From rforno at infowarrior.org  Sat Nov 18 08:49:42 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sat, 18 Nov 2017 14:49:42 -0000
Subject: [Infowarrior] - =?utf-8?q?Fwd=3A_Kaspersky=3A_Yes=2C_we_obtained_?=
 =?utf-8?q?NSA_secrets=2E_No=2C_we_didn=E2=80=99t_help_steal_them?=
References: <6657C096-DD66-4F4E-8A8D-5714C51D7DBF@roscom.com>
Message-ID: <AA3A1C9A-84AF-4B21-B62D-C55C50862BBC@infowarrior.org>



> Begin forwarded message:
> 
> From: Monty Solomon <monty at roscom.com>
> Subject: Kaspersky: Yes, we obtained NSA secrets. No, we didn?t help steal them
> Date: November 18, 2017 at 9:34:22 AM EST
> To: Richard Forno <rforno at infowarrior.org>
> 
> Kaspersky: Yes, we obtained NSA secrets. No, we didn?t help steal them
> 
> Moscow-based AV provider challenges claims it helped Russian spies.
> 
> https://arstechnica.com/information-technology/2017/11/kaspersky-yes-we-obtained-nsa-secrets-no-we-didnt-help-steal-them/
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171118/5d828e4a/attachment-0001.html>

From rforno at infowarrior.org  Sat Nov 18 08:49:54 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sat, 18 Nov 2017 14:49:54 -0000
Subject: [Infowarrior] - Fwd: Amazon Key flaw makes entering your home
 undetected a possibility
References: <ECA580A2-3A10-43E6-8639-9EB7A1D79448@roscom.com>
Message-ID: <16C73778-FE05-4575-A013-C8776E62601A@infowarrior.org>



> Begin forwarded message:
> 
> From: Monty Solomon <monty at roscom.com>
> Subject: Amazon Key flaw makes entering your home undetected a possibility
> Date: November 18, 2017 at 9:34:52 AM EST
> To: Richard Forno <rforno at infowarrior.org>
> 
> Amazon Key flaw makes entering your home undetected a possibility
> 
> Amazon promised to address a technique drivers could use to freeze your Cloud Cam.
> 
> https://arstechnica.com/gadgets/2017/11/amazon-key-flaw-makes-entering-your-home-undetected-a-possibility/
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171118/d704721e/attachment-0001.html>

From rforno at infowarrior.org  Sat Nov 18 09:19:34 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sat, 18 Nov 2017 15:19:34 -0000
Subject: [Infowarrior] - Pirates, Democracy, and the Digital Revolution
Message-ID: <7D29296B-F9BF-458D-B4E0-DDB1B508F2BF@infowarrior.org>

Pirates, Democracy, and the Digital Revolution

By Roslyn Fuller

NOVEMBER 7, 2017
		
https://lareviewofbooks.org/article/pirates-democracy-and-the-digital-revolution/

AS AMERICAN DEMOCRACY seems to take another downward bend in its own death spiral with each passing week, the United States might learn a few things from the international Pirate movement, whose Czech wing recently took third place in national elections, and which has become perhaps most known in recent times for its continued presence on Iceland?s political stage.

Iceland, a tiny island nation in the North Atlantic, provides perhaps the best prism through which to understand the rise of the Pirates. The country is perhaps best known as the picturesque backdrop to the colder bits on Game of Thrones, the home of unpronounceable volcanoes that periodically threaten to ground the entire European air fleet, and the birthplace of singer Bj?rk. But despite these natural and cultural claims to fame, politics on the island are not so rosy. The Icelandic political and financial establishment has become synonymous with cronyism and shady dealing, a sentiment incited by two recent revelations: a 2009 Wikileaks document that exposed the Icelandic bank Kaupthing?s lending practices, and the Panama Papers leak of 2016 that revealed the off-shore banking activities of several high-profile individuals, not least Iceland?s then?Prime Minister Sigmundur Gunnlaugsson.

Gunnlaugsson quickly resigned, but in the October 2016 elections that followed his departure it became clear that Iceland?s increasingly internationalized and tech-savvy population would not be content to simply vote in a new face on old politics. Instead, it seemed that the population was increasingly open to seeking political alternatives in previously uncharted territory.

Iceland, of course, is in no way alone in this tendency, as dissatisfaction with the political and economic status quo of the last 40 years has been in steady decline in the Western world for some time. In Europe, where forms of proportional voting are common, this had led to increasing success for both new parties, like Podemos in Spain and the Five Star Movement in Italy, and slightly older ones that previously occupied niche territory, such as Syriza and Golden Dawn in Greece, the National Front in France, Sinn F?in in Ireland, and the Party for Freedom in the Netherlands. In the United States and the United Kingdom, where the first-past-the-post system makes it difficult for small parties to gain proportionate representation in parliament, the desire for change has been funneled through the main establishment parties, most notably on the ?right? by Donald Trump?s takeover of the 2016 Republican Party presidential campaign, and on the ?left? by Jeremy Corbyn?s transformation of the British Labour party, despite unprecedented pushback from the party?s own top brass.

But while the left-leaning like Corbyn and Podemos could be described as progressive (certainly more so, than say, Golden Dawn, whose flag is, shall we say, hard to get past), when it comes to globalization and technological development, no one seems to have taken the bull by the horns to quite the same degree as the Pirate Party.

Perhaps this willingness to rock the boat partly explains some of the hostile coverage the Pirates received from American media in the run up to the 2016 Icelandic election. ?Iceland?s Pirate Party Loves Hackers, Drugs & Revolution? The Daily Beast proclaimed with the subtitle ?Iceland?s anti-establishment Pirate Party ? led by a ?poetician? who worships Julian Assange ? looks ready to win the country?s national election?. The Washington Post described the party as ?a renegade movement? and ?a radical movement of anarchists and hackers.?

This made it all sound pretty wild, but a year after the election, in which the Pirates emerged as one of the most successful parties with nearly 15 percent of the popular vote, Iceland didn?t seem to have been plunged into chaos. A brief perusal of the news site Iceland Monitor revealed that at a recent protest over immigration a sign was broken and one protestor pinched another.

Yes.

Pinched.

With their fingers.

Americans, no doubt, will be appalled.

In other highlights, the police have had to interfere twice with tourists who persist in watching the Northern Lights instead of the road while driving, and someone went skinny-dipping.

In short, the months of prolonged coalition talks that followed the 2016 election, parts of which were conducted by these very ?anarchist hackers? don?t seem to have rocked Iceland half so much as, say, the Panama Papers did. And while the Pirates ultimately went into opposition, they are now firmly on the map as political players ? tied for second place with the Left-Green Party in terms of number of parliamentary seats in 2016 and remaining firmly on the dash with over nine percent of the vote share in Iceland?s 2017 snap election. Moreover, the Icelandic Pirates? success is only part of a quiet global trend that has seen the Pirate movement slowly catching on the world over, and often proving popular among younger voters when it fields election candidates.

So what does the Pirate Party really stand for and could American democracy learn anything from it?
 
< - >

Far from representing an anarchic menace to society, Pirates are searching for the way forward in an exciting, perhaps even revolutionary time. Their solutions may not always prove durable or palatable to everyone, but progress depends on people?s willingness to think outside the box and take a chance on new ideas. In fact, perhaps American democracy could do with a few more Pirates.


Roslyn Fuller is the author, most recently, of Beasts and Gods: How Democracy Changed Its Meaning and Lost Its Purpose.

From rforno at infowarrior.org  Sun Nov 19 10:28:19 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 19 Nov 2017 16:28:19 -0000
Subject: [Infowarrior] - The Administration Is Making War on Diplomacy
Message-ID: <1B8195BA-DD50-4330-B0A9-1D1762D3D6D9@infowarrior.org>

The Trump Administration Is Making War on Diplomacy

By THE EDITORIAL BOARD NOV. 18, 2017

https://www.nytimes.com/2017/11/18/opinion/sunday/the-trump-administration-is-making-war-on-diplomacy.html

American diplomats in recent decades have helped bring about an Israel-Egypt peace treaty, the peaceful fall of the Soviet Union, the unification of Germany, the end of the Bosnia war and a deal to curb Iran?s nuclear program. That record testifies to the power and influence of America as well as the skill of secretaries of state and other diplomats who worked to advance international stability and the national interest.

That isn?t the way the Trump administration approaches the world. Rex Tillerson is widely seen as ill suited to diplomatic leadership and determined to dismantle his own department, which has been central to America?s national security since Thomas Jefferson ran the place. The department is being undermined by budget cuts, a failure to fill top jobs, an erratic president and a secretary who has called reorganization, rather than policy, his most important priority. Given the aggressive behavior of North Korea, Russia and China in a world that seems shakier by the day, the timing could hardly be worse.

Meanwhile, the Pentagon is going gangbusters. The State Department?s budget has been targeted with a 31 percent cut, to $37.6 billion, but Congress is moving to raise the Pentagon?s spending level roughly 15 percent from the $549 billion allowed under the Budget Control Act. Aircraft carriers and tanks are obviously much more expensive than diplomatic pouches and airline tickets. Even so, such lopsided budget priorities could favor military solutions over diplomacy and development.

In recent weeks, alarming new data from the American Foreign Service Association, the union representing diplomats, shows just how far Mr. Tillerson has taken things. Since January, more than 100 senior foreign service officers have left the department, depleting the ranks of career ambassadors, the diplomatic equivalent of four-star generals, by 60 percent, while the number of career ministers (akin to three-star generals) is down 42 percent. The hiring of new foreign service officers has slowed almost to a halt, and the number of young people seeking to take the foreign service exam has fallen to less than half the 17,000 who registered two years ago.

Mr. Tillerson has asked some senior officials to do clerical tasks and left many ambassadorships unfilled. Stephen Akard, an associate of Vice President Mike Pence with only brief experience at the State Department, was nominated director general of the foreign service, a position that oversees diplomatic appointments and is usually reserved for a senior career diplomat with the power to block political interference.

All in all, Mr. Tillerson is disrupting the smooth development of career State Department leaders from entry level to the senior ranks, which will create shortages of experienced diplomats down the road. Not  surprisingly, morale has plummeted. By contrast, there have been no comparable recent moves by the military services to suspend the commissioning of officers, and even as the diplomatic corps erodes, Congress just approved a Pentagon budget for next year that would boost troops by 20,000.

Mr. Tillerson is no doubt correct that the State Department, like any bureaucracy, could benefit from scrutiny and thoughtful reform. For that reason, many people there welcomed Mr. Tillerson, with his long experience as chief executive of Exxon Mobil, as someone who could modernize the place and introduce efficiencies. He has already enacted one broadly popular reform by shrinking the number of special envoys assigned to special diplomatic tasks.

But over all, Mr. Tillerson has shown that business experience isn?t easily transferable to government, where the driver is not the bottom line but the national interest. An engineer, he seems obsessed with management minutiae and metrics; last week, for instance, his deputy secretary spent part of a senior staff meeting telling his underlings how to write effective memos to the boss. Mr. Tillerson seems no less obsessed with control, recently telling senior officials that henceforth his office, not they, would issue the boilerplate statements recognizing this or that country?s national day.

Critics faulted James Baker for relying too heavily on a small coterie of aides when he served as President George H. W. Bush?s secretary of state. But those aides all had previous government experience, and Mr. Baker eventually came to integrate career diplomats into his decision-making team. For the most part, Mr. Tillerson?s close aides have no such experience, and the professional diplomats who should be part of his team feel alienated and disrespected.

What this means, in practice, is an incoherent policy toward China and North Korea, and lesser failures elsewhere. There is still no American ambassador in South Korea, thus weakening the ability to develop a diplomatic solution to the North Korean nuclear crisis. There is no sign the administration has a plan for dealing with Syria, now that the Islamic State has been degraded, leaving Russia and Iran in commanding roles.

Exactly what?s behind this wholesale downgrading of the department is unclear. Mr. Trump seems to have little love for professional diplomats, 1,000 of whom formally protested the president?s Muslim travel ban in January. Policy shifts play a role, too. When Mr. Tillerson made clear that human rights concerns would be subordinated, the office handling those issues began to shrink.

The near-term hope of arresting or reversing this slide lies with Congress. More lawmakers are raising their voices, warning about the dangers to national security and demanding answers. In a letter to Mr. Tillerson on Wednesday, Senators John McCain, Republican of Arizona, and Jeanne Shaheen, Democrat of New Hampshire, expressed alarm over the department?s ?questionable management practices?; ?declining morale, recruitment and retention?; and inexperienced leadership. ?America?s diplomatic power is being weakened internally as complex global crises are growing externally,? they said.

Maybe Mr. Tillerson will get every diplomat to write perfectly formatted memos and achieve his targeted staff reductions. When it comes time to judge his tenure, however, historians will care only about this: What did he do to forestall war with North Korea, manage the rise of China, check Russia?s efforts to undermine democracy, lay the groundwork for postwar stability in Syria and Iraq, and protect America?s international standing?

From rforno at infowarrior.org  Sun Nov 19 10:29:32 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 19 Nov 2017 16:29:32 -0000
Subject: [Infowarrior] - Judge Halts Copyright Troll's Lawsuit Against A
 Now-Deceased Elderly Man With Dementia And An IP Address
Message-ID: <28F96551-16DF-4BED-A0FA-0C7B2EDD73E0@infowarrior.org>

Judge Halts Copyright Troll's Lawsuit Against A Now-Deceased Elderly Man With Dementia And An IP Address

from the stop-stop-he's-already-dead dept

https://www.techdirt.com/articles/20171115/09375838619/judge-halts-copyright-trolls-lawsuit-against-now-deceased-elderly-man-with-dementia-ip-address.shtml

Stories about copyright trolls issuing questionable settlement demands and lawsuits using laughably flimsy evidence with no regard to mitigating circumstances are somewhat common around here. The most egregious cases range from trolls sending threat letters to the elderly to flat out suing the innocent. This sort of thing is essentially inherent in a business model that closely apes an extortion ring, and here's another quintessential example of that.

It all started when Venice PI sued a man for being part of a torrent swarm offering the movie Once Upon a Time in Venice. The judge in the case has put the proceedings on hold, noting rather harshly that Venice PI's evidence sucks, and that the man in question had severe enough dementia that his family says he couldn't even have operated a computer as described in the lawsuit and, at age 91, has died.

< - >

To that end, lawyers for Venice PI are barred from having any contact with Miller's family or any other unnamed defendant in this case. In addition, Zilly is demanding any other evidence the plaintiff's can produce -- likely none --, as well as information on how IP addresses in bittorrent swarms might be spoofed. The judge goes on to say that if no further evidence can be presented, the claims will be dismissed with prejudice.

It's simply great to see a court get this so correct in a copyright troll case. Too often trolls are allowed to skate by in presenting evidence that isn't evidence at all, with no ground given to the sort of mitigating testimony offered by Miller's widow. That Venice IP hasn't dismissed their case against the now-deceased man is an added stain on its trollish soul.

From rforno at infowarrior.org  Sun Nov 19 10:30:52 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 19 Nov 2017 16:30:52 -0000
Subject: [Infowarrior] - Scientists develop reliable kill switches -- in
 case bioengineered microbes go rogue
Message-ID: <ABEA9F90-05CF-48C6-8476-8544536E0734@infowarrior.org>

Scientists develop reliable kill switches -- in case bioengineered microbes go rogue

"We needed to take our previous work further and develop kill switches that are stable in the long run and would also be useful in real-world applications," researcher Pamela Silver said.

https://www.upi.com/Science_News/2017/11/16/Scientists-develop-reliable-kill-switches-in-case-bioengineered-microbes-go-rogue/4791510867309/

By Brooks Hays  |  Nov. 16, 2017 at 5:33 PMFollow @upi

Nov. 16 (UPI) -- Scientists at Harvard have developed a pair of new kill switches that can be used to thwart bioengineered microbes that go rogue.

Researchers have been testing the use of bioengineered microbes for a variety of purposes, from the diagnosis of disease in the human body to the neutering of mosquitoes.

But there remain concerns about releasing manipulated microbes into nature. Could their augmented genes have unintended consequences? Could they morph and proliferate?

Kill-switches ensure the microbes effectively shutdown, or commit suicide, after they've executed their intended function. While kill switches have proven effective in the lab, researchers suggest kill-switch technologies needed to be improved to ensure safety in real-world environs.

"We needed to take our previous work further and develop kill switches that are stable in the long run and would also be useful in real-world applications," Pamela Silver, researcher at the Wyss Institute for Biologically Inspired Engineering at Harvard, said in a news release.

Silver and her colleagues developed two new types of kill switches for added security.

The first is known as the "essentializer," which piggybacks off another type of kill switch known as the "memory element." The memory element uses genes from a bacteria-infecting virus to build an alarm system into the genome of the microbe. The alarm is designed to remember the presence of a specific molecule, a signal that the microbe has ventured too far from its intended target.

When the target is sensed, the bacteriophage genes are triggered and toxins capable of killing the microbe are released. But as microbes evolve, they randomly tweak their genes. Over generations, these tweaks can yield useful adaptations. They can also disrupt the programmed kill-switch.

To account for the problem, researchers installed the essentializer. Scientists spliced the bacteriophage genes into another part of the microbe's genome. These genes are manipulated to ensure small amounts of toxins are produced, while the original memory element is designed to produce small amounts of an anti-toxin, keeping the microbe alive.

Should the original memory element kill-switch become lost, the essentializer would begin producing more toxins, thus killing the microbe.

"To create this sophisticated system of checks and balances, we also made sure that the kill switches themselves remained fully intact, which is an important prerequisite for future applications; we verified that they were still functional after about 140 cell divisions," said grad student Finn Stirling.

Scientists named their second new kill-switch "cryodeath." The switch uses similar toxin/anti-toxin DNA splices. But the switch is synched with temperature, instead of another kill-switch.

In lab tests, scientists showed when the temperature drops from 37 degrees to 22 degrees Celsius, the toxin genes are expressed and the anti-toxin genes are inhibited.

The researchers detailed their new kill switches in a new paper published this week in the journal Molecular Cell.

"This study shows how our teams are leveraging synthetic biology not only to reprogram microbes to create living cellular devices that can carry out useful functions for medicine and environmental remediation, but to do this in a way that is safe for all," said Donald Ingber, founding director of the Wyss Institute.

From rforno at infowarrior.org  Sun Nov 19 13:12:47 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 19 Nov 2017 19:12:47 -0000
Subject: [Infowarrior] - In chatlogs,
 celebrated hacker and activist confesses countless sexual assaults
Message-ID: <8E64805A-9D50-41C1-BC8F-ABE00C8AB3FE@infowarrior.org>


In chatlogs, celebrated hacker and activist confesses countless sexual assaults

?I have drunkenly sexually assaulted or raped women ? the exact number of which I am currently determining.?

by Sarah Jeong at sarahjeong Nov 19, 2017, 11:55am EST

https://www.theverge.com/2017/11/19/16675704/morgan-marquis-boire-hacker-sexual-assault

From rforno at infowarrior.org  Sun Nov 19 17:50:08 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 19 Nov 2017 23:50:08 -0000
Subject: [Infowarrior] - Fwd: Wall Street Wants to Kill the Agency
 Protecting Americans From Financial Scams
References: <DA476F83-5669-44A1-8484-83069DC24135@roscom.com>
Message-ID: <B7275C9A-12D4-43F3-A27B-3076AF509575@infowarrior.org>



> Begin forwarded message:
> 
> From: Monty Solomon <monty at roscom.com>
> Subject: Wall Street Wants to Kill the Agency Protecting Americans From Financial Scams
> Date: November 19, 2017 at 12:44:52 PM EST
> To: Richard Forno <rforno at infowarrior.org>
> 
> Wall Street Wants to Kill the Agency Protecting Americans From Financial Scams
> https://theintercept.com/2017/11/18/wall-street-wants-to-kill-the-agency-protecting-americans-from-financial-scams/
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171119/b980315b/attachment-0001.html>

From rforno at infowarrior.org  Mon Nov 20 12:57:10 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Mon, 20 Nov 2017 18:57:10 -0000
Subject: [Infowarrior] - =?utf-8?q?Man_gets_threats=E2=80=94not_bug_bounty?=
 =?utf-8?q?=E2=80=94after_finding_DJI_customer_data_in_public_view?=
Message-ID: <B2DC25B7-787A-4D56-B5F6-DAEEAF4EC357@infowarrior.org>

Man gets threats?not bug bounty?after finding DJI customer data in public view

A bug bounty hunter shared evidence; DJI called him a hacker and threatened with CFAA.

Sean Gallagher - 11/17/2017, 1:30 PM

https://arstechnica.com/information-technology/2017/11/dji-left-private-keys-for-ssl-cloud-storage-in-public-view-and-exposed-customers/

From rforno at infowarrior.org  Mon Nov 20 13:34:31 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Mon, 20 Nov 2017 19:34:31 -0000
Subject: [Infowarrior] - Announcing the New AWS Secret Region
Message-ID: <1DD5F036-74A6-424B-A97A-2E9A6C6C2E7F@infowarrior.org>

Announcing the New AWS Secret Region

on 20 NOV 2017 | in Government*, Public Sector* | Permalink |  Share

We are pleased to announce the new AWS Secret Region. The AWS Secret Region can operate workloads up to the Secret U.S. security classification level. The AWS Secret Region is readily available to the U.S. Intelligence Community (IC) through the IC?s Commercial Cloud Services (C2S) contract with AWS. The AWS Secret Region also will be available to non-IC U.S. Government customers with appropriate Secret-level network access and their own contract vehicles for use of the AWS Secret Region. These contract vehicles will not be part of the IC?s C2S contract.

With the launch of this new Secret Region, AWS becomes the first and only commercial cloud provider to offer regions to serve government workloads across the full range of data classifications, including Unclassified, Sensitive, Secret, and Top Secret. By using the cloud, the U.S. Government is better able to deliver necessary  information and data to mission stakeholders.

< - >

https://aws.amazon.com/blogs/publicsector/announcing-the-new-aws-secret-region/

From rforno at infowarrior.org  Mon Nov 20 13:37:30 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Mon, 20 Nov 2017 19:37:30 -0000
Subject: [Infowarrior] - Another Tor Browser Feature Makes It Into Firefox:
 First-Party Isolation
Message-ID: <44CFFB42-5C4B-4ECD-968A-4DF92C82EFC3@infowarrior.org>

Another Tor Browser Feature Makes It Into Firefox: First-Party Isolation

By Catalin Cimpanu

	? November 20, 2017

https://www.bleepingcomputer.com/news/software/another-tor-browser-feature-makes-it-into-firefox-first-party-isolation/

Unbeknown to most users, Mozilla added a privacy-enhancing feature to the Firefox browser over the summer that can help users block online advertisers from tracking them across the Internet.

The feature is named First-Party Isolation (FPI) and was silently added to the Firefox browser in August, with the release of Firefox 55.

What is First-Party Isolation

FPI works by separating cookies on a per-domain basis. This is important because most online advertisers drop a cookie on the user's computer for each site the user visits and the advertisers loads an ad.

With FPI enabled, the ad tracker won't be able to see all the cookies it dropped on that user's PC, but only the cookie created for the domain the user is currently viewing.

This will force the ad tracker to create a new user profile for each site the user visits and the advertiser won't be able to aggregate these cookies and the user's browsing history into one big fat profile.

Feature borrowed from the Tor Browser

This feature was first implemented in the Tor Browser, a privacy-focused fork of the Firefox browser managed by the Tor Project, where it is known as Cross-Origin Identifier Unlinkability.

FPI was added to Firefox as part of the Tor Uplift project, an initiative to bolster the Firefox codebase with some of the Tor Browser's unique privacy-focused features.

This is the third feature that has made it into the Firefox via the Tor Uplift project. Previously, Mozilla has added a mechanism to Firefox 52 that prevents websites from fingerprinting users via system fonts, and Firefox will also soon block websites from fingerprinting users via HTML5 canvas elements. This latter feature is scheduled for Firefox 58, to be released in mid-January 2018.

How to enable FPI

FPI support was added in Firefox 55, but very few users know about it because it was not included in the official release notes. Users had to dig long and hard to know that FPI even existed.

The feature is not enabled by default, as it's known to cause some login persistence problems. To enable it users have two options.

The first is to use a dedicated Firefox add-on. The add-on's name is "First Party Isolation," and once you install it, it immediately turns on FPI and adds a fishbowl icon on the Firefox UI.

Users can press this button to temporarily disable FPI (for five minutes). If users want to disable FPI for good, they can either disable or remove the add-on.

The second method of enabling FPI is by modifying parameters in the about:config settings page. To access this page, users must type about:config in the address bar and press Enter.

Once they reached the about:config page, they can search for "firstparty," and the two FPI parameters will appear.

To enable FPI, users must set "privacy.firstparty.isolate" to true by double-clicking it. The second parameter ? "privacy.firstparty.isolate.restrict_opener_access" ? works by lowering some of the "isolation" rules. Users can set this parameter to false if they're having problems logging into websites.

From rforno at infowarrior.org  Mon Nov 20 19:52:47 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 21 Nov 2017 01:52:47 -0000
Subject: [Infowarrior] - FCC plans total repeal of net neutrality rules
Message-ID: <A4DA05B4-1689-4062-8AE2-2B864F81A681@infowarrior.org>


FCC plans total repeal of net neutrality rules

By MARGARET HARDING MCGILL

11/20/2017 07:17 PM EST
Updated 11/20/2017 07:58 PM EST

Federal Communications Commission Chairman Ajit Pai will reveal plans to his fellow commissioners on Tuesday to fully dismantle the agency's Obama-era net neutrality regulations, people familiar with the plans said, in a major victory for the telecom industry in the long-running policy debate.

The commission will vote on the proposal in December, some seven months after it laid the groundwork for scuttling the rules that require internet service providers like Comcast or AT&T to treat web traffic equally.

President Donald Trump-appointed Pai?s plan would jettison rules that prohibit internet service providers from blocking or slowing web traffic or creating so-called paid internet fast lanes, the people familiar with the changes said.

Pai also will follow through on his plans to scrap the legal foundation that the FCC?s old Democratic majority adopted in 2015 to tighten federal oversight of internet service providers, a move he contends has deterred the industry from investing in broadband networks. Internet providers have feared that legal foundation, if left in place, could set the stage for possible government price regulation of internet service.

The chairman?s approach, to be voted on at the FCC?s Dec. 14 meeting, would also get rid of the so-called general conduct standard, which gives the FCC authority to police internet service providers behavior it deems unreasonable.

The plan includes transparency rules that would require internet service providers to inform their customers about their practices on issues such as blocking and throttling. Major internet providers, including Comcast, have publicly said they will not block or throttle web traffic.

The FCC will look to another agency, the Federal Trade Commission, to police whether internet service providers are acting in an anticompetitive manner.

An FCC spokesman declined comment on the plan.

< - >

https://www.politico.com/story/2017/11/20/net-neutrality-repeal-fcc-251824

From rforno at infowarrior.org  Tue Nov 21 06:36:40 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 21 Nov 2017 12:36:40 -0000
Subject: [Infowarrior] - OT:  Likely new Census head causes alarm
Message-ID: <6ED7B136-822C-4905-8322-A5DED7038EC6@infowarrior.org>

Leading Trump Census pick causes alarm

The 2020 count might be put in the hands of an inexperienced professor who wrote that 'Competitive Elections are Bad for America.'

By DANNY VINIK and ANDREW RESTUCCIA

11/21/2017 05:06 AM EST

The Trump administration is leaning toward naming Thomas Brunell, a Texas professor with no government experience, to the top operational job at the U.S. Census Bureau, according to two people who have been briefed on the Bureau?s plans.

Brunell, a political science professor, has testified more than half a dozen times on behalf of Republican efforts to redraw congressional districts, and is the author of a 2008 book titled ?Redistricting and Representation: Why Competitive Elections Are Bad for America.?

The choice would mark the administration?s first major effort to shape the 2020 Census, the nationwide count that determines which states lose and gain electoral votes and seats in the House of Representatives.

The fate of the Census under Trump has been closely watched by voting-rights advocates worried that the administration ? which has already made unsupported claims about voter fraud ? might nudge it in directions that over- or under-count some Americans. Subtle bureaucratic choices in the wording and administration of the Census can have huge consequences for who is counted, and how it shifts American voting districts.

The pick would break with the long-standing precedent of choosing a nonpolitical government official as deputy director of the U.S. Census Bureau. The job has typically been held by a career civil servant with a background in statistics. It does not require Senate confirmation, so Congress would have no power to block the hire.

The most reliable politics newsletter.

Sign up for POLITICO Playbook and get the latest news, every morning ? in your inbox.

Email  
By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

?If true, it signals an effort by the administration to politicize the Census,? said Terri Ann Lowenthal, former co-director of the Census Project, an organization that tracks the census. ?It?s very troubling.?

Brunell was under consideration over the summer for the Senate-confirmable job of Census Director, but the administration declined to nominate him after receiving pushback from Capitol Hill,  according to two people who track the Census closely.

The White House and Census Bureau both referred comments to the Commerce Department, which oversees the Census Bureau. The Commerce Department declined to comment. Brunell, reached by phone, declined to comment.

The hiring could be announced as soon as this week, though Trump administration personnel decisions often change at the last minute. One administration official said the situation remains "fluid."

As deputy director of the Census Bureau, Brunell would become the highest-ranking permanent official at the agency. Though the job technically reports to the Census director, that slot is temporarily being filled by a career civil servant, since former director John Thompson resigned at the end of June. There is currently no nominee for a permanent director.

"This is worse than making him director,? said a former high-ranking Commerce Department official. ?There still is going to be hell to pay on the optics. The Democrats and civil rights community will go nuts."

Though it may seem like a dry bureaucratic task, the $16 billion decennial Census has become the focus of hotly contested political arguments in a moment when the question of who counts as an American has risen to the top of the national debate.

< - >

https://www.politico.com/story/2017/11/21/trump-census-pick-causes-alarm-252571

From rforno at infowarrior.org  Tue Nov 21 07:55:10 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 21 Nov 2017 13:55:10 -0000
Subject: [Infowarrior] - =?utf-8?q?Google_collects_Android_users=E2=80=99_?=
 =?utf-8?q?locations_even_when_location_services_are_disabled?=
Message-ID: <D7B6AE27-9ED7-4505-A84F-6663716A8282@infowarrior.org>



Google collects Android users? locations even when location services are disabled

Written by Keith Collins

Many people realize that smartphones track their locations. But what if you actively turn off location services, haven?t used any apps, and haven?t even inserted a carrier SIM card?

Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they?re connected to the internet, a Quartz investigation has revealed.

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers?even when location services are disabled?and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals? locations and their movements that go far beyond a reasonable consumer expectation of privacy.

Quartz observed the data collection occur and contacted Google, which confirmed the practice.

The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.

?In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery,? the Google spokesperson said in an email. ?However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.?

< - >

https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/

From rforno at infowarrior.org  Tue Nov 21 18:25:48 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 22 Nov 2017 00:25:48 -0000
Subject: [Infowarrior] - Uber Paid Hackers to Delete Stolen Data on 57
 Million People
Message-ID: <9DEBA47E-882B-41AE-84FA-2E8EB4FBD4AD@infowarrior.org>

(x-posted)

Uber Paid Hackers to Delete Stolen Data on 57 Million People

By Eric Newcomer
November 21, 2017, 4:58 PM EST Updated on November 21, 2017, 6:19 PM EST

	? Company paid hackers $100,000 to delete info, keep quiet
	? Chief Security Officer Joe Sullivan and another exec ousted

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver?s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

< - >

https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data

From rforno at infowarrior.org  Sun Nov 26 10:39:18 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 26 Nov 2017 16:39:18 -0000
Subject: [Infowarrior] - =?utf-8?q?FBI_didn=E2=80=99t_tell_US_targets_as_R?=
 =?utf-8?q?ussian_hackers_hunted_emails?=
Message-ID: <327DF4E0-1345-4D6E-B7E4-159C1D376EFE@infowarrior.org>

FBI didn?t tell US targets as Russian hackers hunted emails

By RAPHAEL SATTER, JEFF DONN and DESMOND BUTLER

1 hour ago

WASHINGTON (AP) ? The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin?s crosshairs, The Associated Press has found.

Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.

?It?s utterly confounding,? said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. ?You?ve got to tell your people. You?ve got to protect your people.?

The FBI declined to answer most questions from AP about how it had responded to the spying campaign. The bureau provided a statement that said in part: ?The FBI routinely notifies individuals and organizations of potential threat information.?

Three people familiar with the matter ? including a current and a former government official ? said the FBI has known for more than a year the details of Fancy Bear?s attempts to break into Gmail inboxes. A  senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks.

< - >

https://apnews.com/f1a5570b7ce04d39bab00ae3a9041460

From rforno at infowarrior.org  Sun Nov 26 11:53:18 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 26 Nov 2017 17:53:18 -0000
Subject: [Infowarrior] - Fwd: More than a Million Pro-Repeal Net Neutrality
 Comments were Likely Faked
References: <20171126172036.GA25559@gsp.org>
Message-ID: <88A64178-A5FB-4EE4-8D87-F53B40315111@infowarrior.org>



> Begin forwarded message:
> 
> From: Rich Kulawiec <rsk at gsp.org>
> Subject: More than a Million Pro-Repeal Net Neutrality Comments were Likely Faked
> Date: November 26, 2017 at 12:20:36 PM EST
> To: Dave Farber <dave at farber.net>, Richard Forno <rforno at infowarrior.org>, Lauren Weinstein <lauren at vortex.com>
> 
> (for IP, if you wish)
> 
> 
> 	More than a Million Pro-Repeal Net Neutrality Comments were Likely Faked
> 	https://hackernoon.com/more-than-a-million-pro-repeal-net-neutrality-comments-were-likely-faked-e9f0e3ed36a6
> 
> Excerpts:
> 
> 	NY Attorney General Schneiderman estimated that hundreds of
> 	thousands of Americans' identities were stolen and used in spam
> 	campaigns that support repealing net neutrality. My research found
> 	at least 1.3 million fake pro-repeal comments, with suspicions
> 	about many more. In fact, the sum of fake pro-repeal comments
> 	in the proceeding may number in the millions.
> 
> 	[...]
> 
> 	Key Findings:
> 
> 	1. One pro-repeal spam campaign used mail-merge to disguise 1.3
> 	million comments as unique grassroots submissions.
> 
> 	2.  There were likely multiple other campaigns aimed at injecting
> 	what may total several million pro-repeal comments into the
> 	system.
> 
> 	3.  It's highly likely that more than 99% of the truly unique
> 	comments were in favor of keeping net neutrality.
> 
> 	[...]
> 
> 	After clustering comment categories and removing duplicates,
> 	I found that less than 800,000 of the 22M+ comments submitted
> 	to the FCC (3-4%) could be considered truly unique.
> 
> ---rsk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171126/c7d3e345/attachment-0001.html>

From rforno at infowarrior.org  Sun Nov 26 12:55:24 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 26 Nov 2017 18:55:24 -0000
Subject: [Infowarrior] - Reverse-engineering a connected Furby toy,
 revealing its disturbing security defects
Message-ID: <F709185D-E1D5-4ED8-93C2-211709EA1D6F@infowarrior.org>

Reverse-engineering a connected Furby toy, revealing its disturbing security defects

When Context Labs teamed up with UK consumer group Which? to produce an outstanding report on the surveillance, privacy and security risks of kids' "connected toys," it undertook the reverse-engineering of Hasbro's new Furby Connect, a device that works with a mobile app to listen and watch the people around it and interact with them.

Naturally, any internet-connected device has the power to spy on your home network, and once you give that device a camera and microphone, it also has the power to spy on the people in your home, capturing audio and video of them at intimate moments, stealing their secrets and invading their privacy.

So you'd hope that the Furby Connect would have a very robust security model that prevented bad actors from covertly updating the device to turn it into a surveillance tool. Unfortunately, as Context discovered, "the security situation was bad."

From the Bluetooth LE channel used by the device to talk to your phone (encryption turned off!) to the ability to conduct over-the-air firmware updates, to the lack of firmware update authentication, the device is a near-total disaster (though the researchers do say they find the design "frankly adorable").

More disturbing is Hasbro's dismissive response, which boiled down to, "We don't think this is a big deal so we're not going to do anything about it #wontfit."

The Context Labs report on the subsequent reverse-engineering of the protocols, format and firmware for the Furby Connect is an excellent example of the technological detective story, in which engineers have match their intellect against those who came before them and unravel their secrets -- the sort of thing that makes Bunnie Huang's book The Hardware Hacker such an essential read.

< - >

https://boingboing.net/2017/11/26/kill-it-with-fire.html

From rforno at infowarrior.org  Sun Nov 26 12:56:00 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 26 Nov 2017 18:56:00 -0000
Subject: [Infowarrior] - Rightscorp finished Sept 2017 with $3,
 147 in the bank,
 warns investors it will likely have to shut down without more cash
Message-ID: <E1FF0D6B-6AE1-4C11-A832-83796BB9B49C@infowarrior.org>

(Couldn't happen to a more deserving company.  --rick)

Rightscorp finished Sept 2017 with $3,147 in the bank, warns investors it will likely have to shut down without more cash

https://boingboing.net/2017/11/26/circling-the-drain.html

Rightscorp (previously) is the extortion outfit that terrifies people into paying it money for unproven accusations of copyright violations, enlisting ISPs to cut off subscribers who won't cough up.

Despite high-profile support from some of the copyright industry's biggest players, the company has been in a financial death-spiral, under increasing scrutiny over its illegal tactics, and its inability to win in court.

Now, the company's latest filings show that its Q3/2017 "settlement" revenues are down 48% compared to Q3/2016, and its losses for the first three quarters of this year are up to a total of $1,448,899, a significant increase over its 2016/Q1-3 losses of $1,380,698.

The company finished September 2017 with only $3,147, and was forced to issue 2.5m new shares and sell them for a total of $50,000 just to keep the lights on. The company has warned its investors that without an infusion of at least $250K-500K it will likely cease to operate.

The company suggests that such an infusion would allow it to shift its business model to weaponizing surveillance data it has amassed on downloaders, so that rightsholder..

< - >

From rforno at infowarrior.org  Mon Nov 27 06:05:19 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Mon, 27 Nov 2017 12:05:19 -0000
Subject: [Infowarrior] - Congress poised to jam through reauthorization of
 mass surveillance
Message-ID: <9F4178A6-BF7A-4D3D-ABDC-11063236E731@infowarrior.org>

Congress poised to jam through reauthorization of mass surveillance

By Jason Pye and Sean Vitka, opinion contributors ? 11/27/17 06:20 AM EST 10
The views expressed by contributors are their own and not the view of The Hill

http://thehill.com/opinion/cybersecurity/361875-congress-poised-to-jam-through-reauthorization-of-mass-surveillance

Congress doesn?t have much time left on the legislative calendar for the year, but there?s still a lot on the agenda to get across the finish line. In the few remaining days, Republicans hope to pass a tax reform bill and either another short-term continuing resolution or an omnibus to fund the government.

Another item on the agenda is the reauthorization of Title VII of the Foreign Intelligence Surveillance Act (FISA), including the controversial Section 702.

The current authorization for Section 702 expires on December 31, and it?s the first time Congress has faced this reauthorization since Edward Snowden?s earth-shattering disclosures about the National Security Agency?s mass surveillance apparatus. Committees in the Senate and House have competing proposals to reauthorize the program. But with the clock running out, Congress once again appears to be poised to jam through reauthorization.

Passed in 1978, FISA allows federal intelligence agencies to collect the electronic communications of foreign persons to surveil for certain illicit activities, including terrorism. But not all of the electronic communications collected by the National Security Agency (NSA) are those of foreign persons.
 

According to a 2014 Washington Post report, 90 percent of account holders whose communications were collected were not the intended targets. ?Many of them were Americans,? the Post explained. ?Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents.? 

Civil libertarians have urged Congress to take this reauthorization as an opportunity to implement meaningful reforms to shield innocent Americans from mass surveillance while ensuring that federal intelligence agencies have the tools they need to protect the United States from foreign threats. Some in Congress, however, seem committed to running roughshod over the Fourth Amendment.

The Senate Select Committee on Intelligence has marked up the FISA Amendments Reauthorization Act, S. 2010. The bill, sponsored by Chairman Richard Burr (R-N.C.) is actually worse than existing law. It explicitly allows the attorney general to use information collected under Section 702 for domestic crimes that have nothing to do with national security and forbids judicial review of that decision.

Meanwhile, the House Judiciary Committee has marked up the USA Liberty Act, which, despite or because of painstaking deliberations, does not sufficiently protect innocent Americans from surveillance. The House version of the USA Liberty Act, for instance, has a weak warrant requirement, which would allow the Federal Bureau of Investigation (FBI) to conduct backdoor searches of electronic communications collected by the NSA for domestic, non-terrorism investigations. Additionally, the proposed end of ?about? collection, in which the government collects information that is neither to nor from a target, would sunset after six years.

The FISA Court forced the end of ?about? collection earlier this year, finding the practice to be ?a very serious Fourth Amendment issue.? The court also concluded that the NSA?s failure to disclose information represented ?an institutional ?lack of candor.?? These are just two of many red flags the secret judicial body has raised over intelligence agencies? collection practices. 

There are alternatives. The Senate companion to the USA Liberty Act, introduced by Sens. Patrick Leahy (D-Vt.) and Mike Lee (R-Utah), improves upon the version marked up by the House Judiciary Committee. In particular, the improvements include a far stronger prohibition on searching for Americans? information without a warrant and permanently ending ?about? collection.

Separately, Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.) have introduced the USA RIGHTS Act. The bill would stop ?backdoor searches? of Americans? information, permanently end ?about? collection, fix disturbing problems faced by defendants against whom the government uses Section 702 information, forbid the knowing collection of entirely domestic communications, and institute other important reforms. The USA RIGHTS Act is by far the strongest reform bill on the table, and all who truly care about their civil liberties should support it.

But despite these tremendous efforts by many in Congress, the ink on the Bill of Rights, which is so crucial to the American experiment, is fading. With no clear path to the floor for any of these bills, the chance that Section 702 reauthorization with no or minimal reforms is included in an omnibus has grown significantly. But a spending bill is no place for an issue that literally affects the fundamental rights of every American. It is no place for substantive debate over the very real privacy and security issues facing America.

The leadership in the House and the Senate must give those in both parties the opportunity to offer amendments to reform FISA. These ideas have broad bipartisan support, and the closure of the backdoor search loophole itself has passed the House of Representatives twice. To jam Section 702 reauthorization into an omnibus or to otherwise prevent debate on the floor would not only diminish Americans? privacy, it would diminish our voice.

The public deserves a chance to fight for its Fourth Amendment right to privacy and to know the names of those, Republican and Democrat alike, who are actively working to diminish this fundamental liberty.

Jason Pye is the vice president of legislative affairs for FreedomWorks. Sean Vitka is counsel for Demand Progress.

From rforno at infowarrior.org  Mon Nov 27 10:03:55 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Mon, 27 Nov 2017 16:03:55 -0000
Subject: [Infowarrior] - The FISA Amendments Reauthorization Act Restricts
 Congress, Not Surveillance
Message-ID: <893DFE88-9329-4513-9088-AAFECFEBB595@infowarrior.org>

The FISA Amendments Reauthorization Act Restricts Congress, Not Surveillance

By David Ruiz
November 17, 2017

https://www.eff.org/deeplinks/2017/11/fisa-amendments-reauthorization-act-restricts-congress-not-surveillance

The FISA Amendments Reauthorization Act of 2017?legislation meant to extend government surveillance powers?squanders several opportunities for meaningful reform and, astonishingly, manages to push civil liberties backwards. The bill is a gift to the intelligence community, restricting surveillance reforms, not surveillance itself.

The bill (S. 2010) was introduced October 25 by Senate Select Committee on Intelligence Chairman Richard Burr (R-NC) as an attempt to reauthorize Section 702 of the FISA Amendments Act. That law authorizes surveillance that ensnares the communications of countless Americans, and it is the justification used by agencies like the FBI to search through those collected American communications without first obtaining a warrant. Section 702 will expire at the end of this year unless Congress reauthorizes it.

Other proposed legislation in the House and Senate has used Section 702?s sunset as a moment to move surveillance reform forward, demanding at least minor protections to how 702-collected American communications are accessed. In contrast, Senator Burr?s bill uses Section 702?s sunset as an opportunity codify some of the intelligence community?s more contentious practices while also neglecting the refined conversations on surveillance happening in Congress today. 

Here is a breakdown of the bill.

?About? Collection

Much of the FISA Amendments Reauthorization Act (the ?Burr bill? for short) deals with a type of surveillance called ?about? collection, a practice in which the NSA searches Internet traffic for any mentions of foreign intelligence surveillance targets. As an example, the NSA could search for mentions of a target?s email address. But the communications being searched do not have to be addressed to or from that email address, the communications would simply need to include the address in their text.  This is not normal for communications surveillance.

Importantly, nothing in Section 702 today mentions or even hints at ?about? collection, and it wasn?t until 2013 that we learned about it. A 2011 opinion from the Foreign Intelligence Surveillance Court?which provides judicial review for the Section 702 program?found this practice to be unconstitutional without strict post-collection rules to limit its retention and use.

Indeed, it is a practice the NSA ended in April precisely ?to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target.?  Alarmingly, it is a practice the FISA Amendments Reauthorization Act defines expansively and provides guidelines for restarting.

According to the bill, should the Attorney General and the Director of National Intelligence decide that ?about? collection needs to start up again, all they need to do is ask specified Congressional committees. Then, a 30-day clock begins ticking. It?s up to Congress to act before the clock stops.

In those 30 days, at least one committee?including the House Judiciary Committee, the House Permanent Select Committee on Intelligence, the Senate Judiciary Committee, and the Senate Select  Committee on Intelligence?must draft, vote, and pass legislation that specifically disallows the continuation of ?about? collection, working against the requests of the Attorney General and the Director of National Intelligence.

If Congress fails to pass such legislation in 30 days, ?about? collection can restart.

The 30-day period has more restrictions. If legislation is referred to any House committee because of the committee?s oversight obligations, that committee must report the legislation to the House of Representatives within 10 legislative days. If the Senate moves legislation forward, ?consideration of the qualifying legislation, and all amendments, debatable motions, and appeals in connection therewith, shall be limited to not more than 10 hours,? the bill says.

Limiting discussion on ?about? collection to just 10 hours?when members of Congress have struggled with it for years?is reckless. It robs Congress of the ability to accurately debate a practice whose detractors even include the Foreign Intelligence Surveillance Court (FISC)?the judicial body that reviews and approves Section 702 surveillance.

Worse, the Burr bill includes a process to skirt legislative approval of ?about? collection in emergencies. If Congress has not already disapproved ?about? collection within the 30-day period, and if the Attorney General and the Director of National Intelligence determine that such ?about? collection is necessary for an emergency, they can obtain approval from the FISC without Congress.

And if during the FISC approval process, Congress passes legislation preventing ?about? collection?effectively creating both approval and disapproval from two separate bodies?the Burr bill provides no clarity on what happens next. Any Congressional efforts to protect American communications could be thrown aside.

These are restrictions on Congress, not surveillance?as well as an open invitation to restart ?about? searching.

What Else is Wrong?

The Burr bill includes an 8-year sunset period, the longest period included in current Section 702 reauthorization bills. The USA Liberty Act?introduced in the House?sunsets in six years. The USA Rights Act?introduced in the Senate?sunsets in four.

The Burr bill also allows Section 702-collected data to be used in criminal proceedings against U.S. persons so long as the Attorney General determines that the crime involves a multitude of subjects. Those subjects include death, kidnapping, seriously bodily injury, incapacitation or destruction of critical infrastructure, and human trafficking. The Attorney General can also determine that the crime involves ?cybersecurity,? a vague term open to broad abuse.

The Attorney General?s determinations in these situations are not subject to judicial review.

The bill also includes a small number of reporting requirements for the FBI Director and the FISC. These are minor improvements that are greatly outweighed by the bill?s larger problems.

No Protections from Warrantless Searching of American Communications

The Burr bill fails to protect U.S. persons from warrantless searches of their communications by intelligence agencies like the FBI and CIA.

The NSA conducts surveillance on foreign individuals living outside the United States by collecting communications both sent to and from them. Often, U.S. persons are communicating with these individuals, and those communications are swept up by the NSA as well. Those communications are then stored in a massive database that can be searched by outside agencies like the FBI and CIA. These unconstitutional searches do not require a warrant and are called ?backdoor? searches because they skirt U.S. persons? Fourth Amendment rights.

The USA Liberty Act, which we have written extensively about, creates a warrant requirement when government agents look through Section 702-collected data for evidence of a crime, but not for searches for foreign intelligence. The USA Rights Act creates warrant requirements for all searches of American communications within Section 702-collected data, with ?emergency situation? exemptions that require judicial oversight.

The Burr bill offers nothing.

No Whistleblower Protections

The Burr bill also fails to extend workplace retaliation protections to intelligence community contractors who report what they believe is illegal behavior within the workforce. This protection, while limited, is offered by the USA Liberty Act. The USA Rights Act takes a different approach, approving new, safe reporting channels for internal government whistleblowers.

What?s Next?

The Burr bill has already gone through markup in the Senate Select Committee on Intelligence. This means that it could be taken up for a floor vote by the Senate.

Your voice is paramount right now. As 2017 ends, Congress is slammed with packages on debt, spending, and disaster relief?all which require votes in less than six weeks. To cut through the log jam, members of Congress could potentially attach the Burr bill to other legislation, robbing surveillance reform of its own vote. It?s a maneuver that Senator Burr himself, according to a Politico report, approves.

Just because this bill is ready, doesn?t mean it?s good. Far from it, actually.

We need your help to stop this surveillance extension bill. Please tell your Senators that the FISA Amendments Reauthorization Act of 2017 is unacceptable.

Tell them surveillance requires reform, not regression. 

From rforno at infowarrior.org  Tue Nov 28 15:02:24 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 28 Nov 2017 21:02:24 -0000
Subject: [Infowarrior] - You can log into macOS High Sierra as root with no
 password
Message-ID: <A449A2C0-3F13-4358-ADA6-E124283CF763@infowarrior.org>


You can log into macOS High Sierra as root with no password
By Shaun Nichols in San Francisco 28 Nov 2017 at 20:15

A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password.

The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings.

If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen.

The vulnerability effectively allows someone with physical access to the machine to cause extra mischief, install malware, and so on. While obviously not the end of the world ? certainly far from a remote hole or a disk decryption technique ? it's just really, really sad to see megabucks Apple drop the ball like this.

Developer Lemi Orhan Ergan alerted the world to the flaw via Twitter ion the past hour or so:

< - >

http://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/

From rforno at infowarrior.org  Tue Nov 28 19:37:36 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 29 Nov 2017 01:37:36 -0000
Subject: [Infowarrior] - EFF getting matching donations this week
Message-ID: <9CB70761-AC6F-4DB6-8702-EB2F332E5825@infowarrior.org>

I just did....again.  Will you?   --rick

Give to the Electronic Frontier Foundation this week and double the impact of your support! A passionate group of EFF supporters joined forces to provide Power Up Your Donation challenge grants, meaning they will match every dollar up to $203,137. Will you help us power up online rights?

EFF is a U.S. 501(c)(3) nonprofit, tax ID #04-3091431. Contributions are tax-deductible as allowed by law.

https://supporters.eff.org/donate/power-2017-s

From rforno at infowarrior.org  Wed Nov 29 10:29:37 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 29 Nov 2017 16:29:37 -0000
Subject: [Infowarrior] - Fwd: DefenseOne: Russia Will Build Its Own Internet
 Directory, Citing US Information Warfare
References: <CAD8VU4FPRUei7pK0Np1TDf4DuGva_hfCLSzRG6PEsK4eZ7XMRQ@mail.gmail.com>
Message-ID: <77CF2A0C-5B29-46B9-9AE3-5AFE1E765D0A@infowarrior.org>



> Begin forwarded message:
> 
> From: Jonathan Abolins <jon.abolins at gmail.com>
> Subject: DefenseOne: Russia Will Build Its Own Internet Directory, Citing US Information Warfare
> Date: November 29, 2017 at 10:54:22 AM EST
> To: Richard Forno <rforno at infowarrior.org>
> 
> Basically, creating separate DNS system with its own root servers for BRICS. 
> 
> http://www.defenseone.com/technology/2017/11/russia-will-build-its-own-internet-directory-citing-us-information-warfare/142822/ <http://www.defenseone.com/technology/2017/11/russia-will-build-its-own-internet-directory-citing-us-information-warfare/142822/>
> 
> Cheers,
> Jon
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171129/afb135de/attachment-0001.html>

From rforno at infowarrior.org  Wed Nov 29 12:21:36 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 29 Nov 2017 18:21:36 -0000
Subject: [Infowarrior] - more on ... Re: You can log into macOS High Sierra
 as root with no password
In-Reply-To: <A449A2C0-3F13-4358-ADA6-E124283CF763@infowarrior.org>
References: <A449A2C0-3F13-4358-ADA6-E124283CF763@infowarrior.org>
Message-ID: <BBF47359-555F-4895-BF08-F3E720D8A723@infowarrior.org>


A fix is out from Apple this morning.


> On Nov 28, 2017, at 4:02 PM, Richard Forno <rforno at infowarrior.org> wrote:
> 
> 
> You can log into macOS High Sierra as root with no password
> By Shaun Nichols in San Francisco 28 Nov 2017 at 20:15
> 
> A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password.
> 
> The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings.
> 
> If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen.
> 
> The vulnerability effectively allows someone with physical access to the machine to cause extra mischief, install malware, and so on. While obviously not the end of the world ? certainly far from a remote hole or a disk decryption technique ? it's just really, really sad to see megabucks Apple drop the ball like this.
> 
> Developer Lemi Orhan Ergan alerted the world to the flaw via Twitter ion the past hour or so:
> 
> < - >
> 
> http://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/


From rforno at infowarrior.org  Wed Nov 29 14:40:47 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 29 Nov 2017 20:40:47 -0000
Subject: [Infowarrior] - PII of 246, 000 DHS employees found on home computer
Message-ID: <0A5D5285-6D20-4B58-BED5-A2591E8AD18D@infowarrior.org>


In 2017, this basic-101 securityfail should *not* still be happening.  Remember the periodic VA laptop losses (and unencrypted PII troves on them) over the years?   --rick


Sensitive personal information of 246,000 DHS employees found on home computer

Ray Locker, USA TODAY Published 3:53 p.m. ET Nov. 28, 2017

https://www.usatoday.com/story/news/politics/2017/11/28/sensitive-personal-information-246-000-dhs-employees-found-home-computer/901654001/

WASHINGTON ? The sensitive personal information of 246,000 Department of Homeland Security employees was found on the home computer server of a DHS employee in May, according to documents obtained by USA TODAY.

Also discovered on the server was a copy of 159,000 case files from the inspector general's investigative case management system, which suspects in an ongoing criminal investigation intended to market and sell, according to a report sent by DHS Inspector General John Roth on Nov. 24 to key members of Congress. 

The information included names, Social Security numbers and dates of birth, the report said.

The inspector general's acting chief information security officer reported the breach to DHS officials on May 11, while IG agents reviewed the details.

.Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected employees who were employed at the department through the end of 2014 about the breach. 

The department's office of privacy is completing the details of the notices to those affected.

"All potentially affected individuals will be offered an 18-month subscription to credit monitoring services," the report says.

Officials at Office of Inspector General, which acts as an internal watchdog at DHS, said in a statement provided to USA TODAY that "DHS is coordinating notice to the affected individuals and we are working closely with DHS to accomplish this."

"The responsible individuals are no longer on the OIG payroll," the statement said. 

Other agencies have suffered serious data breaches in recent years. In June 2015, the personal information of about 21.5 million people was leaked in a breach at the Office of Personnel Management.

From rforno at infowarrior.org  Wed Nov 29 14:42:29 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 29 Nov 2017 20:42:29 -0000
Subject: [Infowarrior] - SCOTUS Seem Ready to Boost Protection of Digital
 Privacy
Message-ID: <BC24A049-9593-4D1F-9923-264C212F8FF0@infowarrior.org>

Politics

Justices Seem Ready to Boost Protection of Digital Privacy

By ADAM LIPTAKNOV. 29, 2017

WASHINGTON ? At a lively Supreme Court argument on Wednesday, a majority of the justices seemed troubled by the government?s ability to acquire troves of digital data without a warrant.

?Most Americans, I still think, want to avoid Big Brother,? said Justice Sonia Sotomayor. ?They want to avoid the concept that government will be able to see and locate you anywhere you are, at any point in time.?

The argument lasted 20 minutes longer than the usual hour. By its conclusion, at least five justices seemed prepared to limit the government?s power to obtain records from cellphone companies showing their customers? locations over long periods of time. But there was no consensus about a rationale for a decision or about how far the court was prepared to go to reshape longstanding constitutional doctrines that allow the government to obtain business records held by third parties.

The case concerns Timothy Ivory Carpenter, who was convicted of participating in a series of robberies, based in part on records provided by his cellular carrier showing his movements over several months. Nathan Freed Wessler, a lawyer for Mr. Carpenter, said prosecutors had violated the Fourth Amendment, which bars unreasonable searches, by failing to get a warrant for the information.

A ruling in Mr. Carpenter?s favor could revise a fundamental Fourth Amendment principle: that people have no reasonable expectation of privacy when they voluntarily turn over information to a third party, like a phone company.

Some justices said they were wary of acting rashly and worried about the consequences of a ruling in favor of Mr. Carpenter.

?This new technology is raising very serious privacy concerns,? Justice Samuel A. Alito Jr. told Mr. Wessler, ?but I need to know how much of existing precedent you want us to overrule or declare obsolete.?

The court?s decision in the case, Carpenter v. United States, No. 16-402, will apply the Fourth Amendment, drafted in the 18th century, to a world in which people?s movements are continually recorded by devices in their pockets and cars, by toll plazas and by transit systems.

< - >

https://www.nytimes.com/2017/11/29/us/politics/supreme-court-digital-privacy.html

From rforno at infowarrior.org  Wed Nov 29 14:57:00 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 29 Nov 2017 20:57:00 -0000
Subject: [Infowarrior] - Fwd: FCC Got 444,
 938 Net-Neutrality Comments From Russian Email Addresses
References: <201711291958.vATJw9mT018587@synergy.ecn.purdue.edu>
Message-ID: <B2F8697D-94D9-4324-B67B-DBB2859BA870@infowarrior.org>



> Begin forwarded message:
> 
> From: Joe Cychosz <3ksnn64 at ecn.purdue.edu>
> Subject: FCC Got 444,938 Net-Neutrality Comments From Russian Email Addresses
> Date: November 29, 2017 at 14:58:09 EST
> To: rforno at infowarrior.org
> 
> More influnece pushing.
> Might be of interest.  Joe
> 
> FCC Got 444,938 Net-Neutrality Comments From Russian Email Addresses
> https://www.bloomberg.com/news/articles/2017-11-29/fake-views-444-938-russian-emails-among-suspect-comments-to-fcc
> 
> Someone was trying to game the U.S. Federal Communications Commission?s electronic public comment system on net-neutrality rules.
> 
> But who? Was it supporters or foes of the open internet rules -- or was it the Russians?
> 
> A study has found more than 7.75 million comments were submitted from email domains attributed to FakeMailGenerator.com, and they had nearly identical wording. The FCC says some of the nearly 23 million comments on Chairman Ajit Pai?s proposal to gut Obama-era rules were filed under the same name more than 90 times each.
> 
> And then there were the 444,938 from Russian email addresses, which also raised eyebrows, even though it?s unclear if they were from actual Russian citizens or computer bots originating in the U.S. or elsewhere.
> 
> The oddities in the FCC?s inbox have attracted scrutiny from New York?s attorney general and from the U.S. Government Accountability Office, which has opened a probe.
> 
> ...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171129/8c3d6f48/attachment-0001.html>

From rforno at infowarrior.org  Thu Nov 30 06:12:54 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 30 Nov 2017 12:12:54 -0000
Subject: [Infowarrior] - Senate GOP campaign arm stole donor data from House
 Republicans
Message-ID: <C4602E0F-1F32-433F-A574-C354B56BD8B5@infowarrior.org>


Senate GOP campaign arm stole donor data from House Republicans

Former NRCC aides used their old passwords to break into a database of highly valuable information on contributors.

By KEVIN ROBILLARD and ELENA SCHNEIDER
11/29/2017 08:20 PM EST

https://www.politico.com/story/2017/11/29/campaign-data-stolen-republicans-house-senate-196238

From rforno at infowarrior.org  Thu Nov 30 06:14:03 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 30 Nov 2017 12:14:03 -0000
Subject: [Infowarrior] - Clearly, security can be used to justify anything
Message-ID: <4310BA44-C53D-4A1E-B9A6-B5C66C92D27D@infowarrior.org>


Oh, PLEASE.  Talk about security "theater".......

(via Politico Playbook)

Alexander Marquardt (@MarquardtA): "The pastor of the church where Roy Moore is having an event tonight says the networks' pool camera can only shoot tight shots of Moore because they fear al Qaeda would use other angles to plan an attack."

From rforno at infowarrior.org  Wed Nov  1 20:29:29 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 02 Nov 2017 01:29:29 -0000
Subject: [Infowarrior] - IEEE: The Improbable Origins of PowerPoint
Message-ID: <417CA4BD-164E-4C6C-94DF-AE72685E39B8@infowarrior.org>


The Improbable Origins of PowerPoint

Here?s the surprising story behind the software that conquered the world, one slide at a time

Posted 31 Oct 2017 | 15:00 GMT
By David C. Brock

https://spectrum.ieee.org/tech-history/cyberspace/the-improbable-origins-of-powerpoint

From rforno at infowarrior.org  Thu Nov  2 06:38:02 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 02 Nov 2017 11:38:02 -0000
Subject: [Infowarrior] - Report Finds DHS Terrible At Keeping Track Of
 Agents' Badges And Guns
Message-ID: <7DD5286C-A03E-4AEE-955F-D9500755A96E@infowarrior.org>



Report Finds DHS Terrible At Keeping Track Of Agents' Badges And Guns

< - >

Between fiscal years 2014 and 2016, the Department of Homeland Security personnel lost a total of 2,142 highly sensitive assets ? 228 firearms; 1,889 badges; and 25 secure immigration stamps.

< - >

https://www.techdirt.com/articles/20171101/08402938526/report-finds-dhs-terrible-keeping-track-agents-badges-guns.shtml

From rforno at infowarrior.org  Thu Nov  2 17:13:38 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 02 Nov 2017 22:13:38 -0000
Subject: [Infowarrior] - OT: Snuck into the GOP tax bill....
Message-ID: <B8527841-B7F4-4942-9DB6-FC6C664FA6B6@infowarrior.org>


On page 427 of 429 of the new GOP tax bill contains provisions revoking the Johnson amendment that prohibits churches from engaging in political activity.  Because, liberty, right?   --rick


GOP tax bill would allow churches to endorse political candidates
http://thehill.com/policy/finance/358447-gop-tax-bill-would-allow-churches-to-endorse-political-candidates



From rforno at infowarrior.org  Thu Nov  2 18:37:25 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 02 Nov 2017 23:37:25 -0000
Subject: [Infowarrior] - OT: We should be so lucky...
Message-ID: <8B2C4871-E2AB-4230-8820-4977420A793B@infowarrior.org>


Trump's personal Twitter account briefly disappeared

	? David Choi and Pamela Engel
	?  Nov. 2, 2017, 7:05 PM
	?  531

http://www.businessinsider.com/trumps-twitter-account-gone-disappeared-2017-11

President Donald Trump's personal Twitter account appeared to be offline on Thursday at around 7:00 p.m. eastern time.

The account was restored several minutes later, but many on Twitter took note of the account's disappearance.

It is so far unclear why Trump's personal account went offline. The account was his personal account rather than his government account.

Trump's account, which has over 41 million followers, is the main account he uses to disseminate statements and attack his critics.

Business Insider has reached out to Twitter for comment.

From rforno at infowarrior.org  Thu Nov  2 18:40:46 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 02 Nov 2017 23:40:46 -0000
Subject: [Infowarrior] - USS McCain collision ultimately caused by UI
 confusion
Message-ID: <556F14F4-9A0C-4587-AE9D-E2501806A721@infowarrior.org>


USS McCain collision ultimately caused by UI confusion
https://arstechnica.com/information-technology/2017/11/uss-mccain-collision-ultimately-caused-by-ui-confusion/

From rforno at infowarrior.org  Fri Nov  3 06:19:19 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 03 Nov 2017 11:19:19 -0000
Subject: [Infowarrior] - Twitter employee deactivated POTUS' personal account
Message-ID: <EC70E34F-8F33-48E0-9B2F-0020966A491F@infowarrior.org>


... and for a brief shining moment, the majority of rational people on the internet, if not also a few such souls inside the WH, rejoiced.

But srsly, this should be a huge security wakeup call to the WH and USSS about the POTUS using Twitter in an official (or 'allegedly not-official-but-yeah-its-mostly-official') capacity.   Especially given the ongoing stream-of-consciousness nonsense by a national leader whose every moronic, emotional, and/or likely uninformed utterance is instantly seized upon by the world.  But, as he told Fox last night, he's the "only one that matters" so .... good luck with that idea, right?      --rick

Rogue Twitter employee on last day of job deactivated Trump?s personal account, company says
https://www.washingtonpost.com/news/the-switch/wp/2017/11/02/trumps-twitter-account-was-temporarily-deactivated-due-to-human-error/

From rforno at infowarrior.org  Fri Nov  3 06:23:13 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 03 Nov 2017 11:23:13 -0000
Subject: [Infowarrior] - WhatsApp goes down for many across globe
Message-ID: <56C995BF-CF0D-45D5-895F-95CEBAC870F1@infowarrior.org>

WhatsApp goes down for many across globe

Asia and Western Europe appear most disrupted.

by Nicholas Tufnell
November 3, 2017 3:05 AM PDT

https://www.cnet.com/news/whatsapp-goes-down-for-many-across-globe/#ftag=CAD590a51e

WhatsApp wasn't working for many user across the world this morning.

Outages have been reported in the UK, Myanmar, Russia, Vietnam and Brazil.

The service began to function again about 30 minutes after the initial complaints, according to Reuters, although there are still some reports of issues on social media. It is not known why the outage occurred. 

WhatsApp, owned by Facebook, is one of the world's most popular messaging apps with one billion daily active users.

Facebook bought WhatsApp in 2014 for a staggering $19 billion.

The company did not immediately respond to a request for comment.

From rforno at infowarrior.org  Sat Nov  4 15:24:54 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sat, 04 Nov 2017 20:24:54 -0000
Subject: [Infowarrior] - Fwd: Judge Rules Canada Can't Make Google Delete
 Search Results in U.S.
References: <8C2DC835-E270-4673-9AEC-BBA63D7207C2@roscom.com>
Message-ID: <FDAD21B3-D902-4F8D-9766-3C5E82036FDF@infowarrior.org>



> Begin forwarded message:
> 
> From: Monty Solomon <monty at roscom.com>
> Subject: Judge Rules Canada Can't Make Google Delete Search Results in U.S.
> Date: November 4, 2017 at 4:11:59 PM EDT
> To: Richard Forno <rforno at infowarrior.org>
> 
> Judge Rules Canada Can't Make Google Delete Search Results in U.S.
> http://www.foxbusiness.com/features/2017/11/03/judge-rules-canada-cant-make-google-delete-search-results-in-u-s.html
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171104/37af7272/attachment-0001.html>

From rforno at infowarrior.org  Sat Nov  4 15:25:02 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sat, 04 Nov 2017 20:25:02 -0000
Subject: [Infowarrior] - Fwd: Stuxnet-style code signing is more widespread
 than anyone thought
References: <1F1B436F-0180-4595-80EE-073A84136764@roscom.com>
Message-ID: <65234EFD-8B40-489C-85A1-ACFF875A1904@infowarrior.org>



> Begin forwarded message:
> 
> From: Monty Solomon <monty at roscom.com>
> Subject: Stuxnet-style code signing is more widespread than anyone thought
> Date: November 4, 2017 at 4:08:38 PM EDT
> To: Richard Forno <rforno at infowarrior.org>
> 
> Stuxnet-style code signing is more widespread than anyone thought
> Forgeries undermine the trust millions of people place in digital certificates.
> 
> https://arstechnica.com/information-technology/2017/11/evasive-code-signed-malware-flourished-before-stuxnet-and-still-does/
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171104/8675214d/attachment-0001.html>

From rforno at infowarrior.org  Sun Nov  5 14:59:14 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 05 Nov 2017 20:59:14 -0000
Subject: [Infowarrior] - Millions of Leaked Files Shine Light on Where the
 Elite Hide Their Money
Message-ID: <4D5883AB-3BA2-4980-8962-CE9EE72E7C23@infowarrior.org>

World | The Paradise Papers

Millions of Leaked Files Shine Light on Where the Elite Hide Their Money

Leer en espa?ol
By MICHAEL FORSYTHENOV. 5, 2017

https://www.nytimes.com/2017/11/05/world/paradise-papers.html

It?s called the Paradise Papers: the latest in a series of leaks made public by the International Consortium of Investigative Journalists shedding light on the trillions of dollars that move through offshore tax havens.

The core of the leak, totaling more than 13.4 million documents, focuses on the Bermudan law firm Appleby, a 119-year old company that caters to blue chip corporations and very wealthy people. Appleby helps clients reduce their tax burden; obscure their ownership of assets like companies, private aircraft, real estate and yachts; and set up huge offshore trusts that in some cases hold billions of dollars.

The New York Times is part of the group of more than 380 journalists from over 90 media organizations in 67 countries that have spent months examining the latest set of documents.

As with the Panama Papers, the Paradise Papers leak came through a duo of reporters at the German newspaper S?ddeutsche Zeitung and was then shared with I.C.I.J., a Washington-based group that won the Pulitzer Prize for reporting on the millions of records of a Panamanian law firm. The release of that trove of documents led to the resignation of one prime minister last year and to the unmasking of the wealth of people close to President Vladimir V. Putin of Russia.

The predominantly elite clients of Appleby contrast with those of Mossack Fonseca ? the company whose leaked records became the Panama Papers ? which appeared to be less discriminating in the business it took on. Much of the material makes for dull reading: Spreadsheets, prospectuses and billing statements abound. But amid these are documents that help reveal how multinational companies avoid taxes and how the superrich hide their wealth. The records date back to 1950 and up to 2016.

Appleby has offices in tax havens around the world. In addition to is Bermudan headquarters, it works out of places the British Virgin Islands and the Cayman Islands in the Caribbean; the Isle of Man, Jersey and Guernsey off Britain; Mauritius and the Seychelles in the Indian Ocean; and Hong Kong and Shanghai.

Americans ? companies and people ? dominate the list of clients. Past disclosures, such as the 2013 ?Offshore Leaks? from two offshore incorporators in Singapore and the British Virgin Islands, the 2015 ?Swiss Leaks? from a private Swiss bank owned by the British bank HSBC and another leak in 2016 from the Bahamas were dominated by clients not from the United States.

The documents come not only from Appleby, but also from the Singaporean company Asiaciti Trust and official business registries in places such as Bermuda, the Cayman Islands, Lebanon and Malta.

Setting up companies offshore is generally legal, and corporations routinely do so to facilitate cross-border transactions such as mergers and acquisitions. Appleby, in a public statement on Oct. 24, after inquiries from I.C.I.J., said that it was ?subject to frequent regulatory checks? in ?highly regulated jurisdictions.?

?Appleby has thoroughly and vigorously investigated the allegations and we are satisfied that there is no evidence of any wrongdoing, either on the part of ourselves or our clients,? the company said.

But with this latest leak, some wealthy individuals and multinational corporations may think twice about using offshore ownership structures, said Jack Blum, a lawyer who worked for decades on congressional committees investigating money transfers overseas.

?The danger of being found out has increased exponentially,? Mr. Blum said in an interview. ?If I were a rich guy looking to hide money offshore so that the tax man won?t get me, my nightmare would be to put it in the hands of somebody whose documents leak.?

From rforno at infowarrior.org  Sun Nov  5 16:40:51 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sun, 05 Nov 2017 22:40:51 -0000
Subject: [Infowarrior] - Fwd: Paradise Papers: Your guide to four years of
 offshore revelations
References: <4741D68B-05C3-4681-AF63-473767AC25ED@roscom.com>
Message-ID: <33ACEE4E-5C63-4CE3-BA29-5B31179D79A5@infowarrior.org>



> Begin forwarded message:
> 
> From: Monty Solomon <monty at roscom.com>
> Subject: Paradise Papers: Your guide to four years of offshore revelations
> Date: November 5, 2017 at 5:05:58 PM EST
> To: Richard Forno <rforno at infowarrior.org>
> 
> Paradise Papers: Your guide to four years of offshore revelations
> http://www.bbc.com/news/business-41877932
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171105/f7542c07/attachment-0001.html>

From rforno at infowarrior.org  Mon Nov  6 11:20:51 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Mon, 06 Nov 2017 17:20:51 -0000
Subject: [Infowarrior] - Fwd: Princeton grad student explains impact of GOP
 tax plan on higher ed
References: <20171106163211.GA886@gsp.org>
Message-ID: <597B0AF3-3921-433A-8C35-6D898B4BCD19@infowarrior.org>


>> Date: Mon, 6 Nov 2017 07:20:26 -0500
>> From: Rich Kulawiec <rsk at gsp.org>
>> Subject: Princeton grad student explains impact of GOP tax plan on higher ed
>> 
>> [ This analysis is from David Walsh, who is a PhD student at Princeton. ---rsk ]
>> 
>> 	So I broke down my tax bill under Trump's "Cut Cut Cut" proposal.
>> 	My taxes won't be cut. My tax bill will quadruple.
>> 
>> 	Let me walk you through it. I'm a graduate student at
>> 	Princeton--my (generous) stipend is $32,500. (Some of my STEM
>> 	colleagues make more.)
>> 
>> 	For simplicity's sake, I'm just going to use HR Block's income
>> 	tax calculator. It's not perfect, but it'll give a good ballpark.
>> 	Without deductions, my tax bill is $2,849 on their calculator,
>> 	which is close enough to my actual tax bill, so let's use that
>> 	as a benchmark.
>> 
>> 	Right now, tuition support is not counted toward one's
>> 	gross income for tax purposes. The new GOP bill would strike
>> 	that exemption.  Princeton's tuition is--including health
>> 	insurance--$48,940.
>> 
>> 	So, my actual gross income would be $81,440. Let's plug that
>> 	into the HR Block tax calculator!
>> 
>> 	Lo and behold, my estimated tax bill jumps to $13,499.	That's by
>> 	no means an unreasonable federal tax bill for someone making
>> 	$80,000, but bear in mind my *actual* income is $32,500.
>> 	My actual rate jumps from 9% to 41% of my real income.
>> 
>> 	My net income drops from $29,651 to $19,001.  In effect, I
>> 	lose $10,000.
>> 
>> 	This same basic tax breakdown applies--in broad strokes--to every
>> 	single one of my colleagues at Princeton, in every department.
>> 
>> 	Let's have even more fund with HR Block! I have colleagues who
>> 	are married with children. Let's say your spouse makes, say
>> 	$50k a year.  Joint income is $82,500. Assuming no deductions,
>> 	with two school-aged children, the tax bill is $5,108 for the
>> 	household.  Throw in the tuition support, and joint income is
>> 	$131,400. Estimated tax bill jumps to $16,213--an increase of
>> 	over $10,000.
>> 
>> 	It's the same basic breakdown as with my single-earner situation,
>> 	albeit less dramatic: bill jumps from 6% of income to 20%.
>> 
>> 	This will be the case at every funded PhD program in the country.
>> 
>> 	Those of us who aren't independently wealthy *survive* on our
>> 	stipends. I've tried to be as fiscally responsible as possible.
>> 	My rent is cheap, I save as much as I can every month, I drive
>> 	a used car (a Honda--very reliable).  I even started a certain
>> 	% of my savings into an index fund for retirement, especially
>> 	because, as a grad student, I don't get a 401(k).  If my tax
>> 	bill goes up by $10,000... I really don't know what I would
>> 	do. At the minimum, goodbye savings! (At the *minimum.*)
>> 
>> 	I can't think of a better way to destroy higher education in
>> 	this country. Which--let's be clear--is absolutely the point of
>> 	this bill.
> 
> ----- End forwarded message -----


From rforno at infowarrior.org  Tue Nov  7 09:12:16 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 07 Nov 2017 15:12:16 -0000
Subject: [Infowarrior] - Fwd: Flaw crippling millions of crypto keys is
 worse than first disclosed
References: <94AD82AB-D96E-4D81-896D-A56BF7A92372@roscom.com>
Message-ID: <0E1422D9-4469-4D96-920F-A55D52406E4E@infowarrior.org>



> Begin forwarded message:
> 
> From: Monty Solomon <monty at roscom.com>
> Subject: Flaw crippling millions of crypto keys is worse than first disclosed
> Date: November 6, 2017 at 11:21:34 PM EST
> 
> Flaw crippling millions of crypto keys is worse than first disclosed
> Estonia abruptly suspends digital ID cards as crypto attacks get easier and cheaper.
> https://arstechnica.com/information-technology/2017/11/flaw-crippling-millions-of-crypto-keys-is-worse-than-first-disclosed/
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171107/f1724a48/attachment-0001.html>

From rforno at infowarrior.org  Wed Nov  8 06:11:49 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 08 Nov 2017 12:11:49 -0000
Subject: [Infowarrior] - How Facebook Figures Out Everyone You've Ever Met
Message-ID: <203A63B9-C2BA-40B4-998B-29A6836A4563@infowarrior.org>

How Facebook Figures Out Everyone You've Ever Met
Kashmir Hill
Yesterday 9:39am

In real life, in the natural course of conversation, it is not uncommon to talk about a person you may know. You meet someone and say, ?I?m from Sarasota,? and they say, ?Oh, I have a grandparent in Sarasota,? and they tell you where they live and their name, and you may or may not recognize them.

You might assume Facebook?s friend recommendations would work the same way: You tell the social network who you are, and it tells you who you might know in the online world. But Facebook?s machinery operates on a scale far beyond normal human interactions. And the results of its People You May Know algorithm are anything but obvious. In the months I?ve been writing about PYMK, as Facebook calls it, I?ve heard more than a hundred bewildering anecdotes:

< - >

https://gizmodo.com/how-facebook-figures-out-everyone-youve-ever-met-1819822691

From rforno at infowarrior.org  Wed Nov  8 18:02:31 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 09 Nov 2017 00:02:31 -0000
Subject: [Infowarrior] - FBI said to have missed opportunity to unlock Texas
 shooter's iPhone
Message-ID: <4D8E3F58-5657-44C4-A3B4-26860569E33D@infowarrior.org>


FBI said to have missed opportunity to unlock Texas shooter's iPhone

By Roger Fingas	
Wednesday, November 08, 2017, 03:48 pm PT (06:48 pm ET)

http://appleinsider.com/articles/17/11/08/fbi-said-to-have-missed-opportunity-to-unlock-texas-shooters-iphone

In the first 48 hours after Devin Kelley opened fire at a church in Sutherland Springs, Texas, killing 26 people, neither the FBI nor other law enforcement agencies asked for Apple's help in unlocking Kelley's iPhone or linked accounts ?possibly missing a critical opportunity, according to one report.

If the iPhone had Touch ID enabled, investigators could have used Kelley's fingers to unlock the device, Reuters said on Wednesday. Investigators have officially refused to identify Kelley's phone, but sources for the Washington Post have claimed it's an iPhone.

Touch ID normally forces users to enter their passcode after 48 hours if they haven't unlocked a device in the interim. Trying to brute-force a passcode lock risks the device self-erasing after too many failed attempts.

In a statement to BuzzFeed's John Paczkowski, Apple said that it "immediately reached out to the FBI" after learning about the seized phone from a Tuesday press conference. At the time the head of the FBI's San Antonio office, Christopher Combs, complained that encryption was making it impossible to break into the phone. 

"We offered assistance and said we would expedite our response to any legal process they send us," Apple continued.

The phone is now sitting at an FBI lab in Quantico, Va. The agency's best hope at retrieving data may be submitting a court order for Kelley's iCloud account, since Apple has a policy of obeying such orders and supplying necessary decryption keys. If Kelley had iCloud backups turned on, his data could include photos and text messages.

From rforno at infowarrior.org  Wed Nov  8 19:03:45 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 09 Nov 2017 01:03:45 -0000
Subject: [Infowarrior] - Ars Live: Stanford attorney Riana Pfefferkorn will
 discuss legal threats to crypto.
Message-ID: <7883F0B8-1385-4E0A-8BDE-16C2680D611B@infowarrior.org>

Bay Area: Join us 11/15 for a brief history of encryption and the law

At Ars Live, Stanford attorney Riana Pfefferkorn will discuss legal threats to crypto.

Annalee Newitz - 11/8/2017, 5:55 PM

https://arstechnica.com/tech-policy/2017/11/bay-area-join-us-1115-for-a-brief-history-of-encryption-and-the-law/

With the DOJ recently bringing back the "Going Dark" debate and now calling for "responsible encryption," what does the Trump administration have to say about strong crypto? Do we know yet? Do they?

If there's anyone who might be able to figure that out, it's Riana Pfefferkorn. As an attorney and legal fellow, Pfefferkorn is at the forefront of trying to make sense of new technology, surveillance policy, and the thorny legal questions that emerge. She'll explain how this problem emerged and what the FBI has already done about it over the last decade.

Join Ars Technica editors Cyrus Farivar and Annalee Newitz in conversation with Riana Pfefferkorn at the next Ars Technica Live on November 15 at Eli's Mile High Club in Oakland.

Riana is the Cryptography Fellow at the Stanford Center for Internet and Society. Her work focuses on investigating and analyzing the US government's policy and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures.

Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, where she worked on online privacy, Internet intermediary liability, consumer protection, copyright, trademark, and trade secrets. While there, she was also actively involved in the firm's pro bono program. Before that, Riana clerked for the Honorable Bruce J. McGiverin of the US District Court for the District of Puerto Rico.

Ars Live takes place on the third Wednesday of every month at Eli's Mile High Club in Oakland (3629 MLK Way). They have the best tater tots you've ever eaten. So crispy!

Doors open at 7pm, and the live filming is from 7:30pm to 8:20-ish (be sure to get there early if you want a seat). Stick around afterward for informal discussion, beer, and snacks. Can't make it out to Oakland? Never fear! Episodes will be posted to Ars Technica the week after the live events.

The event is free but space is limited, so RSVP using Eventbrite. You can also keep up with the latest Ars Live doings on Facebook. See you soon, Bay Area Arsians!

From rforno at infowarrior.org  Wed Nov  8 19:07:55 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 09 Nov 2017 01:07:55 -0000
Subject: [Infowarrior] - Corker to hold hearing on president's nuclear
 weapons authority
Message-ID: <C416C718-5F81-4AC2-B889-2CFF4F9B6799@infowarrior.org>

Corker to hold hearing on president's nuclear weapons authority

By Brandon Carter - 11/08/17 07:41 PM EST 60

http://thehill.com/homenews/senate/359517-corker-to-hold-hearing-on-presidents-nuclear-weapons-authority

Sen. Bob Corker (R-Tenn.) announced Wednesday the Senate Foreign Relations Committee would hold a hearing next week on ?the executive?s authority to use nuclear weapons.?

?A number of members both on and off our committee have raised questions about the authorities of the legislative and executive branches with respect to war making, the use of nuclear weapons, and conducting foreign policy overall,? Corker said in a statement announcing the Nov. 14 hearing.

?This continues a series of hearings to examine these issues and will be the first time since 1976 that this committee or our House counterparts have looked specifically at the authority and process for using U.S. nuclear weapons,? he continued. ?This discussion is long overdue, and we look forward to examining this critical issue.?

A debate over nuclear authority has reignited among lawmakers after President Trump warned in August that North Korea could face "fire and fury like the world has never seen" if it continues to advance its nuclear program.

A number of rank-and-file Democrats and Republicans have come forward saying Congress must authorize the use of nuclear weapons and a declaration of war should Trump want to strike North Korea. 

Sen. Dan Sullivan (R-Alaska), who sits on the Armed Services Committee, said ?preemptive war? on the Korean Peninsula ?would require the authorization of Congress.?  

Both Rep. Ted Lieu (D-Calif.) and Sen. Ed Markey (D-Mass.) introduced bills this year that would bar Trump from launching a preemptive nuclear attack before Congress approves a declaration of war. Those bills have stalled in the Republican-controlled House and Senate.

House Minority Leader Nancy Pelosi (D-Calif.) has also called on Congress to bar the president from using nuclear weapons unless the United States is attacked first.

Corker has emerged as a fierce critic of President Trump over the last month, saying Trump could put the U.S. ?on the path to World War III.?

From rforno at infowarrior.org  Wed Nov  8 19:11:14 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 09 Nov 2017 01:11:14 -0000
Subject: [Infowarrior] - =?utf-8?q?Facebook_If_You_Want_to_Use_Facebook?=
 =?utf-8?q?=E2=80=99s_Revenge_Porn_Blocker=2C_An_Employee_Will_Have_to_Rev?=
 =?utf-8?q?iew_Your_Uncensored_Photo?=
Message-ID: <0B0916E0-F205-4D63-B821-B1F74D72B668@infowarrior.org>

No, this is not from The Onion.    ---rick


If You Want to Use Facebook?s Revenge Porn Blocker, An Employee Will Have to Review Your Uncensored Photo
https://gizmodo.com/if-you-want-to-use-facebook-s-revenge-porn-blocker-an-1820271537

Facebook announced on Tuesday that it is deploying a new revenge porn reporting tool, first piloted in Australia, that will allow users to send photos that they don?t want shared online directly to Facebook. Facebook says its community operations team will use a hash system to prevent the photo from being shared across Facebook, Instagram, or Messenger. But before an image is hashed, your intimate photos will be looked at by someone at Facebook.

A Facebook spokesperson confirmed to the Daily Beast today that a staffer will first have to look at the uncensored version of the image in order to make sure that the uploaded content fits the definition of revenge porn. What?s more, images will be blurred and stored by Facebook and ?available to a small number of people,? according to the Daily Beast.

?The photo has to be examined by a human first to make sure it is actually objectionable per policy,? security researcher Nicholas Weaver told Gizmodo in an email. ?Otherwise, someone could upload the famous ?tank man? photo, call it revenge porn, and censor it that way.? When asked how a photo will look to a Facebook employee once a user uploads it, Weaver said that in order to determine whether an image is objectionable, ?it has to be clearly visible.? It is not until after it is determined so that it will become unidentifiable.

While giving users the power to get ahead of abusers by preemptively uploading any media they don?t want shared online isn?t inherently bad, requiring a stranger to look at the uncensored content leaves a lot of room for improvement. For one, Facebook?s system still requires you to put a ton of trust in an unknown Facebook employee or contractor, and not mind that they are looking at photos you?d otherwise not want to be seen.

This policy puts the responsibility on users to prevent anticipated abuse, and it also signals that Facebook doesn?t totally trust its beloved algorithms to do the job. The company has praised its use of machine learning as a way to deal with harassment, fake news, and more. But it still seemingly doesn?t have a sophisticated enough algorithm to determine whether a photo or video can be considered revenge porn.

We have reached out to Facebook for comment.


From rforno at infowarrior.org  Wed Nov  8 19:12:59 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 09 Nov 2017 01:12:59 -0000
Subject: [Infowarrior] - DOJ Set To Block AT&T Takeover Of Time Warner : The
 Two-Way : NPR
Message-ID: <A41BFE51-0686-45E4-8C60-E5CE903D4F7F@infowarrior.org>

DOJ Set To Block AT&T Takeover Of Time Warner : The Two-Way : NPR

David Folkenflik Twitter
6-8 minutes

https://www.npr.org/sections/thetwo-way/2017/11/08/562898390/doj-set-to-block-at-t-takeover-of-time-warner

The U.S. Justice Department has informed AT&T that it will block the telecommunications giant's planned $85 billion takeover of Time Warner unless it sells off CNN ? a network frequently targeted for derision by President Trump. The move has therefore triggered concerns within CNN that the administration is taking action against a media outfit simply because it has angered the president with its coverage, raising First Amendment implications.

The government's stance seemingly flies in the face of decades of precedent: Federal authorities routinely approve deals involving so-called vertical integration ? the consolidation of companies in related fields that are not competitors. And it contradicts the current federal antitrust chief's past statements a year ago after this deal was announced.

The government's position was first reported by the Financial Times. NPR confirmed the development in interviews with three people with knowledge of negotiations with the government who spoke on condition of anonymity because they were not authorized to speak about the deal. Justice Department antitrust officials offered AT&T a choice to keep the deal alive: Get rid of Time Warner's Turner Broadcasting division, which includes CNN, or dispose of DirecTV, AT&T's giant satellite television provider. But the sticking point appears to have been CNN, according to two informed sources at Turner Broadcasting.

"I am just frankly mystified by the rationale here," said University of Pennsylvania law professor Herbert Hovenkamp, a leading authority on antitrust issues. "You need to know where competitive harm is threatened. So far, I don't see it."

Trump previously indicated he might seek to thwart the AT&T-Time Warner deal over antitrust concerns. Yet Trump has been far more vocal about his anger at CNN ? both as a candidate and as president. For example, earlier this year, at a formal press conference in Poland with that nation's president, Trump said, "They have been fake news for a long time. They have been covering me in a dishonest way."

As a result, within Time Warner, the Trump administration's stance is being seen as a direct strike against CNN. "There isn't any precedent," says one executive at Turner Broadcasting, the television subsidiary that would have to be sold off. "It's one thing to say, 'Fake news'! It's another to reverse governmental policy because you object to a company's journalism."

AT&T Chairman and CEO Randall Stephenson said Wednesday the company never offered to sell CNN and has no intention of doing so to win approval of the Time Warner deal.

Without Turner Broadcasting, which includes such channels as TNT, TBS and the Cartoon Network, the deal would be a nonstarter; according to the company's 2016 annual report to shareholders, Turner Broadcasting contributed nearly 60 percent of Time Warner's profits. (Turner does not include HBO, Time Warner's premium cable channel.)

The Justice Department would not confirm its stance, saying it does not discuss matters under review. Federal regulators are separately reviewing Sinclair Broadcasting's proposed acquisition of Tribune Media, which would give it control of more than 200 stations nationally. And John Malone's Discovery Communications is in the process of acquiring Scripps Network Interactive Inc., which would combine two families of cable networks. Those deals are "horizontal integration" ? the blending of competitors ? which is usually given far rougher scrutiny. Yet the concessions demanded by the federal government for the AT&T package are significantly greater than those expected to face the Sinclair or Discovery deals. Indeed, the Federal Communications Commission changed regulations that make it easier to approve the deal for Sinclair, a conservative chain of local stations that has emerged with coverage and commentaries supportive of the president.

"The one reason that doesn't fly for blocking the deal is, 'Don't approve it because it's CNN, and CNN annoys the president,' " said Craig Aaron, president and CEO of the consumer advocacy group Free Press. "It's legitimate for the federal government to say this is just too big. The only question is: Is this legal reasoning? And I think there's an antitrust case to make there."

"If the reason that's coming down is, 'Punish CNN,' then that's a real problem," Aaron told NPR. "We don't really know, and because of everything Trump has said, you can't help but ask the question."

The head of the department's antitrust division is Makan Delrahim, who served as deputy to the antitrust chief under President George W. Bush. That Justice Department blocked a small number of horizontal integration deals blending competitors ? such as the thwarted merger of US Airways and United. Republican administrations are typically even less willing to intervene in corporate actions.

In an interview with a Canadian television network when it was proposed, Delrahim discouraged talk that the AT&T-Time Warner deal would be a tough sell.

"Just the sheer size of it and the fact that it's media I think will get a lot of attention," Delrahim told BNN in October 2016. "However, I don't see this as a major antitrust problem."

AT&T has signaled that it intends to challenge the administration in court over the requirement.


From rforno at infowarrior.org  Thu Nov  9 06:05:22 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 09 Nov 2017 12:05:22 -0000
Subject: [Infowarrior] - Fwd: This Time,
 Facebook Is Sharing Its Employees' Data
References: <8057AF48-1B0A-483F-A92F-7B02EF79A6F7@roscom.com>
Message-ID: <DBACAEB3-6DAC-415C-9C97-A57D61E3A953@infowarrior.org>



> Begin forwarded message:
> 
> From: Monty Solomon <monty at roscom.com>
> Subject: This Time, Facebook Is Sharing Its Employees' Data
> Date: November 8, 2017 at 23:29:05 EST
> 
> This Time, Facebook Is Sharing Its Employees? Data
> 
> Some of the biggest companies turn over their workers? most personal information to the troubled credit reporting agency Equifax.
> 
> https://www.fastcompany.com/40485634/equifax-salary-data-and-the-work-number-database
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171109/460152b3/attachment-0001.html>

From rforno at infowarrior.org  Thu Nov  9 06:08:28 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 09 Nov 2017 12:08:28 -0000
Subject: [Infowarrior] - =?utf-8?q?Controversial_=E2=80=98hack_back?=
 =?utf-8?q?=E2=80=99_bill_gains_supporters_despite_critics?=
Message-ID: <DFEDA11D-1667-4B56-8520-6C346101B3A0@infowarrior.org>

Controversial ?hack back? bill gains supporters despite critics

By Morgan Chalfant - 11/09/17 06:00 AM EST 2

http://thehill.com/policy/cybersecurity/359526-controversial-hack-back-bill-gains-supporters-despite-critics

A controversial piece of legislation that would allow companies to retaliate against hackers is gaining traction in Congress even as it sets off alarms with security and legal experts.

The legislation would amend a 1986 law that made it a federal crime to access someone else?s computer without proper authorization, allowing companies who fall victim to hacking to engage in a limited range of ?active defense measures? against their perpetrators.

Victims would be able to leave their networks to attribute attacks, disrupt them, retrieve or destroy stolen data and track the behavior of the attacker. They would also, if files were stolen, be able to use beaconing technology to find the physical location of a hacker. 

Proponents say the bill would give companies the much-needed power to monitor, identify and stop attackers that target their systems in an era where cyber threats abound.

?The status quo is not acceptable anymore,? Rep. Tom Graves (R-Ga.), who introduced the legislation alongside Rep. Kyrsten Sinema (D-Ariz.) in mid-October, told The Hill in an interview.

The lawmakers have worked on the legislation for the better part of 2017, and it is finally showing signs of gaining steam in the House. Last week, it picked up a slate of seven bipartisan co-sponsors, including House Oversight and Government Reform Committee Chairman Trey Gowdy (R-S.C.).

Graves also said he has had conversations with Trump administration officials who have been ?very positive? on the thought that went into the bill.

The concept of ?hacking back? has been criticized in national security circles.

?My concern is, be leery of putting more gunfighters out on the street in the Wild West. As an individual tasked with protecting our networks, I?m thinking to myself, we?ve got enough cyber actors out there already,? National Security Agency (NSA) Director Mike Rogers said during congressional testimony in May.

On Monday, former NSA Director Keith Alexander suggested that companies could start wars by ?hacking back,? according to Vice.

Proponents of the bill, which has gone through multiple iterations before being formally introduced, say that it has enough controls in place to prevent ?vigilantism? and any unintended consequences.

For example, the legislation would prevent companies from destroying or damaging data that does not belong to them and is stored on another person or entity?s computer.

Still, security experts have raised concerns over the proposal, pointing to the difficulty of attributing cyberattacks in the first place.

?You?re talking about this idea that private actors, say mostly companies, are going to be able to know who is attacking them and know with enough certainty to be able to retaliate effectively,? said Josephine Wolff, a professor at Rochester Institute of Technology and fellow at the New America Cybersecurity Initiative.

Wolff noted that foreign actors often compromise an intermediary first in order to use that system as a platform for attacking their ultimate target. This could result in companies infiltrating the wrong system in the quest to track down the perpetrator of an attack, she said.

?You?re not necessarily going after the people who initiated the attack. You could be going after somebody who is caught in the middle,? Wolff said.

Some legal experts agree that it could lead companies into a thorny situation.

?You?ve got to wonder whether it would be in the best interests of a company to do something like this, particularly if they had just been hacked and their systems were thus possibly vulnerable in ways they might not yet know that could actually be further exploited were they to go digging in presumably hostile systems,? observed Doug Henkin, a Washington lawyer with cybersecurity expertise.

Those who support the bill say such criticism is misguided, pointing to controls incorporated in the final legislation to limit damage. Companies looking to engage in ?active defense,? for instance, would have to notify the FBI?s cyber crime unit before taking action.

?We?re trying to give them more additional tools to defend themselves,? said Graves.

Some say that it would boost cooperation between private companies and law enforcement and help the latter better attribute and combat cyber crimes.

?It turns a victim ? a company that has been attacked ? into a witness,? said David Inserra, a policy analyst at the conservative Heritage Foundation. ?That?s more information that our authorities can use to find and catch the offender.?

The business community isn?t signing on just yet. The U.S. Chamber of Commerce says it?s not supporting the bill because of the potential for unintended consequences, but still sees it as a vehicle for dialogue on what companies can do to thwart cyberattacks.

The bill still faces an uphill battle, as the legislative calendar winds down with no companion legislation filed in the Senate. Graves said he has had discussions with Chairman Bob Goodlatte (R-Va.) and other members of the House Judiciary Committee, which will need to consider the bill before it can advance to the full chamber for a vote.

While Graves would not say that the White House or the Department of Justice support the legislation outright, he said both are ?reviewing? it.

?Cyber is one of the priorities of the administration, and they are very interested in what we are proposing here and the thought that has gone into this,? Graves said.

From rforno at infowarrior.org  Fri Nov 10 06:11:08 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 10 Nov 2017 12:11:08 -0000
Subject: [Infowarrior] - Recent Intel Chipsets Have A Built-In Hidden
 Computer, Running Minix With A Networking Stack And A Web Server
Message-ID: <D272F139-DE6D-4490-8E30-6A28E5A4BA55@infowarrior.org>

Recent Intel Chipsets Have A Built-In Hidden Computer, Running Minix With A Networking Stack And A Web Server

from the what-could-possibly-go-wrong? dept

https://www.techdirt.com/articles/20171108/09095338574/recent-intel-chipsets-have-built-in-hidden-computer-running-minix-with-networking-stack-web-server.shtml

One way of looking at the history of computing is as the story of how the engineering focus rose gradually up the stack, from the creation of the first hardware, through operating systems, and then applications, and focusing now on platform-independent Net-based services. Underneath it all, there's still the processor, even if most people don't pay much attention to it these days. Unregarded it may be, but the world of the chip continues to move on. For example, for some years now, Intel has incorporated something called the Management Engine into its chipsets:

Built into many Intel Chipset?based platforms is a small, low-power computer subsystem called the Intel Management Engine (Intel ME). The Intel ME performs various tasks while the system is in sleep, during the boot process, and when your system is running. This subsystem must function correctly to get the most performance and capability from your PC.

That is, inside recent Intel-based systems, there is a separate computer within a computer -- one the end user never sees and has no control over. Although a feature for some time, it's been one of Intel's better-kept secrets, with details only emerging slowly. For example, a recent article on Network World pointed out that earlier this year, Dmitry Sklyarov (presumably, that Dmitry Sklyarov) worked out that Intel's ME is probably running a variant of the Minix operating system (yes, that Minix.) The Network World article notes that a Google project has found out more about the ME system:

According to Google, which is actively working to remove Intel's Management Engine (MINIX) from their internal servers (for obvious security reasons), the following features exist within Ring -3:

Full networking stack
File systems
Many drivers (including USB, networking, etc.)
A web server

That?s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.

Why on this green Earth is there a web server in a hidden part of my CPU? WHY?

The "Ring-3" mentioned there refers to the level of privileges granted to the ME system. As a Google presentation about ME (pdf) explains, operating systems like GNU/Linux run on Intel chips at Ring 0 level; Ring-3 ("minus 3") trumps everything above -- include the operating system -- and has total control over the hardware. Throwing a Web server and a networking stack in there too seems like a really bad idea. Suppose there was some bug in the ME system that allowed an attacker to take control? Funny you should ask; here's what we learned earlier this year:

Intel says that three of its ME services -- Active Management Technology, Small Business Technology, and Intel Standard Manageability -- were all affected [by a critical bug]. These features are meant to let network administrators remotely manage a large number of devices, like servers and PCs. If attackers can access them improperly they potentially can manipulate the vulnerable computer as well as others on the network. And since the Management Engine is a standalone microprocessor, an attacker could exploit it without the operating system detecting anything.

As the Wired story points out, that critical bug went unnoticed for seven years. Because of the risks a non-controllable computer within a computer brings with it, Google is looking to remove ME from all its servers, and there's also an open source project doing something similar. But that's difficult: without ME, the modern systems based on Intel chipsets may not boot. The problems of ME have led the EFF to call on Intel to make a number of changes to the technology, including:

Provide a way for their customers to audit ME code for vulnerabilities. That is presently impossible because the code is kept secret.

Offer a supported way to disable the ME. If that's literally impossible, users should be able to flash an absolutely minimal, community-auditable ME firmware image.

Those don't seem unreasonable requests given how serious the flaws in the ME system have been, and probably will be again in the future. It also seems only fair that people should be able to control fully a computer that they own -- and that ought to include the Minix-based computer

From rforno at infowarrior.org  Fri Nov 10 15:55:24 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 10 Nov 2017 21:55:24 -0000
Subject: [Infowarrior] - Equifax CEO to Congress: Not Sure We Are Encrypting
 Data
Message-ID: <F04441FE-4A96-42B9-9F18-7461A2C3A5E9@infowarrior.org>

Equifax CEO to Congress: Not Sure We Are Encrypting Data

Interim chief should have asked his staff ?the day he took over,? analyst says

Robert McMillan and
AnnaMaria Andriotis
Nov. 8, 2017 5:34 p.m. ET
39 COMMENTS

https://www.wsj.com/articles/equifax-ceo-to-congress-not-sure-we-are-encrypting-data-1510180486?mod=yahoo_hs&yptr=yahoo

Two months after Equifax Inc. EFX -0.19% reported one of the worst data breaches in history, its interim chief executive told a congressional hearing Wednesday he wasn?t sure whether the company was encrypting consumer data.

Equifax announced Sept. 7 it was breached and that hackers accessed data including names, dates of birth and Social Security numbers for 145.5 million U.S. consumers. Several executives, including the CEO, stepped aside in the wake of the disclosure.

Equifax has quadrupled spending on security, updated its security tools and changed its corporate structure since the breach, Paulino do Rego Barros Jr., the interim chief, said during a hearing by the Senate Commerce Committee.

But Mr. Barros stumbled when asked by Sen. Cory Gardner (R., Colo) whether Equifax was now encrypting the consumer data it stored on its computers?a basic step in hiding sensitive information from hackers, and one the company previously had admitted it didn?t take before the breach.

?I don?t know at this stage,? Mr. Barros said.

The answer was disappointing, said Avivah Litan, an analyst with the research firm Gartner Inc. ?He should have asked his staff that the day he took over,? she said.

Mr. Barros has been Equifax?s CEO since Sept. 26, when the company announced Richard Smith was retiring. Before that, Mr. Barros was head of the company?s Asia-Pacific business.

Equifax is in the process of ?either encrypting or deleting? data stored on its computer storage systems, an Equifax spokeswoman said in an email. Since the breach, ?Equifax has deployed multiple methodologies to strengthen security and protect data,? she said.

Since the breach was announced, nearly 32 million unique visitors have used Equifax?s website to go through the process of confirming whether their information was compromised, the company said. That represents approximately 22% of the affected U.S. consumers.

The breach is seen by some as a watershed moment for the credit-reporting industry. Lawmakers during the hearing said they were contemplating a variety of legislative responses, including a national breach-disclosure law and federal data-safety requirements.

Wednesday?s data-breach hearing also included testimony from former Yahoo Inc. AABA 0.51% CEO Marissa Mayer.

Ms. Mayer apologized for a series of breaches that compromised 3 billion Yahoo user accounts, but said companies today face advanced adversaries. ?Even robust defenses and processes are not sufficient to protect against a state-sponsored attack,? she said.

In March, the Justice Department charged four men, including two Russian spies, for their involvement in a 2014 attack on Yahoo, which is now a part of Verizon Communications Inc.

Appeared in the November 9, 2017, print edition as 'Equifax CEO Unsure If Data Is Encrypted.'

From rforno at infowarrior.org  Mon Nov 13 10:40:16 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Mon, 13 Nov 2017 16:40:16 -0000
Subject: [Infowarrior] - Are Journalists the Enemy of the American People?
Message-ID: <EADDA807-24C6-4B57-AD63-768A3E4F5FCF@infowarrior.org>

Are Journalists the Enemy of the American People?

November 12, 2017 6:00pm by Barry Ritholtz

http://ritholtz.com/2017/11/journalists-today-enemy-american-people/

 It is shocking that 63% of GOP members believe the 4th Estate is the ?enemy of the people:?


Source: Cato Institute
?A majority of Republicans (63%) agree with President Trump that journalists today are an ?enemy of the American people.? Conversely, most Americans (64%), as well as 89% of Democrats and 61% of independents, do not view journalists as the enemy.

Despite this, Republicans (63%) agree with most Americans (70%), including Democrats (76%) and independents (71%), that government should not have the power to stop news stories even if officials say they are biased or inaccurate.?

I am old enough to remember when Republicans were independent thinkers, not silly sycophants who blindly repeat whatever bullshit they hear on Fox News. This is shocking banana republic-type nonsense, and it is completely unAmerican.

From rforno at infowarrior.org  Mon Nov 13 10:41:42 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Mon, 13 Nov 2017 16:41:42 -0000
Subject: [Infowarrior] - PriavacyTools portal
Message-ID: <44E6C85C-565B-4168-9B39-8FAE407E09C3@infowarrior.org>



https://www.privacytools.io/#notebook

You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.

From rforno at infowarrior.org  Tue Nov 14 06:13:38 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 14 Nov 2017 12:13:38 -0000
Subject: [Infowarrior] - =?utf-8?b?V2lraWxlYWtz4oCZIOKAnFNlY3JldCBDb3Jy?=
 =?utf-8?q?espondence=E2=80=9C_with_Don_Trump_Jr=2E_published?=
Message-ID: <3807D0C0-BC4F-4859-8974-8A4F66A216D2@infowarrior.org>

Wikileaks? ?Secret Correspondence? with Don Trump Jr. published

The Atlantic has released a bombshell story. Leaked files show Donald Trump Jr., the bumbling son of the United States questionably elected President, apparently cooperating with Wikileaks, an organization declared a "hostile intelligence service" by CIA Director Michael Pompeo.

These conversations took place through Twitter DM and would have been accepted by Jr. Trump, and could have been blocked at any time. The timing of various tweets, matched with other events, certainly carries the appearance of a bi-directional relationship.

< - >

https://boingboing.net/2017/11/13/don-jr-c.html

From rforno at infowarrior.org  Tue Nov 14 06:15:06 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 14 Nov 2017 12:15:06 -0000
Subject: [Infowarrior] - Uber drivers in Lagos are using a fake GPS app to
 inflate rider fares
Message-ID: <DB462E18-433A-405A-9E92-3BFDAED1BC18@infowarrior.org>


Uber drivers in Lagos are using a fake GPS app to inflate rider fares
https://qz.com/1127853/uber-drivers-in-lagos-nigeria-use-fake-lockito-app-to-boost-fares/

From rforno at infowarrior.org  Tue Nov 14 06:39:13 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 14 Nov 2017 12:39:13 -0000
Subject: [Infowarrior] - Feinstein Looking To Revive Anti-Encryption Bill In
 The Wake Of Texas Church Shooting
Message-ID: <002848FB-6132-4848-994E-2B86AEBBF808@infowarrior.org>


Sen. Feinstein Looking To Revive Anti-Encryption Bill In The Wake Of Texas Church Shooting
https://www.techdirt.com/articles/20171111/13474238592/sen-feinstein-looking-to-revive-anti-encryption-bill-wake-texas-church-shooting.shtml

From rforno at infowarrior.org  Tue Nov 14 09:50:51 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 14 Nov 2017 15:50:51 -0000
Subject: [Infowarrior] - =?utf-8?q?Thirty_countries_use_=27armies_of_opini?=
 =?utf-8?q?on_shapers=27_to_manipulate_democracy_=E2=80=93_report?=
Message-ID: <37870075-B388-45EB-9AC5-C3F793632617@infowarrior.org>

Thirty countries use 'armies of opinion shapers' to manipulate democracy ? report

https://www.theguardian.com/technology/2017/nov/14/social-media-influence-election-countries-armies-of-opinion-shapers-manipulate-democracy-fake-news

Alex Hern

@alexhern
Tuesday 14 November 2017 05.43 EST Last modified on Tuesday 14 November 2017 07.55 EST

The governments of 30 countries around the globe are using armies of so called opinion shapers to meddle in elections, advance anti-democratic agendas and repress their citizens, a new report shows.

Unlike widely reported Russian attempts to influence foreign elections, most of the offending countries use the internet to manipulate opinion domestically, says US NGO Freedom House.

?Manipulation and disinformation tactics played an important role in elections in at least 17 other countries over the past year, damaging citizens? ability to choose their leaders based on factual news and authentic debate,? the US government-funded charity said. ?Although some governments sought to support their interests and expand their influence abroad, as with Russia?s disinformation campaigns in the United States and Europe, in most cases they used these methods inside their own borders to maintain their hold on power.?

Even in those countries that didn?t have elections in the last year, social media manipulation was still frequent. Of the 65 countries surveyed, 30, including Venezuela, the Philippines and Turkey, were found to be using ?armies of opinion shapers? to ?spread government views, drive particular agendas, and counter government critics on social media?, according to Freedom House?s new Freedom on the Net report. In each of the 30 countries it found ?strong indications that individuals are paid to distort the digital information landscape in the government?s favour, without acknowledging sponsorship?.

That number has risen every year since the first report in 2009. In 2016, just 23 countries were found to be using the same sort of pro-government ?astroturfing? (a fake grassroots movement). Recently ?the practice has become significantly more widespread and technically sophisticated, with bots, propaganda producers, and fake news outlets exploiting social media and search algorithms to ensure high visibility and seamless integration with trusted content,? the report says.

?The effects of these rapidly spreading techniques on democracy and civic activism are potentially devastating ? By bolstering the false perception that most citizens stand with them, authorities are able to justify crackdowns on the political opposition and advance anti-democratic changes to laws and institutions without a proper debate.?

The report describes the varied forms this manipulation takes. In the Philippines, it is manifested as a ?keyboard army? paid $10 a day to operate fake social media accounts, which supported Rodrigo Duterte in the run-up to his election last year, and backed his crackdown on the drug trade this year. Turkey?s ruling party enlisted 6,000 people to manipulate discussions, drive agendas and counter opponents. The government of Sudan?s approach is more direct: a unit within the country?s intelligence service created fake accounts to fabricate support for government policies and denounce critical journalists.

?Governments are now using social media to suppress dissent and advance an anti-democratic agenda,? said Sanja Kelly, director of the Freedom on the Net project. ?Not only is this manipulation difficult to detect, it is more difficult to combat than other types of censorship, such as website blocking, because it?s dispersed and because of the sheer number of people and bots deployed to do it.?

?The fabrication of grassroots support for government policies on social media creates a closed loop in which the regime essentially endorses itself, leaving independent groups and ordinary citizens on the outside,? Kelly said.

From rforno at infowarrior.org  Tue Nov 14 14:15:45 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 14 Nov 2017 20:15:45 -0000
Subject: [Infowarrior] - Latest DOJ WTFness: Encryption Is Like A Locked
 House That Won't Let Its Owners Back Inside
Message-ID: <2DE7DA0D-7858-4C41-BC0E-4CE3E6977C8C@infowarrior.org>



Latest DOJ WTFness: Encryption Is Like A Locked House That Won't Let Its Owners Back Inside

https://www.techdirt.com/articles/20171112/09112238596/latest-doj-wtfness-encryption-is-like-locked-house-that-wont-let-owners-back-inside.shtml

From rforno at infowarrior.org  Tue Nov 14 14:21:09 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Tue, 14 Nov 2017 20:21:09 -0000
Subject: [Infowarrior] - =?utf-8?q?CompuServe=E2=80=99s_forums=2C_which_st?=
 =?utf-8?q?ill_exist=2C_are_finally_shutting_down?=
Message-ID: <1260AA7C-F994-4D38-95FE-387548EF6FB0@infowarrior.org>

	? 1.14.17
	? 1:50 am

CompuServe?s forums, which still exist, are finally shutting down

https://www.fastcompany.com/40495831/compuserves-forums-which-still-exist-are-finally-shutting-down

Before there was a World Wide Web, a sizable chunk of all meaningful conversation between computer users happened in the forums at CompuServe, which was the dominant online service until AOL came along. There was a CompuServe forum for everything from PC hardware to comic books, the signal-to-noise ratio was generally high, and if you had a question chances were that a fellow member would answer it?just to be helpful.

CompuServe was acquired by AOL in 1998, and was never the same thereafter. AOL itself is now part of Oath, which is part of Verizon. And time is finally running out for the forums, which have stuck around in diminished form even as the rest of CompuServe has dwindled away. They?ll be removed from what remains of CompuServe on December 15, a fact I learned from my Facebook friend Howard Sobel, the cofounder of WUGNET, which has managed tech forums for CompuServe for decades.

The glory days of CompuServe are long gone. So, as far as I know, are the forum threads I participated in from the late 1980s through the mid-1990s. But for those of us who still remember the IDs the once-mighty service assigned us?hi, I?m 74352,1314?knowing that the forums are going away is like hearing about the death of an old friend. May the squeal of a 2,400-bps dial-up modem give way to a moment of silence in their honor.


From rforno at infowarrior.org  Wed Nov 15 05:47:00 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 15 Nov 2017 11:47:00 -0000
Subject: [Infowarrior] - WH to release rules on disclosing cyber flaws:
 source
Message-ID: <5313F3A0-8C63-4764-B92F-650C920D0403@infowarrior.org>

November 14, 2017 / 9:52 PM / Updated 9 hours ago
Trump administration to release rules on disclosing cyber flaws: source
Dustin Volz

https://www.reuters.com/article/us-usa-cyber-rules/trump-administration-to-release-rules-on-disclosing-cyber-flaws-source-idUSKBN1DF0A0

WASHINGTON (Reuters) - The Trump administration is expected to publicly release on Wednesday its rules for deciding whether to disclose cyber security flaws or keep them secret, a national security official told Reuters.

The move is an attempt by the U.S. government to address criticism that it too often jeopardizes internet security by stockpiling the cyber vulnerabilities it detects in order to preserve its ability to launch its own attacks on computer systems.

The revised rules, expected to be published on whitehouse.gov, are intended to make the process for how various federal agencies weigh the costs of keeping a flaw secret more transparent, said the official, who spoke on condition of anonymity because the rules were not yet public.

Under former President Barack Obama, the U.S. government created an inter-agency review, known as the Vulnerability Equities Process, to determine what to do with flaws unearthed primarily by the National Security Agency.

The process is designed to balance law enforcement and U.S. intelligence desires to hack into devices with the need to warn manufacturers so that they can patch holes before criminals and other hackers take advantage of them.

The new Trump administration rules will name the agencies involved in the process and include more of them than before, such as the Departments of Commerce, Treasury and State, the official said.

Rob Joyce, the White House cyber security coordinator, has previewed the new rules in recent public appearances.

?It will include the criteria that the panel weighs, and it will also include the participants,? Joyce said last month at a Washington Post event. He said the Trump administration wanted to end the ?smoke-filled room mystery? surrounding the process.

Some security experts have long criticized the process as overly secretive and too often erring against disclosure.

The criticism grew earlier this year when a global ransomware attack known as WannaCry infected computers in at least 150 countries, knocking hospitals offline and disrupting services at factories.

The attack was made possible because of a flaw in Microsoft?s Windows software that the NSA had used to build a hacking tool for its own use.

But in a breach U.S. investigators are still working to understand, that tool and others ended up in the hands of a mysterious group called the Shadow Brokers, which then published them online.

Suspected North Korean hackers spotted the Windows flaw and repurposed it to unleash the WannaCry attack, according to cyber experts. North Korea has routinely denied involvement in cyber attacks against other countries.

From rforno at infowarrior.org  Wed Nov 15 10:53:55 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 15 Nov 2017 16:53:55 -0000
Subject: [Infowarrior] - USG Vulnerabilities Equities Policy and Process
Message-ID: <22C4BE64-EBA5-483C-8D95-DC03419C6A58@infowarrior.org>

(x-posted)

Vulnerabilities Equities Policy and Process for the United States Government
November 15 2017

https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF

From rforno at infowarrior.org  Wed Nov 15 14:39:37 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 15 Nov 2017 20:39:37 -0000
Subject: [Infowarrior] - In Memoriam: Jeffrey T. Richelson, 1949-2017
Message-ID: <DA6986D2-2B4A-4DFD-8D70-3563C1FCE63F@infowarrior.org>

In Memoriam: Jeffrey T. Richelson, 1949-2017

Published: Nov 14, 2017

https://nsarchive.gwu.edu/news/cybervault/2017-11-14/memoriam-jeffrey-t-richelson-1949-2017

Washington, D.C., November 14, 2017 ? The National Security Archive mourns the passing of our most senior fellow, Dr. Jeffrey T. Richelson, prolific Freedom of Information Act requester and critically-praised author of extraordinary reference works on intelligence, nuclear weapons, China, terrorism, military uses of space, and espionage.

Dr. Richelson passed away on Saturday, November 11, 2017, at his home in Los Angeles after a months-long battle against cancer, according to his brother, Charles.  He was 67.

Jeff Richelson ranks among the founders of the National Security Archive vision ? that systematic Freedom of Information Act requests could force the government to open files that otherwise would remain secret indefinitely, and once open, these files could enrich scholarship and journalism and the public debate on issues like nuclear weapons and spying that very much needed public attention and skepticism.

As a member of the early 1980s informal SI-TK-Byeman group in Washington D.C., Jeff contributed documents and variable declassifications to the dynamic that led first Raymond Bonner of The New York Times, and then, most importantly, Scott Armstrong (of the Washington Post) to create the National Security Archive in 1985 as an institutional memory and permanent pressure group for open government.

As a Senior Fellow of the Archive since the 1990s, Jeff was the founding director of the Cyber Vault project, supported by the Hewlett Foundation, to publish the primary sources of cyber security policy, many of them previously classified and only opened as the result of his FOIA requests.  The Cyber Vault remains a permanent tribute to the Richelson legacy.

Dr. Richelson authored an extraordinary series of essential reference books published by trade and academic presses.  His volume on The U.S. Intelligence Community (Westview Press) entered its 7th edition in 2016, with encomiums ranging from Bob Woodward (?the authoritative bible on the modern American intelligence establishment?) to Professor Loch Johnson (?no one has ferreted out the details of this subject better than Dr. Richelson?).

The Richelson volume Spying on the Bomb (Norton 2006) gained particular attention with its analysis of the failures (and successes) of U.S. and international attempts to assess Saddam Hussein?s nuclear programs.  Vitally, with a long view back to the Nazi nuclear program and forward to that in North Korea, the book cautioned both experts and public about the limits of knowledge along with the necessity of constant monitoring and skepticism about what we know and why we think we know it.

Dr. Richelson also wrote remarkable histories of the U.S. plans for responding to WMD attacks (Defusing Armageddon, 2009), the CIA?s science and technology directorate that created the U-2 and the Corona satellite (Wizards of Langley, 2001), the KGB (Sword and Shield, 1986), U.S. reconnaissance and early warning systems, and the long view of espionage (A Century of Spies, 1995), among 13 or so other volumes.

Frequent and patient FOIA requester, Dr. Richelson never counseled confrontation with the bureaucracy and never engaged in litigation, sometimes to a fault.  His technique was that of obsessive mining of the public record, especially the defense and intelligence contractor trade press, arcane military bibliographies, and the Congressional hearing record, leading to targeted FOIA and declassification requests, accompanied by academic (not ?gotcha?) interviews and participation in industry conferences.  The net result was the liberation of tens of thousands of classified records that without his efforts would still be hidden in the vaults today.  An additional result was that he would rarely if ever get credit for open government achievements that would have been impossible without him.

Much to his delight and also dismay, the signal moment when Jeff Richelson enjoyed Andy Warhol?s predicted 15 minutes of fame occurred in August 2013 when his research intersected with the international obsession with UFOs and Hollywood?s favorite secret space, Area 51.  Jeff?s FOIA request forced declassification of the CIA?s internal history of Area 51, describing how senior officials chose the actual desert space in Nevada and then used it to test stolen Soviet MiGs as well as top-secret U.S. stealth aircraft.  The NBC Today Show put Jeff?s visage into the breakfast rooms of millions of Americans as The George Washington University domain, which at the time hosted the Archive?s web site, experienced one of its biggest user spikes ever.

Dr. Richelson was also the researcher who forced the government to acknowledge the Acoustic Kitty project, in which the CIA surgically wired cats as surveillance tools, aimed at Soviet diplomats in Lafayette Square in Washington D.C., only to have a taxi splat the first test cat.  A medical success, Richelson concluded, but an operational disaster.

Jeff also obtained through FOIA the first public acknowledgement (declassified in 2005) ? later confirmed in spades by the Snowden leaks ? that the National Security Agency was systematically intercepting the 4th Amendment-protected communications of Americans as it scooped up foreigners? phone calls and Internet messages after 2001.

A competitive tennis player, passionate softball first baseman, and profound New York Yankees fan ? Jeff also contributed significantly to the Archive?s embrace of telecommuting and distance learning, as he beamed in from Los Angeles to oversee the management of his extensive, pristinely organized files, and to direct, comment, and critique not only the development of the Cyber Vault but every Archive publication on nuclear weapons or the intelligence agencies, and more.

Jeffrey Talbot Richelson grew up in the Bronx, earned his B.A. at City University of New York and his Ph.D. at the University of Rochester.  He later taught at the University of Texas at Austin, the American University, and Catholic University in Washington D.C. before joining the Archive full-time.  He appeared on a variety of TV and radio programs, as well as on C-SPAN, and was regularly quoted in print media around the world.

Jeff never sought the spotlight but his work lives on, not just in his marvelously useful books but in the cornucopia of sources he made possible for generations of students and experts to come.

From rforno at infowarrior.org  Wed Nov 15 16:49:45 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Wed, 15 Nov 2017 22:49:45 -0000
Subject: [Infowarrior] - TSA Plans to Use Face Recognition to Track
 Americans Through Airports
Message-ID: <1D6E1865-D9CE-447E-8D42-FB51D6F1821E@infowarrior.org>


TSA Plans to Use Face Recognition to Track Americans Through Airports

The ?PreCheck? program is billed as a convenient service to allow U.S. travelers to ?speed through security? at airports. However, the latest proposal released by the Transportation Security Administration (TSA) reveals the Department of Homeland Security?s greater underlying plan to collect face images and iris scans on a nationwide scale. DHS?s programs will become a massive violation of privacy that could serve as a gateway to the collection of biometric data to identify and track every traveler at every airport and border crossing in the country.

Currently TSA collects fingerprints as part of its application process for people who want to apply for PreCheck. So far, TSA hasn?t used those prints for anything besides the mandatory background check that?s part of the process. But this summer, TSA ran a pilot program at Atlanta?s Hartsfield-Jackson Airport and at Denver International Airport that used those prints and a contactless fingerprint reader to verify the identity of PreCheck-approved travelers at security checkpoints at both airports. Now TSA wants to roll out this program to airports across the country and expand it to encompass face recognition, iris scans, and other biometrics as well.

From Pilot Program to National Policy

While this latest plan is limited to the more than 5-million Americans who have chosen to apply for PreCheck, it appears to be part of a broader push within the Department of Homeland Security (DHS) to expand its collection and use of biometrics throughout its sub-agencies. For example, in pilot programs in Georgia and Arizona last year, Customs and Border Protection (CBP) used face recognition to capture pictures of travelers boarding a flight out of the country and walking across a U.S. land border and compared those pictures to previous recorded photos from passports, visas, and ?other DHS encounters.?  In the Privacy Impact Assessments (PIAs) for those pilot programs, CBP said that, although it would collect face recognition images of all travelers, it would delete any data associated with U.S. citizens. But what began as DHS?s biometric travel screening of foreign citizens morphed, without congressional authorization, into screening of U.S. citizens, too. Now the agency plans to roll out the program to other border crossings, and it says it will retain photos of U.S. citizens and lawful permanent residents for two weeks and information about their travel for 15 years. It retains data on ?non-immigrant aliens? for 75 years.

CBP has stated in PIAs that these biometric programs would be limited to international flights. However, over the summer, we learned CBP wants to vastly expand its program to cover domestic flights as well. It wants to create a ?biometric? pathway that would use face recognition to track all travelers?including U.S. citizens?through airports from check-in, through security, into airport lounges, and onto flights. And it wants to partner with commercial airlines and airports to do just that.

< - >

https://www.eff.org/deeplinks/2017/11/tsa-plans-use-face-recognition-track-americans-through-airports

From rforno at infowarrior.org  Thu Nov 16 06:02:43 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 16 Nov 2017 12:02:43 -0000
Subject: [Infowarrior] - DOJ asking states to help block AT&T-Time Warner
 merger: report
Message-ID: <3A020B1A-848C-4EC1-939B-0FE06627C951@infowarrior.org>

(Presumably starting with the deep-red states, right?  --rick)

DOJ asking states to help block AT&T-Time Warner merger: report

By Joe Concha - 11/15/17 02:21 PM EST 29

http://thehill.com/homenews/media/360523-doj-asking-states-to-help-block-att-time-warner-merger-report

The Justice Department has made overtures to state attorneys general to build support for blocking AT&T's $85.4 billion deal to purchase Time Warner Inc., according to a Wednesday report. 

A source "briefed on the matter" told Reuters that the Department of Justice (DOJ) had approached 18 states. It was not clear which states' officials had been reached out to.

A report from financial news network CNBC said the DOJ had failed to convince any state attorneys general to sign on to a potential lawsuit to block the merger. An earlier CNBC report had claimed two states were on board with a lawsuit.

The merger, which would combine telecommunications giant AT&T with entertainment titan Time Warner Inc., grabbed front page headlines last week after reports that the DOJ demanded the sale of Turner Broadcasting as a prerequisite for approving the deal.

Turner Broadcasting includes CNN, the cable news network that has been a target of President Trump.

Sources at the DOJ told The Hill and other outlets last week that regulators rejected AT&T's offer to divest CNN.

But AT&T CEO Randall Stephenson later denied that the demand had ever been made, and said he would never entertain the idea. 

Trump has regularly attacked CNN as biased against his administration and as "fake news," including on Wednesday morning after he returned from a 12-day Asia trip.


The president has not appeared on the network since a telephone interview with anchor Anderson Cooper in August 2016. 

The conflicting reports about the merger negotiations with the DOJ have sparked new scrutiny over whether there was political interference from the White House.

Attorney General Jeff Sessions on Tuesday sidestepped questions before the House Judiciary Committee on whether he had discussed the pending deal with anyone at the White House.

?I?m not able to comment on conversations or communications that Department of Justice top people have with top people at the White House,? he told lawmakers.

Democrats have also called for hearings to examine any potential political interference.

Time Warner has a deep portfolio of television networks, including CNN, HBO, TBS, TNT, truTV, Turner Classic Movies, NBA TV and Cartoon Network, among other online properties such as Bleacher Report. The company also owns the Warner Bros. film studio.

AT&T, which would be a major conduit of Time Warner content if the deal were approved, purchased satellite television service DirecTV for $48.5 billion in 2015.

"I feel very confident the deal gets done," Stephenson said earlier this year.

"This is a vertical merger. The competitive environment in telecommunications does not change after this closes. The competitive environment in the media entertainment business does not change," he added. 

The Justice Department potentially could file a lawsuit in an attempt to stop the merger via its Antitrust Division. 

The Hill has reached out to the Justice Department for comment. 

From rforno at infowarrior.org  Thu Nov 16 06:03:54 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 16 Nov 2017 12:03:54 -0000
Subject: [Infowarrior] - Companies Turn to War Games to Spot Scarce
 Cybersecurity Talent
Message-ID: <26C2472C-576D-4334-B0E0-AC18326F3F60@infowarrior.org>


Companies Turn to War Games to Spot Scarce Cybersecurity Talent

Realistic scenarios help wannabe cybersecurity experts strut their stuff
By
Jeremy Kahn
November 15, 2017, 1:00 AM EST

https://www.bloomberg.com/news/articles/2017-11-15/companies-turn-to-war-games-to-spot-scarce-cybersecurity-talent

A major shipping company is under attack. With help from a corrupt executive, an international hacking syndicate called Scorpius, has penetrated the computer networks of Fast Freight Ltd. The hackers have taken control of servers and compromised the systems that control Fast Freight?s vessels and its portside machinery. The company?s cybersecurity consultants have 48 hours to uncover the breach and repulse the attackers before they cripple Fast Freight?s business and cause serious economic damage.

It sounds like the plot to a blockbuster thriller. But this was the fictional scenario 42 budding computer security experts faced at the annual U.K. Cyber Security Challenge competition earlier this week in London. With demand for cybersecurity expertise exploding, but qualified people in short supply,  war-gaming competitions like this have become key recruiting grounds for companies and government security agencies.

?We want to find untapped talent to fill roles in our own operation and in the industry as a whole,? said Rob Partridge, BT Group Plc?s head of commercial development for penetration testing. BT is one of a half-dozen companies, including Airbus SE, Cisco Systems Inc. and smaller, specialist cybersecurity firms Darktrace Ltd. and Check Point Software Technologies Ltd., that sponsored this year?s Challenge competition. The U.K.?s National Crime Agency, the Bank of England and law firm 4 Pump Court also supported the competition. 

Partridge also said he hopes the competition will help raise the profile of cybersecurity as a profession, encouraging more students to pursue a career in the field.

There are about 1 million unfilled cybersecurity jobs globally, according to an estimate from Cisco. And computer security firm Symantec Corp. forecasts that the number of positions will grow to 1.5 million by 2019. In the U.K., advertised cybersecurity roles exceed interested candidates by about 3 to 1, according to online recruitment site Indeed.

It?s this gap that Cyber Security Challenge U.K., a non-profit organization set up by the British government with support from corporations and universities, is supposed to help fill. The group runs a series of online games that allow amateur cybersleuths and white-hat hackers to test their skills. Those who score well online are invited to a series of regional, in-person competitions. The top performers at these events are then invited to the annual three-day masterclass and team-based competition where they face a realistic scenario created by experts from the sponsoring companies.

About 70 percent of the finalists wind up being hired into cybersecurity jobs within 12 months, Nigel Harrison, co-founder and acting chief executive officer of Cyber Security Challenge, said.

The challenge began in 2010, amid growing concern about the cyberwarfare capabilities of other countries, including China and Russia, Harrison said. It was loosely modeled on similar events in the U.S., such as those run by the U.S. Department of Energy?s National Laboratories and the U.S. Department of Homeland Security.

This year?s competition focused on potential cyberattacks on the shipping industry largely because it was held at Trinity House, a Georgian building that houses a 500-year-old charity empowered by the British government to maintain lighthouses and other aides to maritime navigation, Harrison said. But he said ports and shipping were important components of critical national infrastructure that are increasingly targeted by hackers. Recently, A.P. Moller-Maersk A/S, one of the world?s largest shipping companies, posted a third-quarter-loss after having its business disrupted by a cyberattack last summer. 

Previous years? competition scenarios were scripted, but this year?s featured a live ?red team? made up of professional network penetration testers from the sponsoring companies. That made the war-gaming more realistic ? and more difficult as the competing teams might plug one vulnerability only to see the attackers shift tactics and exploit another one.

It also included hacks of industrial systems, such as those that control robot arms and factory equipment. Even many cybersecurity experts are unfamiliar with the software that manages this kind of equipment, said Kevin Jones, head of cybersecurity architecture and innovation at Airbus.

As Sophia McCall?s team struggled to repel a group of attackers that had compromised five of its six computers, forcing the group to work on one machine, the 19-year old student from Bournemouth University said the competition was the toughest she?s ever participated in. ?It?s good but it?s definitely been really challenging,? she said. 

McCall said she normally practices hacking networks, not defending them and was finding that playing defense was teaching her to think differently. ?It caught me off guard,? she said. ?But it is good to be on the flip side and see what that is like.?

The push for realism also extended to requiring the competing teams to brief the board of the fictional shipping company on their investigation.  They also had to present forensic evidence and the competition organizers brought in actual trial lawyers, in the wigs and gowns they wear in the U.K., to grill the competitors.

?It?s not just about technical skills,? Jones said. ?We need people with business knowledge too, and presentation skills. It even reaches into psychology, since human factors are one of the major vulnerabilities in any network.?

Jess Williams, now a cybersecurity technical consultant at BT, is among those who have found jobs after being talent-spotted at the competition. She had been studying computer game design at De Montfort University in Leicester, England, in 2015 when on a lark she decided to try her hand at the online Cyber Security Challenge games. She advanced all the way through the finals competition, where she caught the attention of BT, which later offered her a job. This year, Williams returned to the competition to help run it.

From rforno at infowarrior.org  Thu Nov 16 06:11:24 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 16 Nov 2017 12:11:24 -0000
Subject: [Infowarrior] - Tim Berners-Lee on the future of the web: 'The
 system is failing'
Message-ID: <E9FD2088-3294-447C-BC7F-B81834814B24@infowarrior.org>

(Remember that TBL also surprisingly, if not depressingly, supported the now-approved W3C Encrypted Media Extensions for HTML this summer  --rick)

Tim Berners-Lee on the future of the web: 'The system is failing'

The inventor of the world wide web remains an optimist but sees a ?nasty wind? blowing amid concerns over advertising, net neutrality and fake news

https://www.theguardian.com/technology/2017/nov/15/tim-berners-lee-world-wide-web-net-neutrality

From rforno at infowarrior.org  Thu Nov 16 15:18:01 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 16 Nov 2017 21:18:01 -0000
Subject: [Infowarrior] - FCC repeals 42-year-old rule blocking broadcast
 media mergers
Message-ID: <740FB83C-6D18-462C-BDF3-CE96CF59B58C@infowarrior.org>

The FCC just repealed a 42-year-old rule blocking broadcast media mergers

By Brian Fung November 16 at 1:59 PM
 
https://www.washingtonpost.com/news/the-switch/wp/2017/11/16/the-fcc-just-repealed-decades-old-rules-blocking-broadcast-media-mergers

Federal regulators rolled back decades-old rules on Thursday, making it far easier for media outlets to be bought and sold ? potentially leading to more newspapers, radio stations and television broadcasters being owned by a handful of companies.

The regulations, eliminated in a 3-to-2 vote by the Federal Communications Commission, were first put in place in the 1970s to ensure that a diversity of voices and opinions could be heard on the air or in print. But now those rules represent a threat to small outlets that are struggling to survive in a vastly different media world, according to FCC Chairman Ajit Pai.

?Few of the FCC's rules are staler than our broadcast ownership regulations,? Pai said. By eliminating them, he said, ?this agency finally drags its broadcast ownership rules to the digital age.?

One long-standing rule repealed Thursday prevented one company in a given media market from owning both a daily newspaper and a TV station. Another rule blocked TV stations in the same market from merging with each other if the combination would leave fewer than eight independently owned stations. The agency also took aim at rules restricting the number of TV and radio stations that any media company could simultaneously own in a single market.

A major beneficiary of the deregulatory moves, analysts say, is Sinclair, a conservative broadcasting company that is seeking to buy up Tribune Media for $3.9 billion.

?This has a huge impact,? said Andrew Schwartzman, an expert on media law at Georgetown University. He added that the decisions will ?reduce or eliminate? the need for Sinclair to sell off many stations to receive regulatory approval for the deal.

The FCC vote is the latest to ease regulations for the broadcast industry. It came the same day that the agency was expected to approve the deployment of Next Gen TV, a new broadcast standard that is ultimately expected to lead to improved audio and video quality on over-the-air television, as well as targeted advertising. And it came one month after the FCC voted to no longer require broadcasters to operate a physical studio in the markets where they are licensed.

The National Association of Broadcasters welcomed Thursday's vote.

?These rules are not only irrational in today?s media environment, but they have also weakened the newspaper industry, cost journalism jobs and forced local broadcast stations onto unequal footing with our national pay-TV and radio competitors,? the trade group said in a statement.

Critics of the FCC repeal effort say that the decision will lead to the concentration of power in the hands of a dwindling number of media titans.

?Instead of engaging in thoughtful reform,? said Democratic FCC Commissioner Jessica Rosenworcel, ?this agency sets its most basic values on fire.

?As a result of this decision, wherever you live, the FCC is giving the green light for a single company to own the newspaper and multiple television and radio stations in your community. I am hard pressed to see any commitment to diversity, localism, or competition in that result.?

Senate Democrats this week called on the FCC's inspector general to launch a probe of the agency, over concerns that its impartiality with respect to Sinclair had been ?tainted.?

?This merger would never have been possible without a series of actions to overturn decades-long, settled legal precedent by Chairman Pai,? Sen. Maria Cantwell (D-Wash.) and 14 other lawmakers wrote in a letter. The letter added that Pai has ?signaled his clear receptiveness to approving the Sinclair-Tribune transaction and in fact paved the way for its consummation.?

The FCC didn't immediately respond to a request for comment. Sinclair declined to comment.

In his remarks Thursday, Pai said it was ?utter nonsense? that his agency's decisions on media ownership would lead to a company dominating local media markets by buying up newspapers and radio stations.

?It will open the door to pro-competitive combinations that will strengthen local voices,? he said, and ?better serve local communities.?

From rforno at infowarrior.org  Thu Nov 16 15:43:18 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Thu, 16 Nov 2017 21:43:18 -0000
Subject: [Infowarrior] - =?utf-8?q?Twitter_confirms_it=E2=80=99s_testing_a?=
 =?utf-8?q?_tweetstorm_feature?=
Message-ID: <67607699-0D81-4687-A963-F96A6B25417A@infowarrior.org>

Twitter confirms it?s testing a tweetstorm feature

Twitter confirms it?s testing a feature that allows users to more easily create ?tweetstorms? ? those series of connected tweets that have grown to be a popular workaround for Twitter?s character count limitations. The feature, which was recently spotted in the wild, offers a new interface for composing tweets, where individual tweetstorm entries can be written one-by-one then published to Twitter in a staggered fashion with a press of a ?Tweet All? button.

The existence of a tweetstorm feature was first spotted in the Twitter app?s code in September, which was a hint of things to come. At the time, Twitter declined to comment on its plans for the feature or say if it would ever launch publicly.

Today, the blog Android Police reported the tweetstorm interface was popping up for some users of the Android alpha app, but said it wasn?t sure about the details surrounding the tests.

< - >

https://techcrunch.com/2017/11/16/twitter-confirms-its-testing-a-tweetstorm-feature/?ncid=rss

From rforno at infowarrior.org  Fri Nov 17 05:55:47 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 17 Nov 2017 11:55:47 -0000
Subject: [Infowarrior] - OT: POTUS' Clinton Fixation Should Scare All
 Americans
Message-ID: <DDE6079B-6B09-4F47-B0AB-1E8FFF8C9527@infowarrior.org>

(glad to see someone make this Orwell analogy b/c it works so well here. ---rick)

Trump's Clinton Fixation Should Scare All Americans

His attacks sound just like the Two Minutes Hate in Orwell's "1984."
Cass R. Sunstein

November 16, 2017, 5:01 PM EST

https://www.bloomberg.com/view/articles/2017-11-16/trump-s-clinton-fixation-should-scare-all-americans

During his presidency, Barack Obama was under considerable pressure to initiate prosecutions against officials in the George W. Bush administration. Even before taking office, Obama strongly signaled that he would not do this, suggesting that ?we need to look forward as opposed to looking backwards.? In 2009, he added, ?At a time of great challenges and disturbing disunity, nothing will be gained by spending our time and energy laying blame for the past."

As late as 2015, Human Rights Watch argued for ?the opening of new investigations,? complaining that criminal prosecutions of Bush officials were obligatory under international law, above all for what it described as ?torture? by the Central Intelligence Agency. It contended that without prosecutions of Bush-era officials, the legacy of the Obama administration would be ?forever poisoned.?

Those are strong words, but the Obama administration resisted such arguments. It was right to do so. 1

To be sure, no one is above the law. Political opponents of a president cannot claim immunity from prosecution. But the bar must be set very high. That conclusion is vindicated not only by principle, but also by longstanding traditions. Whether Republican or Democratic, American presidents have been extraordinarily reluctant to call for prosecution of their political rivals. They have looked forward rather than backward.

With his enthusiasm for prosecuting Hillary Clinton, President Donald Trump is breaking that longstanding norm of American democracy.

Prosecuting political rivals and their associates is a tactic of authoritarians, and it reeks of authoritarianism. It suggests that political victors will not be content to have won; they will bring the force of the criminal law against those they have defeated.

That suggestion is dangerous to self-government and political liberty. It tells people who dissent, or who support rivals to current leaders, that they may be at risk. It turns opposition into an act of courage, rather than an exercise of rights.

Prosecution of political rivals politicizes the Justice Department, and in the most damaging way. Sure, the attorney general works for the president. But in a free society, prosecutorial judgments should be, and should be perceived to be, objective ? rooted only in the law and the facts. Whenever national prosecutors pursue a political opponent of their president, many people will ask, naturally enough: What is the real motivation here?

Such prosecutions have the additional vice of intensifying a nation?s political divisions. They suggest that one side has been led by criminals, possibly even traitors. They announce to the millions of people who supported the president?s political opponent: You favored a crook.

For purely partisan reasons, some people will cheer any such prosecution, and others will rage and mourn. After an election, it is far better to accept Abraham Lincoln?s suggestion, offered in a time of Civil War, that we should ?bind up the nation's wounds.?

These points raise an obvious question: Why is Trump fixated, nearly a year into his presidency, on prosecuting Hillary Clinton? I think I know the answer, and it is unfathomably sad.

To see it, we have to step back a bit and consider one of George Orwell?s most powerful creations: the Two Minutes Hate, directed against Emmanuel Goldstein, ?the Enemy of the People? and opponent of Big Brother.

As Orwell depicts it in ?1984,? Big Brother focuses the public on Goldstein?s misdeeds and the continuing threat he poses: ?He was the commander of a vast shadowy army, an underground network of conspirators.? As citizens see Goldstein?s face on a screen, they break out into ?uncontrollable exclamations of rage,? followed by a ?hideous ecstasy of fear and vindictiveness, a desire to kill, to torture, to smash faces in with a sledge-hammer.?

Orwell?s ominous words suggest that every human heart is vulnerable to that ecstasy. ?The horrible thing about the Two Minutes Hate was not that one was obliged to act a part, but, on the contrary, that it was impossible to avoid joining in.? (Think of what happens on contemporary social media.)

For Big Brother, the Two Minutes Hate is shrewd politics. It is a diversion from issues of policy, and from problems that people face in their ordinary lives. It focuses citizens? attention on a malevolent, even demonic force, who continues to threaten them.

Of course, Orwell was producing a caricature, and Donald Trump, freely elected in a system with checks and balances, is no Big Brother. But politicians on the right and the left, and in both democratic and undemocratic societies, have found it useful, or irresistible, to identify their own Goldsteins, and to initiate a period of Hate ? minutes, weeks, months or years.

Hillary Clinton is Trump?s Emmanuel Goldstein.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

	? From 2009 to 2012, I served in the Obama administration as administrator of the White House Office of Information and Regulatory Affairs; in that capacity, I was not involved in discussions of the issues explored here.

To contact the author of this story:
Cass R Sunstein at csunstein1 at bloomberg.net

To contact the editor responsible for this story:
Katy Roberts at kroberts29 at bloomberg.net

From rforno at infowarrior.org  Fri Nov 17 05:56:03 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 17 Nov 2017 11:56:03 -0000
Subject: [Infowarrior] - Fwd: A Fight Is Brewing Between Congress and the
 Military Over Cyber War
References: <545601700.193334.1510918880641@mail.yahoo.com>
Message-ID: <9A3F3C1C-1B9F-4A34-87B5-FABAAD8B5A53@infowarrior.org>



> Begin forwarded message:
> 
> From: Mark M
> 
> A Fight Is Brewing Between Congress and the Military Over Cyber War
> By Patrick Tucker
> November 16, 2017
> http://www.defenseone.com/technology/2017/11/fight-brewing-between-congress-and-military-over-cyber-war/142616/ <http://www.defenseone.com/technology/2017/11/fight-brewing-between-congress-and-military-over-cyber-war/142616/>
> 
> U.S. military commanders want more authority to launch cyber operations. But Congress is mulling new restrictions and reporting requirements, setting up a showdown that will shape American defense in the network era.
> 
> In one corner, you have commanders like Lt. Gen. Paul Nakasone. The head of U.S. Army Cyber Command recently said that his service is producing hackers who are better than their peers in the civilian world by orders of magnitude. ?I?ve been in a number of different army units. I?m trying to think: is there a sniper I?ve ever met, or a pilot, or submarine driver, or anyone else in the military who is 50 times better their peer? It?s hard to imagine. but I will tell you that some of the coders that we have are 50 times their peers,? he said, speaking at the Army?s CyCon event earlier in November.
> 
> Speaking just days after the Army announced that its Cyber Mission Force Team would reach full operational capability almost a year ahead of schedule, Recent ops that eavesdropped on ISIS and shut down messaging networks would shape doctrine and training against other adversaries. ?We are re-writing our strategies today. We are re-writing the way we teach our forces,? he said. ?We are running faster than our headlights because we are learning so much, employing these forces today, having an impact.?
> 
> Gen. Joe Votel, who leads U.S. Central Command, has also touted cyber ops against ISIS. ?We had a recent success in coordinating the lethal effects of our special operations and air components with highly targeted and effective cyber operations,? Votel told participants at the Billington Cyber Security forum in downtown D.C. in September.
> 
> Why go to the nation?s capital to boast about cyber ops in Syria? To make a larger point about policy: specifically, that Washington is weighing down commanders in the field who are eager to let their soldiers put their new hacking tools to use against foes like ISIS.
> 
> ?We at [Central Command] have narrowly defined authorities to execute cyberspace operations at all, let alone execute the required initiative and adaptive thinking towards countering this pervasive threat,? Votel said.
> 
> At one level, that makes sense, he said. ?For very good reasons and concerns about cyberspace operations propagating outside the intended joint operation area, a lot of the approval authorities to execute these types of operations reside with the President or the Secretary of Defense.?
> 
> Those reasons include the need to have someone in charge of strategy coordinate various combatant commanders.But, Votel continued, ?at the operational level, the level at which cyberspace operations are integrated with conventional and special operations forces, this can make approval so cumbersome that the capabilities are nearly irrelevant.?
> 
> In his speech, Nakasone did not ask directly for more authorities to execute cyber operations. But he did say that the Army would test and drill as though those authorities were already there.
> 
> ?We have to be able to look at a tactical force, whether it?s a brigade combat team or some other type of force, and see how they might operate and leverage those types of capabilities. And so what we have done, as an Army over the last two years is, over eight different rotations, is empower these brigade combat teams with elements that look at social media, that look at their own networks for vulnerability, that look at close action support [read that to mean information operations aimed at individuals who might pose a real threat on the battlefield] ?so we as an Army are already training toward that. I will tell you that this discussion on authorities will mature as we learn more and I think that what we have to do, as a force, is be prepared to leverage those, once they do come.?
> 
> Adm.Michael Rogers, the head of U.S. Cyber Command, has also said that he?s anxious to move hacking authorities down to operators in the field, very similar to the semi-independence granted many special operations forces. He said SOF is a great model for  Cyber Command.
> 
> ?Offensive cyber is almost treated like nuclear weapons, in the sense that their application outside of a defined area of hostilities is controlled at the chief executive level and not delegated down. What I would like to see, over the next five to ten years is, can we engender enough confidence in our decision makers to say, ?you should feel comfortable pushing this down to the tactical level. You should be integrating this into the strike group, the amphibious expeditionary side.? We should view this as another tool for a the commander, as part of the broad scheme of maneuver, to achieve a desired outcome,? Rogers said at a U.S. Naval Institute event in February event in San Diego.
> 
> But some of the language coming out of the Senate committees discussing the National Defense Authorization Act for 2018 suggests that lawmakers are moving in the other direction. Instead of handing more authorities to commanders to execute cyber operations, they?re looking to increase congressional oversight. University of Texas law professor Bobby Chesney notes at  Lawfare that lawmakers are considering categorizing certain cyber operations as ?sensitive military operations? on the same level as kill-or-capture operations.
> 
> A second proposed change to Section 1631 of the bill, Chesney reports, would oblige the Defense Department to give the Senate Armed Services Committee and the House Armed Services Committee written notice, quarterly, of [Defense Department] reviews of the compatibility of cyber weapons with international law, as well as specific notice of the use of such reviewed cyber weapons within 48 hours of that use. ?Looks to me like [the Senate and House committees] are concerned about the international law analyses arising during these weapons reviews,? Chesney wrote.
> 
> More congressional oversight does not necessarily mean infringing on commanders? authority in the field ? but it might. It basically depends on which cyber operations qualify as ?sensitive? enough to require a lawmaker to be read in on the operation, and ?sensitive? is subjective term.
> 
> This tug of war is emerging as U.S. Cyber Command is entering a new, more grown-up phase, having been nominally elevated to a full Combatant Command, albeit with many details still to be worked out. The move would give the head of Cyber Command central authority over training, resources, and mission execution.
> 
> One military official, a long-time information warfare specialist with a deep background in intelligence, said that giving commanders more authority to execute whatever hacking missions that they chose?without first having better policies in place to guide them ? was a sure recipe for disaster. (The official spoke on condition of anonymity because he was not authorized to speak to the press.) What could go wrong with operators having all the legal room they might desire to run whatever hacking operation they wanted? He offered the possibility of operators from one service hacking soldiers from another service simply because no one had a real clue of who was who in the information environment in question.
> 
> ?In the complete absence of policy, we are going to make it up as we go. That means, there will be no standards, no de-confliction, everybody will be doing there own thing,? he said. That could result in some less than well trained U.S. cyber operators going up against seasoned Russian contract mercenaries, a scenario likely to result in an embarrassing loss of data for the U.S., he speculated.
> 
> Ideally, Cyber Command would manage that deconfliction, he said. Instead of becoming a virtual version of U.S. Special Operations Command, CyberCom would offer more value if it evolved into something more like the Office of the Director of National Intelligence as it was originally stood up after September 11, 2001. Imagine a central coordinating point for cyber-operations across the military and  a means to break down silos between intelligence agencies.
> 
> ?Look at the intelligence community prior to the creation of the director of national intelligence. Everybody was doing their own thing. CIA, DIA [the Defense Intelligence Agency] ? no one was looking laterally. Post-9/11, they came back and said, ?We have to make this an intelligence community.? They created procedures where they had to talk to each other. No one in the military likes to study history because we are going to do the same exact thing in cyber that we were doing in intelligence. We?ll have a massive failure,? he said.
> 
> By Patrick Tucker // Patrick Tucker is technology editor for Defense One. He?s also the author of The Naked Future: What Happens in a World That Anticipates Your Every Move? (Current, 2014). Previously, Tucker was deputy editor for The Futurist for nine years. Tucker has written about emerging technology in Slate, The Sun, MIT Technology Review, Wilson Quarterly, The American Legion Magazine, BBC News Magazine, Utne Reader, and elsewhere.
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20171117/5bca999d/attachment-0001.html>

From rforno at infowarrior.org  Fri Nov 17 05:59:02 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 17 Nov 2017 11:59:02 -0000
Subject: [Infowarrior] - Google Will Stop Letting Sites Use AMP Format To
 Bait and Switch Readers
Message-ID: <6D9599B0-2529-43AF-B038-037CFC3C210C@infowarrior.org>

Google Will Stop Letting Sites Use AMP Format To Bait and Switch Readers

Posted by BeauHD on Friday November 17, 2017 @02:00AM from the link-baiting dept.

https://tech.slashdot.org/story/17/11/17/0046231/google-will-stop-letting-sites-use-amp-format-to-bait-and-switch-readers

"Google today announced a forthcoming update to its Accelerated Mobile Pages, or AMP, web format that aims to discourage website owners from misusing the service," reports The Verge. "The company says that, starting in February 2018, AMP pages must contain content nearly identical to that of the standard page they're replicating." From the report: Currently, because AMP pages load faster and more clutter-free versions of a website, they naturally contain both fewer ads and less links to other portions of a site. That's led some site owners to publish two versions of a webpage: a standard page and an AMP-specific one that acts a teaser of sorts that directs users to the original. That original page, or canonical page in Google parlance, is by nature a slower loading page containing more ads and with a potentially lower bounce rate, which is the percentage of viewers who only view one page before leaving. Now, Google is cracking down on that behavior. "AMP was introduced to dramatically improve the performance of the web and deliver a fast, consistent content consumption experience," writes Ashish Mehta, an AMP product manager. "In keeping with this goal, we'll be enforcing the requirement of close parity between AMP and canonical page, for pages that wish to be shown in Google Search as AMPs."

From rforno at infowarrior.org  Fri Nov 17 06:00:07 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 17 Nov 2017 12:00:07 -0000
Subject: [Infowarrior] - If NYPD cops want to snoop on your phone,
 they need a warrant, judge rules
Message-ID: <2FA75BAF-ABD3-4E66-9B77-59F73AA97864@infowarrior.org>

(Cue the technophobic whinings of Manhattan DA Cyrus Vance.   --rick)

If NYPD cops want to snoop on your phone, they need a warrant, judge rules

NY State Supreme Court: stingrays act as "an instrument of eavesdropping."

Cyrus Farivar - 11/17/2017, 5:03 AM

Another court tells police: Want to use a stingray? Get a warrant
A New York state judge has concluded that a powerful police surveillance tool known as a cell-site simulator, a device that spoofs legitimate mobile phone towers, is a "search" and therefore requires a warrant under most circumstances.

As a New York State Supreme Court judge in Brooklyn ruled earlier this month in an attempted murder case, New York Police Department officers should have sought a standard probable cause-driven warrant before using the invasive device.

The Empire State court joins others nationwide to reach this same conclusion. In September, the  District of Columbia Court of Appeals also found that stingrays normally require a warrant, as did a federal judge in Oakland, California back in August.

According to the New York Times, which first reported the case on Wednesday, People v. Gordon is believed to be the first stingray-related case related to the country?s largest city police force.

< - >

https://arstechnica.com/tech-policy/2017/11/if-nypd-cops-want-to-snoop-on-your-phone-they-need-a-warrant-judge-rules/

From rforno at infowarrior.org  Fri Nov 17 06:07:14 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 17 Nov 2017 12:07:14 -0000
Subject: [Infowarrior] - Most SSCI Members Are Fine With Domestic
 Surveillance By The NSA
Message-ID: <B6A35017-FF56-45A4-9D65-455903BAE33A@infowarrior.org>


Most Senate Intelligence Committee Members Are Fine With Domestic Surveillance By The NSA

The Senate Intelligence Committee has released its report [PDF] on its Section 702 reauthorization plan. Rather than adopt any serious reforms -- like those proposed by Sen. Ron Wyden -- the SIC plans to move ahead with its non-reform bill, one that's actually weaker than the watered-down offering from the House.

The bill remains pretty much as bad as it was when it was first introduced. It still allows the NSA to start up its "about" collection again, although it does require approval from the FISA court first and contains a safety valve for introduction of legislation forbidding this collection. (I guess Wyden's reform bill doesn't count.)

Other than that, it's still just bad news, especially on the Fourth Amendment front, as it allows both the collection of wholly domestic communications and backdoor searches of NSA data stores. The upshot of the report is this: eleven senators are perfectly fine with domestic surveillance.

< - >

On top of that, there's no judicial review involved when the government makes a determination that something "affects, involves or is related to" national security. As Marcy Wheeler has pointed out, this allows the DOJ to decide what it can or can't collect on US persons using NSA surveillance programs.

Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that?s an inappropriate use of a foreign intelligence program.

< - >

https://www.techdirt.com/articles/20171116/06360938627/most-senate-intelligence-committee-members-are-fine-with-domestic-surveillance-nsa.shtml

From rforno at infowarrior.org  Fri Nov 17 09:57:19 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 17 Nov 2017 15:57:19 -0000
Subject: [Infowarrior] - A Hacker Hero Has Been Banned From Cyber Conference
 After Decades Of Inappropriate Behavior
Message-ID: <77FA714E-43C2-4CFF-8257-99787A08A85F@infowarrior.org>


A Hacker Hero Has Been Banned From Cyber Conference After Decades Of Inappropriate Behavior

The claims against John Draper, a pioneer hacker and an early associate of Apple cofounders Steve Wozniak and Steve Jobs, are yet another example of how celebrity can be abused.

Posted on November 17, 2017, at 10:01 a.m.
 
Kevin Collier

https://www.buzzfeed.com/kevincollier/hacker-hero-is-said-to-have-used-cyber-conferences-to

From rforno at infowarrior.org  Fri Nov 17 10:25:14 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Fri, 17 Nov 2017 16:25:14 -0000
Subject: [Infowarrior] - =?utf-8?q?Georgia_Is_Fighting_to_Keep_Its_Laws_Se?=
 =?utf-8?q?cret_=E2=80=94_Unless_You_Pay?=
Message-ID: <E73253D1-2561-4CBB-A542-61D70DCE787E@infowarrior.org>

Georgia Is Fighting to Keep Its Laws Secret ? Unless You Pay

By Vera Eidelman, William J. Brennan Fellow, ACLU Speech, Privacy, and Technology Project
November 16, 2017 | 10:15 AM
https://www.aclu.org/blog/free-speech/georgia-fighting-keep-its-laws-secret-unless-you-pay

For more than three decades, the state of Georgia has charged anyone who wants to see its official state law hundreds of dollars for that privilege. Now the state is suing the non-profit website that purchased a copy of that official compilation and put it on the internet for the public to see.

The problem with all of this? Knowing the law is a right, not a privilege.

We are in court today to argue that a state cannot put a copyright paywall between you and the law that governs you. Georgia takes the troubling position that it can claim a private property right in its entire legal code. The state concedes that it cannot claim a copyright in its statutory language or the text of court opinions. But it somehow believes that because the ?Official Code of Georgia Annotated? ? which it considers its official law ? combines those two sources of public law, it can copyright the result and charge the public a hefty price to see it.

In 2013, a nonprofit called Public Resource paid for the OCGA and posted it online to make Georgia?s state law freely available to the public. In response, the state sued Public Resource. The ACLU, along with a number of other groups, filed an amicus brief in the 11th Circuit Court of Appeals defending the public?s right to access its own laws.

The OCGA is the law that the Georgia Legislature editorially controls and publishes. It is the law that the state?s executive agencies enforce. And it is the official state law that courts apply and interpret. Most fundamentally, it is the law that an individual must read to know what behavior is legal and what isn?t. While an unannotated version of the code is available online for free, that version does not constitute the law as enforced today. For example, a person reading the free version might believe that an ?offense of sodomy? is punishable by one to 20 years in prison. That individual would also be led to believe that private possession of pornography is illegal. Only by paying more than $400 would she learn that courts have held both of those statutes to be unconstitutional, and the state enforces neither.

In our view, Georgia?s attempt to profit by limiting public access to the law harms at least three fundamental constitutional principles. First, it ignores the public?s role as the true author of the law. Second, without free access to the law, you lack the ability to figure out what is legal and what isn?t. Finally, you have a fundamental First Amendment right to see what your government is up to.

Georgia asserts that such knowledge is a privilege for which people should pay. We believe it is a constitutional right. We hope the court agrees.

From rforno at infowarrior.org  Sat Nov 18 07:36:45 2017
From: rforno at infowarrior.org (Richard Forno)
Date: Sat, 18 Nov 2017 13:36:45 -0000
Subject: [Infowarrior] - Massive US military social media spying archive
 left wide open in AWS S3 buckets
Message-ID: <60D2EE1B-2497-4183-BCD3-7868B6D27FF6@infowarrior.org>

Massive US military social media spying archive left wide open in AWS S3 buckets

Dozens of terabytes exposed, your tax dollars at work

By Iain Thomson in San Francisco 17 Nov 2017 at 20:08

https://www.theregister.co.uk/2017/11/17/us_military_spying_archive_exposed/

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages ? all scraped from around the world by the US military to identify and profile persons of interest.

The archives were found by UpGuard's veteran security-breach hunter Chris Vickery during a routine scan of open Amazon-hosted data silos, and the trio weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive.

CENTCOM is the common abbreviation for the US Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for US Pacific Command, covering the rest of southern Asia, China and Australasia.

Vickery told The Register today he stumbled upon them by accident while running a scan for the word "COM" in publicly accessible S3 buckets. After refining his search, the CENTCOM archive popped up, and at first he thought it was related to Chinese multinational Tencent, but quickly realized it was a US military archive of astounding size.

"For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate."

Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens.

The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the US government's Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism.

Vickery found the Outpost development configuration files in the archive, as well as Apache Lucene indexes of keywords designed to be used with the open-source search engine Elasticsearch. Another file refers to Coral, which may well be a reference to the US military's Coral Reef data-mining program.

"Coral Reef is a way to analyze a major data source to provide the analyst the ability to mine significant amounts of data and provide suggestive associations between individuals to build out that social network," Mark Kitz, technical director for the Army Distributed Common Ground System ? Army, told the Armed Forces Communications and Electronics Association magazine Signal back in 2012.

"Previously, we would mine through those intelligence reports or whatever data would be available, and that would be very manual-intensive."

Before you start scrabbling for your tinfoil hats, the army hasn't made a secret of Coral Reef, even broadcasting the awards the software has won. And social media monitoring isn't anything new, either.

However, it is disturbing quite how easily this material was to find, how poorly configured it was, and that the archives weren't even given innocuous names. If America's enemies ? or to be honest, anyone at all ? are looking for intelligence, these buckets were a free source of information to mine.

After years of security cockups like this in the public and private sectors, Amazon has tried to help its customers avoid configuring their S3 buckets as publicly accessible stores, by adding full folder encryption, yellow warning lights when buckets aren't locked down, and tighter access controls.

"This was found before these new Amazon controls were added," Vickery said. "So we have yet to see how effective that yellow button will be."

Vickery said he notified the American military about the screwup, and the buckets have now been locked down and hidden. Unusually, the military contact thanked him for bringing the matter to their attention ? usually talking to the armed forces is a "one-way street," Vickery said.

The Register asked the army for comment, and for more details on Outpost and Coral Reef, but wheels turn slowly in the Green Machine. We'll update the story as soon as more information is known. ?