments, businesses, and citizens alike to secure communications, safeguard personal information, and conduct business online. Deliberately weakening encryption threatens the integrity of governance, the safety of online commerce, and the interpersonal relationships that compose our daily lives. We must not sacrifice our core values to the threat of terrorism: the solution to such threats must entail better protecting our basic rights and the technologies that advance them.? ? Christopher Parsons, Research Associate and Managing Director of the Telecom Transparency Project at the Citizen Lab, Munk School of Global Affairs ?Calls to undermine encryption in the name of ?national security? are fundamentally misguided and dangerous. Encryption is a necessary and critical tool enabling individual privacy, a free media, online commerce and the operations of organisations of all types, including of course government agencies. Undermining encryption therefore represents a serious threat to national security in its own right, as well as threatening basic human rights and the enormous economic and social benefits that the digital revolution has brought for people across the globe.? ? Jon Lawrence, EFA ?Assurances of strong encryption not only benefit civil liberties and privacy, but the economy as well. A vibrant and dynamic Internet economy is only possible if consumers and users trust the environment in which they?re conducting business. While law enforcement and intelligence services have legitimate concerns over their ability to access data, those concerns need to be balanced with the benefits encryption provides to average users transacting in cyberspace. A strong Internet economy, buttressed by the trust that encryption produces, is vital to national interests around the globe. National policies should support and defend, not weaken and abridge, access to encryption.? ? Ryan Hagemann, Niskanen Center ?The strength of the tools and techniques that our government and members of the public have and use to secure our nation and protect our privacy is of significant public interest. Transparency and accountability around a nation?s policy regarding the use of encryption is a bedrock importance in a democracy, particularly given the potential of backdoors to put billions of online users at greater risk for intrusion, compromise of personal data, and breaches of massive consumer or electoral databases. The democracies in the ?Five Eyes? should be open and accountable to their publics about not only the existence of these discussions but their content, removing any gap between what is being proposed and the consent of those governed by those policies.? ? Alex Howard, Sunlight Foundation ?Encryption is a vital tool for journalists, activists, and everyone whose lives and work depend on using the internet securely. It allows reporters to protect their confidential sources from reprisal, and to fearlessly pursue stories that powerful actors don?t want told. It offers protection from mortal danger for dissidents trying the communicate under repressive regimes. Undermining the integrity of encryption puts lives at risk, and runs directly counter to the mandate of the Five Eyes Signals Intelligence agencies to keep their citizens safe.? ? Tom Henheffer, Executive Director, Canadian Journalists for Free Expression ?The answer to concerns on ?going dark? is to help bring our law enforcement and counterterrorism officials into the future, not send encryption to the past. We hope to hear back from the Five Eyes that they were looking for how to adapt to digital security measures, not break them to the detriment of everyday Americans and our national security. As Five Eyes leaders work on a strategy to protect against cyberattacks, it is important to have a transparent process and cooperation between governments and civil society without stifling innovation or weakening other parts of security.? ? Austin Carson, Executive Director, TechFreedom ?Strong encryption is essential for modern society. Broken technologies undermine commerce, security, and human rights.? ? Jeramie Scott, EPIC ?Any attempt by the U.K. government to attack encrypted messengers would be nothing less than an attack on the right to a private conversation. Far from making the internet safer, by undermining the technology that protects everything from our bank accounts to our private conversations, governments around the world are putting us all at risk. Transparency is vital around any coordinated plans that could jeopardize both our security and our rights.? ? Silkie Carlo, Policy Officer, Liberty ?We increasingly rely on a secure internet for work, personal relationships, commerce, and politics. While we support justifiable lawful intercept with appropriate oversight, we don?t think we should be seriously weakening the security of the internet to achieve it. Attempts to weaken encryption will do more damage to our society and our freedom than the possible threats it?s meant to be protecting us from. ? ? Thomas Beagle, Chairperson, NZ Council for Civil Liberties ?All sensitive personal data must be encrypted as a matter of human rights to privacy, especially health data, i.e., all information about our minds and bodies, wherever it exists. Today health data is the most valuable personal data of all, the most attractive to hackers, and the most sold and traded by the massive, hidden global health data broker industry.? ? Dr. Deborah Peel, Patient Privacy Rights ?We lock our devices for good reason. Introducing backdoors weakens security and violates our right to privacy. The very existence of backdoors means unwelcome guests will come knocking.? ? Linda Sherry, Director of National Priorities, Consumer Action From rforno at infowarrior.org Fri Jun 30 14:11:27 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jun 2017 19:11:27 -0000 Subject: [Infowarrior] - With a single wiretap order, US authorities listened in on 3.3 million phone calls Message-ID: <9BEC0C5B-09B3-4B4B-BB3A-DB6A1AC44D28@infowarrior.org> With a single wiretap order, US authorities listened in on 3.3 million phone calls http://www.zdnet.com/article/one-federal-wiretap-order-recorded-millions-phone-calls/ The order was carried out in 2016 as part of a federal narcotics investigation. By Zack Whittaker for Zero Day | June 30, 2017 -- 18:07 GMT (11:07 PDT) | Topic: Security NEW YORK, NY -- US authorities intercepted and recorded millions of phone calls last year under a single wiretap order, authorized as part of a narcotics investigation. The wiretap order authorized an unknown government agency to carry out real-time intercepts of 3.29 million cell phone conversations over a two-month period at some point during 2016, after the order was applied for in late 2015. The order was signed to help authorities track 26 individuals suspected of involvement with illegal drug and narcotic-related activities in Pennsylvania. The wiretap cost the authorities $335,000 to conduct and led to a dozen arrests. But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted. The revelation was buried in the US Courts' annual wiretap report, published earlier this week but largely overlooked. "The federal wiretap with the most intercepts occurred during a narcotics investigation in the Middle District of Pennsylvania and resulted in the interception of 3,292,385 cell phone conversations or messages over 60 days," said the report. Details of the case remain largely unknown, likely in part because the wiretap order and several motions that have been filed in relation to the case are thought to be under seal. It's understood to be the largest number of calls intercepted by a single wiretap in years, though it's not known the exact number of Americans whose communications were caught up by the order. We contacted the US Attorney's Office for the Middle District of Pennsylvania, where the wiretap application was filed, but did not hear back. One former law enforcement official, who applied and carried out wiretaps as part of narcotics investigations, was surprised by the numbers. "It's way too much," said the former official, who did not want to be named. Albert Gidari, a former privacy lawyer who now serves as director of privacy at Stanford Law School's Center for Internet and Society, criticized the investigation. "They spent a fortune tracking 26 people and recording three million conversations and apparently got nothing," said Gidari. "I'd love to see the probable cause affidavit for that one and wonder what the court thought on its 10 day reviews when zip came in." "I'm not surprised by the results because on average, a very very low percentage of conversations are incriminating, and a very very low percent results in conviction," he added. When reached, a spokesperson for the Justice Department did not comment. Contact me securely Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755?8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5. From rforno at infowarrior.org Fri Jun 30 18:47:58 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jun 2017 23:47:58 -0000 Subject: [Infowarrior] - Science division of White House office no longer staffed: report Message-ID: Science division of White House office no longer staffed: report By Brandon Carter - 06/30/17 07:40 PM EDT The science division of the White House Office of Science and Technology Policy reportedly had no staff members as of Friday. Sources told CBS News that the last employees in the division, three holdovers from former President Obama's administration, all left the White House this week. Under Obama, the science division was staffed with nine employees who crafted policy on STEM education, crisis response and other key issues, according to the report. Eleanor Celeste, the former assistant director for biomedical and forensics sciences in the division, appeared to tweet about leaving the office this week.... < - > http://thehill.com/homenews/administration/340328-science-division-of-white-house-office-no-longer-staffed-report From rforno at infowarrior.org Fri Jun 30 19:43:07 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 01 Jul 2017 00:43:07 -0000 Subject: [Infowarrior] - House panel votes to split Air Force, create new U.S. Space Corps Message-ID: <2F3A2C97-5083-4B92-86C3-E464B61034B1@infowarrior.org> House panel votes to split Air Force, create new U.S. Space Corps By Jared Serbu | @jserbuWFED June 29, 2017 1:51 pm 6 min read As part of its version of the 2018 Defense authorization bill, the House Armed Services Committee voted late Wednesday night to create a sixth branch of the U.S. armed forces: the U.S. Space Corps, which would absorb the Air Force?s current space missions. You could be forgiven if you haven?t been closely following the debate about creating the nation?s first new military service since 1947. Several members of the panel said they themselves were blindsided by the proposal, and staged an unsuccessful effort to block the change until it could be studied further ? or at least until the full committee had held at least one hearing on the subject. Rep. Michael Turner (R-Ohio) said he only learned about the proposal last week, when it first came before the subcommittee on strategic forces. ?I chastised my staff and said, ?How could I not know that this was happening?? They said, ?Well, they had a meeting about it and you missed it,?? Turner said. ?A meeting is certainly not enough. Maybe we do need a space corps, but I think this bears more than just discussions in a subcommittee. We have not had Secretary Mattis come before us and tell us what this means. We have not heard from the secretary of the Air Force. There?s a whole lot of work we need to do before we go as far as creating a new service branch.? Rep. Martha McSally (R-Ariz.), a retired Air Force colonel, was similarly surprised by the Space Corps proposal. She said she had not been aware of it until it appeared in the bill the full committee debated on Wednesday. ?This is honestly the first time I?ve heard about a major reorganization to our Air Force,? she said Wednesday evening. ?This is sort of a shocking way to hear about a very major reorganization to our military, and I think it deserves at least a couple hearings and discussions on the matter at the full committee level.? But the measure, which would also establish a new U.S. Space Command and make the new chief of the Space Corps the eighth member of the Joint Chiefs of Staff, has the support of both Rep. Mac Thornberry (R-Texas), the chairman of the full committee, and its ranking Democrat, Adam Smith (D-Wash.) The bill language was developed by Reps. Mike Rogers (R-Ala.) and Jim Cooper (D-Tenn.), the top Republican and Democrat on the strategic forces subcommittee. All of them argued Wednesday that the creation of a dedicated service for space had been studied for years, and that the idea?s time had come. < - > https://federalnewsradio.com/defense-news/2017/06/house-panel-votes-to-split-air-force-create-new-u-s-space-corps/ From rforno at infowarrior.org Thu Jun 22 07:32:46 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jun 2017 12:32:46 -0000 Subject: [Infowarrior] - Microsoft Admits Disabling Anti-Virus Software For Windows 10 Users (bbc.com) 118 Message-ID: <2A8DB1F4-1E55-481A-814E-BDB8110E1BD9@infowarrior.org> Microsoft Admits Disabling Anti-Virus Software For Windows 10 Users (bbc.com) 118 Posted by BeauHD on Wednesday June 21, 2017 @11:30PM from the secret's-out dept. An anonymous reader quotes a report from the BBC: Microsoft has admitted that it does temporarily disable anti-virus software on Windows PCs, following an competition complaint to the European Commission by a security company. In early June, Kaspersky Lab filed the complaint against Microsoft. The security company claims the software giant is abusing its market dominance by steering users to its own anti-virus software. Microsoft says it implemented defenses to keep Windows 10 users secure. In an extensive blog post that does not directly address Kaspersky or its claims, Microsoft says it bundles the Windows Defender Antivirus with Windows 10 to ensure that every single device is protected from viruses and malware. To combat the 300,000 new malware samples being created and spread every day, Microsoft says that it works together with external anti-virus partners. The technology giant estimates that about 95% of Windows 10 PCs were using anti-virus software that was already compatible with the latest Windows 10 Creators Update. For the applications that were not compatible, Microsoft built a feature that lets users update their PCs and then reinstall a new version of the anti-virus software. "To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating," writes Rob Lefferts, a partner director of the Windows and Devices group in enterprise and security at Microsoft. https://it.slashdot.org/story/17/06/21/2217213/microsoft-admits-disabling-anti-virus-software-for-windows-10-users From rforno at infowarrior.org Thu Jun 22 10:17:01 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jun 2017 15:17:01 -0000 Subject: [Infowarrior] - SCOTUS limits government's power to revoke citizenship Message-ID: Supreme Court limits government's power to revoke citizenship By Lydia Wheeler - 06/22/17 10:54 AM EDT http://thehill.com/regulation/court-battles/338948-supreme-court-limits-governments-power-to-revoke-citizenship The Supreme Court ruled Thursday that a naturalized immigrant can?t be stripped of their citizenship for making false statements during the naturalization process that are irrelevant to an immigration official's decision to grant or deny citizenship. A unanimous court said the government must establish that an immigrant?s illegal act during the naturalization process played some role in acquiring citizenship. When the underlying illegal act is a false statement, the justices said a jury must decide whether the false statements altered the naturalization process and influenced the immigration official's decision. In delivering the opinion of the court, Justice Elena Kagan said immigrants seeking citizenship are confronted with all kinds of questions, including ?Have you ever been in any way associated with any organization, association, fund, foundation, party, club, society or similar group?? and ?Have you ever committed a crime or offense for which you were not arrested?? ?Suppose, for reasons of embarrassment or what have you, a person concealed her membership in an online support group or failed to disclose a prior speeding violation,? she said. ?Under the government?s view, a prosecutor could scour her paperwork and bring a charge on that meager basis, even many years after she became a citizen. That would give prosecutors nearly limitless leverage ? and afford newly naturalized Americans precious little security.? The case, Maslenjak v. U.S., centered on a Bosnian refugee, Divna Maslenjak, who became a naturalized citizen in 2007 but was indicted in 2013 after it was discovered she falsely answered no when asked on the naturalization application form if she had ?ever knowingly given false or misleading information to a U.S. government official when applying or an immigration benefit.? In trying to save her husband from being deported over his own misrepresentations, she gave testimony in 2009 that revealed she had lied about him serving in a Bosnia militia unit that had been implicated in war crimes when seeking refugee status in 1998. The government argued that the laws governing naturalization prohibit an immigrant from making false statements under oath and prohibit the naturalization of an immigrant who lacks good moral character, which includes anyone who has given false testimony for the purpose of obtaining an immigration benefit. The 6th Circuit agreed, affirming Maslenjak's conviction, but the Supreme Court vacated that ruling and sent the case back down to the lower court. From rforno at infowarrior.org Thu Jun 22 10:46:35 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jun 2017 15:46:35 -0000 Subject: [Infowarrior] - OT: I have to say it. Message-ID: <8712B969-9A0A-4057-83BF-67FBED680538@infowarrior.org> Trump: Russian hacking 'a big Dem HOAX' http://thehill.com/homenews/news/338938-trump-russian-hacking-claims-a-big-dem-hoax ....Speaking as a security person, registered independent, and someone who cares deeply for the current and future state of this country, it is quite disturbing that the *only* person in the US government who seems to believe/say this -- or prefers remaining oblivious to it -- is the President. This, despite Congressional hearings, third party analyses, and the consensus of career experts in the US intelligence community who are far far more knowledgeable about "the cyber" than he'll ever be. Contrary to his own sense, he does not know everything about everything, no matter how good he thinks his brain might be. Apparently claims of Russian influence in the 2016 election simply provide him an easy outlet to re-litigate the election results by projecting his still-lingering feelings about it[1] upon his political opponents. Moreover, although it's a "hoax" to him, he now blames his predecessor for it ... so is it a "hoax" or isn't it? [1] After all, he's still steamed about the popular vote & size of his ... crowds, remember. As one of the Hill reader comments note, "Imagine FDR telling Americans, "The Japanese didn't attack Pearl Harbor! That's just sour grapes from Wendell Wilkie!" We are so far beyond 'bizzarroworld" at this point. -- rick From rforno at infowarrior.org Thu Jun 22 15:20:24 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jun 2017 20:20:24 -0000 Subject: [Infowarrior] - US court grants Elsevier millions in damages from Sci-Hub Message-ID: <7C37E876-785E-4150-B961-F84F9DE983AC@infowarrior.org> US court grants Elsevier millions in damages from Sci-Hub Some doubt that the publishing giant will see any money from the pirate site. Quirin Schiermeier 22 June 2017 http://www.nature.com/news/us-court-grants-elsevier-millions-in-damages-from-sci-hub-1.22196 One of the world's largest science publishers, Elsevier, won a default legal judgement on 21 June against websites that provide illicit access to tens of millions of research papers and books. A New York district court awarded Elsevier US$15 million in damages for copyright infringement by Sci-Hub, the Library of Genesis (LibGen) project and related sites. Judge Robert Sweet had ruled in October 2015 that the sites violate US copyright. The court issued a preliminary injunction against the sites' operators, who nevertheless continued to provide unauthorized free access to paywalled content. Alexandra Elbakyan, a former neuroscientist who started Sci-Hub in 2011, operates the site out of Russia, using varying domain names and IP addresses. In May, Elsevier gave the court a list of 100 articles illicitly made available by Sci-Hub and LibGen, and asked for a permanent injunction and damages totalling $15 million. The Dutch publishing giant holds the copyrights for the largest share of the roughly 28 million papers downloaded from Sci-Hub in 2016, followed by Springer Nature and Wiley-Blackwell. (Nature is published by Springer Nature, and Nature?s news and comment team is editorially independent of the publisher.) According to a recent analysis, almost 50% of articles requested from Sci-Hub are published by these three companies. The defendants' ?unlawful activities have caused and will continue to cause irreparable injury to Elsevier, its customers and the public?, Elsevier?s New York-based attorneys, DeVore & DeMarco, told the court. Following the 21 June hearing, Judge Sweet of the US district court in southern New York ruled in favour of Elsevier, in the absence of Elbakyan or legal representatives of any of the defendants. "The Court has not mistaken illegal activity for a public good,? said Maria A. Pallante, president and CEO of the Association of American Publishers ? a trade group that Elsevier belongs to ? in a statement released on 22 June. ?On the contrary, it has recognized the defendants? operation for the flagrant and sweeping infringement that it really is and affirmed the critical role of copyright law in furthering scientific research and the public interest.? But academic publishing observers following the case have questioned whether Elsevier will ever see any damages from Elbakyan, who resides outside the court's jurisdiction and has no assets in the United States. The ruling is also unlikely to prompt Sci-Hub or other pirate sites to close up shop. Elbakyan could not be reached for comment. ?This ruling should stand as a warning to those who knowingly violate others' rights," says Matt McKay, a spokesperson for the International Association of Scientific, Technical and Medical Publishers (STM) in Oxford, UK. "Sci-Hub does not add any value to the scholarly community. It neither fosters scientific advancement nor does it value researchers? achievements. It is simply a place for someone to go to download stolen content and then leave." Nature doi:10.1038/nature.2017.22196 From rforno at infowarrior.org Fri Jun 23 05:28:35 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jun 2017 10:28:35 -0000 Subject: [Infowarrior] - Google begins removing personal medical records from search results Message-ID: Good move, though why did it take so long? -- rick Google begins removing personal medical records from search results Company adds ?confidential, personal medical records? to list of banned material by Amar Toor at amartoo Jun 23, 2017, 5:41am EDT https://www.theverge.com/2017/6/23/15860740/google-medical-records-removed-search Google has removed private medical records from its search results, Bloomberg reports, after quietly changing its policy on content removal. On Thursday, the company?s search policy was amended to include ?confidential, personal medical records of private people? under a list of content it may remove from search results. Although Google has historically been reluctant to intervene with its search algorithms, it has banned some confidential material from appearing in results, such as credit card numbers, bank account information, and social security numbers. In 2015, the company began removing revenge porn from search results, as well. The decision to remove medical records follows several high-profile data breaches around the world. Information on tens of millions of people was stolen following a 2015 hack targeting Anthem, the second-largest insurer in the US. Between 2010 and 2013, approximately 29 million medical records in the US were affected by data breaches, according to a study released in 2015. From rforno at infowarrior.org Fri Jun 23 05:30:48 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jun 2017 10:30:48 -0000 Subject: [Infowarrior] - USG Wants to Permanently Legalize the Right to Repair Message-ID: <790D06B0-02C0-4FCB-B623-D9AC8FF25308@infowarrior.org> (Waiting for the lobbyists to get this view changed in DC at the 11th hour. --rick) The US Government Wants to Permanently Legalize the Right to Repair Jason Koebler Jun 22 2017, 3:02pm https://motherboard.vice.com/en_us/article/d3zbnz/the-government-wants-to-permanently-legalize-the-right-to-repair "The Office recommends against limiting an exemption to specific technologies or devices." In one of the biggest wins for the right to repair movement yet, the US Copyright Office suggested Thursday that the US government should take actions to make it legal to repair anything you own, forever?even if it requires hacking into the product's software. Manufacturers?including John Deere, Ford, various printer companies, and a host of consumer electronics companies?have argued that it should be illegal to bypass the software locks that they put into their products, claiming that such circumvention violated copyright law. This means that for the last several years, consumer rights groups have had to repeatedly engage in an "exemption" process to Section 1201 of the Digital Millennium Copyright Act. Essentially, the Librarian of Congress decides which circumventions of copyright should be lawful?for example, unlocking your cell phone or hacking your tractor to be able to repair the transmission. But these exemptions expire every three years, and require going through a protracted legal process to earn. Additionally, a separate exemption is required for each product category?right now it's legal to hack software to repair a car, but not to repair a video game console. "It's really arduous?no one is under the impression Joe Q. Public can walk in and do the exemption process," Meredith Rose, a staff attorney at Public Knowledge, which works on exemptions, told me. "You have to propose the language to the exemption, there's a comment period, and the procedure changes every round as well." Thursday, the US Copyright Office said it's tired of having to deal with the same issues every three years; it should be legal to repair the things you buy?everything you buy?forever. "The growing demand for relief under section 1201 has coincided with a general understanding that bona fide repair and maintenance activities are typically noninfringing," the report stated. "Repair activities are often protected from infringement claims by multiple copyright law provisions." "The Office recommends against limiting an exemption to specific technologies or devices, such as motor vehicles, as any statutory language would likely be soon outpaced by technology," it continued. The office said it's received a huge increase in the number of public comments it's received about repair in the last several years, which "reflects the increasing use of access controls on a wide range of consumer devices containing copyrighted software." Gay Gordon-Byrne, executive director of Repair.org, a group pushing for state-level laws that would make it easier for you to repair your things, told me in an email that the office's report validates what her group has been pushing for and rebukes companies that have tried to monopolize repair. "We're getting a lot of legal support. Literally none of these rulings has gone in favor of the OEM," she said. "The Supreme Court upheld the basic rights of used equipment ownership in the ink cartridge refill case. GE just lost an anti-trust case for monopolizing repair of anesthesia machines in Texas. This latest study further supports our case that repair and maintenance is being unfairly monopolized through abuses of copyright law." "It's hugely encouraging to see that repair-friendly policy arguments resonated and are being recommended to Congress," she added. The report also suggests that copyright law was not written to allow manufacturers to force their customers to use only authorized repair services, which are usually owned by the manufacturers themselves. "Virtually all agree that section 1201 was not intended to facilitate manufacturers' use of [software locks] to facilitate product tying or to achieve a lock?in effect under which consumers are effectively limited to repair services offered by the manufacturer," it said. Unfortunately, the report are only recommendations to Congress, which would have to pass a law in order to enshrine them. On the bright side, Rose said that the report itself should make earning exemptions for repair much easier in the future. "We can just cite their own report and say, 'You thought this should be a permanent exemption, so clearly there's a need,'" she said. "It looks like there are fewer hurdles to jump through. There are a couple of bills currently in the ether that would codify these exemptions. Maybe with the report we can get the nudge needed to actually make those happen." From rforno at infowarrior.org Fri Jun 23 05:58:41 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jun 2017 10:58:41 -0000 Subject: [Infowarrior] - Wikileaks Attempts To Bully Wikileaks Documentary With C&D Notices Message-ID: <083C69B2-1562-49C2-A24A-27FE0BA298F8@infowarrior.org> Wikileaks Attempts To Bully Wikileaks Documentary With C&D Notices https://www.techdirt.com/articles/20170622/10184337647/wikileaks-attempts-to-bully-wikileaks-documentary-with-cd-notices.shtml From rforno at infowarrior.org Fri Jun 23 13:12:51 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jun 2017 18:12:51 -0000 Subject: [Infowarrior] - Google Will Stop Reading Your Emails for Gmail Ads Message-ID: <09923A68-C894-48AA-8FC6-9BD359D94308@infowarrior.org> Google Will Stop Reading Your Emails for Gmail Ads By Mark Bergen June 23, 2017, 12:00 PM EDT https://www.bloomberg.com/news/articles/2017-06-23/google-will-stop-reading-your-emails-for-gmail-ads Google is stopping one of the most controversial advertising formats: ads inside Gmail that scan users? email contents. The decision didn?t come from Google?s ad team, but from its cloud unit, which is angling to sign up more corporate customers. Alphabet Inc.?s Google Cloud sells a package of office software, called G Suite, that competes with market leader Microsoft Corp. Paying Gmail users never received the email-scanning ads like the free version of the program, but some business customers were confused by the distinction and its privacy implications, said Diane Greene, Google?s senior vice president of cloud. ?What we?re going to do is make it unambiguous,? she said. Ads will continue to appear inside the free version of Gmail, as promoted messages. But instead of scanning a user?s email, the ads will now be targeted with other personal information Google already pulls from sources such as search and YouTube. Ads based on scanned email messages drew lawsuits and some of the most strident criticism the company faced in its early years, but offered marketers a much more targeted way to reach consumers. Greene?s ability to limit ads, Google?s lifeblood, shows her growing clout at the company. Since her arrival in late 2015, Google has poured investments into its cloud-computing and business software tools to catch up to Microsoft and Amazon.com Inc. Greene announced the changes on Friday in a blog post, where she wrote that G Suite has more than 3 million paying companies and had doubled its user base in the past year. Google announced those metrics in January. Google doesn?t share its cloud division sales, but its ?Other Revenues,? which includes those numbers, grew 49 percent to $3.09 billion in the first quarter. From rforno at infowarrior.org Fri Jun 23 17:18:14 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jun 2017 22:18:14 -0000 Subject: [Infowarrior] - 32TB of Windows 10 internal builds, core source code leak online Message-ID: <3AC19999-6F3B-43B3-85CD-F1D543F6724F@infowarrior.org> 32TB of Windows 10 internal builds, core source code leak online Finding exploitable bugs suddenly easier By Chris Williams, US editor 23 Jun 2017 at 20:09 http://www.theregister.co.uk/2017/06/23/windows_10_leak/ A massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online. The data ? some 32TB of installation images and software blueprints that compress down to 8TB ? were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. Leaked ... Screenshot of a Beta Archives posting announcing on Monday, June 19, the addition of Microsoft's confidential source code archive In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions. The confidential Windows team-only internal builds were created by Microsoft engineers for bug-hunting and testing purposes, and include private debugging symbols that are usually stripped out for public releases. This software includes, for example, prerelease Windows 10 "Redstone 2" builds. There are, we think, too many versions now dumped online for Microsoft to revoke via its Secure Boot mechanism, meaning the tech giant can't use its firmware security mechanisms to prevent people booting the prerelease operating systems. Also in the leak are multiple versions of Microsoft's Windows 10 Mobile Adaptation Kit, a confidential software toolset to get the operating system running on various portable and mobile devices. Netizens with access to Beta Archive's private repo of material can, even now, still get hold of the divulged data completely for free. It is being described by some as a bigger leak than the Windows 2000 source code blab in 2004. Spokespeople for Microsoft were not available for comment. ? From rforno at infowarrior.org Fri Jun 23 22:31:35 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jun 2017 03:31:35 -0000 Subject: [Infowarrior] - =?utf-8?q?WaPo=3A_Obama=E2=80=99s_secret_struggle?= =?utf-8?q?_to_punish_Russia_for_Putin=E2=80=99s_election_assault?= Message-ID: BTW in response to this article, Donnie Two-Scoops tonight has complained that his predecessor 'did nothing' about the matter --- which just recently he was again calling a 'hoax' ... so clearly he is trying to have his (delicious) cake and eat it too. Sorry, not buying it!!! -- rick (from multiple sources) Obama?s secret struggle to punish Russia for Putin?s election assault By Greg Miller, Ellen Nakashima and Adam Entous June 23, 2017 https://www.washingtonpost.com/graphics/2017/world/national-security/obama-putin-election-hacking/ From rforno at infowarrior.org Sat Jun 24 13:39:02 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jun 2017 18:39:02 -0000 Subject: [Infowarrior] - =?utf-8?q?Fwd=3A_AES-256_keys_sniffed_in_seconds_?= =?utf-8?q?using_=E2=82=AC200_of_kit_a_few_inches_away?= References: <61D2C4D8-5E83-45FA-8F54-A45437031F93@roscom.com> Message-ID: <9EDA519D-CE9B-4D01-9555-DEDFB7CD341C@infowarrior.org> > Begin forwarded message: > > From: Monty > Subject: AES-256 keys sniffed in seconds using ?200 of kit a few inches away > Date: June 24, 2017 at 12:55:56 EDT > > FYI > > AES-256 keys sniffed in seconds using ?200 of kit a few inches away > https://www.theregister.co.uk/2017/06/23/aes_256_cracked_50_seconds_200_kit/ > > TEMPEST attacks against AES > Covertly stealing keys for ?200 > https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Sat Jun 24 13:39:05 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jun 2017 18:39:05 -0000 Subject: [Infowarrior] - Under pressure, Western tech firms bow to Russian demands to share cyber secrets Message-ID: <477E685B-E5CD-444A-A3DF-B7A85D2B24F8@infowarrior.org> Under pressure, Western tech firms bow to Russian demands to share cyber secrets By Joel Schectman, Dustin Volz and Jack Stubbs | WASHINGTON/MOSCOW http://www.reuters.com/article/us-usa-russia-tech-idUSKBN19E0XB Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found. Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems. But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code - instructions that control the basic operations of computer equipment - current and former U.S. officials and security experts said. While a number of U.S. firms say they are playing ball to preserve their entree to Russia's huge tech market, at least one U.S. firm, Symantec, told Reuters it has stopped cooperating with the source code reviews over security concerns. That halt has not been previously reported. Symantec said one of the labs inspecting its products was not independent enough from the Russian government. U.S. officials say they have warned firms about the risks of allowing the Russians to review their products' source code, because of fears it could be used in cyber attacks. But they say they have no legal authority to stop the practice unless the technology has restricted military applications or violates U.S. sanctions. From their side, companies say they are under pressure to acquiesce to the demands from Russian regulators or risk being shut out of a lucrative market. The companies say they only allow Russia to review their source code in secure facilities that prevent code from being copied or altered. (Graphic on source code review process: tmsnrt.rs/2sZudWT) The demands are being made by Russia?s Federal Security Service (FSB), which the U.S. government says took part in the cyber attacks on Hillary Clinton?s 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts. The FSB, which has denied involvement in both the election and Yahoo hacks, doubles as a regulator charged with approving the sale of sophisticated technology products in Russia. The reviews are also conducted by the Federal Service for Technical and Export Control (FSTEC), a Russian defense agency tasked with countering cyber espionage and protecting state secrets. Records published by FSTEC and reviewed by Reuters show that from 1996 to 2013, it conducted source code reviews as part of approvals for 13 technology products from Western companies. In the past three years alone it carried out 28 reviews. A Kremlin spokesman referred all questions to the FSB. The FSB did not respond to requests for comment. FSTEC said in a statement that its reviews were in line with international practice. The U.S. State Department declined to comment. Moscow's source code requests have mushroomed in scope since U.S.-Russia relations went into a tailspin following the Russian annexation of Crimea in 2014, according to eight current and former U.S. officials, four company executives, three U.S. trade attorneys and Russian regulatory documents. In addition to IBM, Cisco and Germany's SAP, Hewlett Packard Enterprise Co and McAfee have also allowed Russia to conduct source code reviews of their products, according to people familiar with the companies' interactions with Moscow and Russian regulatory records. Until now, little has been known about that regulatory review process outside of the industry. The FSTEC documents and interviews with those involved in the reviews provide a rare window into the tense push-and-pull between technology companies and governments in an era of mounting alarm about hacking. Roszel Thomsen, an attorney who helps U.S. tech companies navigate Russia import laws, said the firms must balance the dangers of revealing source code to Russian security services against possible lost sales. "Some companies do refuse," he said. "Others look at the potential market and take the risk." "WE HAVE A REAL CONCERN" If tech firms do decline the FSB's source code requests, then approval for their products can be indefinitely delayed or denied outright, U.S. trade attorneys and U.S. officials said. The Russian information technology market is expected to be worth $18.4 billion this year, according to market researcher International Data Corporation (IDC). Six current and former U.S. officials who have dealt with companies on the issue said they are suspicious about Russia's motives for the expanded reviews. "It?s something we have a real concern about," said a former senior Commerce Department official who had direct knowledge of the interaction between U.S. companies and Russian officials until he left office this year. "You have to ask yourself what it is they are trying to do, and clearly they are trying to look for information they can use to their advantage to exploit, and that?s obviously a real problem." However, none of the officials who spoke to Reuters could point to specific examples of hacks or cyber espionage that were made possible by the review process. Source code requests are not unique to Russia. In the United States, tech companies allow the government to audit source code in limited instances as part of defense contracts and other sensitive government work. China sometimes also requires source code reviews as a condition to import commercial software, U.S. trade attorneys say. "CLEAN ROOMS" The reviews often takes place in secure facilities known as "clean rooms." Several of the Russian companies that conduct the testing for Western tech companies on behalf of Russian regulators have current or previous links to the Russian military, according to their websites. Echelon, a Moscow-based technology testing company, is one of several independent FSB-accredited testing centers that Western companies can hire to help obtain FSB approval for their products. Echelon CEO Alexey Markov told Reuters his engineers review source code in special laboratories, controlled by the companies, where no software data can be altered or transferred. Markov said Echelon is a private and independent company but does have a business relationship with Russia?s military and law enforcement authorities. Echelon?s website touts medals it was awarded in 2013 by Russia?s Ministry of Defense for "protection of state secrets." The company?s website also sometimes refers to Markov as the "Head of Attestation Center of the Ministry of Defense." In an email, Markov said that title is only intended to convey Echelon?s role as a certified outside tester of military technology testing. The medals were generic and insignificant, he said. But for Symantec, the lab "didn't meet our bar" for independence, said spokeswoman Kristen Batch. ?In the case of Russia, we decided the protection of our customer base through the deployment of uncompromised security products was more important than pursuing an increase in market share in Russia,? said Batch, who added that the company did not believe Russia had tried to hack into its products. In 2016, the company decided it would no longer use third parties, including Echelon, that have ties to a foreign state or get most of their revenue from government-mandated security testing. "It poses a risk to the integrity of our products that we are not willing to accept," she said. Without the source code approval, Symantec can no longer get approval to sell some of its business-oriented security products in Russia. "As a result, we do minimal business there," she said. Markov declined to comment on Symantec?s decision, citing a non-disclosure agreement with the company. TRUSTED LABS Over the past year, HP has used Echelon to allow FSTEC to review source code, according to the agency's records. A company spokesman declined to comment. An IBM spokesman confirmed the company allows Russia to review its source code in secure, company-controlled facilities "where strict procedures are followed." FSTEC certification records showed the Information Security Center, an independent testing company based outside Moscow, has reviewed IBM?s source code on behalf of the agency. The company was founded more than 20 years ago under the auspices of an institute within Russia?s Ministry of Defense, according to its website. The company did not respond to requests for comment. In a statement, McAfee said the Russia code reviews were conducted at "certified testing labs" at company-owned premises in the United States. SAP allows Russia to review and test source code in a secure SAP facility in Germany, according to a person familiar with the process. In a company statement, SAP said the review process assures Russian customers ?their SAP software investments are safe and secure.? Cisco has recently allowed Russia to review source code, according to a person familiar with the matter. A Cisco spokeswoman declined to comment on the company's interactions with Russian authorities but said the firm does sometimes allow regulators to inspect small parts of its code in "trusted" independent labs and that the reviews do not compromise the security of its products. Before allowing the reviews, Cisco scrutinizes the code to ensure they are not exposing vulnerabilities that could be used to hack the products, she said. (Reporting by Joel Schectman and Dustin Volz in Washington and Jack Stubbs in Moscow; Editing by Jonathan Weber and Ross Colvin) From rforno at infowarrior.org Mon Jun 26 09:16:13 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jun 2017 14:16:13 -0000 Subject: [Infowarrior] - Liberal Arts in the Data Age Message-ID: IMO there is great truth in what JM says. -- rick Liberal Arts in the Data Age JM Olejarz From the July?August 2017 Issue https://hbr.org/2017/07/liberal-arts-in-the-data-age College students who major in the humanities always get asked a certain question. They?re asked it so often?and by so many people?that it should come printed on their diplomas. That question, posed by friends, career counselors, and family, is ?What are you planning to do with your degree?? But it might as well be ?What are the humanities good for?? According to three new books, the answer is ?Quite a lot.? From Silicon Valley to the Pentagon, people are beginning to realize that to effectively tackle today?s biggest social and technological challenges, we need to think critically about their human context?something humanities graduates happen to be well trained to do. Call it the revenge of the film, history, and philosophy nerds. In The Fuzzy and the Techie, venture capitalist Scott Hartley takes aim at the ?false dichotomy? between the humanities and computer science. Some tech industry leaders have proclaimed that studying anything besides the STEM fields is a mistake if you want a job in the digital economy. Here?s a typical dictum, from Sun Microsystems cofounder Vinod Khosla: ?Little of the material taught in Liberal Arts programs today is relevant to the future.? Hartley believes that this STEM-only mindset is all wrong. The main problem is that it encourages students to approach their education vocationally?to think just in terms of the jobs they?re preparing for. But the barriers to entry for technical roles are dropping. Many tasks that once required specialized training can now be done with simple tools and the internet. For example, a novice programmer can get a project off the ground with chunks of code from GitHub and help from Stack Overflow. If we want to prepare students to solve large-scale human problems, Hartley argues, we must push them to widen, not narrow, their education and interests. He ticks off a long list of successful tech leaders who hold degrees in the humanities. To mention just a few CEOs: Stewart Butterfield, Slack, philosophy; Jack Ma, Alibaba, English; Susan Wojcicki, YouTube, history and literature; Brian Chesky, Airbnb, fine arts. Of course, we need technical experts, Hartley says, but we also need people who grasp the whys and hows of human behavior. What matters now is not the skills you have but how you think. Can you ask the right questions? Do you know what problem you?re trying to solve in the first place? Hartley argues for a true ?liberal arts? education?one that includes both hard sciences and ?softer? subjects. A well-rounded learning experience, he says, opens people up to new opportunities and helps them develop products that respond to real human needs. The human context is also the focus of Cents and Sensibility, by Gary Saul Morson and Morton Schapiro, professors of the humanities and economics, respectively, at Northwestern University. They argue that when economic models fall short, they do so for want of human understanding. Economics tends to ignore three things: culture?s effect on decision making, the usefulness of stories in explaining people?s actions, and ethical considerations. People don?t exist in a vacuum, and treating them as if they do is both reductive and potentially harmful. Morson and Schapiro?s solution is literature. They suggest that economists could gain wisdom from reading great novelists, who have a deeper insight into people than social scientists do. Whereas economists tend to treat people as abstractions, novelists dig into the specifics. To illustrate the point, Morson and Schapiro ask, When has a scientist?s model or case study drawn a person as vividly as Tolstoy drew Anna Karenina? Novels can also help us develop empathy. Stories, after all, steep us in characters? lives, forcing us to see the world as other people do. (Morson and Schapiro add that although many fields of study tell their practitioners to empathize, only literature offers practice in doing it.) Sensemaking, by strategy consultant Christian Madsbjerg, picks up the thread from Morson and Schapiro and carries it back to Hartley. Madsbjerg argues that unless companies take pains to understand the human beings represented in their data sets, they risk losing touch with the markets they?re serving. He says the deep cultural knowledge businesses need comes not from numbers-driven market research but from a humanities-driven study of texts, languages, and people. Madsbjerg cites Lincoln, Ford?s luxury brand, which just a few years ago lagged so far behind BMW and Mercedes that the company nearly killed it off. Executives knew that becoming competitive again would mean selling more cars outside the United States, especially in China, the next big luxury market. So they began to carefully examine how customers around the world experience, not just drive, cars. Over the course of a year, Lincoln representatives talked to customers about their daily lives and what ?luxury? meant to them. They discovered that in many countries transportation isn?t drivers? top priority: Cars are instead seen as social spaces or places to entertain business clients. Though well engineered, Lincolns needed to be reconceived to address the customers? human context. Subsequent design efforts have paid off: In 2016 sales in China tripled. What these three books converge on is the idea that choosing a field of study is less important than finding ways to expand our thinking, an idea echoed by yet another set of new releases: A Practical Education, by business professor Randall Stross, and You Can Do Anything, by journalist George Anders. STEM students can care about human beings, just as English majors (including this one, who started college studying computer science) can investigate things scientifically. We should be careful not to let interdisciplinary jockeying make us cling to what we know best. Everything looks like a nail when you have a hammer, as the saying goes. Similarly, at how great a disadvantage might we put ourselves?and the world?if we force our minds to approach all problems the same way? A version of this article appeared in the July?August 2017 issue (pp.144?145) of Harvard Business Review. From rforno at infowarrior.org Tue Jun 27 06:23:40 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jun 2017 11:23:40 -0000 Subject: [Infowarrior] - Google Gets Record $2.7 Billion EU Fine for Skewing Searches Message-ID: <2231FB9E-090B-4905-B96E-A5BFF58B6A2E@infowarrior.org> Google Gets Record $2.7 Billion EU Fine for Skewing Searches By Aoife White June 27, 2017, 5:52 AM EDT June 27, 2017, 7:07 AM EDT https://www.bloomberg.com/news/articles/2017-06-27/google-gets-record-2-7-billion-eu-fine-for-skewing-searches Google lost its biggest regulatory battle yet, getting a record 2.4 billion-euro ($2.7 billion) fine from European Union enforcers who say the search-engine giant skewed results to thwart smaller shopping search services. Alphabet Inc.?s Google has 90 days to "stop its illegal conduct" and give equal treatment to rival price-comparison services, according to a binding order from the European Commission on Tuesday. It?s up to Google to choose how it does this and inform the EU of its plans within 60 days. Failure to comply brings a risk of fines of up to 5 percent of its daily revenue. "The more consumers click on comparison shopping results, the more money Google makes," said Margrethe Vestager, the EU?s antitrust chief. "This decision requires Google to change the way it operates and to face the consequence of its actions." Shares of Mountain View, California-based Google fell 1.5 percent in pre-market trading in New York. They?ve risen 23 percent so far this year. Vestager?s decision marks the end of a seven-year probe fueled by complaints from small shopping websites as well as bigger names, including News Corp., Axel Springer SE and Microsoft Corp. European politicians have called on the EU to sanction Google or even break it up while U.S. critics claim regulators are targeting successful American firms. Read more: Google?s Seven Years of Antitrust Tribulation in Europe Google?s lawyer Kent Walker said the company respectfully disagrees with the EU?s conclusions and will consider a court appeal, according to a blog post. "When you shop online, you want to find the products you?re looking for quickly and easily,? Walker said. ?And advertisers want to promote those same products. That?s why Google shows shopping ads, connecting our users with thousands of advertisers, large and small, in ways that are useful for both. We think our current shopping results are useful and are a much-improved version of the text-only ads we showed a decade ago." Years Ahead Vestager said the case is likely to stay on her desk "for quite some time" as regulators monitor how Google deals with the order "for a number of years." Regulators haven?t talked to Google about how it might meet the EU?s expectations. Vestager said "it is very important for Google to find their way of complying" with the EU order. Google has been pushing its own comparison-shopping service since 2008, systematically giving it prominent placement when people search for an item, the EU said. Rival comparison sites usually only appear on page four of search results, effectively denying them a massive audience as the first page attracts 95 percent of all clicks. "As a result of Google?s illegal practices, traffic to Google?s comparison-shopping service increased significantly, whilst rivals have suffered very substantial losses of traffic on a lasting basis," the EU said, citing figures of a 45 percent increase in traffic for Google?s service. Proposed EU fine leaves Google with plenty of cash Tuesday?s fines could just be the first in a series of EU antitrust penalties for Google, which is fighting on at least two other fronts, including its Android mobile-phone software and the AdSense online advertising service. The decision follows Russia?s $7.8 million antitrust fine and penalties from Italian, German and French privacy authorities. Europe has proved a tough jurisdiction for Google, which fell foul of the region?s top court, losing a high-profile right-to-be-forgotten case three years ago. Why the EU Will Slap Google Over Product Searches: QuickTake Q&A "Vestager is proving she means business," said Thomas Vinje, a lawyer who represents FairSearch, a group of companies that complained to the EU. "This decision will mean that consumers receive comparison-shopping results that offer genuinely the best purchasing options." While the penalty is a record, it will do little to faze a company whose parent has more than $90 billion in cash. Of graver concern is the way regulators called on Google to change the way it handles online shopping searches, one of its biggest sources of sales growth and strongest weapons against rivals Facebook Inc. and Amazon.com Inc. The EU says that Google doesn?t subject its own service to its algorithm, which ranks search results on quality and relevance to the user. It said it gathered huge amounts of data, including 5.2 terabytes of search results from Google, based on 1.7 billion search queries. "It would take be 17,000 years to read them all out to you," Vestager told reporters. The EU?s allegations strike at the heart of a type of online advertising known as product listing ads, or PLAs, that is growing at almost three times the rate of traditional text-based search ads, according to digital marketing firm Merkle Inc. The format lets a marketer place an ad for an item with large images and price information in the prime digital real estate at the top of search results. Vestager doesn?t fear big numbers when trying to convince companies to step back in line. She has ordered Apple Inc. to repay some 13 billion euros in tax advantages and hit truck makers with a record cartel fine of nearly 3 billion euros. The Google fine tops a 1.06 billion-euro penalty eight years ago for Intel Corp., which is still waiting for the final outcome of a court appeal. Her move against Google risks attracting further criticism that she?s unfairly singled out U.S. companies. While she?s said American firms are "under no specific fire because of their nationality," transatlantic tensions are already on the rise after President Donald Trump?s decision to pull out of the Paris climate accord, adding to concerns over global trade. Even so, any backlash against the Google decision from American industry is likely to be reduced. U.S. companies played a big part in lobbying the EU to take action after U.S. regulators ended their investigation into Google search. From rforno at infowarrior.org Tue Jun 27 06:23:40 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jun 2017 11:23:40 -0000 Subject: [Infowarrior] - E.P.A. Official Pressured Scientist on Congressional Testimony, Emails Show Message-ID: <5F989FC9-835E-4429-AEA9-BE228D37A5F4@infowarrior.org> E.P.A. Official Pressured Scientist on Congressional Testimony, Emails Show By CORAL DAVENPORTJUNE 26, 2017 https://www.nytimes.com/2017/06/26/us/politics/epa-official-pressured-scientist-on-congressional-testimony-emails-show.html WASHINGTON ? The Environmental Protection Agency?s chief of staff pressured the top scientist on the agency?s scientific review board to alter her congressional testimony and play down the dismissal of expert advisers, his emails show. Deborah Swackhamer, an environmental chemist who leads the E.P.A.?s Board of Scientific Counselors, was to testify on May 23 before the House Science Committee on the role of states in environmental policy when Ryan Jackson, the E.P.A.?s chief of staff, asked her to stick to the agency?s ?talking points? on the dismissals of several members of the scientific board. ?I was stunned that he was pushing me to ?correct? something in my testimony,? said Dr. Swackhamer, a retired University of Minnesota professor. ?I was factual, and he was not. I felt bullied.? Dr. Swackhamer?s testimony came two weeks after the dismissals, which were met with fierce pushback from a scientific community that saw it as evidence that the Trump administration is seeking to weaken the role of academic science in environmental policy. That criticism has sharpened in recent weeks, after the E.P.A. administrator, Scott Pruitt, and the energy secretary, Rick Perry, openly questioned the established science of human-caused climate change, and as the E.P.A. has taken down websites about climate change. Scientists have also expressed concern that Mr. Pruitt has staffed his senior offices with several former senior staff members of Senator James Inhofe of Oklahoma, a prominent denier of human-caused climate change. Mr. Jackson also came from Mr. Inhofe?s staff. Among other requests in his May 22 emails, Mr. Jackson asked Dr. Swackhamer to note that ?a decision had not yet been made? about whether to dismiss her colleagues on the agency?s scientific review board. However, at that time, several scientists on the board had already received notices that their terms would not be renewed. Since that testimony, the E.P.A. has sent out dozens more notices to academic scientists that their terms on the board will not be renewed. ?The Board of Scientific Counselors had 68 members two months ago. It will have 11 come Sept. 1,? Dr. Swackhamer said. ?They?ve essentially suspended scientific activities by ending these terms. We have no meetings scheduled, no bodies to do the work.? James Thurber, the founder and former director of the Center for Congressional Studies at American University, said he had never heard of an administration pressuring a witness, particularly a scientist, to alter testimony already submitted for the official record. ?It?s shocking and insulting to be told before you go in to alter your testimony to what the administration wants,? he said. ?This just shows a certain amount of amateurishness about how these hearings work. They?re supposed to be places where you get objective views. You don?t go around telling people what to say.? Mr. Jackson and the E.P.A. communications office did not respond to emailed questions about Mr. Jackson?s communications with Dr. Swackhamer. Representative Lamar Smith of Texas, the chairman of the committee, dismissed the accusations. ?It?s disappointing that the minority is politicizing what seems to be nothing more than a federal agency making sure that information provided to Congress is accurate,? he said in a statement. ?Dr. Swackhamer and the Minority have repeatedly stated that she was testifying in her personal capacity and not in connection with her role as chair of the E.P.A. Board of Scientific Counselors. However, it is clear that the Minority invited her in an attempt to hijack the stated purpose of the Committee?s hearing on states? role in E.P.A. rulemaking and shift the focus to recent E.P.A. actions involving the? Board of Scientific Counselors. ?Any attempt by E.P.A. to ensure that what Congress heard in testimony about official E.P.A. matters included the full breadth of information seems entirely appropriate,? Mr. Smith continued. ?Unfortunately, the Minority has made the choice to waste taxpayer dollars as part of a politically motivated agenda.? Dr. Swackhamer said she had already submitted her testimony to the congressional committee by the time she received Mr. Jackson?s email. She had also told the Science Committee and the E.P.A. that she planned to speak in her role as an independent scientist rather than an E.P.A. employee, and that she would make this plain at the outset of her testimony. Dr. Swackhamer made her emails with Mr. Jackson available to the committee?s Democrats. On Monday, the panel?s Democrats, led by the ranking member, Eddie Bernice Johnson of Texas, sent a letter to Mr. Pruitt expressing concern that Mr. Jackson?s attempt to shape Dr. Swackhamer?s testimony may have been improper or even illegal. The Democrats requested that the agency?s inspector general investigate the matter. ?We contend that Mr. Jackson, and perhaps other senior E.P.A. employees, attempted to interfere with the testimony of an independent scientist to the Science Committee and may have sought to mislead Congress,? they wrote. From rforno at infowarrior.org Tue Jun 27 06:30:31 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jun 2017 11:30:31 -0000 Subject: [Infowarrior] - How Silicon Valley Pushed Coding Into American Classrooms Message-ID: Coding is one aspect of, but it's not the be-all, end-all of learning to be a good geek. -- rick How Silicon Valley Pushed Coding Into American Classrooms By NATASHA SINGERJUNE 27, 2017 At a White House gathering of tech titans last week, Timothy D. Cook, the chief executive of Apple, delivered a blunt message to President Trump on how public schools could better serve the nation?s needs. To help solve a ?huge deficit in the skills that we need today,? Mr. Cook said, the government should do its part to make sure students learn computer programming. ?Coding,? Mr. Cook told the president, ?should be a requirement in every public school.? The Apple chief?s education mandate was just the latest tech company push for coding courses in schools. But even without Mr. Trump?s support, Silicon Valley is already advancing that agenda ? thanks largely to the marketing prowess of Code.org, an industry-backed nonprofit group. < - > https://www.nytimes.com/2017/06/27/technology/education-partovi-computer-science-coding-apple-microsoft.html From rforno at infowarrior.org Tue Jun 27 08:28:47 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jun 2017 13:28:47 -0000 Subject: [Infowarrior] - =?utf-8?q?Gen_Hayden=3A_All_the_president=27s_twe?= =?utf-8?q?ets_=E2=80=94_help_our_adversaries?= Message-ID: <1F099568-DAA3-4CE4-99E2-613CBCC7BCC7@infowarrior.org> OPINION: All the president's tweets ? help our adversaries By Gen. Michael Hayden, opinion contributor - 06/27/17 08:20 AM EDT 35 http://thehill.com/blogs/pundits-blog/foreign-policy/339608-opinion-all-the-presidents-tweets-help-our-adversaries There?s an old adage in intelligence: live by SIGINT, die by SIGINT. Signals intelligence, intercepting others? communications, is a powerful source of information; it provides more than 50 percent of American intelligence on a daily basis. But conversations can be designed to mislead and sometimes the communicants simply don't know what they're talking about. Intercepts can be wrong. So, live by SIGINT, die by SIGINT. It looks like the same might be true for tweeting. Candidate Donald Trump energized his campaign with direct, spontaneous, unfiltered communications with millions of followers. President Trump tweeted in much the same way that his conversations with former FBI Director Jim Comey may have been taped and thus set in motion a series of events that ended with the appointment of a special counsel looking into his campaign?s potential collusion with Russia and his potential obstruction of justice. Live by tweeting, die by tweeting. And then there was the veritable circus over whether the White House really had tapes. For nearly six weeks, we were treated to all the drama of Geraldo Rivera opening Al Capone?s vault, with much the same result: there was nothing there. President Trump put us out of our misery by, of course, tweeting.?I did not make, and do not have, any such recordings.? Good. Case closed. And I'll leave it to others to comment on how embarrassed the president, the White House and the public ought to be about the whole affair. I just want to touch on the intelligence implications. First there was the preamble to the President?s denial: ?With all the recently reported electronic surveillance, intercepts, unmasking and illegal leaking of information, I have no idea?whether there are ?tapes? or recordings of my conversations with James Comey?? So that's the commander-in-chief saying that he doesn't know what his government is doing in his own office. Or maybe it was the commander-in-chief, about to make a huge climb-down, trying to cloud the issue by feeding the appetites of conspiracy mongers with allusions to an unchecked surveillance state. That would have made it Round 2 of his earlier tweet that his predecessor had wiretapped him, a charge denied by every relevant intelligence official serving in the Obama or Trump administrations. In any event, the president clearly used the American intelligence community as a handy political prop, and an ugly one at that, suggesting it was an unconstrained, politically motivated gang of law-breakers. That part was largely not discussed in the public debate ? tapes-or-no-tapes was the story there ? but it could not escape notice inside a variety of intelligence community fence lines. One cannot help but think of Kipling?s mistreated British soldier, Tommy Atkins and the poet?s final line: ?You bet that Tommy sees.? Then there was the effect this episode might have on foreign intelligence agencies. All intelligence services create leadership profiles ? biographic sketches enhanced by comments on personality, preferences, habits, quirks and the like. Usually public records form the base of these profiles and then tidbits from collection and personal encounters are added. They're quite useful to gauge how a leader will react or to develop a game plan to guide encounters with him or her. The president?s Twitter tsunami must be a goldmine for foreign services (including friendly ones) in developing his profile. Press-able buttons, loyalties, exposed nerves, responses to pressure, even sleep habits are on pretty full display. This last series of tweets on Comey and taping offered something more, certainly enough to tempt some services to conclude that the President bluffs and bends the truth to meet the needs of the moment. You can almost anticipate the language in the report: ?Mr. Prime Minister, you need to know that President Trump appears to be what the Americans call a bullshitter.? Good stuff for our adversaries to know in upcoming sessions with POTUS and hardly designed to maximize the president?s leverage. It also injects a certain amount of uncertainty and danger into the proceedings. If a foreign leader has reason to believe that the president doesn't mean what he says, that leader may choose to ignore it and?if he is right?he wins the hand, so to speak. If he is wrong, though, he could trigger American responses that both he and we would have preferred to avoid. Neither are good outcomes. The president has said that being unpredictable is a virtue. I'm not so sure that that is true in all cases. I am convinced, though, that being perceived as unreliable or untrustworthy rarely is. Little wonder that his best advisors want him to keep his thumbs off the phone. Gen. Michael Hayden is a former director of the CIA and the National Security Agency. The views of contributors are their own and not the views of The Hill. From rforno at infowarrior.org Tue Jun 27 08:28:55 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jun 2017 13:28:55 -0000 Subject: [Infowarrior] - AT&T GigaPower plans to charge extra per month again if you want privacy, no ads Message-ID: <10E0D613-9EE5-41BD-BC6D-AB9320852918@infowarrior.org> Posted on Jun 27, 2017 by Caleb Chen AT&T GigaPower plans to charge extra per month again if you want privacy, no ads AT&T plans to reinstate their GigaPower pay-for-privacy scheme, as revealed by AT&T VP Robert Quinn in a recent interview with C-SPAN. In 2014, AT&T started offering GigaPower 300 Gbps fiber internet in cities around the United States. Users signing up had the option of paying $29 more per month to guarantee that AT&T doesn?t snoop on your internet traffic and serve you advertisements and offers from their MITM position on your internet. Yes, they actually put a price on privacy and it?s coming back. GigaOM discovered that $29 a month ($348 per year) isn?t even the real price of buying your privacy back from AT&T ? the total bill could run up to $800 per year. < - > https://www.privateinternetaccess.com/blog/2017/06/att-gigapower-plans-charge-extra-per-month-want-privacy-no-ads/ From rforno at infowarrior.org Tue Jun 27 12:22:49 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jun 2017 17:22:49 -0000 Subject: [Infowarrior] - Massive cyberattack hits Europe with widespread ransom demands Message-ID: <9649725E-4944-45A7-BE94-815001B58D6A@infowarrior.org> (I go offline for a few hours to run errands and be all adult-like, and come back to this. Sheesh.... -- rick) Massive cyberattack hits Europe with widespread ransom demands https://www.washingtonpost.com/world/europe/ukraines-government-key-infrastructure-hit-in-massive-cyberattack/2017/06/27/7d22c7dc-5b40-11e7-9fc6-c7ef4bc58d13_story.html From rforno at infowarrior.org Wed Jun 7 20:27:45 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Jun 2017 01:27:45 -0000 Subject: [Infowarrior] - How Not to Build a Ship: The USS Ford Message-ID: How Not to Build a Ship: The USS Ford By: Dan Grazier & Pierre Sprey | May 30, 2017 http://www.pogo.org/straus/issues/defense-budget/2017/how-not-to-build-a-ship-uss-ford.html From rforno at infowarrior.org Fri Jun 9 06:25:05 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Jun 2017 11:25:05 -0000 Subject: [Infowarrior] - Intel's not very happy about Qualcomm-powered Windows 10 PCs Message-ID: <841AF863-5EDD-48CA-B4E4-9959BAC4811F@infowarrior.org> https://www.engadget.com/2017/06/09/intels-not-very-happy-about-qualcomm-powered-windows-10-pcs/ Intel's not very happy about Qualcomm-powered Windows 10 PCs The 8086 launched on June 8th, 1978, and Intel ran through its innovations over the last 39 years including SIMD multiprocessing, SSE media rendering, encryption enhancements, security and more. It points out that it has a portfolio of over 1,600 patent to protect all that tech. The article then shifts into a more lawyerly tone, pointing out that "Intel carefully protects its x86 innovations, and we do not widely license others to use them." Specifically, it cited past battles with AMD, Cyrix, Chips and Technologies, and others over the last few decades. Making note of the x86 and Win32 emulation that Qualcomm plans to use, the company wrote, "Emulation is not a new technology, and Transmeta was notably the last company to claim to have produced a compatible x86 processor using emulation ('code morphing') techniques." It said despite the emulation, Intel enforced its patents against Transmeta, adding that the company exited the CPU business a decade ago. As Engadget's Cherlynn Low pointed out, there are some pretty nice benefits to having Qualcomm on Windows 10. Those include lighter, smaller machines thanks to Qualcomm's tinier parts, integrated 5G LTE connectivity and much better battery life, all part of Microsoft's "always connected" dream for Windows 10. Qualcomm notably built the Snapdragon 835 with 10-nanometer technology, while Intel's latest chips still use last-gen 14-nanometer parts. Unlike Transmeta, Qualcomm has vast resources, and we imagine that the company's lawyers didn't let it jump onto Intel's turf without serious due diligence. Microsoft is also fully behind the partnership, because its new strategy for Windows 10 S seems to depend on Qualcomm's participation. Other OEM partners, including Lenovo, HP and ASUS are also on board. And as much as Intel blusters, it's very dependent on Microsoft, which could easily sidestep its IP with Windows 10 if it decided to. From rforno at infowarrior.org Mon Jun 12 06:16:29 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jun 2017 11:16:29 -0000 Subject: [Infowarrior] - U.S. Cyberweapons, Used Against Iran and North Korea, Are a Disappointment Against ISIS Message-ID: <3C6AB4D1-D426-4DD1-A503-3497A631BE69@infowarrior.org> U.S. Cyberweapons, Used Against Iran and North Korea, Are a Disappointment Against ISIS David E. Sanger and Eric Schmitt https://www.nytimes.com/2017/06/12/world/middleeast/isis-cyber.html Even one of the rare successes against the Islamic State belongs at least in part to Israel, which was America?s partner in the attacks against Iran?s nuclear facilities. Top Israeli cyberoperators penetrated a small cell of extremist bombmakers in Syria months ago, the officials said. That was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers. The intelligence was so exquisite that it enabled the United States to understand how the weapons could be detonated, according to two American officials familiar with the operation. The information helped prompt a ban in March on large electronic devices in carry-on luggage on flights from 10 airports in eight Muslim-majority countries to the United States and Britain. It was also part of the classified intelligence that President Trump is accused of revealing when he met in the Oval Office last month with the Russian foreign minister, Sergey V. Lavrov, and the ambassador to the United States, Sergey I. Kislyak. His disclosure infuriated Israeli officials. The Islamic State?s agenda and tactics make it a particularly tough foe for cyberwarfare. The jihadists use computers and social media not to develop or launch weapons systems but to recruit, raise money and coordinate future attacks. Such activity is not tied to a single place, as Iran?s centrifuges were, and the militants can take advantage of remarkably advanced, low-cost encryption technologies. The Islamic State, officials said, has made tremendous use of Telegram, an encrypted messaging system developed largely in Germany. The most sophisticated offensive cyberoperation the United States has conducted against the Islamic State sought to sabotage the group?s online videos and propaganda beginning in November, according to American officials. In the endeavor, called Operation Glowing Symphony, the National Security Agency and its military cousin, United States Cyber Command, obtained the passwords of several Islamic State administrator accounts and used them to block out fighters and delete content. It was initially deemed a success because battlefield videos disappeared. But the results were only temporary. American officials later discovered that the material had been either restored or moved to other servers. That setback was first reported by The Washington Post. The experience did not surprise veteran cyberoperators, who have learned, through hard experience, that cyberweapons buy time but rarely are a permanent solution. The attacks on Iran?s Natanz nuclear facility, begun in the George W. Bush administration and code-named Olympic Games, destroyed roughly 1,000 centrifuges and set back the Iranians by a year or so ? the amount of time is still hotly disputed. But it created some room for a diplomatic negotiation. The attacks on North Korea?s missile program, which President Barack Obama accelerated in 2014, were followed by a remarkable series of missile failures that Mr. Trump noted in a conversation, which leaked recently, with the president of the Philippines. But recent evidence suggests that the North, using a different kind of missile, has overcome at least some of the problems. The shortcomings of Glowing Symphony illustrated the challenges confronting the government as it seeks to cripple the Islamic State in cyberspace. The disruptions often require fighters to move to less secure communications, making them more vulnerable. Yet because the Islamic State fighters are so mobile, and their equipment relatively commonplace, reconstituting communications and putting material up on new servers are not difficult. Some of it has been encrypted and stored in the cloud, according to intelligence officials, meaning it can be downloaded in a new place. ?There were folks working hard on this stuff, and there were some accomplishments that had an impact, but there was no steady stream of jaw-dropping stuff coming forward as some expected,? said Mr. Geltzer, who now teaches law at Georgetown University Law Center. ?There was no sort of shining cybertool.? The Obama administration?s frustration with the lack of success against the Islamic State was one factor in its effort to oust Adm. Michael S. Rogers, the director of the N.S.A. and the commander of Cyber Command, according to several former administration officials. They complained that the organizations were too focused on traditional espionage and highly sophisticated efforts to use networks to blow up or incapacitate adversary facilities, like those in Iran and North Korea. The former defense secretary Ashton B. Carter traveled to Admiral Rogers?s headquarters in Fort Meade, Md., on several occasions, the officials said, to voice his displeasure at the slow pace of the effort and to stoke new initiatives, like Glowing Symphony. Obama administration officials backed off around the time that President-elect Trump appeared to be considering Admiral Rogers, who had run the Navy?s Fleet Cyber Command operations, as director of national intelligence ? and the Trump administration appears to have embraced him. But the fundamental problem of how to use cybertechniques effectively against the Islamic State remains. That was evident in the frustration voiced by Prime Minister Theresa May of Britain after the recent attack on London Bridge and in nearby restaurants. She focused on how the internet creates ?a safe space? for radical ideology, and said that ?the big companies that provide internet-based services? would have to join the fight more fully. They already police for gruesome videos and overt recruitment, and a former N.S.A. official noted recently that Cyber Command was also highly attuned to taking down anything that seemed to celebrate the deaths of Americans or other Westerners. But in the United States, any crackdown is likely to run headlong into First Amendment issues, where the advocacy of an ideology, short of direct incitement to violence, is protected speech. American officials say that even with the loss of territory in Syria and Iraq, and a broad military effort to disrupt the Islamic State?s activities, the militants have proved remarkably resilient. ?The global reach of ISIS right now is largely intact,? Nicholas Rasmussen, the director of the National Counterterrorism Center, said in a speech in Washington last month. ?The group also continues to publish thousands of pieces of official propaganda and to use online apps to organize its supporters and inspire attacks.? Mr. Rasmussen?s assessment came a year after some of the best of the newly created cyber mission teams joined more traditional military units in the fight. The teams are the cyber equivalent of Special Forces teams, dispatched around the world to work on defending Pentagon networks or launching cyberattacks in coordination with more traditional operations. Cyberoperations are also closely integrated with Iraqi ground combat and allied air missions to maximize the impact on Islamic State fighters hunkered down in the extremist group?s two major strongholds: Mosul, Iraq, and Raqqa, Syria. ?We?re able to either blind them so they can?t see or make sure they can?t hear us,? Lt. Gen. Jeffrey L. Harrigian, the allied air commander, said in an interview at his headquarters in Qatar in December. ?There are things we are doing both with space and cyber that are being effectively synchronized to achieve important effects even in Mosul and Raqqa.? Lt. Gen. Sean MacFarland, who was the top American military commander in Iraq until August, said specialists at Cyber Command had assisted his troops in ?disrupting enemy command and control during our offensive operations, and that support improved over the time I was in command.? Other senior military officials said the number and quality of tools in the United States? cyberarsenal against the Islamic State had expanded over the past year. Some of the effects are employed repeatedly over days. Locking Islamic State propaganda specialists out of their accounts ? or using the coordinates of their phones and computers to target them for a drone attack ? is now standard operating procedure. General Harrigian said allied countries were also employing cyberweapons and techniques against the Islamic State that the United States did not. Without identifying specific countries or skills, he said the allies ?can do things we can?t do ? some cyberactivities that they have authorities to execute that we do not.? From rforno at infowarrior.org Mon Jun 12 09:17:43 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jun 2017 14:17:43 -0000 Subject: [Infowarrior] - Theresa May's techno-cluelessness (and hypocracy) Message-ID: Theresa May Tries To Push Forward With Plans To Kill Encryption, While Her Party Plots Via Encrypted Whatsapp from the so-about-that... dept As we've discussed a few times, Theresa May and her colleagues have been pushing to break real encryption as part of the party's manifesto. And they've used recent terrorist attacks as an excuse to ramp up that effort -- even though the perpetrators of recent attacks were already known to law enforcement and there's no evidence encryption played any role. Earlier in the year, Home Secretary Amber Rudd had insisted that encrypted communications were completely unacceptable, and specifically namechecked Whatsapp: It is completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don?t provide a secret place for terrorists to communicate with each other. Of course, as you've certainly heard by now, last Thursday's general election in the UK (understatement alert!) didn't quite go according to Theresa May's plan, and she's now left in a much weaker position with many people expecting she will not survive long as Prime Minister. And yet, showing her uncanny ability to double down on the absolute wrong thing, May is insisting she's moving ahead with her plans to regulate the internet, which will require vast censorship and a breaking of encryption. On the encryption angle, she's already got some Parliamentary support given that (as we and others warned at the time!) the Snooper's Charter ("Investigatory Powers Act") included a bit that would require anyone offering encrypted communications to unencrypt those communications (which is impossible if the encryption is strong end-to-end, and only possible with broken, insecure, fake "encryption"). This is both dumb and... hilarious. Because while all of this is going on, Theresa May's own party has been trying to figure out what the hell they're going to do. And, of course, the way they're communicating with each other is with the encrypted Whatsapp software that Amber Rudd was trashing just months ago: < - > https://www.techdirt.com/articles/20170611/11545237565/theresa-may-tries-to-push-forward-with-plans-to-kill-encryption-while-her-party-plots-via-encrypted-whatsapp.shtml From rforno at infowarrior.org Tue Jun 13 16:02:27 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jun 2017 21:02:27 -0000 Subject: [Infowarrior] - =?utf-8?q?HIDDEN_COBRA_=E2=80=93_North_Korea?= =?utf-8?q?=E2=80=99s_DDoS_Botnet_Infrastructure?= Message-ID: <1724C7D6-67AB-4F28-9691-5426C68A95E6@infowarrior.org> Alert (TA17-164A) HIDDEN COBRA ? North Korea?s DDoS Botnet Infrastructure Original release date: June 13, 2017 Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea?s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA. If users or administrators detect the custom tools indicative of HIDDEN COBRA, these tools should be immediately flagged, reported to the DHS National Cybersecurity Communications and Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and given highest priority for enhanced mitigation. This alert identifies IP addresses linked to systems infected with DeltaCharlie malware and provides descriptions of the malware and associated malware signatures. DHS and FBI are distributing these IP addresses to enable network defense activities and reduce exposure to the DDoS command-and-control network. FBI has high confidence that HIDDEN COBRA actors are using the IP addresses for further network exploitation. This alert includes technical indicators related to specific North Korean government cyber operations and provides suggested response actions to those indicators, recommended mitigation techniques, and information on reporting incidents to the U.S. Government. < - > https://www.us-cert.gov/ncas/alerts/TA17-164A From rforno at infowarrior.org Tue Jun 13 16:03:30 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jun 2017 21:03:30 -0000 Subject: [Infowarrior] - Microsoft releases new update citing concern over state-sponsored attacks Message-ID: Microsoft releases new update citing concern over state-sponsored attacks By Ali Breland - 06/13/17 04:52 PM EDT 0 http://thehill.com/policy/technology/337646-microsoft-releases-unusual-update-out-of-nation-state-concerns It's an unusual move for the company to provide fixes to older operating systems, highlighting its concerns over cyber attacks. The company also released a patch for the operating system last month in the wake of the WannaCry ransomware attacks, which targeted hospitals and other institutions. ?In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,? said Adrienne Hall, general manager of crisis management at Microsoft, about the new update. ?To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.? The company said that it would also release patches for Vista and all other operating systems, both supported and unsupported, because of the ?elevated risk? from the WannaCry attacks. After the attacks, the company conducted a review that revealed several vulnerabilities. Lawmakers on Capitol Hill will hold a hearing examining the WannaCry attacks, which happened last month and crippled the tech systems of Britain?s health systems before spreading to over 150 companies. From rforno at infowarrior.org Wed Jun 14 17:50:02 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jun 2017 22:50:02 -0000 Subject: [Infowarrior] - POTUS now under investigation for obstruction of justice Message-ID: Special counsel is investigating Trump for possible obstruction of justice, officials say By Devlin Barrett, Adam Entous, Ellen Nakashima and Sari Horwitz June 14 at 6:21 PM The special counsel overseeing the investigation into Russia?s role in the 2016 election is interviewing senior intelligence officials as part of a widening probe that now includes an examination of whether President Trump attempted to obstruct justice, officials said. The move by Special Counsel Robert S. Mueller III to investigate Trump?s own conduct marks a major turning point in the nearly year-old FBI investigation, which until recently focused on Russian meddling during the presidential campaign and on whether there was any coordination between the Trump campaign and the Kremlin. Investigators have also been looking for any evidence of possible financial crimes among Trump associates, officials said. Trump had received private assurances from former FBI Director James B. Comey starting in January that he was not personally under investigation. Officials say that changed shortly after Comey?s firing. < - big snip - > https://www.washingtonpost.com/world/national-security/special-counsel-is-investigating-trump-for-possible-obstruction-of-justice/2017/06/14/9ce02506-5131-11e7-b064-828ba60fbb98_story.html From rforno at infowarrior.org Wed Jun 14 17:53:48 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jun 2017 22:53:48 -0000 Subject: [Infowarrior] - The secret origin story of the iPhone Message-ID: <3032DFD2-BB8B-43DC-8811-F5931E874BBF@infowarrior.org> The secret origin story of the iPhone An exclusive excerpt from The One Device by Brian Merchant Jun 13, 2017, 10:00am EDT This month marks 10 years since Apple launched the first iPhone, a device that would fundamentally transform how we interact with technology, culture, and each other. Ahead of that anniversary, Motherboard editor Brian Merchant embarked on an investigation to uncover the iPhone?s untold origin. The One Device: The secret history of the iPhone, out on June 20th, traces that journey from Kenyan mines to Chinese factories all the way to One Infinite Loop. The following excerpt has been lightly condensed and edited. < - > https://www.theverge.com/2017/6/13/15782200/one-device-secret-history-iphone-brian-merchant-book-excerpt From rforno at infowarrior.org Fri Jun 16 05:33:53 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jun 2017 10:33:53 -0000 Subject: [Infowarrior] - Facebook ... Hard Questions: How We Counter Terrorism Message-ID: June 15, 2017 Hard Questions: How We Counter Terrorism By Monika Bickert, Director of Global Policy Management, and Brian Fishman, Counterterrorism Policy Manager < - > https://newsroom.fb.com/news/2017/06/how-we-counter-terrorism/ From rforno at infowarrior.org Fri Jun 16 06:06:08 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jun 2017 11:06:08 -0000 Subject: [Infowarrior] - DOJ warns against believing anonymous sources Message-ID: <975FB545-D926-4F6C-9AD0-7069E2046AF5@infowarrior.org> DOJ essentially saying to the American people, "don't trust anonymous media sources unless we're given some information about how to find them." HUH?? I can't help wonder if this is a vague response to Wed's WaPo report on the obstruction of justice story, or if the DOJ is being asked to get in front of something else that might be coming out soon. Justice Dept. issues warning against believing anonymous sources By John Bowden - 06/15/17 11:12 PM EDT http://thehill.com/homenews/administration/338084-justice-dept-issues-statement-warning-against-believing-anonymous Were I a journalist, I'd simply say "Multiple American citizens in DC have said that....." -- there, I'd be following this goofy plea/guidance. Happy yet?) -- rick From rforno at infowarrior.org Fri Jun 16 06:12:57 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jun 2017 11:12:57 -0000 Subject: [Infowarrior] - 'Freedom Caucus' demands reforms to FISA Section 702 Message-ID: <4803349A-28A1-41FF-8A86-061A50AC9535@infowarrior.org> Thu Jun 15, 2017 | 7:39pm EDT Opposing Trump, conservative bloc demands reforms to internet spy law By Dustin Volz | WASHINGTON http://www.reuters.com/article/us-usa-intelligence-idUSKBN1962SR An influential conservative bloc of Republican lawmakers on Thursday said it opposed renewal of an internet surveillance law unless major changes were made in how the U.S. government collects and uses American data, reflecting disagreement within the majority party. A week ago, President Donald Trump's administration and 14 Republican U.S. senators said they wanted the spying authority to be renewed without any changes before it expires at the end of the year. Amendments to the Foreign Intelligence Surveillance Act adopted by Congress in 2008, including a controversial part known as Section 702, broadened the U.S. government's legal authority to conduct surveillance of phone calls, emails and other communications belonging to foreigners who live overseas. U.S. intelligence agencies and U.S. allies consider the law vital to national security, but privacy advocates have criticized Section 702 for allowing the incidental collection of data belonging to an unknown number of Americans without a search warrant. "Government surveillance activities under the FISA Amendments Act have violated Americans' constitutionally protected rights," the group of about three dozen lawmakers, known as the House Freedom Caucus, said in a statement. "We oppose any reauthorization of the FISA Amendments Act that does not include substantial reforms to the government's collection and use of Americans' data." The caucus in the U.S. House of Representatives has already had success in challenging the Trump White House and the Republican congressional leadership on other policy issues. It opposed legislation to overhaul the U.S. healthcare system on grounds that it did not do enough to repeal former President Barack Obama's healthcare law, earning concessions on a bill that passed the House in May. The intraparty dissent among Republicans in Congress over Section 702 resembles a debate that took place two years ago, when lawmakers disagreed sharply over whether to curtail a National Security Agency program that collected U.S. call metadata in bulk - a practice exposed publicly by former intelligence contractor Edward Snowden. The dispute led to the brief expiration of the USA Patriot Act before lawmakers passed a law effectively terminating the bulk collection practice. The extent of Section 702 spying was also revealed in disclosures by Snowden, prompting outrage internationally and embarrassing some U.S. technology firms. On Wednesday, a declassified court document, made public in response to lawsuits filed by the American Civil Liberties Union and Electronic Frontier Foundation, revealed that an unidentified U.S. technology company objected in 2014 to participating in a Section 702 program, but was ordered by a judge on the Foreign Intelligence Surveillance Court to comply. (Reporting by Dustin Volz; editing by Grant McCool) From rforno at infowarrior.org Fri Jun 16 09:38:17 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jun 2017 14:38:17 -0000 Subject: [Infowarrior] - NHS cyber-attack was 'launched from North Korea' Message-ID: NHS cyber-attack was 'launched from North Korea' By Gordon Corera Security correspondent, BBC News http://www.bbc.com/news/technology-40297493 British security officials believe that hackers in North Korea were behind the cyber-attack that crippled parts of the NHS and other organisations around the world last month, the BBC has learned. Britain's National Cyber Security Centre (NCSC) led the international investigation. Security sources have told the BBC that the NCSC believes that a hacking group known as Lazarus launched the attack. The US Computer Emergency Response Team has also warned about Lazarus. The same group is believed to have targeted Sony Pictures in 2014. The Sony hack came as the company planned to release the movie The Interview, a satire about the North Korean leadership starring Seth Rogen. The movie was eventually given a limited release after an initial delay. The same group is also thought to have been behind the theft of money from banks. NHS hit In May, ransomware called WannaCry swept across the world, locking computers and demanding payment for them to be unlocked. The NHS in the UK was particularly badly hit. Officials in Britain's National Cyber Security Centre (NCSC) began their own investigation and concluded their assessment in recent weeks. The ransomware did not target Britain or the NHS specifically, and may well have been a money-making scheme that got out of control, particularly since the hackers do not appear to have retrieved any of the ransom money as yet. Although the group is based in North Korea the exact role of the leadership in Pyongyang in ordering the attack is less clear. Detective work Private sector cyber-security researchers around the world began picking apart the code to try to understand who was behind the attack soon after. Adrian Nish, who leads the cyber threat intelligence team at BAE Systems, saw overlaps with previous code developed by the Lazarus group. "It seems to tie back to the same code-base and the same authors," Nish says. "The code-overlaps are significant." Image copyright Webroot Image caption The WannaCry ransomware has been linked to a North Korean hacking group. Private sector cyber security researchers reverse engineered the code but the British assessment by the NCSC - part of the intelligence agency GCHQ - is likely to have been made based on a wider set of sources. America's NSA has also more recently made the link to North Korea but its assessment is not thought to have been based on as deep as an investigation as the UK, partly because the US was not hit as hard by the incident. Officials say they have not seen any significant evidence supporting other possible culprits. Central bank hack North Korean hackers have been linked to money-making attacks in the past - such as the theft of $81m from the central bank of Bangladesh in 2016. This sophisticated attack involved making transfers through the Swift payment system which, in some cases, were then laundered through casinos in the Philippines. "It was one of the biggest bank heists of all time in physical space or in cyberspace," says Nish, who says further activity has been seen in banks in Poland and Mexico. The Lazarus group has also been linked to the use of ransomware - including against a South Korean supermarket chain. Other analysts say they saw signs of North Korea investigating the bitcoin method of payment in recent months. Scattergun The May 2017 attack was indiscriminate rather than targeted. Its spread was global and may have only been slowed thanks to the work of a British researcher who was able to find a "kill switch" to slow it down. The attacks caused huge disruption in the short term but they may have also been a strategic failure for the group behind it. Researchers at Elliptic, a UK-based company which tracks bitcoin payments, say they have seen no withdrawals out of the wallets into which money was paid, although people are still paying in to them. Those behind the attack may not have expected it to have spread as fast as it did. Once they realised that their behaviour was drawing global attention, the risks of moving the money may have been seen as too high given the relatively small amount involved, leaving them with little to show for their work. The revelation of the link to North Korea will raise difficult questions about what can be done to respond or deter such behaviour in the future. From rforno at infowarrior.org Fri Jun 16 11:46:14 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jun 2017 16:46:14 -0000 Subject: [Infowarrior] - European Parliament Committee Recommends End-To-End Encryption For All Electronic Communications Message-ID: <3BB69AA1-1BB9-4D35-859B-5341BBE93343@infowarrior.org> European Parliament Committee Recommends End-To-End Encryption For All Electronic Communications by Lucian Armasu June 16, 2017 at 7:00 AM - Source: Europa (pdf) The European Parliament's (EP?s) Committee on Civil Liberties, Justice, and Home Affairs released a draft proposal for a new Regulation on Privacy and Electronic Communications. The draft recommends a regulation that will enforce end-to-end encryption on all communications to protect European Union citizens? fundamental privacy rights. The committee also recommended a ban on backdoors. < - > http://www.tomshardware.com/news/european-parliament-end-to-end-encryption-communications,34809.html From rforno at infowarrior.org Fri Jun 16 12:18:48 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jun 2017 17:18:48 -0000 Subject: [Infowarrior] - =?utf-8?q?Gaming_Google_News=3A_Once_as_Spam=2C_O?= =?utf-8?b?bmNlIGFz4oCmPw==?= Message-ID: Gaming Google News: Once as Spam, Once as?? [Update: it looks like many others have been observing the same issue. Updated What is Happening section with detail.] It is not just fake election results sites that are gaming Google?s News. As of writing almost 50% of the news stories that display on Google Health are fake news articles that redirect to spam sites. < - > https://www.johnscottrailton.com/gaming-google-news/ From rforno at infowarrior.org Sat Jun 17 21:20:06 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Jun 2017 02:20:06 -0000 Subject: [Infowarrior] - =?utf-8?q?the_=E2=80=9Cinventor_of_e-mail?= =?utf-8?q?=E2=80=9D_targets_Techdirt?= Message-ID: <32EEC769-53D1-49BB-9210-08D7B3AA1181@infowarrior.org> History by lawsuit: After Gawker?s demise, the ?inventor of e-mail? targets Techdirt ?I defined e-mail! And you guys have got to give me that credit.? Joe Mullin and Cyrus Farivar - 6/13/2017, 6:30 AM < - > https://arstechnica.com/tech-policy/2017/06/shivas-war-one-mans-quest-to-convince-the-world-that-he-invented-e-mail From rforno at infowarrior.org Sat Jun 17 21:25:49 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Jun 2017 02:25:49 -0000 Subject: [Infowarrior] - Minitel, the Open Network Before the Internet Message-ID: <43AA808B-C3FC-485E-8871-1DF8050DF0AF@infowarrior.org> Minitel, the Open Network Before the Internet A state-run French computer service from the 1980s offers a cautionary tale about too much reliance on today?s private internet providers. ? Julien Mailland ? Jun 16, 2017 https://www.theatlantic.com/technology/archive/2017/06/minitel/530646/?single_page=true From rforno at infowarrior.org Sun Jun 18 17:18:28 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Jun 2017 22:18:28 -0000 Subject: [Infowarrior] - =?utf-8?q?Google=3A_Four_steps_we=E2=80=99re_taki?= =?utf-8?q?ng_today_to_fight_online_terror?= Message-ID: Google in Europe Jun 18, 2017 Four steps we?re taking today to fight online terror Kent Walker General Counsel Google https://blog.google/topics/google-europe/four-steps-were-taking-today-fight-online-terror/ Editor?s Note: This post appeared as an op-ed in the Financial Times earlier today. Terrorism is an attack on open societies, and addressing the threat posed by violence and hate is a critical challenge for us all. Google and YouTube are committed to being part of the solution. We are working with government, law enforcement and civil society groups to tackle the problem of violent extremism online. There should be no place for terrorist content on our services. While we and others have worked for years to identify and remove content that violates our policies, the uncomfortable truth is that we, as an industry, must acknowledge that more needs to be done. Now. We have thousands of people around the world who review and counter abuse of our platforms. Our engineers have developed technology to prevent re-uploads of known terrorist content using image-matching technology. We have invested in systems that use content-based signals to help identify new videos for removal. And we have developed partnerships with expert groups, counter-extremism agencies, and the other technology companies to help inform and strengthen our efforts. Today, we are pledging to take four additional steps. First, we are increasing our use of technology to help identify extremist and terrorism-related videos. This can be challenging: a video of a terrorist attack may be informative news reporting if broadcast by the BBC, or glorification of violence if uploaded in a different context by a different user. We have used video analysis models to find and assess more than 50 per cent of the terrorism-related content we have removed over the past six months. We will now devote more engineering resources to apply our most advanced machine learning research to train new ?content classifiers? to help us more quickly identify and remove extremist and terrorism-related content. Second, because technology alone is not a silver bullet, we will greatly increase the number of independent experts in YouTube?s Trusted Flagger programme. Machines can help identify problematic videos, but human experts still play a role in nuanced decisions about the line between violent propaganda and religious or newsworthy speech. While many user flags can be inaccurate, Trusted Flagger reports are accurate over 90 per cent of the time and help us scale our efforts and identify emerging areas of concern. We will expand this programme by adding 50 expert NGOs to the 63 organisations who are already part of the programme, and we will support them with operational grants. This allows us to benefit from the expertise of specialised organisations working on issues like hate speech, self-harm, and terrorism. We will also expand our work with counter-extremist groups to help identify content that may be being used to radicalise and recruit extremists. Third, we will be taking a tougher stance on videos that do not clearly violate our policies ? for example, videos that contain inflammatory religious or supremacist content. In future these will appear behind an interstitial warning and they will not be monetised, recommended or eligible for comments or user endorsements. That means these videos will have less engagement and be harder to find. We think this strikes the right balance between free expression and access to information without promoting extremely offensive viewpoints. Finally, YouTube will expand its role in counter-radicalisation efforts. Building on our successful Creators for Change programme promoting YouTube voices against hate and radicalisation, we are working with Jigsaw to implement the ?Redirect Method? more broadly across Europe. This promising approach harnesses the power of targeted online advertising to reach potential Isis recruits, and redirects them towards anti-terrorist videos that can change their minds about joining. In previous deployments of this system, potential recruits have clicked through on the ads at an unusually high rate, and watched over half a million minutes of video content that debunks terrorist recruiting messages. We have also recently committed to working with industry colleagues?including Facebook, Microsoft, and Twitter?to establish an international forum to share and develop technology and support smaller companies and accelerate our joint efforts to tackle terrorism online. Collectively, these changes will make a difference. And we?ll keep working on the problem until we get the balance right. Extremists and terrorists seek to attack and erode not just our security, but also our values; the very things that make our societies open and free. We must not let them. Together, we can build lasting solutions that address the threats to our security and our freedoms. It is a sweeping and complex challenge. We are committed to playing our part. From rforno at infowarrior.org Sun Jun 18 18:16:02 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Jun 2017 23:16:02 -0000 Subject: [Infowarrior] - semi-OT: Techdirt Survival Fund: I Support Journalism Message-ID: Techdirt Survival Fund: I Support Journalism from the free-speech-matters dept Donate to the Techdirt Survival Fund ? As we mentioned last month, we are currently being sued for $15 million by Shiva Ayyadurai, represented by Charles Harder, the lawyer who helped bring down Gawker. We have written, at great length, about Ayyadurai's claims and our opinion ? backed up by detailed and thorough evidence ? that email existed long before Ayyadurai created any software. Once again, we believe the legal claims in the lawsuit are meritless and we intend to fight them and win. Earlier today, we filed a motion to dismiss (along with our memorandum in support) and a special motion to strike under California's anti-SLAPP law (along with a memorandum in support). You can see all of those below. I encourage you read through them. Unfortunately, the fight itself is incredibly distracting and burdensome. It has taken up a significant amount of my time (and the time of others who work here) over the last month and delayed multiple projects that we were working on, and even forced us to pass on writing about many stories we would have liked to cover. Even though we are confident in winning the legal fight, it has already taken a massive toll on us and our ability to function and report. We have now set up a Techdirt Survival Fund at ISupportJournalism.com, which will allow us to continue our reporting on issues related to free speech and the growing threats to free speech online, while continuing to fight this legal battle. We've put together an all-star steering committee to help us oversee how the funds will be spent, including representatives from both the Freedom of the Press Foundation and EFF. Many of you have already supported us in various ways -- by becoming Techdirt Insiders, supporting us on Patreon or by buying t-shirts. We are so grateful for all initial support we've received, but for us to survive, we unfortunately need to ask for more help. Please consider supporting us via this new fund and spreading the word as well. In this era, especially, strong independent voices in journalism are necessary. Allowing lawsuits to stifle freedom of expression online, silencing voices and creating chilling effects, is a huge threat to how a responsible society functions. Please support Techdirt and support journalism. < - > https://www.techdirt.com/articles/20170216/17220136729/techdirt-survival-fund-i-support-journalism.shtml From rforno at infowarrior.org Sun Jun 18 18:20:46 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Jun 2017 23:20:46 -0000 Subject: [Infowarrior] - =?utf-8?q?_Life_and_death_in_Apple=E2=80=99s_forb?= =?utf-8?q?idden_city?= Message-ID: <96D81115-11A2-4F5F-8B4F-7C791AF53999@infowarrior.org> Life and death in Apple?s forbidden city In an extract from his new book, Brian Merchant reveals how he gained access to Longhua, the vast complex where iPhones are made and where, in 2010, unhappy workers started killing themselves https://www.theguardian.com/technology/2017/jun/18/foxconn-life-death-forbidden-city-longhua-suicide-apple-iphone-brian-merchant-one-device-extract From rforno at infowarrior.org Mon Jun 19 10:14:31 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Jun 2017 15:14:31 -0000 Subject: [Infowarrior] - Data on 198M voters exposed by RNC contractor Message-ID: Data on 198M voters exposed by RNC contractor By Joe Uchill - 06/19/17 09:00 AM EDT 515 http://thehill.com/policy/cybersecurity/338383-data-on-198-million-us-voters-left-exposed-to-the-internet-by-rnc-data A data analytics contractor employed by the Republican National Committee (RNC) left databases containing information on nearly 200 million potential voters exposed to the internet without security, allowing anyone who knew where to look to download it without a password. "We take full responsibility for this situation," said the contractor, Deep Root Analytics, in a statement. The databases were part of 25 terabytes of files contained in an Amazon cloud account that could be browsed without logging in. The account was discovered by researcher Chris Vickery of the security firm UpGuard. The files have since been secured. Vickery is a prominent researcher in uncovering improperly secured files online. But, he said, this exposure is of a magnitude he has never seen before "In terms of the disc space used, this is the biggest exposure I've found. In terms of the scope and depth, this is the biggest one I've found," said Vickery. The accessible files, according to UpGuard, contain a main 198 million-entry database with names, addresses of voters and an "RNC ID" that can be used with other exposed files to research individuals. For example, a 50-gigabyte file of "Post Elect 2016" information, last updated in mid-January, contained modeled data about a voter's likely positions on 46 different issues ranging from "how likely it is the individual voted for Obama in 2012, whether they agree with the Trump foreign policy of 'America First' and how likely they are to be concerned with auto manufacturing as an issue, among others." That file appears in a folder titled "target_point," an apparent reference to another firm contracted by the RNC to crunch data. UpGuard speculates that the folder may imply that the firm TargetPoint compiled and shared the data with Deep Root. Another folder appears to reference Data Trust, another contracted firm. UpGuard analyst Dan O'Sullivan looked himself up in the database and writes in the official report that the calculated preferences were, at least for him, right on the money. "It is a testament both to their talents, and to the real danger of this exposure, that the results were astoundingly accurate," he said. The Deep Root Analytics cloud server had 25 terabytes of data exposed, including 1.1 terabytes available for download. Over the 2016 election season, the RNC was a major client of Deep Root, one of a handful firms it contacted for big data analysis. Firms like Deep Root Analytics use data from a variety of sources to extrapolate social and political preferences of voters to determine how best to market to them. According to Ad Age, the RNC spent $983,000 between January 2015 and November 2016 for Deep Root's services and $4.2 million for TargetPoint's. "Deep Root Analytics builds voter models to help enhance advertiser understanding of TV viewership. The data accessed was not built for or used by any specific client. It is our proprietary analysis to help inform local television ad buying," said Deep Root Analytics in their statement. Misconfigured cloud servers and online databases are a common way for data to be accidentally left exposed to the public. Vickery has found everything from military engineering plans to databases of believed terrorists in exactly this way. What is uncommon in this case is the size and scope of this exposure. If its records are accurate, the Deep Root Analytics exposure contains information on more than half of the American population. It dwarfs the second-largest exposure of voter information ? 93.4 million records of Mexican citizens ? by more than 100 million voters and tops the largest data breach of voter information ? 55 million records of Philippine voters ? by more than 140 million. Anyone who knew the files' web address could have accessed them. But without that knowledge, they are much harder to find. Even armed with a search for unsecured databases, finding exposures of any magnitude is tough work. Vickery sifts through a large number of unsecured databases to find ones that interesting enough to publish research. Deep Root has contracted the security firm Stroz Friedberg to perform a thorough investigation of the exposure. The exposure, between June 1 and June 14, was sealed shut shortly after Vickery made the discovery during the night of June 12 and notified relevant regulatory bodies. From rforno at infowarrior.org Tue Jun 20 06:21:43 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jun 2017 11:21:43 -0000 Subject: [Infowarrior] - Post-Snowden Efforts to Secure N.S.A. Data Fell Short, Report Says Message-ID: <18D3270C-74EB-42D1-A731-4EE6694EF399@infowarrior.org> Post-Snowden Efforts to Secure N.S.A. Data Fell Short, Report Says By CHARLIE SAVAGE June 16, 2017 https://mobile.nytimes.com/2017/06/16/us/politics/nsa-data-edward-snowden.html?referer= WASHINGTON ? The government?s efforts to tighten access to its most sensitive surveillance and hacking data after the leaks of National Security Agency files by Edward J. Snowden fell short, according to a newly declassified report. The N.S.A. failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the report, an investigation by the Defense Department?s inspector general completed in 2016. The report was classified at the time and made public in redacted form this week in response to a Freedom of Information Act lawsuit by The New York Times. The agency also failed to meaningfully reduce the number of officials and contractors who were empowered to download and transfer data classified as top secret, as well as the number of ?privileged? users, who have greater power to access the N.S.A.?s most sensitive computer systems. And it did not fully implement software to monitor what those users were doing. In all, the report concluded, while the post-Snowden initiative ? called ?Secure the Net? by the N.S.A. ? had some successes, it ?did not fully meet the intent of decreasing the risk of insider threats to N.S.A. operations and the ability of insiders to exfiltrate data.? In a statement, Vanee Vines, an N.S.A. spokeswoman, noted the difficulty of building security improvements into the agency?s particularly complex systems while continuing to carry out its work. ?We welcome the observations and opportunities for improvement offered by the U.S. Defense Department?s Inspector General,? she said. ?N.S.A. has never stopped seeking and implementing ways to strengthen both security policies and internal controls.? Underscoring the importance of the warnings in the report, in the same month that it was produced, August 2016, a group calling itself the Shadow Brokers announced that it had obtained and was auctioning off highly classified N.S.A. hacking tools ? some of which it later dumped online, forming the basis of a malicious software attack that spread chaos around the world last month. Also in August, a veteran intelligence contractor, Harold T. Martin III, was charged with copying and bringing home 50 terabytes of confidential data from the N.S.A. and other agencies. The report portrayed certain aspects of the N.S.A.?s internal controls as particularly sloppy before the Snowden breach in 2013. The inspector general found that the agency was unable to say how many privileged users and officials were empowered to transfer data. Those lists were kept in spreadsheets that had become corrupted and were no longer available. The agency sought to reduce access by revoking it and requiring users to reapply for credentials. But the inspector general concluded that the step had not significantly reduced the overall number of people with the extraordinary authorities. The report said the chief information officer of the N.S.A., Gregory L. Smithberger, had cautioned the inspector general that ?eliminating all risk of insider threats is not feasible.? In a separate response included with the report, Mr. Smithberger focused on other areas where the agency had succeeded in tightening controls, portraying the inspector general?s broader findings as positive. ?While the media leak events that led to Secure the Net (STN) were both unforeseen and serious, we consider the extensive progress we made in a short time to be a ?good news? story,? he wrote. The inspector general studied how well the agency did in carrying out seven of the initiative?s 40 components. Its report was commissioned by Congress, and though it was deemed classified, the House Intelligence Committee cited a finding from it in a declassified report about the intelligence community?s response to the Snowden disclosures. From rforno at infowarrior.org Tue Jun 20 06:55:46 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jun 2017 11:55:46 -0000 Subject: [Infowarrior] - ProtonMail makes its free VPN service available to everyone Message-ID: <2FE0E017-A8A0-4F3D-9E0E-F9C8E3DCBECD@infowarrior.org> ProtonMail makes its free VPN service available to everyone https://www.engadget.com/2017/06/20/protonmail-releases-free-vpn-to-public/ ProtonMail, the encrypted email created by CERN and MIT scientists, has released a new product in response to the administration's roll back of Obama-era internet privacy rules. Starting today, you can try out the company's VPN service, which was in beta testing by 10,000 initial users for a year, by getting it from the official ProtonVPN website. The great thing about it is that it has a free tier that's free forever. It might not be as robust as the paid ones, but it still routes your connection through multiple encrypted tunnels in three countries By offering free options, the company can reach more people, especially now that there's a lot more interest in using VPN all over the world. In the US, the new FCC chairman and various Senators want to kill net neutrality in addition to nullifying rules that protect user data. UK Prime Minister Theresa May wants to regulate the internet. People in China, Egypt and other places where the internet is heavily censored also need VPNs to get around restrictions, while others need the service to keep their info secure and private. If you decide to stick with ProtoMail's service as your primary VPN provider after using it for a while, you can always choose to pay later to help the company continue offering its free services. ProtonMail says it relies on user upgrades to keep the company running, because (in its own fighting words) it doesn't "abuse user privacy to sell advertisements" like "Google and Facebook." From rforno at infowarrior.org Tue Jun 20 15:17:53 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jun 2017 20:17:53 -0000 Subject: [Infowarrior] - The Nihilism of Julian Assange Message-ID: <19FD6240-BFB7-424B-A419-A17B479B4953@infowarrior.org> The Nihilism of Julian Assange Sue Halpern July 13, 2017 Issue a documentary film directed by Laura Poitras About forty minutes into Risk, Laura Poitras?s messy documentary portrait of Julian Assange, the filmmaker addresses the viewer from off-camera. ?This is not the film I thought I was making,? she says. ?I thought I could ignore the contradictions. I thought they were not part of the story. I was so wrong. They are becoming the story.? By the time she makes this confession, Poitras has been filming Assange, on and off, for six years. He has gone from a bit player on the international stage to one of its dramatic leads. His gleeful interference in the 2016 American presidential election?first with the release of e-mails poached from the Democratic National Committee, timed to coincide with, undermine, and possibly derail Hillary Clinton?s nomination at the Democratic Convention, and then with the publication of the private e-mail correspondence of Clinton?s adviser John Podesta, which was leaked, drip by drip, in the days leading up to the election to maximize the damage it might inflict on Clinton?elevated Assange?s profile and his influence. And then this spring, it emerged that Nigel Farage, the Trump adviser and former head of the nationalist and anti-immigrant UK Independence Party (UKIP) who is now a person of interest in the FBI investigation of the Trump campaign?s ties to Russia, was meeting with Assange. To those who once saw him as a crusader for truth and accountability, Assange suddenly looked more like a Svengali and a willing tool of Vladimir Putin, and certainly a man with no particular affection for liberal democracy. Yet those tendencies were present all along. < - > http://www.nybooks.com/articles/2017/07/13/nihilism-of-julian-assange-wikileaks/ From rforno at infowarrior.org Wed Jun 21 06:32:56 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jun 2017 11:32:56 -0000 Subject: [Infowarrior] - irony ... Apple's 'Stopping Leakers - Keeping Confidential' Employee Seminar Leaks Online Message-ID: Apple's 'Stopping Leakers - Keeping Confidential' Employee Seminar Leaks Online New information about the lengths that Apple will go to in order to prevent and track down leaks has been shared online today by The Outline, which obtained a leaked recording of an internal briefing used by Apple to educate employees on the culture of leaks. Called "Stopping Leakers - Keeping Confidential at Apple," the presentation is said to last one hour and be led by a team of Apple's best security and communications experts including David Rice, Lee Freedman, and Jenny Hubbert. The briefing was held for around 100 employees earlier this month and is believed to be the first of many such secretive events planned by the Cupertino company. The presentation included information on Apple's Global Security team, which employs an undisclosed number of investigators worldwide "to prevent information from reaching competitors, counterfeiters, and the press." The team is stacked by former members of the NSA, FBI, Secret Service, and U.S. military, and when leaks do occur, they hunt down sources to relay the information back to Apple headquarters. < - > https://www.macrumors.com/2017/06/20/apples-stopping-leaks-seminar/ From rforno at infowarrior.org Wed Jun 21 07:02:46 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jun 2017 12:02:46 -0000 Subject: [Infowarrior] - Oxford Report: Computational Propaganda Worldwide Message-ID: <0A11B710-EF3E-4D10-81A8-5020F00E1216@infowarrior.org> Computational Propaganda Worldwide: Executive Summary http://comprop.oii.ox.ac.uk/2017/06/19/computational-propaganda-worldwide-executive-summary/ We?re very excited to announce the launch of our case study series on computational propaganda in 9 different countries. Find the executive summary, written by Sam Woolley and Phil Howard, here. The Computational Propaganda Research Project at the Oxford Internet Institute, University of Oxford, has researched the use of social media for public opinion manipulation. The team involved 12 researchers across nine countries who, altogether, interviewed 65 experts, analyzed tens of millions posts on seven different social media platforms during scores of elections, political crises, and national security incidents. Each case study analyzes qualitative, quantitative, and computational evidence collected between 2015 and 2017 from Brazil, Canada, China, Germany, Poland, Taiwan, Russia, Ukraine, and the United States. The reports can be found at the following links: ? United States ? China ? Russia ? Poland ? Brazil ? Canada ? Germany ? Ukraine ? Taiwan http://comprop.oii.ox.ac.uk/2017/06/19/computational-propaganda-worldwide-executive-summary/ From rforno at infowarrior.org Wed Jun 21 15:05:34 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jun 2017 20:05:34 -0000 Subject: [Infowarrior] - DOJ wants $21 Million To Solve The FBI's 'Going Dark' Problem Message-ID: <115F6A51-1FFD-4643-9477-D5D673F220C8@infowarrior.org> Deputy Attorney General Asks Congress For $21 Million To Solve The FBI's 'Going Dark' Problem from the 21-million-buys-a-lot-of-hysteria dept https://www.techdirt.com/articles/20170615/09020337600/deputy-attorney-general-asks-congress-21-million-to-solve-fbis-going-dark-problem.shtml James Comey may have been unceremoniously dumped by the Commander-in-Chief, but his device encryption legacy lives on. The Justice Department is requesting more than $20 million in federal funding to bankroll efforts related to resolving the government?s continuing ?Going Dark? problem, Deputy Attorney General Rod Rosenstein said Tuesday, signaling one of the Trump administration?s first attempts at tackling the issue of ubiquitous, hard-to-crack encryption amid growing concerns involving its impact on criminal investigations. The request came during Rosenstein's testimony before the Appropriations Committee -- the place where all government officials perform their most sincere acts of begging. Not that the FBI was likely to be faced with budget cuts -- not with a "law and order" president running the country and overseen by an Attorney General who appears to believe we're currently engulfed in a massive drug-and-immigrant crimewave. Here's Rosenstein's full "going dark" budget request: Department of Justice must continue to take a leading role in enhancing the capabilities of the law enforcement and national security communities. This budget request will provide $21.6 million in funding to counter the ?Going Dark? threat. The seriousness of this threat cannot be overstated. ?Going Dark? refers to law enforcement?s increasing inability to lawfully access, collect, and intercept real-time communications and stored data, even with a warrant, due to fundamental shifts in communications services and technologies. This phenomenon is severely impairing our ability to conduct investigations and bring criminals to justice. The FBI will use this funding to develop and acquire tools for electronic device analysis, cryptanalytic capability, and forensic tools. The Department?s role has been to collect, house, analyze, and share critical data among our federal, state, local, and tribal partners. .... Beg to differ, but the "seriousness of this threat" can be overstated. Comey did so on multiple occasions. Sometimes others -- mainly Manhattan DA Cyrus Vance -- followed suit. Both claimed to have a large number of phones in their possession that couldn't be cracked. Even if the underlying assumption that all of these phones contained valuable evidence directly related to investigations, one still had to wonder how hard investigators were trying to get into these phones. Or how many other options they'd explored before throwing their hands up in frustration and resigning the devices to a dismal future as press conference props. Take, for instance, this quote from the Washington Times article: Days before leaving office on May 9, Mr. Comey said federal investigators had legally seized more than 6,000 smartphones and electronic devices during a recent six-month span but found that 46 percent couldn?t be opened ?with any technique.? ...This stat is almost completely unbelievable. Documents obtained from local law enforcement agencies with much smaller budgets show investigators are finding multiple ways to obtain data and communications from locked phones. We're also not hearing these sentiments echoed by law enforcement officials at the local level. If it's this much of a problem for the FBI -- nearly half of all devices seized -- one would think smaller agencies would be seeing a much higher access failure rate, followed directly by public complaints about device encryption. But we're just not seeing that. Hopefully whatever's handed to the FBI to solve its apparently singular "going dark" program is put to use wisely. But nothing about the "going dark" hype suggests this will be the case. It may just disappear into some sort of talking points war fund and used to promote the spread of "going dark" hysteria until enough legislators are on the hook. If the money is deployed intelligently, it could actually make a difference for the agency. But all evidence points to the agency angling for legislation and favorable court precedent that will make the rest of us pay the price for the agency's inability or unwillingness to see anything but darkness when confronted with technical hurdles. From rforno at infowarrior.org Thu Jun 22 06:57:51 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jun 2017 11:57:51 -0000 Subject: [Infowarrior] - Coal Boss Files Total SLAPP Suit Against John Oliver & HBO Message-ID: <1F958E30-CBB7-45B2-8A6E-842E389F4E98@infowarrior.org> Coal Boss Files Total SLAPP Suit Against John Oliver & HBO from the let's-talk-anti-slapp,-john dept This one is clearly no surprise at all, given that -- as we wrote about just a couple days ago -- Bob Murray and his company Murray Energy were threatening John Oliver with a SLAPP suit if Oliver's satirical report about the coal industry was used to "defame, harass, or otherwise injure Mr. Murray or Murray Energy." Of course, Oliver's report did no such thing... but, alas, Murray has now sued Oliver, HBO, Time Warner... and the writers of the story. The lawsuit was filed in West Virginia state court. In my original post, I suggested it might be filed in Ohio, where Murray Energy is headquartered, but it does also have operations in West Virginia as well. Either way, as with Ohio, West Virginia is a state with no anti-SLAPP law. Unfortunately, I don't have the full lawsuit. The Daily Beast, which first wrote about the case has chosen -- for whatever reason -- not to post the document, which is pretty lame. However, having watched the John Oliver piece multiple times, I can't see how any of it comes anywhere even remotely near defamatory. It falls into a variety of clearly protected categories, including opinion, satire and rhetorical hyperbole. The idea that there were materially false and defamatory statements that were put forth knowing they were false (or with reckless disregard for the truth) is laughable. There is no way that this lawsuit succeeds -- but, as we've been pointing out -- that's not really the point of most of these kinds of lawsuits. SLAPP lawsuits are designed to create a chill on free speech, by making that speech costly. Obviously, HBO/Time Warner can afford this, and have access to great lawyers, so there's almost no chance that Murray wins the lawsuit, but that's not the point. It will still cost money and lots of time to deal with the lawsuit and that's a hassle. Murray Energy put out a bizarre statement that does little to support the idea that Murray has an actual case here: < - > https://www.techdirt.com/articles/20170621/23430137644/coal-boss-files-total-slapp-suit-against-john-oliver-hbo.shtml From rforno at infowarrior.org Thu Jun 1 21:20:13 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Jun 2017 02:20:13 -0000 Subject: [Infowarrior] - Password manager OneLogin hacked, exposing sensitive customer data Message-ID: <6A10C156-D939-4E4C-9529-FC3169CBB25A@infowarrior.org> Password manager OneLogin hacked, exposing sensitive customer data http://www.zdnet.com/article/onelogin-hit-by-data-breached-exposing-sensitive-customer-data/ UPDATED: The company said that hackers have 'the ability to decrypt encrypted data'. By Zack Whittaker for Zero Day | June 1, 2017 -- 15:47 GMT (08:47 PDT) | Topic: Security Password manager and single sign-on provider OneLogin has been hacked. In a brief blog post, the company's chief security officer Alvaro Hoyos said that it was aware of "unauthorized access to OneLogin data in our US data region," and that it had reached out to customers. Hoyos said that the company had blocked the unauthorized access after the breach and is working with law enforcement. The blog post initially lacked detailed information about the incident, although the post had omitted that hackers had stolen sensitive customer data -- a point that the company had instead only mentioned in an email sent to customers, seen by ZDNet. "OneLogin believes that all customers served by our US data center are affected and customer data was potentially compromised," the email read. Later in the day, the company said in an update: "Our review has shown that a threat actor obtained access to a set of [Amazon Web Services, or AWS] keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US." The company confirmed that the attack appears to have started at 2am (PT), but staff were alerted of unusual database activity some seven hours later, who "within minutes, shut down the affected instance as well as the AWS keys that were used to create it". "The threat actor was able to access database tables that contain information about users, apps, and various types of keys," the company said. The company added that although it encrypts "certain sensitive data at rest," it could not rule out the possibility that the hacker "also obtained the ability to decrypt data". But a spokesperson did not say what kind of data is and isn't encrypted. We have asked for clarity, and will update when we hear back. Some had questioned earlier in the day how the hackers had access to customer data that could ultimately be decrypted. "Am I the only 1 to find it disturbing OneLogin had a decryption method for customer data accessible enough to be grabbed via breach?" said one user on Twitter. The company has advised customers to change their passwords, generate new API keys for their services, and create new OAuth tokens -- used for logging into accounts -- as well as to create new security certificates. The company said that information stored in its Secure Notes feature, used by IT administrators to store sensitive network passwords, can be decrypted. The company also hasn't said how many customers were affected. According to its website, dozens of major multinationals, including ARM, Dun & Bradstreet, The Carlyle Group, Conde Nast, and Dropbox (which a spokesperson disputed in an email), are customers. OneLogin allows corporate users to access multiple web applications, sites, and services with just one password. It's thought that the company has millions of users serving more than 2,000 companies in dozens of countries, according to CrunchBase. The single sign-on provider integrates hundreds of different third-party apps and services, such as Amazon Web Services, Microsoft's Office 365, LinkedIn, Slack, Twitter, and Google services. It's the second such breach in as many years. Last August, the company warned users that its Secure Notes service had been accessed by an "unauthorized user," but it denied that any customer data had been compromised. Updated at 8pm ET: Additional details from the company. From rforno at infowarrior.org Fri Jun 2 06:49:36 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Jun 2017 11:49:36 -0000 Subject: [Infowarrior] - How Twitter Is Being Gamed to Feed Misinformation Message-ID: <114C99F0-8D39-461B-A6AD-E25EF42F4C53@infowarrior.org> How Twitter Is Being Gamed to Feed Misinformation https://www.nytimes.com/2017/05/31/technology/how-twitter-is-being-gamed-to-feed-misinformation.html From rforno at infowarrior.org Fri Jun 2 08:27:27 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Jun 2017 13:27:27 -0000 Subject: [Infowarrior] - Pew: State of the News Media Message-ID: State of the News Media Since 2004, Pew Research Center has issued an annual report on key audience and economic indicators for a variety of sectors within the U.S. news media industry. These data speak to the shifting ways in which Americans seek out news and information, how news organizations get their revenue, and the resources available to American journalists as they seek to inform the public about important events of the day. The press is sometimes called the fourth branch of government, but in the U.S., it?s also very much a business ? one whose ability to serve the public is dependent on its ability to attract eyeballs and dollars. Over the years, the Center?s approach to these indicators has evolved along with the industry, carefully considering the metrics, sectors and format in which the data appear. This year, instead of a single summary report, a series of fact sheets showcasing the most important current and historical data points for each sector ? in an easy-to-digest format ? will be rolled out a few at a time over the coming months. Listed below are the 2017 fact sheets released so far, along with links to related reports that provide other angles of analysis about the news media industry. (State of the News Media reports from 2004-2016 are archived as PDFs and available here.) Check back in the coming months as the collection below grows ? and in the years to come as these fact sheets continue to be updated with the latest data. < = > http://www.pewresearch.org/topics/state-of-the-news-media/ From rforno at infowarrior.org Fri Jun 2 09:39:08 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Jun 2017 14:39:08 -0000 Subject: [Infowarrior] - Fwd: Required reading on climate: the IPCC 5th Assessment Report References: <20170602142954.GA21358@gsp.org> Message-ID: <285DDE9E-7E45-4ECB-BBD6-7B9616E9B119@infowarrior.org> > Begin forwarded message: > > From: Rich Kulawiec > > The go-to document -- out of the myriad books and papers and reports > available -- is the IPCC (Intergovernmental Panel on Climate Change) > Fifth Assessment Report, which may be found here: > > https://www.ipcc.ch/report/ar5/index.shtml > > There are four sections: > > - The Physical Science Basis (what's happening) > - Impacts, Adaptation, and Vulnerability (what the effects are) > - Mitigation (what we can do about it) > - Synthesis (the big picture) > > The first one, The Physical Science Basis, underpins the others. > It's the synthesis of the work of thousands of the world's climate > scientists and the product of exhaustive reviews of the available > research. It's lengthy (1552 pages in a 375M PDF) it's painstakingly > complete, and it's heavily supported and sourced. It was created by 209 > coordinating and lead authors, plus another 600 contributing authors, > using -- among other things -- 54,677 written review comments from 1,089 > expert reviewers and 38 governments. > > So this is pretty much THE document that you need to read and understand > if you want to know what the world's climatology community thinks is > going on with the planet. It's here: > > https://www.ipcc.ch/report/ar5/wg1/ > > ---rsk -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Fri Jun 2 13:50:45 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Jun 2017 18:50:45 -0000 Subject: [Infowarrior] - more on ... Fwd: Required reading on climate: the IPCC 5th Assessment Report References: Message-ID: <904331A6-539B-4531-87BE-84FD6DE3C851@infowarrior.org> > Begin forwarded message: > > From: Eric Robinson > Subject: RE: [Infowarrior] - Fwd: Required reading on climate: the IPCC 5th Assessment Report > Date: June 2, 2017 at 11:11:55 EDT > > That?s approximately half correct. To get a balanced picture, one must spend an equivalent amount of time following links from places such as www.climatedepot.com and www.climate-skeptic.com , and be sure to check your ad hominem at the door. We need to read the science, compare the realities to the predictions, and quit comforting ourselves with popularity contests. > > -- > Eric Robinson > Chief Information Officer > Physician Select Management, LLC > > From: Infowarrior [mailto:infowarrior-bounces at attrition.org ] On Behalf Of Richard Forno > Sent: Friday, June 02, 2017 7:39 AM > To: Infowarrior List > > Subject: [Infowarrior] - Fwd: Required reading on climate: the IPCC 5th Assessment Report > > > > > Begin forwarded message: > > From: Rich Kulawiec > > > The go-to document -- out of the myriad books and papers and reports > available -- is the IPCC (Intergovernmental Panel on Climate Change) > Fifth Assessment Report, which may be found here: > > https://www.ipcc.ch/report/ar5/index.shtml > > There are four sections: > > - The Physical Science Basis (what's happening) > - Impacts, Adaptation, and Vulnerability (what the effects are) > - Mitigation (what we can do about it) > - Synthesis (the big picture) > > The first one, The Physical Science Basis, underpins the others. > It's the synthesis of the work of thousands of the world's climate > scientists and the product of exhaustive reviews of the available > research. It's lengthy (1552 pages in a 375M PDF) it's painstakingly > complete, and it's heavily supported and sourced. It was created by 209 > coordinating and lead authors, plus another 600 contributing authors, > using -- among other things -- 54,677 written review comments from 1,089 > expert reviewers and 38 governments. > > So this is pretty much THE document that you need to read and understand > if you want to know what the world's climatology community thinks is > going on with the planet. It's here: > > https://www.ipcc.ch/report/ar5/wg1/ > > ---rsk -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Fri Jun 2 14:04:17 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Jun 2017 19:04:17 -0000 Subject: [Infowarrior] - UK visa/immigration offices soon charging foreigners to contact them by email Message-ID: <260466A1-DD28-4C0F-A678-870426355440@infowarrior.org> UK Government Department Says It Will Cost $7 To Send It An Email, But Only If You Are A Foreigner https://www.techdirt.com/articles/20170602/04223237501/uk-government-department-says-it-will-cost-7-to-send-it-email-only-if-you-are-foreigner.shtml From rforno at infowarrior.org Sun Jun 4 11:13:46 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Jun 2017 16:13:46 -0000 Subject: [Infowarrior] - Theresa May wants to ban crypto: here's what that would cost, and here's why it won't work anyway Message-ID: <353E0441-B538-41BB-BC52-DCD0315E8E86@infowarrior.org> Theresa May wants to ban crypto: here's what that would cost, and here's why it won't work anyway Aaron Swartz once said, "It's no longer OK not to understand how the Internet works." http://boingboing.net/2017/06/04/theresa-may-king-canute.html He was talking to law-makers, policy-makers and power-brokers, people who were, at best, half-smart about technology -- just smart enough to understand that in a connected world, every problem society has involves computers, and just stupid enough to demand that computers be altered to solve those problems. Paging Theresa May. Theresa May says that last night's London terror attacks mean that the internet cannot be allowed to provide a "safe space" for terrorists and therefore working cryptography must be banned in the UK. This is a golden oldie, a classic piece of foolish political grandstanding. May's predecessor, David Cameron, repeatedly campaigned on this one, and every time he did, I wrote a long piece rebutting him. Rather than writing a new one for May, I thought I'd just dust off a pair of my Cameron-era pieces (1, 2), since every single word still applies. Theresa May says there should be no "means of communication" which "we cannot read" -- and no doubt many in her party will agree with her, politically. But if they understood the technology, they would be shocked to their boots. It?s impossible to overstate how bonkers the idea of sabotaging cryptography is to people who understand information security. If you want to secure your sensitive data either at rest ? on your hard drive, in the cloud, on that phone you left on the train last week and never saw again ? or on the wire, when you?re sending it to your doctor or your bank or to your work colleagues, you have to use good cryptography. Use deliberately compromised cryptography, that has a back door that only the ?good guys? are supposed to have the keys to, and you have effectively no security. You might as well skywrite it as encrypt it with pre-broken, sabotaged encryption. There are two reasons why this is so. First, there is the question of whether encryption can be made secure while still maintaining a ?master key? for the authorities? use. As lawyer/computer scientist Jonathan Mayer explained, adding the complexity of master keys to our technology will ?introduce unquantifiable security risks?. It?s hard enough getting the security systems that protect our homes, finances, health and privacy to be airtight ? making them airtight except when the authorities don?t want them to be is impossible. What Theresa May thinks she's saying is, "We will command all the software creators we can reach to introduce back-doors into their tools for us." There are enormous problems with this: there's no back door that only lets good guys go through it. If your Whatsapp or Google Hangouts has a deliberately introduced flaw in it, then foreign spies, criminals, crooked police (like those who fed sensitive information to the tabloids who were implicated in the hacking scandal -- and like the high-level police who secretly worked for organised crime for years), and criminals will eventually discover this vulnerability. They -- and not just the security services -- will be able to use it to intercept all of our communications. That includes things like the pictures of your kids in your bath that you send to your parents to the trade secrets you send to your co-workers. But this is just for starters. Theresa May doesn't understand technology very well, so she doesn't actually know what she's asking for. For Theresa May's proposal to work, she will need to stop Britons from installing software that comes from software creators who are out of her jurisdiction. The very best in secure communications are already free/open source projects, maintained by thousands of independent programmers around the world. They are widely available, and thanks to things like cryptographic signing, it is possible to download these packages from any server in the world (not just big ones like Github) and verify, with a very high degree of confidence, that the software you've downloaded hasn't been tampered with. May is not alone here. The regime she proposes is already in place in countries like Syria, Russia, and Iran (for the record, none of these countries have had much luck with it). There are two means by which authoritarian governments have attempted to restrict the use of secure technology: by network filtering and by technology mandates. Theresa May has already shown that she believes she can order the nation's ISPs to block access to certain websites (again, for the record, this hasn't worked very well). The next step is to order Chinese-style filtering using deep packet inspection, to try and distinguish traffic and block forbidden programs. This is a formidable technical challenge. Intrinsic to core Internet protocols like IPv4/6, TCP and UDP is the potential to "tunnel" one protocol inside another. This makes the project of figuring out whether a given packet is on the white-list or the black-list transcendentally hard, especially if you want to minimise the number of "good" sessions you accidentally blackhole. More ambitious is a mandate over which code operating systems in the UK are allowed to execute. This is very hard. We do have, in Apple's Ios platform and various games consoles, a regime where a single company uses countermeasures to ensure that only software it has blessed can run on the devices it sells to us. These companies could, indeed, be compelled (by an act of Parliament) to block secure software. Even there, you'd have to contend with the fact that other EU states and countries like the USA are unlikely to follow suit, and that means that anyone who bought her Iphone in Paris or New York could come to the UK with all their secure software intact and send messages "we cannot read." But there is the problem of more open platforms, like GNU/Linux variants, BSD and other unixes, Mac OS X, and all the non-mobile versions of Windows. All of these operating systems are already designed to allow users to execute any code they want to run. The commercial operators -- Apple and Microsoft -- might conceivably be compelled by Parliament to change their operating systems to block secure software in the future, but that doesn't do anything to stop people from using all the PCs now in existence to run code that the PM wants to ban. More difficult is the world of free/open operating systems like GNU/Linux and BSD. These operating systems are the gold standard for servers, and widely used on desktop computers (especially by the engineers and administrators who run the nation's IT). There is no legal or technical mechanism by which code that is designed to be modified by its users can co-exist with a rule that says that code must treat its users as adversaries and seek to prevent them from running prohibited code. This, then, is what Theresa May is proposing: * All Britons' communications must be easy for criminals, voyeurs and foreign spies to intercept * Any firms within reach of the UK government must be banned from producing secure software * All major code repositories, such as Github and Sourceforge, must be blocked * Search engines must not answer queries about web-pages that carry secure software * Virtually all academic security work in the UK must cease -- security research must only take place in proprietary research environments where there is no onus to publish one's findings, such as industry R&D and the security services * All packets in and out of the country, and within the country, must be subject to Chinese-style deep-packet inspection and any packets that appear to originate from secure software must be dropped * Existing walled gardens (like Ios and games consoles) must be ordered to ban their users from installing secure software * Anyone visiting the country from abroad must have their smartphones held at the border until they leave * Proprietary operating system vendors (Microsoft and Apple) must be ordered to redesign their operating systems as walled gardens that only allow users to run software from an app store, which will not sell or give secure software to Britons * Free/open source operating systems -- that power the energy, banking, ecommerce, and infrastructure sectors -- must be banned outright Theresa May will say that she doesn't want to do any of this. She'll say that she can implement weaker versions of it -- say, only blocking some "notorious" sites that carry secure software. But anything less than the programme above will have no material effect on the ability of criminals to carry on perfectly secret conversations that "we cannot read". If any commodity PC or jailbroken phone can run any of the world's most popular communications applications, then "bad guys" will just use them. Jailbreaking an OS isn't hard. Downloading an app isn't hard. Stopping people from running code they want to run is -- and what's more, it puts the whole nation -- individuals and industry -- in terrible jeopardy. That?s a technical argument, and it?s a good one, but you don?t have to be a cryptographer to understand the second problem with back doors: the security services are really bad at overseeing their own behaviour. Once these same people have a back door that gives them access to everything that encryption protects, from the digital locks on your home or office to the information needed to clean out your bank account or read all your email, there will be lots more people who?ll want to subvert the vast cohort that is authorised to use the back door, and the incentives for betraying our trust will be much more lavish than anything a tabloid reporter could afford. If you want a preview of what a back door looks like, just look at the US Transportation Security Administration?s ?master keys? for the locks on our luggage. Since 2003, the TSA has required all locked baggage travelling within, or transiting through, the USA to be equipped with Travelsentry locks, which have been designed to allow anyone with a widely held master key to open them. What happened after Travelsentry went into effect? Stuff started going missing from bags. Lots and lots of stuff. A CNN investigation into thefts from bags checked in US airports found thousands of incidents of theft committed by TSA workers and baggage handlers. And though ?aggressive investigation work? has cut back on theft at some airports, insider thieves are still operating with impunity throughout the country, even managing to smuggle stolen goods off the airfield in airports where all employees are searched on their way in and out of their work areas. The US system is rigged to create a halo of buck-passing unaccountability. When my family picked up our bags from our Easter holiday in the US, we discovered that the TSA had smashed the locks off my nearly new, unlocked, Travelsentry-approved bag, taping it shut after confirming it had nothing dangerous in it, and leaving it ?completely destroyed? in the words of the official BA damage report. British Airways has sensibly declared the damage to be not their problem, as they had nothing to do with destroying the bag. The TSA directed me to a form that generated an illiterate reply from a government subcontractor, sent from a do-not-reply email address, advising that ?TSA is not liable for any damage to locks or bags that are required to be opened by force for security purposes? (the same note had an appendix warning me that I should treat this communication as confidential). I?ve yet to have any other communications from the TSA. Making it possible for the state to open your locks in secret means that anyone who works for the state, or anyone who can bribe or coerce anyone who works for the state, can have the run of your life. Cryptographic locks don?t just protect our mundane communications: cryptography is the reason why thieves can?t impersonate your fob to your car?s keyless ignition system; it?s the reason you can bank online; and it?s the basis for all trust and security in the 21st century. In her Dimbleby lecture, Martha Lane Fox recalled Aaron Swartz?s words: ?It?s not OK not to understand the internet anymore.? That goes double for cryptography: any politician caught spouting off about back doors is unfit for office anywhere but Hogwarts, which is also the only educational institution whose computer science department believes in ?golden keys? that only let the right sort of people break your encryption. From rforno at infowarrior.org Sun Jun 4 11:20:26 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Jun 2017 16:20:26 -0000 Subject: [Infowarrior] - OT: I try to keep partisanship to a minimum here, but.... Message-ID: <39AB9824-1C6B-4053-9A3A-FAF0AF31F68F@infowarrior.org> .. enough is enough. -- rick With his London tweets, Trump embarrasses himself ? and America ? once again By Jennifer Rubin June 4 at 9:51 AM https://www.washingtonpost.com/blogs/right-turn/wp/2017/06/04/with-his-london-tweets-trump-embarrasses-himself-and-america-once-again/ The stoic determination and decency of the British people and their leaders were on full display in the hours after the latest horrific terrorist rampage. The Brits fought back, launching drinking glasses and chairs at the savages who attacked them. The police acted with lightning-fast precision, killing the three assailants within eight minutes of the emergency call. And, God Bless him, a man returned to the bar where he experienced Saturday?s horror ? to pay his bill and tip. Civilization is not going to be driven out of Britain by three or three hundred killers. Meanwhile ? and it pains me to write this ? our president acted like a clod, a heartless and dull-witted thug in sending out a series of tweets. He ? commander in chief and leader of the Free World ? first retweeted an unverified, unofficial Drudge headline about the unfolding terrorist attack. Then he aimed to bolster his Muslim travel ban (which is not supposed to be a Muslim travel ban). ?We need to be smart, vigilant and tough,? he tweeted. ?We need the courts to give us back our rights. We need the Travel Ban as an extra level of safety!? (Aside from the inappropriateness of President Trump?s tweet, he fails to grasp that the courts in these cases are reaffirming the our rights against an overreaching, discriminatory edict.) After receiving blowback for that obnoxious missive, he tweeted out, ?Whatever the United States can do to help out in London and the U. K., we will be there ? WE ARE WITH YOU. GOD BLESS!? But then he decided to slam the mayor of the city attacked, who had calmly warned his fellow Londoners: ?Londoners will see an increased police presence today and over the course of the next few days. There?s no reason to be alarmed.? Trump took the second part out of context and responded viciously, ?At least 7 dead and 48 wounded in terror attack and Mayor of London says there is ?no reason to be alarmed!'? (The mayor, of course, was telling them not to be alarmed by the heightened police presence.) Trump was not done, however, inanely tweeting, ?Do you notice we are not having a gun debate right now? That?s because they used knives and a truck!? One is prompted to ask if he is off his rocker. But this is vintage Trump ? impulsive and cruel, without an ounce of class or human decency. His behavior no longer surprises us, but it should offend and disturb us, first, that he remains the face and voice of America in the world and, second, that his fans hoot and holler, seeing this as inconsequential or acceptable conduct. We wound up with this president because millions of Republicans could not prioritize character, decency and overall fitness to serve over their mundane and frankly petty partisan wish list (28 percent top marginal tax rate!). Self-appointed religious leaders fail to see that this soullessness ? not the dreaded liberal elite who insist on saying ?Happy Holidays? or refuse to countenance discrimination against gay customers ? is a threat to the moral fiber of a democracy that requires a modicum of common sense and human decency to function. Sure, Trump?s policies and rhetoric are incoherent and based on a tower of lies. Far worse, however, is his appalling character, which accelerates the erosion of democratic norms and social cohesion a diverse democracy requires. In instances like this, those who would lecture us on President Obama?s under-appreciation of America?s unique place in human history or proclaim that they simply had to vote for Trump because Hillary Clinton was some sort of monster are exposed as fools or hypocrites or both. The London attacks bring out the best in Britain and in Western leaders on the European continent; it brings out the worst in Trump and his followers. The former protect the soul of Western civilization; the latter drive a stake through the animating ideas that make America special. From rforno at infowarrior.org Mon Jun 5 13:44:40 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Jun 2017 18:44:40 -0000 Subject: [Infowarrior] - OT: State Department Press Briefings Go Dark Message-ID: <9B2F4732-D945-4C83-B6F2-6E3D77A9864B@infowarrior.org> State Department Press Briefings Go Dark https://fas.org/blogs/secrecy/2017/06/briefings-go-dark/ Core practices of open government are eroding in the Trump Administration, with new limitations on the ability of the press to effectively question officials on U.S. foreign policy. The problem is starkly illustrated by comparing the press briefing schedules of the State Department for May 2016 and May 2017. In May 2016, the State Department held a press briefing nearly every weekday of the month, with only two exceptions. One of them was Memorial Day. In May 2017, by contrast, there was not a single State Department press briefing. The last briefing was on April 27. And if anyone was wondering, ?There will not be a press briefing today,? the Bureau of Public Affairs website says again today. Nor can this be explained away by the fact that the Trump Administration is still comparatively new. As of May 2009, the early Obama Administration was already holding press briefings at the State Department three or four times each week. Some might take these press briefings for granted or dismiss them as insignificant and self-serving, if not occasionally misleading. But that would be a mistake. Daily press briefings both represent and reinforce a culture of open government. They are a window into the workings of the Administration, an expression of official self-understanding, a forum for challenging that understanding, and an opportunity to ask questions on almost any foreign policy subject, profound or trivial. (Why did Secretary Clinton appear ?a little ill,? a reporter wanted to know in a May 1, 2009 briefing. Had she been exposed to the swine flu outbreak in Mexico? No, it was just ?mild allergies,? the briefer said.) The questions that might have been asked at a State Department briefing last week are obviously numerous and urgent. What does it mean that the US is now linked with Nicaragua and Syria as the only countries to actively reject the Paris Agreement on climate change? What are the implications of heightened European cooperation with China in the wake of the Trump Administration withdrawal from the Paris Agreement? What was actually gained compared to what was lost by withdrawal? Such questions will of course be asked and discussed by others. But in an ominous departure from previous norms, an official State Department briefing was not held to discuss them with the press in a standard, predictable, public format. The loss to open government is tangible. The President?s eccentric tweets are not an acceptable substitute. In practice, it might have been hard even for a skilled briefer to explain the U.S. withdrawal from the Paris Agreement, because it does not seem to have been based on any rational policy calculation. The President?s own Secretary of State Rex Tillerson said at his confirmation hearing that the smart move for the US was to adhere to the Paris Agreement. ?I think we are better served by being at that table than leaving that table.? That divergence of opinion would itself have been a worthy topic for exploration in a regular press briefing. Prior to confirmation, Secretary Tillerson also said that ?[?] accountability and transparency includes communicating with the public, while engaging with its representation in Congress and the press. If confirmed, I will be sure to interact with the press appropriately, based upon long-standing precedents of the State Department and my predecessors in dealing both with American reporters and the foreign press.? Those precedents have now been violated. From rforno at infowarrior.org Mon Jun 5 18:21:57 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Jun 2017 23:21:57 -0000 Subject: [Infowarrior] - Contractor charged in NSA document leak case Message-ID: <24F9EA52-D8CA-4904-8DEA-3A28454E0E32@infowarrior.org> Contractor charged in NSA document leak case By Devlin Barrett June 5 at 6:46 PM https://www.washingtonpost.com/world/national-security/contractor-charged-in-nsa-document-leak-case/2017/06/05/41144b0e-4a37-11e7-a186-60c031eab644_story.html A 25-year-old government contractor has been charged with mishandling classified information, after authorities say she gave a top-secret National Security Agency document to a news organization. Reality Leigh Winner was accused of gathering, transmitting, or losing defense information ? the first criminal charge filed in a leak investigation during the Trump administration. Winner was arrested Saturday and the case was revealed Monday, shortly after the website the Intercept posted a redacted version of a U.S. intelligence document describing Russian government efforts to use hacking techniques against employees of a company that provides technical support to states? voting agencies. Court documents filed in federal court against Winner in Georgia did not identify the news outlet, nor the document in question, although both the Intercept and the court papers say the document in question was dated May 5. A person familiar with the case said the charges stem from the document given to the Intercept. Deputy Attorney General Rod J. Rosenstein said investigators? fast work ?allowed us quickly to identify and arrest the defendant. Releasing classified material without authorization threatens our nation?s security and undermines public faith in government. People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.? Winner?s lawyer, Titus T. Nichols, said he had not yet seen any of the evidence in the case, so he could not discuss the specific accusations. He said his client has served in the Air Force for six years, including a recent assignment at Fort Meade, home of the NSA. According to court documents, Winner had a top-security clearance as an active-duty member of the Air Force from January 2013 until February of this year, when she began working for Pluribus International Corporation, a government contractor, at a facility in Georgia. Winner remains in jail pending a detention hearing later this week, said the lawyer, adding that he expects the government will seek to keep her behind bars pending trial. Nichols said his client should be released. ?She has no criminal history; it?s not as if she?s a threat to anyone,?? he said. An affidavit filed by an FBI agent said the investigation moved quickly after authorities learned less than a week ago that the document had been obtained by a news organization, because the organization had asked for a comment on the classified material. The government learned of the leak after a reporter contacted an individual working at another government contractor seeking an opinion about the document. That person then contacted authorities, sparking the investigation. Inside the government, officials scrambled to determine who had recently printed out that document. A search identified six employees who printed it out, including Winner. Authorities zeroed in on Winner because she was the only one who had been in email contact with the news organization, according to the affidavit. On June 3, Winner was questioned by the FBI at her home in Augusta, Ga., in which she allegedly admitted ?intentionally identifying and printing the classified intelligence reporting at issue,?? according to the affidavit, which said she also allegedly admitted ?removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia, to the news outlet, which she knew was not authorized to receive or possess the documents.?? In that conversation, according to the affidavit, Winner acknowledged that ?she knew the contents of the reporting could be used to the injury of the United States and to the advantage of a foreign nation.?? From rforno at infowarrior.org Tue Jun 6 06:57:33 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Jun 2017 11:57:33 -0000 Subject: [Infowarrior] - How The Intercept Outed Reality Winner Message-ID: How The Intercept Outed Reality Winner Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor named "Reality Winner" was published, showing how they tracked her down because she had printed out the documents and sent them to The Intercept. The document posted by the Intercept isn't the original PDF file, but a PDF containing the pictures of the printed version that was then later scanned in. The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document. In this post, I show how. < - > http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html From rforno at infowarrior.org Tue Jun 6 15:58:04 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Jun 2017 20:58:04 -0000 Subject: [Infowarrior] - Patent Office Director Michelle Lee resigns Message-ID: <93841CD7-42DE-4BBE-A6CA-C65D583233F3@infowarrior.org> Patent Office Director Michelle Lee resigns By POLITICO Staff 06/06/2017 04:48 PM EDT http://www.politico.com/story/2017/06/06/michelle-lee-patent-office-resigns-239200 Michelle Lee, director of the U.S. Patent and Trademark Office, has submitted her resignation to Commerce Secretary Wilbur Ross, an administration source told POLITICO. Lee, a former Google executive, headed the USPTO under President Barack Obama and was kept on in the position by President Donald Trump. The reason for her resignation wasn't immediately clear. From rforno at infowarrior.org Tue Jun 6 17:18:04 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Jun 2017 22:18:04 -0000 Subject: [Infowarrior] - =?utf-8?q?POTUS_Tweets_=E2=80=98Official_Statemen?= =?utf-8?b?dHMs4oCZIFNwaWNlciBTYXlz?= Message-ID: Trump?s Tweets ?Official Statements,? Spicer Says by Ali Vitali http://www.nbcnews.com/politics/white-house/trump-s-tweets-official-statements-spicer-says-n768931 WASHINGTON ? It's official ? the president's tweets, that is. White House Press Secretary Sean Spicer said Tuesday that Trump's tweets should be taken as official statements, contradicting other White House officials who have tamped down on the official nature of the tweets in recent days. "The president is president of the United States," Spicer said, "so they are considered official statements by the president of the United States." As it was during his candidacy, Trump's Twitter usage has been a cornerstone of his presidency ? often offering a window into his thinking, sometimes at the expense of his administration's own messaging. Despite bipartisan complaints about his continued 140-character habit, Trump has persisted in making his views known on social media. The FAKE MSM is working so hard trying to get me not to use Social Media. They hate that I can get the honest and unfiltered message out. ? Donald J. Trump (@realDonaldTrump) June 6, 2017 The president often respond to major global events on Twitter. In the immediate aftermath of the recent London terror attack, Trump used the platform to pick a fight with London Mayor Sadiq Khan while also posting support for the U.K. after the attack. The White House even blasts the tweets to other social media platforms, posting graphics of the tweets on Instagram or even celebrating longer tweet storms in videos uploaded to Trump's Facebook page. But while Spicer flaunted Trump's millions of followers, other White House officials have sought to delineate the difference between the tweets and official forms of presidential correspondence. White House national security advisor Sebastian Gorka told CNN one day earlier that there's a difference between tweets and policy and @realDonaldTrump's feed is the former, not the latter. ?It?s not policy, it?s social media,? Gorka said in a tense back and forth during which he accused the media of over-obsessing Trump?s tweets. "It's not policy, it's not an executive order, it's social media. Please understand the difference.? Spicer's counterpart Sarah Huckabee Sanders also lamented the media obsession with the tweets and celebrated them as a way for Trump to speak directly and unfiltered to his followers, but regretting that the media obsesses ?over every period, dot.? "I think it's just the obsession over every detail of the president's tweets,? she said. ?The obsession with covering everything he says on Twitter and little of what he does as president? irked Kellyanne Conway during an interview NBC?s Today Monday. When faced with the platform as Trump?s preferred method of communication, Conway said ?that?s not true.? Tuesday, Spicer called Trump's penchant for tweeting an example of his messaging prowess. "The president is the most effective messenger on his agenda and I think his use of social media ... gives him an opportunity to speak straight to the American people, which has proved to be a very, very effective tool." That messaging efficiency will soon be tested, on issues like the controversial travel ban executive order as well as the FBI probe of alleged collusion between the Trump campaign and Russia led by special counsel Robert Mueller. Sanders told reporters she?s not aware of the tweets being vetted by a lawyer. From rforno at infowarrior.org Tue Jun 6 17:20:18 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Jun 2017 22:20:18 -0000 Subject: [Infowarrior] - CNN: US suspects Russian hackers planted fake news behind Qatar crisis Message-ID: <0271B5A3-8E72-469C-9CE8-FD6E4FFB6C75@infowarrior.org> FIRST ON CNN: US suspects Russian hackers planted fake news behind Qatar crisis Washington (CNN) http://www.cnn.com/2017/06/06/politics/russian-hackers-planted-fake-news-qatar-crisis/index.html US investigators believe Russian hackers breached Qatar's state news agency and planted a fake news report that contributed to a crisis among the US' closest Gulf allies, according to US officials briefed on the investigation. The FBI recently sent a team of investigators to Doha to help the Qatari government investigate the alleged hacking incident, Qatari and US government officials say. Intelligence gathered by the US security agencies indicates that Russian hackers were behind the intrusion first reported by the Qatari government two weeks ago, US officials say. Qatar hosts one of the largest US military bases in the region. The alleged involvement of Russian hackers intensifies concerns by US intelligence and law enforcement agencies that Russia continues to try some of the same cyber-hacking measures on US allies that intelligence agencies believe it used to meddle in the 2016 elections. US officials say the Russian goal appears to be to cause rifts among the US and its allies. In recent months, suspected Russian cyber activities, including the use of fake news stories, have turned up amid elections in France, Germany and other countries. < - > http://www.cnn.com/2017/06/06/politics/russian-hackers-planted-fake-news-qatar-crisis/index.html From rforno at infowarrior.org Wed Jun 7 06:57:35 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Jun 2017 11:57:35 -0000 Subject: [Infowarrior] - breaking: Chris Wray nom'd as FBI Director Message-ID: <0C0F3836-22B0-4263-8A83-9237425AF7F3@infowarrior.org> (rick --- interesting timing!!!) The Associated Press?Verified account @AP 3m3 minutes ago BREAKING: Trump says he has his FBI pick _ Christopher Wray, former Justice Department official who was NJ Gov. Christie's lawyer. From rforno at infowarrior.org Wed Jun 7 11:07:54 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Jun 2017 16:07:54 -0000 Subject: [Infowarrior] - How Russian Propaganda Spread From a Parody Website to Fox News Message-ID: <2F53E256-DDF0-4E4E-B03D-6E99CD1C8611@infowarrior.org> How Russian Propaganda Spread From a Parody Website to Fox News By NEIL MacFARQUHAR and ANDREW ROSSBACK JUNE 7, 2017 Born in the shadowy reaches of the internet, most fake news stories prove impossible to trace to their origin. But researchers at the Atlantic Council, a think tank, excavated the root of one such fake story, involving an incident in the Black Sea in which a Russian warplane repeatedly buzzed a United States Navy destroyer, the Donald Cook. Like much fake news, the story was based on a kernel of truth. The brief, tense confrontation happened on April 12, 2014, and the Pentagon issued a statement. Then in April, three years later, the story resurfaced, completely twisted, on one of Russia?s main state-run TV news programs. The new version gloated that the warplane had deployed an electronic weapon to disable all operating systems aboard the Cook. That was false, but it soon spread, showing that even with all the global attention on combating fake news, it could still circulate with alarming speed and ease. < - > https://www.nytimes.com/interactive/2017/06/07/world/europe/anatomy-of-fake-news-russian-propaganda.html