From rforno at infowarrior.org Tue May 30 12:33:37 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 May 2017 17:33:37 -0000 Subject: [Infowarrior] - SCOTUS allows resale of used printer cartridges Message-ID: <0DD9E3D9-4136-41BB-8800-6C7427F76FCA@infowarrior.org> Supreme Court allows resale of used printer cartridges By Ali Breland - 05/30/17 01:15 PM EDT 0 http://thehill.com/policy/technology/335633-supreme-court-rules-in-favor-of-resellers-in-patent-case The Supreme Court on Monday ruled unanimously in favor of a company that sold refilled printer cartridges in a patent case with wide implications for the technology industry. The case involved a legal dispute between printer and toner cartridge company, Lexmark, and a small West Virginia based reseller, Impression, which would acquire used Lexmark cartridges, disable chips inside them that prevented unauthorized refills and then resold them to consumers at a lower price. Lexmark argued that Impression?s actions violated patents on their cartridges ? which explicitly prohibit resale and reuse ? and qualified as unauthorized use of their products. In their 8-0 decision in favor of Impression, the court ruled that, ?when a patentee sells one of its products, however, the patentee can no longer control that item through the patent laws?its patent rights are said to ?exhaust,'" even if a patent holder, like Lexmark, tried to set post-sale restrictions. Lexmark also contended that Impression was violating its patents by importing toner cartridges intended for sale abroad back into the United States. The Supreme Court sided against Lexmark on that claim as well, overruling the lower court's decision which backed Lexmark on both issues. The court cited previous cases which found that any patent rights restricting the sale of a product were exhausted when the patent holder sold their product. ?When a patentee chooses to sell an item, that product ?is no longer within the limits of the monopoly? and instead becomes the ?private, individual property? of the purchaser, with the rights and benefits that come along with ownership,? Chief Justice John Roberts wrote in his opinion. Roberts also noted that, ?an authorized sale outside the United States, just as one within the United States, exhausts all rights under the Patent Act,? allowing Impression to lawfully import Lexmark?s toner cartridges back into the U.S. "Lexmark pushes its patent rights to the limit. It tried to restrict the use or resale of patented products after they have already been sold,? said Case Collard, a partner at Dorsey & Whitney who focuses on intellectual property disputes. ?Imagine if you could not resell the patented iPhone that you purchased because Apple continued to enforce its patent rights after it sold the product. This is what Lexmark tried to do with its printer cartridges.? Businesses kept a close eye on the case, which could have an impact beyond the toner cartridge market. Companies like Costco, Intel and HTC feared that a ruling in favor of Lexmark could disrupt their supply chains, and filed briefs in support of Impression. Qualcomm backed Lexmark in an amicus brief, along with IBM, which backed Lexmark's claims on importing their cartridges. The case could also have implications in the fight over the ?right to repair,? a fight between consumers and companies like Apple and John Deere, who try to use their patents, beyond the first sale, to restrict third-party repair of their products. In his opinion, Roberts invoked a hypothetical scenario in which third-party companies were restricted from fixing care. Roberts said it highlighted why extending patent rights after a product's initial sale would cause problems. From rforno at infowarrior.org Wed May 31 10:05:59 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 May 2017 15:05:59 -0000 Subject: [Infowarrior] - =?utf-8?q?Killer_antibiotic_now_25=2C000=C3=97_mo?= =?utf-8?q?re_potent=E2=80=94and_resistant_to_drug_resistance?= Message-ID: Killer antibiotic now 25,000? more potent?and resistant to drug resistance Chemical changes give drug three killing methods plus a way to daze evolution. Beth Mole - 5/31/2017, 10:52 AM https://arstechnica.com/science/2017/05/killer-antibiotic-now-25000x-more-potent-and-resistant-to-drug-resistance/ With clever chemical tweaks, an old antibiotic can dole out any of three lethal blows to some of the deadliest bacteria?and give evolution one nasty concussion. The antibiotic, vancomycin, has always been a heavy hitter against odious germs; it uses one crafty maneuver that can take out even drug-resistant foes and is often used as a last resort. But, with three chemical modifications, reported this week in PNAS, the drug now has three distinct molecular moves to take out pathogens. The menacing modifications render vancomycin at least 25,000 times deadlier. And with that level of potency, dazed bacteria stumble at developing resistance when given the chance in lab experiments. And maybe that should be the real goal in the war against drug-resistant microbes, the authors of the new study?chemists at The Scripps Research Institute in La Jolla, California?argue. ?As an alternative to championing the restricted use of antibiotics or conceding that bacteria will always outsmart us, can durable antibiotics be developed that are capable of continued or even more widespread use?? Perhaps, they write, we should be designing drugs that ?overcome the forces of evolution and selection responsible for bacterial resistance, that are less prone or even impervious to resistance development, that avoid many of the common mechanisms of resistance, and that are more durable than ever before.? It?s not a new idea, but it?s certainly a very hard thing to accomplish. To take a serious swing at evolution, the team, led by chemical biologist Dale Boger, built upon years of detailed structural work on vancomycin. The drug has some useful characteristics for this feat, including that bacteria naturally have trouble resisting it. Vancomycin can kill bacteria with one of the two main types of cell wall structures?so called Gram-positive bacteria, such as Staph aureus. (Bacteria mainly fall into either Gram-positive or Gram-negative categories, which are based on the structures of the protective, rigid walls surrounding their cells. The structure can be figured out using Gram staining, named for bacteriologist Hans Christian Gram. An example of a Gram-negative bacteria is E. coli.) Knock-out drug Unlike other antibiotics, which often target important enzymes or cellular machinery, vancomycin kills Gram-positive bacteria by clamping onto, basically, a molecular brick in their cell wall?linked amino acids D-Alanine-D-Alanine. Vancomycin doesn?t do anything to the brick, it just gets in the way so the wall can?t cement together properly. As such, the wall crumbles apart, destabilizing the bacteria?s structure, leading to cell death. (Gram-negative bacteria use a different wall-building method, so they?re generally safe.) Time has shown that bacteria are bad at evolving resistance to the brick attack?there?s no simple genetic mutation to get around it. In nearly 60 years of clinical use, resistance to vancomycin has developed relatively slowly. And the resistance that has shown up is complicated and bulky: bacteria use a two-component signaling system that first senses if vancomycin is invading, then they trigger a late-stage switch in building materials, swapping D-Alanine-D-Alanine bricks for D-Alanine-D-Lactate in their walls. Facing this defense, vancomycin is a thousandfold less lethal to bacteria. Lucky for us, there is a simple trick to defeat this cumbersome resistance: a chemical tweak to the part of vancomycin?s structure that binds to the brick can make it just as likely to glom onto D-Ala-D-Lac as D-Ala-D-Ala. Enlarge / Three modifications to vancomycin's structure (shown in blue) give it new "mechanisms of action" for fighting infection. Boger Lab With that modification, Boger and his team could crush vancomycin resistance. But they weren?t done. They also figured out how to tweak two other areas of vancomycin?s structure. On the top of the molecule, they added (4-chlorobiphenyl)methyl or CBP, which can pummel an enzyme, called transglycosylase, involved in cell wall construction. Then, the chemists figured out that if they added a quaternary ammonium salt to the left side of the structure, this could punch holes in the cell?s membrane, the delicate barrier underneath the protective wall. Each of the three tweaks could kill bacteria on their own. But together, they make one killer antibiotic. In tests, the triple threat proved to be between 25,000 and 50,000 times deadlier to vancomycin-resistant bacteria than basic vancomycin. It also further slowed the bacteria?s ability to develop resistance. To show this, the chemists forced the hand of evolution. In labs, to goad bacteria into developing resistance to an antibiotic, all one has to do is grow generation after generation of the germs amid sub-lethal doses of the antibiotic. Boger and his team did this with their triple-threat vancomycin as well as versions of the drug that had just one or two lethal modifications. Then, they quantified how much more of each antibiotic they?d need to kill the adapted bacteria compared with the starting bacteria?a proxy for how easily the bacteria developed resistance. After 50 growth cycles, it took up to 128-fold more of the vancomycin with one modification to kill the adapted bacteria. But for the triple-threat vancomycin, the minimum dose necessary to kill only increased four-fold. ?Such antibiotics are expected to display durable antimicrobial activity not prone to rapidly acquired clinical resistance? the authors conclude. But before this can be put to the test in clinics, researchers will have to do animal testing and clinical trials to ensure safety and efficacy. Early toxicology work suggests that the beefed-up vancomycin is safe, however. The chemists are always working to streamline the chemical modification process, which currently requires about 30 steps. From rforno at infowarrior.org Fri May 19 17:28:04 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 May 2017 22:28:04 -0000 Subject: [Infowarrior] - op-ed regarding the value of a free press Message-ID: <68F61214-F255-4BC6-AF55-6049938D05C2@infowarrior.org> Trump attacked the free press, and he got exactly what he deserved By Dana Milbank Opinion writer May 19 at 3:48 PM The president has the greatest self-pity. The best! ?No politician in history, and I say this with great surety, has been treated worse or more unfairly,? Donald Trump said this week as he heard the special prosecutor?s footsteps. Thus did our assured head of state, equal parts narcissistic and uninformed, rank his treatment worse than that of Benito Mussolini (executed corpse beaten and hung upside down in public square), Oliver Cromwell (body disinterred, drawn and quartered, hanged and head hung on spike), Leon Trotsky (exiled and killed with icepick to the skull), William Wallace (dragged naked from horses, eviscerated, emasculated, hanged and quartered) and the headless Louis XVI, Mary Queen of Scots and Charles I. Trump hasn?t been treated badly. He has been treated exactly as he deserved, a reaction commensurate with the action. He took on the institution of a free press ? and it fought back. Trump came to office after intimidating publishers, barring journalists from covering him and threatening to rewrite press laws, and he has sought to discredit the ?fake news? media at every chance. Instead, he wound up inspiring a new golden age in American journalism. Trump provoked the extraordinary work of reporters on the intelligence, justice and national security beats, who blew wide open the Russia election scandal, the contacts between Russia and top Trump officials, and interference by Trump in the FBI investigation. This week?s appointment of a special prosecutor ? a crucial check on a president who lacks self-restraint ? is a direct result of their work. I suspect they won?t be getting Presidential Medals of Freedom anytime soon, so let?s celebrate some of them here. At The Post: Adam Entous, Greg Miller, Ellen Nakashima, Matt Zapotosky, Devlin Barrett, Sari Horwitz, Greg Jaffe and Julie Tate, along with columnist David Ignatius. At the New York Times: Michael Schmidt, Matthew Rosenberg, Adam Goldman, Matt Apuzzo and Scott Shane. The two rivals, combined, have produced one breathtaking scoop after another, including: The Post?s Feb. 9 report that national security adviser Michael Flynn, contrary to the Trump administration?s claims, talked with the Russian ambassador about U.S. sanctions before Trump took office. Flynn was out soon thereafter. The Post?s March 1 report that Jeff Sessions also spoke with the Russian ambassador but did not disclose the contacts when asked about possible contacts during his confirmation as attorney general. He was forced to recuse himself from the Russia investigation. The Post?s March 28 report that the Trump administration tried to block former acting attorney general Sally Yates from testifying on the Trump campaign?s possible Russia ties. She later testified about the White House?s failure to act on warnings about Flynn. The Times?s March 30 report that two White House officials helped provide Devin Nunes, the Republican chairman of the House Intelligence Committee, with intelligence that Nunes made public. Nunes was forced to recuse himself from the committee?s probe. The Post?s report this week that Trump shared highly classified intelligence with Russian officials, jeopardizing the cooperation of allies. And the final blow: The Times?s report this week that Trump asked FBI Director James B. Comey to shut down the FBI?s Flynn investigation, according to a contemporaneous memo Comey wrote before Trump fired him. There were many more, and other outlets have flourished, too. On one day this week, the United States awoke to a report from Reuters that the Trump campaign had at least 18 undisclosed contacts with Russians; a McClatchy report that Flynn, who had been paid as a Turkish representative, stopped a military plan that Turkey opposed; a Times report that the Trump team knew Flynn was under investigation before he started work at the White House; and a Post report that the House majority leader told colleagues last year that he thought Russian President Vladimir Putin was paying Trump. This journalistic triumph, made possible by nameless government officials who risked their jobs and their freedom to get the truth out, is all the more satisfying because it came as a corrective after one of the sorriest episodes in modern journalism: the uncritical, unfiltered and unending coverage of Trump ? particularly by cable news ? that propelled him to the Republican nomination and onward to the presidency. It?s a great relief to have special prosecutor Robert S. Mueller III now keeping his eyes on the executive ? a regent, if you will, to protect against future abuses. This doesn?t mean Trump won?t nuke Denmark tomorrow. But those racked by anxiety for the past four months can exhale: Grown-ups within the government have restored some order. Trump may feel as if he?s been drawn and quartered, but what he?s experienced is the power of a free press in a free country. That is entirely fair, and fitting. From rforno at infowarrior.org Fri May 19 17:31:32 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 May 2017 22:31:32 -0000 Subject: [Infowarrior] - Russian Military Apparently Using Cell Tower Spoofers To Send Propaganda Directly To Ukrainian Soldiers' Phones Message-ID: <4601FCDD-1D00-4A1F-9DC8-67331B8C28EC@infowarrior.org> Russian Military Apparently Using Cell Tower Spoofers To Send Propaganda Directly To Ukrainian Soldiers' Phones from the phrase-'phone's-blowing-up'-just-got-a-bit-darker dept We've often discussed the darker side of the repurposed war tech that's made its way into the hands of local law enforcement. Much like backdoored encryption (something some in law enforcement would like to see), rebranded war surveillance gear like Stingrays may sound great when touted by good guys, but we should never forget bad guys have access to the same equipment. The seldom-discussed capabilities of Stingray devices are on full display in other countries. So far, we haven't seen US law enforcement use Stingrays to intercept communications or purposefully disrupt them. (A lack of public evidence doesn't mean it hasn't happened, however.) The power is there, though. Stingrays act as faux cell towers and force all phones in the area to route their communications through them. This has the potential to be more than merely disruptive to cell service. The devices carry the capability to act as roving wiretaps. They also have the power to act as very frightening purveyors of government propaganda..... < - > https://www.techdirt.com/articles/20170514/15060437365/russian-military-apparently-using-cell-tower-spoofers-to-send-propaganda-directly-to-ukrainian-soldiers-phones.shtml From rforno at infowarrior.org Mon May 22 17:41:12 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 May 2017 22:41:12 -0000 Subject: [Infowarrior] - Lawyer who founded Prenda Law is disbarred Message-ID: Lawyer who founded Prenda Law is disbarred Twenty-one months later, an ethics complaint ends in disbarment. Joe Mullin - 5/22/2017, 10:21 AM John Steele, one of the masterminds behind the Prenda Law "copyright trolling" scheme, has been disbarred. Court papers indicate that Steele agreed to the disbarment, which was announced by the Illinois Supreme Court on Friday. < - > https://arstechnica.com/tech-policy/2017/05/john-steele-porn-troll-who-founded-prenda-law-is-disbarred/ From rforno at infowarrior.org Mon May 22 17:41:12 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 May 2017 22:41:12 -0000 Subject: [Infowarrior] - Sorry East Texas: Supreme Court Slams The Door On Patent Jurisdiction Shopping Message-ID: Sorry East Texas: Supreme Court Slams The Door On Patent Jurisdiction Shopping from the no-more-bulls dept https://www.techdirt.com/articles/20170522/10263437420/sorry-east-texas-supreme-court-slams-door-patent-jurisdiction-shopping.shtml Another Supreme Court case on patents, and another complete smackdown of the Court of Appeals for the Federal Circuit (CAFC), the court that is supposed to be the "expert" on patent cases. This morning the ruling on the TC Heartland case came out, and it could help put an end to jurisdiction shopping for patent cases. As you've probably heard, for years now patent trolls and other aggressive patent litigants have been filing their cases in East Texas, as it's become a jurisdiction that is ridiculous friendly to patent holders. The towns of Marshall and Tyler, Texas have practically built up industries around the fact that they are "patent friendly" jurisdictions. In the past few years, a second favored jurisdiction has popped up: Delaware, after a few academic studies showed that the courts there may have been even more friendly than East Texas. The TC Heartland case was about a case filed in Delaware, and raised the issue of whether or not this kind of patent forum shopping was okay. CAFC, in its usual CAFC manner, said "sure, that's great, we love jurisdiction shopping and have since our 1990 ruling in VE Holding v. Johnson Gas. This was kind of ironic, as one of the key justifications given for setting up CAFC in the first place was to put an end to jurisdiction shopping in patent cases. Either way, CAFC once again blessed the ability of patent holders to sue in plaintiff friendly locations, and the Supreme Court -- which has spent the past decade reteaching patent law to CAFC every chance it gets -- has done so again. Once again, the decision was unanimous, with the court voting 8 - 0 that trolls can't just file over and over again in East Texas (Gorsuch, having just joined the court after the case was heard, did not take part). The opinion, written by Justice Thomas, goes through the history of jurisdiction issues related to where one can bring lawsuits, noting that historically, where a company was incorporated was the proper jurisdiction. While most of the ruling is deep in the weeds about definitions in the law, and whether or not Congress intended to change certain definitions, here's a simplified version of what happened: some have interpreted patent law to mean that a patent holder can sue an alleged infringer anywhere that a product is sold/available. In the age of the internet, this generally means "anywhere." Thus, as long as your product was available in Texas or Delaware, trolls could sue in those locations -- even if the company was nowhere near those locations. Here, however, the Court has said that the lawsuits are supposed to be filed where the company "resides," which it says is the state where the company is incorporated. This is a huge win for companies who are targeted by patent trolls. Rather than being dragged across the country to courts like East Texas or Delaware, which have built up large practices and reputations for supporting patent trolls over actual innovators, now cases will need to be filed where the alleged infringer is actually incorporated. Expect to see the usual whining from patent trolls and their supporters about this -- but just remember: if they have a serious case of infringement, they should be fine filing it wherever the defendants actually are. Their concern is not about how this is somehow bad for patent owners. It's really about how certain courts were biased in their favor and they can no longer take advantage of that. Of course, this might mean that the ice rink in Marshall, Texas needs to find a new sponsor. From rforno at infowarrior.org Mon May 22 17:52:12 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 May 2017 22:52:12 -0000 Subject: [Infowarrior] - POTUS asked intel chiefs to push back against FBI collusion probe Message-ID: <919C7296-B91B-4417-A767-05CCE945BFB6@infowarrior.org> Trump asked intelligence chiefs to push back against FBI collusion probe after Comey revealed its existence By Adam Entous and Ellen Nakashima May 22 at 6:23 PM President Trump asked two of the nation?s top intelligence officials in March to help him push back against an FBI investigation into possible coordination between his campaign and the Russian government, according to current and former officials. Trump made separate appeals to the director of national intelligence, Daniel Coats, and to Adm. Michael S. Rogers, the director of the National Security Agency, urging them to publicly deny the existence of any evidence of collusion during the 2016 election. Coats and Rogers refused to comply with the requests, which they both deemed to be inappropriate, according to two current and two former officials, who spoke on the condition of anonymity to discuss private communications with the president. Trump sought the assistance of Coats and Rogers after FBI Director James B. Comey told the House Intelligence Committee on March 20 that the FBI was investigating ?the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia?s efforts.? Trump?s conversation with Rogers was documented contemporaneously in an internal memo written by a senior NSA official, according to the officials. It is unclear if a similar memo was prepared by the Office of the Director of National Intelligence to document Trump?s conversation with Coats. Officials said such memos could be made available to both the special counsel now overseeing the Russia investigation and congressional investigators, who might explore whether Trump sought to impede the FBI?s work. < - > https://www.washingtonpost.com/world/national-security/trump-asked-intelligence-chiefs-to-push-back-against-fbi-collusion-probe-after-comey-revealed-its-existence/2017/05/22/394933bc-3f10-11e7-9869-bac8b446820a_story.html From rforno at infowarrior.org Tue May 23 09:12:16 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 May 2017 14:12:16 -0000 Subject: [Infowarrior] - Roger Moore, Who Played James Bond Seven Times, Dies Message-ID: <49C08A22-4342-41BD-ACBD-18358D22218B@infowarrior.org> Roger Moore, Who Played James Bond Seven Times, Dies By ANITA GATESMAY 23, 2017 Roger Moore, the dapper British actor who brought tongue-in-cheek humor to the James Bond persona in seven films, eclipsing his television career, which had included starring roles in at least five series, died on Tuesday in Switzerland. He was 89. The death was confirmed in a family statement posted on Twitter. Mr. Moore was the oldest Bond ever hired, taking on the role when he was 46. (Sean Connery, who originated the film character and with whom Mr. Moore was constantly compared, was 33.) He also had the longest run in the role, beginning in 1973 with ?Live and Let Die? and winding up in 1985 with ?A View to a Kill.? https://www.nytimes.com/2017/05/23/arts/roger-moore-dead.html From rforno at infowarrior.org Wed May 24 06:00:42 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 May 2017 11:00:42 -0000 Subject: [Infowarrior] - =?utf-8?q?Republicans_want_to_leave_you_more_voic?= =?utf-8?q?email_=E2=80=94_without_ever_ringing_your_cellphone?= Message-ID: Republicans want to leave you more voicemail ? without ever ringing your cellphone It?s part of a push by groups, including the U.S. Chamber, to relax the FCC?s robocalling rules. by Tony Romm at TonyRomm May 23, 2017, 5:16pm EDT https://www.recode.net/2017/5/23/15681158/political-campaign-robocall-ringless-voicemail-without-ringing-cellphone-republican For years, consumers have warred with telemarketers for ringing their landline phones at all hours of the day. Pretty soon, though, they might find their mobile voicemail under the same sort of assault ? that is, if the U.S. Republican Party and others have their way. The GOP?s leading campaign and fundraising arm, the Republican National Committee, has quietly thrown its support behind a proposal at the Federal Communications Commission that would pave the way for marketers to auto-dial consumers? cellphones and leave them prerecorded voicemail messages ? all without ever causing their devices to ring. Under current federal law, telemarketers and others, like political groups, aren?t allowed to launch robocall campaigns targeting cellphones unless they first obtain a consumer?s written consent. But businesses stress that it?s a different story when it comes to ?ringless voicemail? ? because it technically doesn?t qualify as a phone call in the first place. In their eyes, that means they shouldn?t need a customer or voter?s permission if they want to auto-dial mobile voicemail inboxes in bulk pre-made messages about a political candidate, product or cause. And they want the FCC to rule, once and for all, that they?re in the clear. Their argument, however, has drawn immense opposition from consumer advocates. ?I think it?s unfortunate that there?s a push by any political party to reduce the protections in [the robocall rules] for cellphones,? said Margot Freeman Saunders, who serves as senior counsel at the National Consumer Law Center. In an interview, she stressed that robocalls are partly responsible for consumers? decision to drop their landline phones, and a relaxation of the rules as they apply to voicemail ? backed by the RNC or anyone else ? would leave many ?completely overwhelmed by messages? that they can?t block. For now, the matter rests in the hands of the FCC. Back in March, a marketing firm called All About the Message LLC specifically asked the telecom agency to issue a ruling on the legality of its ?ringless voicemail? technology. In its petition, the company said it doesn?t cause ?disruptions to a consumer?s life,? such as ?dead air calls, calls interrupting consumers at inconvenient times, or delivery charges.? And it stressed that its technology isn?t even a ?call? by conventional standards. As the FCC weighs those legal arguments, it has asked other companies and consumer groups to offer their views. Among those to signal support: The RNC, the Republican Party?s powerful arm for recruiting political candidates and raising big bucks to topple Democratic officeholders. In a comment filed with the FCC on Friday, the RNC said it felt the telecom agency should clear the way for organizations ? including, apparently, itself ? to auto-dial directly to voicemail inboxes with prerecorded pitches. Failing to permit the practice, the RNC warned, could threaten the First Amendment rights of political groups. ?Political organizations like the RNC use all manner of communications to discuss political and governmental issues and to solicit donations ? including direct-to-voicemail messages,? the RNC told the FCC. ?The Commission should tread carefully so as not to burden constitutionally protected political speech without a compelling interest. The RNC did not immediately respond to a request for comment ? including about how it has previously used such a tool. An FCC spokesman also did not immediately respond to Recode. Meanwhile, Democrats do not yet appear to have weighed in with the FCC on ?ringless voicemail,? but a ruling that its use doesn?t violate the country?s anti-robocalling law would certainly open the door for the party ? and others ? to tap the technology if they so desired. It?s not the first time this issue has come before the FCC. Another provider, called VoAPPs, sought the agency?s blessings for ?ringless voicemail? in 2014, but it never received a ruling. Since then, similar campaigns have drawn legal threats ? including All About the Message LLC, which is facing a lawsuit for its use of the technology. To that end, it?s also asking the FCC to spare it from any potential legal liability. (A lawyer for the firm did not immediately respond to a request for comment.) In doing so, its push for ?ringless voicemail? has drawn new support from the business community?s most powerful lobbying group in Washington, D.C. In its own comment to the FCC, also filed Friday, the U.S. Chamber of Commerce lamented the rise of class-action lawsuits targeting companies under the anti-robocall law, called the Telephone Consumer Protection Act, or TCPA. To that end, it also urged the FCC to stand down. ?The Commission cannot continue to sweep new technologies into this technologically archaic statute,? the Chamber said. From rforno at infowarrior.org Fri May 26 18:34:43 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 May 2017 23:34:43 -0000 Subject: [Infowarrior] - Russian ambassador told Moscow that Kushner wanted secret communications channel with Kremlin Message-ID: <7EA8A2B9-46D0-4BA2-BA92-827019957529@infowarrior.org> We are truly in WTF-land now. --- rick Russian ambassador told Moscow that Kushner wanted secret communications channel with Kremlin By Ellen Nakashima, Adam Entous and Greg Miller May 26 at 7:01 PM Jared Kushner and Russia?s ambassador to Washington discussed the possibility of setting up a secret and secure communications channel between Trump?s transition team and the Kremlin, using Russian diplomatic facilities in an apparent move to shield their pre-inauguration discussions from monitoring, according to U.S. officials briefed on intelligence reports. Ambassador Sergei Kislyak reported to his superiors in Moscow that Kushner, son-in-law and confidant to then-President-elect Trump, made the proposal during a meeting on Dec. 1 or 2 at Trump Tower, according to intercepts of Russian communications that were reviewed by U.S. officials. Kislyak said Kushner suggested using Russian diplomatic facilities in the United States for the communications. The meeting also was attended by Michael Flynn, Trump?s first national security adviser. The White House disclosed the fact of the meeting only in March, playing down its significance. But people familiar with the matter say the FBI now considers the encounter, as well as another meeting Kushner had with a Russian banker, to be of investigative interest. < - > https://www.washingtonpost.com/world/national-security/russian-ambassador-told-moscow-that-kushner-wanted-secret-communications-channel-with-kremlin/2017/05/26/520a14b4-422d-11e7-9869-bac8b446820a_story.html From rforno at infowarrior.org Sat May 27 09:22:17 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 27 May 2017 14:22:17 -0000 Subject: [Infowarrior] - Russian Hackers Are Using Google's Own Infrastructure to Hack Gmail Users Message-ID: Russian Hackers Are Using Google's Own Infrastructure to Hack Gmail Users https://motherboard.vice.com/en_us/article/russian-hackers-are-using-googles-own-infrastructure-to-hack-gmail-users Russian government hackers seem to have figured out that sometimes the best way to hack into people's Gmail accounts is be to abuse Google's own services. On Thursday, researchers exposed a massive Russian espionage and disinformation campaign using emails designed to trick users into giving up their passwords, a technique that's known as phishing. The hackers targeted more than 200 victims, including, among others, journalists and activists critical of the Russian government, as well as people affiliated with the Ukrainian military, and high-ranking officials in energy companies around the world, according to a new report. Researchers at the Citizen Lab, a digital rights research group at the University of Toronto's Munk School of Global Affairs, were able to identify all these victims following clues left in two phishing emails sent to David Satter, an American journalist and academic who's written Soviet and modern Russia, and who has been banned from the country in 2014. < - > The "Change Password" button linked to a short URL from the Tiny.cc link shortener service, a Bitly competitor. But the hackers cleverly disguised it as a legitimate link by using Google's Accelerated Mobile Pages, or AMP. This is a service hosted by the internet giant that was originally designed to speed up web pages on mobile, especially for publishers. In practice, it works by creating a copy of a website's page on Google's servers, but it also acts as an open redirect. According to Citizen Lab researchers, the hackers used Google AMP to trick the targets into thinking the email really came from Google. < - > From rforno at infowarrior.org Tue May 9 17:41:49 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 09 May 2017 22:41:49 -0000 Subject: [Infowarrior] - WH circulates negative stories about Comey after firing Message-ID: <25B3FFB8-0A79-4C58-A528-AC594234B3B3@infowarrior.org> White House circulates negative stories about Comey after firing By Jordan Fabian - 05/09/17 06:30 PM EDT http://thehill.com/homenews/administration/332622-white-house-circulates-negative-stories-about-comey-after-firing From rforno at infowarrior.org Tue May 9 19:18:58 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 May 2017 00:18:58 -0000 Subject: [Infowarrior] - US may expand laptop ban to European flights: report Message-ID: <72616F5F-6037-4FF9-AEE6-8116B4266C94@infowarrior.org> US may expand laptop ban to European flights: report By Melanie Zanona - 05/09/17 11:52 AM EDT 5 http://thehill.com/policy/transportation/332523-us-may-expand-laptop-ban-to-include-european-flights-report The Department of Homeland Security (DHS) is allegedly considering expanding a laptop ban on certain flights from the Middle East and Africa to include U.S.-bound flights from Europe and the United Kingdom. CBS News reported Monday night that DHS officials are actively weighing the benefits and possible travel disruptions associated with widening the security measure, with officials regularly meeting with U.S. airlines to discuss the issue. A decision could be made in the next few weeks, according to the report, which would put it ahead of the busy summer travel season. "We have not made any decisions on expanding the electronics ban; however, we are continuously assessing security directives based on intelligence and will make changes when necessary to keep travelers safe,? a Transportation Security Administration (TSA) spokesperson said in a statement. The DHS implemented a new policy in March prohibiting passengers from carrying electronic devices larger than a cellphone ? such as laptops, tablets, cameras and portable DVD players ? onto the cabins of certain U.S.-bound flights. Those items can still be stowed in checked luggage, however. The indefinite ban applies to 10 different airports in Jordan, Turkey, Saudi Arabia, Kuwait, Egypt, Qatar, Morocco and the United Arab Emirates. The DHS has repeatedly signaled that the ban could be expanded to other airports and cities. Senior administration officials said the new security protocols come in response to intelligence that indicates terrorist groups are ?aggressively pursuing innovative methods? to smuggle explosive devices onto commercial flights. The U.S. government has long been concerned about terrorists hiding explosives in consumer electronics and trying to build bombs with little or no metal, but new intelligence may have spurred the recent airline action. But the electronics ban has worried travel advocates, who fear it will hurt global business and tourism. A number of Gulf carriers impacted by the policy have come up with workarounds, such as offering loaner laptops on flights or allowing passengers to check large electronics at the gate just prior to boarding. From rforno at infowarrior.org Tue May 9 19:20:23 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 May 2017 00:20:23 -0000 Subject: [Infowarrior] - related: U.N. aviation agency seeks global approach to laptop ban Message-ID: Tue May 9, 2017 | 8:11pm EDT U.N. aviation agency seeks global approach to laptop ban By Allison Lampert and Tim Hepher | MONTREAL/PARIS http://www.reuters.com/article/us-usa-airlines-electronics-icao-idUSKBN1852F9 A United Nations agency has launched an effort to craft global guidance for the use of laptops and other portable electronics in passenger aircraft cabins after selective bans by the United States and Britain upset airline passengers as well as Middle Eastern carriers. The International Civil Aviation Organization (ICAO) met on Tuesday to debate the issue after the United Arab Emirates, Egypt and other countries complained their airlines had been unduly penalized by the decision to relegate laptops to the cargo hold on some flights due to security concerns, three sources familiar with the matter said. But while ICAO aims to come up with global recommendations to counter the risk from hidden explosives in laptops, the agency cannot override or prevent national measures such as the U.S. and UK bans, said one of the aviation industry sources, who spoke on condition of anonymity because the talks are private. In March, the U.S. announced laptop restrictions on flights originating from 10 airports in countries including the UAE, Qatar and Turkey. Britain quickly followed suit with restrictions on a slightly different set of routes. An ICAO working paper seen by Reuters threw its weight behind concerns that laptops are a greater security risk in the passenger cabin than in the hold, because of the threat that hidden explosives could be detonated manually. "The threat to aircraft from concealed improvised explosive devices has been the greatest security risk to commercial aircraft for some years," it warned. But ICAO has also asked its experts to weigh this against the safety risk of storing a larger number of flammable batteries unattended in a commercial aircraft's baggage compartment. European regulators have warned placing what could be hundreds of devices in the hold on long-haul flights could compromise safety by increasing the risk of fire from poorly deactivated lithium-ion batteries. Patrick Ky, the head of the European Aviation Safety Agency told Reuters that it wants airlines to be careful about how they store laptops by avoiding placing them in a single container, for example. "Should we go further? I don't think so for the time being. But in case we have a fire risk that we think is high, then of course we would take the necessary actions," Ky added. ICAO's aviation security panel is expected to make recommendations by mid-June, an ICAO spokesman said. ICAO, which is headquartered in Montreal, does not impose binding rules, but wields clout through safety and security standards that are usually followed by its 191-member countries. ICAO has been asked "to identify a possible global approach to mitigate the security risk associated with large portable electronic devices," according to the paper. Some countries, such as Australia, are introducing new security checks, but not bans, on flights from specific Middle East countries to combat the risk of hidden bombs. During an informal ICAO briefing in April, some countries including the UAE complained that the ban risks creating "market distortions," the three sources said. The ban is seen as a problem for fast-growing Gulf airlines serving business-class passengers, who want to work on their laptops on flights out of key hubs like Dubai and Doha. But aviation and security sources have largely dismissed reports that the partial bans are a form of protectionism against the Gulf carriers, saying they are based on concrete security concerns. UAE regulators could not be reached for comment. (Reporting by Allison Lampert in Montreal, additional reporting by Tim Hepher in Paris and Alexander Cornwell in Dubai; editing by Bernard Orr, G Crosse) From rforno at infowarrior.org Tue May 9 20:13:29 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 May 2017 01:13:29 -0000 Subject: [Infowarrior] - CNN exclusive: Grand jury subpoenas issued in FBI's Russia investigation Message-ID: <23006577-FC6F-436F-ADF6-1D303988FFF4@infowarrior.org> CNN exclusive: Grand jury subpoenas issued in FBI's Russia investigation By Evan Perez, Shimon Prokupecz and Pamela Brown, CNN Updated 9:06 PM ET, Tue May 9, 2017 Washington (CNN)Federal prosecutors have issued grand jury subpoenas to associates of former National Security Advisor Michael Flynn seeking business records, as part of the ongoing probe of Russian meddling in last year's election, according to people familiar with the matter. CNN learned of the subpoenas hours before President Donald Trump fired FBI director James Comey. The subpoenas represent the first sign of a significant escalation of activity in the FBI's broader investigation begun last July into possible ties between Trump campaign associates and Russia. < - > http://www.cnn.com/2017/05/09/politics/grand-jury-fbi-russia/index.html From rforno at infowarrior.org Wed May 10 08:14:15 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 May 2017 13:14:15 -0000 Subject: [Infowarrior] - OpEd - Michael Hayden: When Trump's Washington starts to resemble Nicaragua Message-ID: <442B8C8F-715A-497B-A6EE-FA9C236CA394@infowarrior.org> Michael Hayden: When Trump's Washington starts to resemble Nicaragua By Gen. Michael Hayden, opinion contributor - 05/10/17 08:30 AM EDT 36 http://thehill.com/blogs/pundits-blog/the-administration/332696-michael-hayden-when-trumps-washington-starts-to Ousted FBI Director Jim Comey and I have a history. We weren't always on the same side of issues during the George W. Bush administration. Most famously, in March 2004, he opposed and threatened to resign over one aspect of the Terrorist Surveillance Program that I had been running since late 2001. That said, I have always found Jim Comey to be principled. He has always been his own man. Indeed, some of his critics would claim that he has that last trait to excess. That's why I was comforted that he was running last year's investigation into Hillary Clinton's emails. It's also why I thought he was the right person to run the current investigation into Russian interference in the U.S. election and whether (or not) there was any collusion between the Russians and anyone affiliated with the Trump campaign. The world got a glimpse of his principles (and his stubbornness) in late March during an open congressional hearing when Comey pointedly contradicted President Trump by saying that he had no knowledge that the phones at Trump Tower had been tapped. NSA Director Mike Rogers rounded out the denial that day by saying that neither NSA nor its British counterpart GCHQ had done it. The public explanation for Comey's dismissal was his handling of last summer's investigation into Hillary Clinton's email server. Then he cut himself loose from the senior leadership at the Department of Justice to decline prosecution, publicly humiliate the presidential candidate for being ?extremely careless,? and then re-open and subsequently re-close the investigation within eleven days of the election. I've second-guessed Comey on a lot of this, but I've always added that the FBI director was forced to work ?off the map,? navigating uncharted territory, so critics might want to cut him a little slack. Indeed, candidate Trump made full use of the material Comey had provided him in last July?s critique of Clinton, and he later called the director ?gutsy? for reopening the investigation in October. If Tuesday?s firing was really about Comey's performance last year, the time to let him go was January, during the transition, when every new president is given the chance (indeed, expected) to reboot the senior leadership of the government. Comey has done nothing to add or subtract from last year's performance since the inauguration, except to unsurprisingly reiterate earlier this week that he has no regrets (and that the enormity of the issues sometimes made him a little sick). And yet he is gone. And one suspects that last summer did indeed have something to do with it. Not because the president was suddenly seized with concern about how Clinton was handled, but perhaps out of fear that Comey could reprise his independent, attorney general-free performance this year as the Russia investigation advances. One hopes that that investigation goes forward unimpeded. It is being run by FBI career professionals and they should demand and expect to get all the resources, focus, priority and attention they need from a new director. Comey was interested enough that he reportedly received routine, personal updates on the investigation. Tuesday?s firing, though, will shake public and Congressional confidence in that effort and will light the fuse for a special prosecutor. I generally oppose those in favor of regular order, but today's events may prove the exception. I certainly have a more open mind about it than I did at lunch. There is also the question of truth to power and the effect this whole episode will have on the bureau and the rest of government. A lot has been made about the role of career professionals ? what I call the permanent government, what Steve Bannon might label the deep state ? in helping an impulsive, inexperienced, often fact-free, tweet-driven president to govern effectively. Today's events suggest that may require more bureaucratic courage than we may have anticipated, indeed perhaps more bureaucratic courage than the bureaucracy can routinely muster. In 110 days of governing, the Trump administration has fired a national security advisor, an acting attorney general, and an FBI director. The last two were let go shortly after publicly opposing an administration position. And in both cases they were proven right. The courts agreed with Sally Yates? opposition to the immigration ban, and no one (except maybe Sean Hannity) believes that the FBI wiretapped Trump Tower. With three high profile firings in quick succession, it's beginning to feel a little bit like Nicaragua around here. A very pro-American European friend weighed in with me by email shortly after the White House announcement: ?Astonishing. Your institutions appear to be in meltdown.? He has a point. Gen. Michael Hayden is a former director of the CIA and the National Security Agency. From rforno at infowarrior.org Thu May 11 06:46:39 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 May 2017 11:46:39 -0000 Subject: [Infowarrior] - Dep AG threatend to quit Tues night Message-ID: DOJ official who recommended Comey's firing threatened to resign: report By Mallory Shelbourne - 05/11/17 07:15 AM EDT 15 http://thehill.com/homenews/administration/332886-official-who-recommended-comey-firing-offered-to-resign-amid-uproar Deputy Attorney General Rod Rosenstein threatened to quit after the White House cast his recommendation as the sole reason FBI Director James Comey was fired, according to The Washington Post. Rosenstein in his recommendation to President Trump cited Comey?s handling of the FBI?s investigation into Hillary Clinton?s private server as a reason for Comey's dismissal. Trump had asked Rosenstein and Attorney General Jeff Sessions to put in writing a rationale for firing the former FBI director, the Post reported. The Trump administration has provided several explanations for Comey?s firing since Tuesday. Trump said Wednesday that Comey was not ?doing a good job,? while White House Deputy Press Secretary Sarah Huckabee Sanders said Comey had committed ?atrocities? while leading the bureau. Trump on Tuesday fired Comey, saying it was time for ?a new beginning? at the FBI. ?While I greatly appreciate you informing me, on three separate occasions, that I am not under investigation, I nevertheless concur with the judgment of the Department of Justice that you are not able to lead the bureau,? Trump wrote in the letter. From rforno at infowarrior.org Thu May 11 06:48:31 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 May 2017 11:48:31 -0000 Subject: [Infowarrior] - OT: New F.B.I.-Director Job Application Message-ID: <50850FCE-36DF-4996-83DE-FDAAB3362C94@infowarrior.org> (I'd call this 'humour' but there's no humour in any of this right now. -- rick) New F.B.I.-Director Job Application By River Clegg May 10, 2017 http://www.newyorker.com/humor/daily-shouts/new-f-b-i-director-job-application From rforno at infowarrior.org Thu May 11 18:56:39 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 May 2017 23:56:39 -0000 Subject: [Infowarrior] - HP laptops covertly log user keystrokes, researchers warn Message-ID: <975B9C62-C136-4397-BCFF-B2C5CDCB0874@infowarrior.org> HP laptops covertly log user keystrokes, researchers warn by Dan Goodin - May 11, 2017 2:50pm EDT HP is selling more than two dozen models of laptops and tablets that covertly monitor every keystroke a user makes, security researchers warned Thursday. The devices then store the key presses in an unencrypted file on the hard drive. The keylogger is included in a device driver developed by Conexant, a manufacturer of audio chips that are included in the vulnerable HP devices. That's according to an advisory published by modzero, a Switzerland-based security consulting firm. One of the device driver components is MicTray64.exe, an executable file that allows the driver to respond when a user presses special keys. It turns out that the file sends all keystrokes to a debugging interface or writes them to a log file available on the computer's C drive. "This type of debugging turns the audio driver effectively into keylogging spyware," modzero researchers wrote. "On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015." The log file?located at C:\Users\Public\MicTray.log?is overwritten after each computer reboot, but there are several ways that the contents could survive for weeks, or even indefinitely. Forensic tools make restoring deleted or overwritten files easy. And in the event the computer is backed up regularly, the backups would contain a comprehensive history of everything that was typed on the keyboard?including passwords, e-mails, and contacts. Modzero researchers said they issued the public advisory after both HP and Conexant failed to respond to messages privately reporting the findings. In technical details that accompanied Thursday's advisory, the modzero researchers added: < - > https://arstechnica.com/security/2017/05/hp-laptops-covert-log-every-keystroke-researchers-warn/ From rforno at infowarrior.org Fri May 12 06:42:47 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 May 2017 11:42:47 -0000 Subject: [Infowarrior] - Humanities teach students to think. Where would we be without them? Message-ID: Humanities teach students to think. Where would we be without them? https://www.theguardian.com/commentisfree/2017/may/12/humanities-students-budget-cuts-university-suny Following announced funding cuts in US universities, is it entirely paranoid to wonder if humanities are under attack because they enable students to think? Friday 12 May 2017 06.00 EDT Humanities departments in America are once again being axed. The reasons, one hears, are economic rather than ideological. It?s not that schools don?t care about the humanities ? they just can?t afford them. But if one looks at these institutions? priorities, one finds a hidden ideology at work. Earlier this month, the State University of New York (Suny) Stony Brook, announced a plan to eliminate several of the college?s well-regarded departments for budgetary reasons. Undergraduates will no longer be able to major in Comparative Literature, in Cinema and Cultural Studies, or in Theater Arts. Three doctoral programs would be cut, and three departments (European Languages and Literature, Hispanic Languages and Literature, and Cultural Studies) would be merged into one. Not only students but faculty will be affected; many untenured teachers would lose their jobs, and doctoral candidates would have to finish their studies elsewhere. This is happening at a time in which high salaries are awarded to college administrators that dwarf those of junior or even a senior faculty member teaching in at-risk departments. That discrepancy can only be explained through ideology. The decision to reduce education to a corporate consumer-driven model, providing services to the student-client, is ideological too. Suny Stony Brook is spending millions on a multiyear program entitled ?Far Beyond? that is intended to ?rebrand? the college?s image: a redesigned logo and web site, new signs, banners and flags throughout the campus. Do colleges now care more about how a school looks and markets itself than about what it teaches? Has the university become a theme park: Collegeland, churning out workers trained to fill particular niches? Far beyond what? The threat of cuts that Suny Stony Brook is facing is not entirely new. In 2010, Suny Albany announced that it was getting rid of its Russian, classics, theater, French and Italian departments ? a decision later rescinded. The University of Pittsburgh has cut its German, classics, and religious studies program. This problem has parallels internationally. In the UK, protests greeted Middlesex University?s 2010 decision to phase out its philosophy department. In June 2015, the Japanese minister of education sent a letter to the presidents of the national universities of Japan, suggesting they close their graduate and undergraduate departments in the humanities and social sciences and focus on something more practical. Most recently, the Hungarian government announced restrictions that would essentially make it impossible for the Central European University, funded by George Soros, to function in Budapest. These are hard times. Students need jobs when they graduate. But a singular opportunity has been lost if they are denied the opportunity to study foreign languages, the classics, literature, philosophy, music, theater and art. When else in their busy lives will they get that chance? Eloquent defenses of the humanities have appeared, essays explaining why we need these subjects, what their loss would mean. Those of us who teach and study are aware of what these areas of learning provide: the ability to think critically and independently; to tolerate ambiguity; to see both sides of an issue; to look beneath the surface of what we are being told; to appreciate the ways in which language can help us understand one another more clearly and profoundly ? or, alternately, how language can conceal and misrepresent. They help us learn how to think, and they equip us to live in ? to sustain ? a democracy. Studying the classics and philosophy teaches students where we come from, and how our modes of reasoning have evolved over time. Learning foreign languages, and about other cultures, enables students to understand how other societies resemble or differ from our own. Is it entirely paranoid to wonder if these subjects are under attack because they enable students to think in ways that are more complex than the reductive simplifications so congenial to our current political and corporate discourse? I don?t believe that the humanities can make you a decent person. We know that Hitler was an ardent Wagner fan and had a lively interest in architecture. But literature, art and music can focus and expand our sense of what humans can accomplish and create. The humanities teach us about those who have gone before us; a foreign language brings us closer to those with whom we share the planet. The humanities can touch those aspects of consciousness that we call intellect and heart ? organs seemingly lacking among lawmakers whose views on health care suggest not only zero compassion but a poor understanding of human experience, with its crises and setbacks. Courses in the humanities are as formative and beneficial as the classes that will replace them. Instead of Shakespeare or French, there will be (perhaps there already are) college classes in how to trim corporate spending ? courses that instruct us to eliminate ?frivolous? programs of study that might actually teach students to think. From rforno at infowarrior.org Fri May 12 09:03:27 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 May 2017 14:03:27 -0000 Subject: [Infowarrior] - POTUS Warns Comey and Says He May Cancel Press Briefings Message-ID: <6801A6DE-13C7-45FC-B422-618C88273949@infowarrior.org> (We go from insane to insane-er. There is no final depth to this national crapfest. -- rick) Trump Warns Comey and Says He May Cancel Press Briefings Peter Baker https://www.nytimes.com/2017/05/12/us/politics/trump-threatens-retaliation-against-comey-warns-he-may-cancel-press-briefings.html The president also expressed pique at attention on the shifting versions of how he came to decide to fire Mr. Comey. In his first extended comments on the firing on Thursday, Mr. Trump contradicted statements made by his White House spokeswoman as well as comments made to reporters by Vice President Mike Pence and even the letter the president himself signed and sent to Mr. Comey informing him of his dismissal. The original White House version of the firing was that the president acted on the recommendation of the attorney general and deputy attorney general because of Mr. Comey?s handling of last year?s investigation into Hillary Clinton?s email. But in an interview with NBC News on Thursday, Mr. Trump said he had already decided to fire Mr. Comey and would have done so regardless of any recommendation. And he indicated that he was thinking about the Russia investigation when he made the decision. Mr. Trump said on Friday morning that no one should expect his White House to give completely accurate information. ?As a very active President with lots of things happening, it is not possible for my surrogates to stand at podium with perfect accuracy!? he wrote on Twitter. ?Maybe,? he added a few moments later, ?the best thing to do would be to cancel all future ?press briefings? and hand out written responses for the sake of accuracy???? The threat may have been just a rhetorical point, but Mr. Trump by his own description likes to be unpredictable and does not feel obligated to follow longstanding White House conventions simply because that is the way they have been done for years. Every president in modern times has been frustrated with the news media at points, but they all preserved the tradition of the daily briefing. Mr. Trump?s mention of tapes did nothing to dispel the echoes of Watergate heard in Washington this week. His dismissal of Mr. Comey in the midst of an investigation into Mr. Trump?s associates struck many as similar to President Richard M. Nixon?s decision in October 1973 to fire Archibald Cox, the Watergate special prosecutor, in an incident that came to be known as the Saturday Night Massacre. In that case, Nixon was mad at Mr. Cox for seeking access to secret White House tapes of the president?s conversations. Ultimately, the Supreme Court forced Nixon to turn over the tapes, which contained evidence pointing to his involvement in the cover-up of the Watergate burglary and led to his resignation in August 1974. Mr. Trump?s defenders have said Watergate comparisons are overwrought and that there is no evidence of collusion between Mr. Trump?s campaign and Russia during last year?s election. American intelligence agencies have concluded that Russia tried to meddle in the campaign with the aim of tilting the election to Mr. Trump. The president has said any suspicions of collusion are ?fake news? and that the Russia investigation is the product of Democrats who are sore losers looking to explain away an election defeat and undermine his legitimacy. ?Again, the story that there was collusion between the Russians & Trump campaign was fabricated by Dems as an excuse for losing the election,? he wrote on Twitter on Friday morning. He added later that James R. Clapper Jr., the former director of national intelligence, has testified that he knew of no collusion. Mr. Clapper left office on Jan. 20 with the end of President Barack Obama?s administration and has not been involved in the investigation since then. ?When James Clapper himself, and virtually everyone else with knowledge of the witch hunt, says there is no collusion, when does it end?? Mr. Trump asked. From rforno at infowarrior.org Fri May 12 09:18:44 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 May 2017 14:18:44 -0000 Subject: [Infowarrior] - FBI: Our Oath of Office Message-ID: <5D225F9D-E662-4AAB-A6CA-0CEF37C93BD8@infowarrior.org> Our Oath of Office A Solemn Promise By Jonathan L. Rudd, J.D. https://www2.fbi.gov/publications/leb/2009/september2009/oath.htm < - > "It is significant that we take an oath to support and defend the Constitution and not an individual leader, ruler, office, or entity. This is true for the simple reason that the Constitution is based on lasting principles of sound government that provide balance, stability, and consistency through time. A government based on individuals?who are inconsistent, fallible, and often prone to error?too easily leads to tyranny on the one extreme or anarchy on the other. The founding fathers sought to avoid these extremes and create a balanced government based on constitutional principles." < - > From rforno at infowarrior.org Fri May 12 09:22:37 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 May 2017 14:22:37 -0000 Subject: [Infowarrior] - POTUS signs cybersecurity exec order Message-ID: White House Office of the Press Secretary For Immediate Release May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal From rforno at infowarrior.org Fri May 12 09:37:33 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 May 2017 14:37:33 -0000 Subject: [Infowarrior] - A Conversation With Ross Anderson [5.8.17] Message-ID: <9E2DE61F-E6C6-4A4C-A95F-C5262707A8E4@infowarrior.org> A Conversation With Ross Anderson [5.8.17] ROSS ANDERSON is professor of security engineering at Cambridge University, and one of the founders of the field of information security economics. He chairs the Foundation for Information Policy Research, is a fellow of the Royal Society and the Royal Academy of Engineering, and is a winner of the Lovelace Medal, the UK?s top award in computing. Ross Anderson's Edge Bio Page https://www.edge.org/conversation/ross_anderson-the-threat From rforno at infowarrior.org Fri May 12 13:30:26 2017 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 May 2017 18:30:26 -0000 Subject: [Infowarrior] - Apparent NSA tools behind massive hospital ransomware attacks around the world Message-ID: <3E54110C-13BF-43EF-B788-DED7D61AE2B2@infowarrior.org> Apparent NSA tools behind massive hospital ransomware attacks around the world By Eric Geller 05/12/17 02:07 PM EDT http://www.politico.com/story/2017/05/12/nsa-hacking-tools-hospital-ransomware-attacks-wannacryptor-238328 Leaked alleged NSA hacking tools appear to be behind a massive ransomware campaign disrupting hospitals and companies across Europe. In Spain, the country's Computer Emergency Readiness Team said that the ransomware is a modified version of the WannaCryptor toolkit. The malware was included in an online April dump from a group calling itself the Shadow Brokers, which released what they said were NSA tools. Experts have said the leaked tools appear legitimate. Spain?s CERT said the ransomware that is spreading ?infects the machine by encrypting all its files" and allows the attackers to remotely control the network. The malware is also then "distributed to other Windows machines in that same network,? Spain?s CERT said. The Spanish organization pointed to a Microsoft security update from March offering a fix for the flaw. Security researchers generally assume that the NSA secretly notified Microsoft about this and other code flaws once it discovered that they had been stolen. Britain?s National Health Service confirmed that the ransomware was a WannaCry variant called WannaCryptor. The WannaCryptor ransomware has crippled hospitals and other companies in the United Kingdom, Spain, Russia and many other countries, and researchers say it has reached the U.S. The cyberattack has forced at least two London hospitals to stop admitting new patients with serious medical conditions, according to a British health reporter. From rforno at infowarrior.org Fri May 12 22:19:27 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 13 May 2017 03:19:27 -0000 Subject: [Infowarrior] - Sinclair Requires TV Stations to Air Segments That Tilt to the Right Message-ID: Sinclair Requires TV Stations to Air Segments That Tilt to the Right By SYDNEY EMBERMAY 12, 2017 They are called ?must-runs,? and they arrive every day at television stations owned by the Sinclair Broadcast Group ? short video segments that are centrally produced by the company. Station managers around the country are directed to work them into the broadcast over a period of 24 or 48 hours. Since November 2015, Sinclair has ordered its stations to run a daily segment from a ?Terrorism Alert Desk? with updates on terrorism-related news around the world. During the election campaign last year, it sent out a package that suggested in part that voters should not support Hillary Clinton because the Democratic Party was historically pro-slavery. More recently, Sinclair asked stations to run a short segment in which Scott Livingston, the company?s vice president for news, accused the national news media of publishing ?fake news stories.? As Sinclair prepares to expand its stable of local TV stations with a proposed acquisition of Tribune Media ? which would add 42 stations to Sinclair?s 173 ? advocacy groups have shown concern about the size and reach the combined company would have. Its stations would reach more than 70 percent of the nation?s households, including many of the largest markets. Critics of the deal also cite Sinclair?s willingness to use its stations to advance a mostly right-leaning agenda. That practice has stirred wariness among some of its journalists concerned about intrusive direction from headquarters. That is what has happened in Seattle, a progressive city where Sinclair owns the KOMO broadcast station. In interviews over the past several days, eight current and former KOMO employees described a newsroom where some have chafed at Sinclair?s programming directives, especially the must-runs, which they view as too politically tilted and occasionally of poor quality. They also cited features like a daily poll, which they believe sometimes asks leading questions. < - > https://www.nytimes.com/2017/05/12/business/media/sinclair-broadcast-komo-conservative-media.html From rforno at infowarrior.org Fri May 12 22:21:20 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 13 May 2017 03:21:20 -0000 Subject: [Infowarrior] - Fwd: Worldwide Threat Assessment of the US Intelligence Community - 11 MAY 2017 References: <824576206.1164688.1494613848214@mail.yahoo.com> Message-ID: <28D99F3B-3F18-4DEC-9A60-4BDB9F33A423@infowarrior.org> > Begin forwarded message: > > From: Mark > Subject: Worldwide Threat Assessment of the US Intelligence Community - 11 MAY 2017 > Date: May 12, 2017 at 2:30:48 PM EDT > > > https://www.dni.gov/index.php/newsroom/congressional-testimonies/item/1757-statement-for-the-record-worldwide-threat-assessment-of-the-u-s-intelligence-community-before-the-ssci > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Sun May 14 09:16:54 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 May 2017 14:16:54 -0000 Subject: [Infowarrior] - =?utf-8?q?OT=3A_The_Republican=E2=80=99s_Guide_to?= =?utf-8?q?_Presidential_Behavior?= Message-ID: The Republican?s Guide to Presidential Behavior https://www.nytimes.com/2017/05/13/opinion/sunday/the-republicans-guide-to-presidential-behavior.html By THE EDITORIAL BOARD MAY 13, 2017 It wasn?t so long ago that Republicans in Congress cared about how a president comported himself in office. They cared a lot! The president is, after all, commander in chief of the armed forces, steward of the most powerful nation on earth, role model for America?s children ? and he should act at all times with the dignity his station demands. It?s not O.K. to behave in a manner that demeans the office and embarrasses the country. Shirt sleeves in the Oval Office? Disrespectful. Shoes on the Resolute desk? Even worse. Lying? Despicable, if not impeachable. Now seems like a good moment to update the standards. What do Paul Ryan, Mitch McConnell and other Republican leaders think a president may say or do and still deserve their enthusiastic support? We offer this handy reference list in hopes of protecting them from charges of hypocrisy in the future. They can consult it should they ever feel tempted to insist on different standards for another president. So, herewith, the Congressional Republican?s Guide to Presidential Behavior. If you are the president, you may freely: ? attack private citizens on Twitter ? delegitimize federal judges who rule against you ? refuse to take responsibility for military actions gone awry ? fire the F.B.I. chief in the middle of his expanding investigation into your campaign and your associates ? accuse a former president, without evidence, of an impeachable offense ? employ top aides with financial and other connections to a hostile foreign power ? blame the judiciary, in advance, for any terror attacks ? call the media ?the enemy of the American people? ? demand personal loyalty from the F.B.I. director ? threaten the former F.B.I. director ? accept foreign payments to your businesses, in possible violation of the Constitution ? occupy the White House with the help of a hostile foreign power ? intimidate congressional witnesses ? allow White House staff members to use their personal email for government business ? neglect to fill thousands of crucial federal government positions for months ? claim, without evidence, that millions of people voted illegally ? fail to fire high-ranking members of your national security team for weeks, even after knowing they lied to your vice president and exposed themselves to blackmail ? refuse to release tax returns ? hide the White House visitors? list from the public ? vacation at one of your private residences nearly every weekend ? use an unsecured personal cellphone ? criticize specific businesses for dropping your family members? products ? review and discuss highly sensitive intelligence in a restaurant, and allow the Army officer carrying the ?nuclear football? to be photographed and identified by name ? obstruct justice ? hire relatives for key White House posts, and let them meet with foreign officials and engage in business at the same time ? promote family businesses on federal government websites ? tweet, tweet, tweet ? collude with members of Congress to try to shut down investigations of you and your associates ? threaten military conflict with other nations in the middle of news interviews ? compare the U.S. intelligence community to Nazis ? display complete ignorance about international relations, your own administration?s policies, American history and the basic structure of our system of government ? skip daily intelligence briefings ? repeat untruths ? lie If you?re a Republican legislator, stick this list on the fridge and give it a quick read the next time you get upset at a president. From rforno at infowarrior.org Sun May 14 09:18:11 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 May 2017 14:18:11 -0000 Subject: [Infowarrior] - =?utf-8?q?Global_cyberattack_shows_why_phone_make?= =?utf-8?b?cnMgd29u4oCZdCBjcmVhdGUg4oCYYmFjayBkb29yc+KAmSBmb3IgVVMgc3B5?= =?utf-8?q?_agencies?= Message-ID: Global cyberattack shows why phone makers won?t create ?back doors? for US spy agencies PUBLISHED : Sunday, 14 May, 2017, 3:13pm UPDATED : Sunday, 14 May, 2017, 10:08pm http://www.scmp.com/news/world/europe/article/2094272/global-cyberattack-shows-why-phone-makers-wont-create-back-doors From rforno at infowarrior.org Sun May 14 09:29:08 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 May 2017 14:29:08 -0000 Subject: [Infowarrior] - =?utf-8?q?Cyberattack=E2=80=99s_Impact_Could_Wors?= =?utf-8?q?en_as_Computers_Are_Turned_On_Monday?= Message-ID: Cyberattack?s Impact Could Worsen as Computers Are Turned On Monday Sewell Chan and Mark Scott https://www.nytimes.com/2017/05/14/world/europe/cyberattacks-hack-computers-monday.html ?At the moment, we are in the face of an escalating threat,? he told the British network ITV. ?The numbers are going up. I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.? Among the organizations hit were FedEx in the United States, the Spanish telecom giant Telef?nica, the French automaker Renault, universities in China, Germany?s federal railway system and Russia?s Interior Ministry. The most disruptive attacks infected Britain?s public health system, where surgeries had to be rescheduled and some patients were turned away from emergency rooms. ?We haven?t seen spikes of new attacks yet, but that?s a strong likelihood,? said Matthieu Suiche, the founder of Comae Technologies, a cybersecurity company based in the United Arab Emirates. ?We could see more attacks if people start to copycat this attack,? he added. A 22-year-old British researcher who uses the Twitter name MalwareTech has been credited with inadvertently helping to stanch the spread of the assault by identifying the web domain for the hackers? ?kill switch? ? a way of disabling the malware. On Sunday, MalwareTech was one of many security experts warning that a less-vulnerable version of the malware is likely to be released. On Twitter, he urged users to immediately install a security patch for older versions of Microsoft?s Windows, including Windows XP. (The attack did not target Windows 10.) Robert Pritchard, a former cybersecurity expert at Britain?s defense ministry, said that security specialists might not be able to keep pace with the hackers. ?This vulnerability still exits; other people are bound to exploit it,? he said. ?The current variant will make its way into antivirus software. But what about any new variants that will come in the future?? All it would take is for a new group of hackers to change the original malware code slightly to remove the ?kill switch? and send it off into the world, using the same email-based methods to infiltrate computer systems that the original attackers used, experts said. The Microsoft patch will help, but installing it across large organizations will take time. Governments around the world were bracing themselves for the start of the workweek. ?This is crucial for businesses when reopening on Monday: Please beware and anticipate, and take preventive steps against the WannaCry malware attack,? Indonesia?s communication and information minister, Rudiantara, who like many Indonesians uses only one name, said at a news conference. He confirmed that one hospital ? Dharmais Hospital in the capital, Jakarta, which specializes in cancer treatment ? had been afflicted by the malware, but without major effects on patients. ?Through collective efforts by Indonesian cybersecurity stakeholders, I am optimistic that we will be able to minimize the severity of the threat,? Mr. Rudiantara said in a phone interview. In China, several universities reported malware problems, including Shandong University in the northeast, which urged faculty members and students to update their software as quickly as possible. ?There is often no other way to decrypt the file, except to pay a high ransom to decrypt and recover the documents, learning materials and personal data,? the notice warned on Saturday. Microsoft has complained for years that the large majority of computers running its software were using pirated versions. The spread of hacking attacks has made legal versions of software more popular, as they typically provide automatic updates of security upgrades. But Edward J. Snowden?s release in 2013 of extensive information about hacking by the United States government, some of it aimed at monitoring China?s rapid military buildup, alarmed the Chinese leadership. The leak by Mr. Snowden, a former National Security Agency contractor, helped accelerate a broad push to develop Chinese-brand software and hardware that would be hard for Western intelligence agencies to penetrate but that would still allow monitoring of the population by Chinese security agencies. In Britain, the fallout from the attack continued on Sunday. Two opposition parties, the Labour Party and the Liberal Democrats, asserted that the governing Conservative Party had not done enough to prevent the attack. With a general election scheduled for June 8, officials have been racing to get ahead of the problem. Britain?s defense minister, Michael Fallon, told the BBC on Sunday that the government was spending about 50 million pounds, about $64 million, to improve cybersecurity at the National Health Service, where many computers still run the outdated Windows XP software, which Microsoft had stopped supporting. A government regulator warned the N.H.S. last July that updating antiquated hardware and software was ?a matter of urgency,? and noted that one hospital had already had to pay ?700,000, about $900,000, to repair a breach that began after an employee clicked on a web link in an unsafe email. ?The threat from cyber attacks has not only put patient information at risk of loss or compromise but also jeopardises access to critical patient record systems by clinicians,? the regulator, the Care Quality Commission, wrote in its report. At the National Health Service, employees said they had been cautioned about their computer use. ?We are all being extra careful,? said Greg Elston, a paramedic at St. Mary?s Hospital in central London. ?We?ve been instructed not to open email attachments on our phones.? Nancy Harper, who accompanied her mother to the hospital on Saturday for an X-ray, said: ?It?s concerning that the N.H.S. was dependent on these outdated systems. If your average person has access to cheap cloud storage these days, then hospitals should be using similar backup methods. I hope this was a wake-up call.? Others praised the service for maintaining services despite the strain. Himmat Sandut, who took his mother to the emergency room after she collapsed at home, said his experience had been smooth and fast. ?I was worried we would be faced with a huge queue, but we were seen within 10 minutes, and they?ve now given my mum a bed,? he said on Saturday. ?I?m surprised and impressed under the current circumstances.? The least functioning part of the hospital appeared to be the elevator, which got stuck on Saturday before resuming operations ? in the wrong direction. ?Was the elevator hacked as well?? one man asked jokingly, causing an elevator packed with tense doctors and nurses to erupt in laughter. ?Are we going to have to pay a ransom to get out?? From rforno at infowarrior.org Sun May 14 09:50:36 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 May 2017 14:50:36 -0000 Subject: [Infowarrior] - How Google Took Over the Classroom Message-ID: <511042BF-BA18-489B-9316-139A6A9C681D@infowarrior.org> How Google Took Over the Classroom The tech giant is transforming public education with low-cost laptops and free apps. But schools may be giving Google more than they are getting. By NATASHA SINGER MAY 13, 2017 https://www.nytimes.com/2017/05/13/technology/google-education-chromebooks-schools.html From rforno at infowarrior.org Sun May 14 14:36:00 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 May 2017 19:36:00 -0000 Subject: [Infowarrior] - Defense Against the Dark Arts of Copyright Trolling Message-ID: Defense Against the Dark Arts of Copyright Trolling Matthew Sag Loyola University Chicago School of Law Jake Haskell Independent Date Written: March 28, 2017 Abstract In this Article, we offer both a legal and a pragmatic framework for defending against copyright trolls. Lawsuits alleging online copyright infringement by John Doe defendants have accounted for roughly half of all copyright cases filed in the United States over the past three years. In the typical case, the plaintiff?s claims of infringement rely on a poorly substantiated form pleading and are targeted indiscriminately at non-infringers as well as infringers. This practice is a sub-set of the broader problem of opportunistic litigation, but it persists due to certain unique features of copyright law and the technical complexity of Internet technology. The plaintiffs bringing these cases target hundreds or thousands of defendants nationwide and seek quick settlements priced just low enough that it is less expensive for the defendant to pay rather than to defend the claim, regardless of the merits of the claim. We report new empirical data on the continued growth of this form of copyright trolling in the United States. We also undertake a detailed analysis of the legal and factual underpinnings of these cases. Despite their underlying weakness, plaintiffs have exploited information asymmetries, the high cost of federal court litigation, and the extravagant threat of statutory damages for copyright infringement to leverage settlements from the guilty and the innocent alike. We analyze the weaknesses of the typical plaintiff?s case and integrate that analysis into a comprehensive strategy roadmap for defense lawyers and pro se defendants. In short, as our title suggests, we provide a comprehensive and useful guide to the defense against the dark arts of copyright trolling. Notes: Note that this version contains substantive revisions to the versions posted prior to March 28, 2016. < - > https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2933200 From rforno at infowarrior.org Sun May 14 17:23:02 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 May 2017 22:23:02 -0000 Subject: [Infowarrior] - op-ed: Ransomware: Microsoft can no longer claim to be 'proactive' Message-ID: <70DDA54D-66A3-4E08-AE2C-FC604F92C305@infowarrior.org> Ransomware: Microsoft can no longer claim to be 'proactive' ? 14 May 2017 ? Written by Sam Varghese https://www.itwire.com/open-sauce/78090-ransomware-microsoft-can-no-longer-claim-to-be-proactive.html Microsoft's reaction to the Windows ransomware crisis that occurred on Friday and Saturday has shown one thing: no longer can the company continue to use the business buzzword "proactive" when it talks about itself. It was caught unawares and left looking very old and tired in the way it responded to the situation. When the Shadow Brokers group dumped a number of NSA exploits on 14 April, after having tried for a while to get people to buy them, it should have been clear to those who head the Microsoft Security Response Centre that it was only a matter of time before some attacker would use these exploits to attack vulnerable systems. The probability was all the more, given that attacks these days are driven mostly by a desire to make money. Not just to get up someone's nose. It has also been clear to all those who are in any way part of the tech community ? those who have not been living under a rock, that is ? that there are millions of Windows machines out there that are out of support and vulnerable to these exploits. As iTWire reported back in February, 150 million PCs were running Windows XP at that time, a version for which support has long expired. Microsoft issued patches to guard against these exploits in March, a month before the Shadow Brokers dumped the lot. (The company has kept mum as to how it became aware of the dumped exploits. Was it told by the NSA? Did it pay the Shadow Brokers?) But, given its parsimonious nature, something that has often left it with egg on its face in the past, Microsoft only issued patches for Windows versions that are currently supported. It did not think ahead and contemplate the possibility that a situation similar to Code Red could eventuate again, with attackers having a field day on older Windows systems. No, it was caught on the back foot and had to pull up its socks and react fast. Had it not been for an accidental act by a British researcher, we would be looking at Code Red Mark II now. Now, the company that has been force-feeding Windows to all and sundry is acting as though it is the good guy. "Seeing businesses and individuals affected by cyber attacks, such as the ones reported today, was painful," wrote Phillip Misner, principal security group manager at the MSRC. When the Shadow Brokers dumped the exploits, what was Misner doing? The analogy that comes to mind is that of Nero fiddling while Rome burned. And thus, when the fat was well and truly in the fire, Microsoft found itself forced to issue patches for Windows XP, Windows 8, and Windows Server 2003. Of course, lest you forget, this was done in the public interest! This is not the first time that attacks on Windows systems have triggered mass panic. Dave Aitel of Immunity, a security professional who often calls things as he sees them, put it well in a tweet: "Windows didn't get more secure in the last two decades, the hackers just got nicer." A number of security companies wrote in to iTWire, seeking to capitalise on the situation and plug their own names and wares. These companies are part of the problem: they should be calling out Microsoft for its pathetic attitude to security, which this time put the lives of patients in Britain at risk. But you won't find any of these security experts saying a thing. After all, why would they bite the biggest hand that feeds them? If Windows disappeared overnight, many of these companies would be left without lunch money. The cynicism that has been on display in the last 36-odd hours is disgusting. From rforno at infowarrior.org Sun May 14 20:11:43 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 May 2017 01:11:43 -0000 Subject: [Infowarrior] - Microsoft calls to end government-secret hacking techniques Message-ID: Microsoft calls to end government-secret hacking techniques By Joe Uchill - 05/14/17 08:48 PM EDT 1 http://thehill.com/policy/cybersecurity/333378-microsoft-calls-to-end-government-secret-hacking-techniques On the heels of a historic ransomware attack that may have used leaked NSA hacking methods, Microsoft is calling for governments to cease stockpiling secret means of bypassing software security. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen," wrote Brad Smith, president and chief legal officer at Microsoft, on a company blog Sunday evening. WanaDecrypt0r, alternately known by names like Wanna Cry, struck hundreds of thousands of computers in more than 100 nations. Since the attack began Friday morning, victims have ranged from hospitals in the U.K. to a telecom in Spain, U.S.-based FedEx to the Russian Ministry of the Interior. WanaDecrypt0r was so virulent in part because it used a Windows hacking tool that appears to have been stolen and leaked from the NSA. Though Microsoft had patched the security hole in Windows that tool used in March before it was leaked in April, businesses often lag in installing updates for reasons including industry-specific software being incompatible with the most current version of operating systems. "[I]n February [we called] for a new ?Digital Geneva Convention? to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them," wrote Smith. By reporting bugs instead of using them to conduct hacking espionage, manufacturers would be able to increase the cybersecurity of all of its users. That would come at the cost of intelligence and sabotage operations. There have been rules concerning which circumstances U.S. agencies can keep security vulnerabilities they discover secret. The Obama administration set up the Vulnerability Equities Process (VEP) to require agencies to presume they will report software flaws they discover to manufacturers. It also gave the option of arguing to third-party panel why they should keep a vulnerability secret and abiding by that ruling. The VEP is opaque. It is varying degrees of unclear how good agencies were at following it, how often vulnerabilities were kept or whether the Trump administration changed any standards. Legislators have toyed with the idea of codifying the Obama rules in the past. On Friday, as WanaDecrypt0r raged out of control, Rep. Ted Lieu (D-Calif.) touted legislation he was creating with "industry stakeholders" that would make the process more transparent. "It is deeply disturbing the National Security Agency likely wrote the original malware," wrote Lieu in a statement. From rforno at infowarrior.org Mon May 15 08:39:35 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 May 2017 13:39:35 -0000 Subject: [Infowarrior] - report: Media Manipulation and Disinformation Online Message-ID: <56B81F1A-1404-4BE8-ADC3-204C4558EC0A@infowarrior.org> Media Manipulation and Disinformation Online Published May 15, 2017 https://datasociety.net/output/media-manipulation-and-disinfo-online/ From rforno at infowarrior.org Mon May 15 17:52:12 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 May 2017 22:52:12 -0000 Subject: [Infowarrior] - POTUS revealed highly classified information to Russian foreign minister and ambassador Message-ID: Trump revealed highly classified information to Russian foreign minister and ambassador By Greg Miller and Greg Jaffe May 15 at 5:01 PM President Trump revealed highly classified information to the Russian foreign minister and ambassador in a White House meeting last week, according to current and former U.S. officials, who said Trump?s disclosures jeopardized a critical source of intelligence on the Islamic State. The information the president relayed had been provided by a U.S. partner through an intelligence-sharing arrangement considered so sensitive that details have been withheld from allies and tightly restricted even within the U.S. government, officials said. The partner had not given the United States permission to share the material with Russia, and officials said Trump?s decision to do so endangers cooperation from an ally that has access to the inner workings of the Islamic State. After Trump?s meeting, senior White House officials took steps to contain the damage, placing calls to the CIA and the National Security Agency. ?This is code-word information,? said a U.S. official familiar with the matter, using terminology that refers to one of the highest classification levels used by American spy agencies. Trump ?revealed more information to the Russian ambassador than we have shared with our own allies.? < - > https://www.washingtonpost.com/world/national-security/trump-revealed-highly-classified-information-to-russian-foreign-minister-and-ambassador/2017/05/15/530c172a-3960-11e7-9e48-c4f199710b69_story.html From rforno at infowarrior.org Mon May 15 20:42:03 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 May 2017 01:42:03 -0000 Subject: [Infowarrior] - good Lawfare analysis on the WaPo POTUS disclosure story Message-ID: Bombshell: Initial Thoughts on the Washington Post?s Game-Changing Story By Jack Goldsmith, Susan Hennessey, Quinta Jurecic, Matthew Kahn, Benjamin Wittes, Elishe Julian Wittes Monday, May 15, 2017, 7:47 PM https://lawfareblog.com/bombshell-initial-thoughts-washington-posts-game-changing-story From rforno at infowarrior.org Tue May 16 16:08:55 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 May 2017 21:08:55 -0000 Subject: [Infowarrior] - Hackers Are Holding Disney's New 'Pirates of the Caribbean' Film Ransom Message-ID: <8CF635A1-D72C-4EB3-BA87-138245F557B8@infowarrior.org> (c/o Chris) Hackers Are Holding Disney's New 'Pirates of the Caribbean' Film Ransom By Tufayel Ahmed On 5/16/17 at 8:20 AM http://www.newsweek.com/movie-pirates-are-holding-disneys-new-pirates-ransom-609881 In meta movie piracy news, the latest unreleased film targeted by online hackers is Disney?s upcoming Pirates of the Caribbean: Dead Men Tell No Tales. Hackers have reportedly obtained a copy of the fifth instalment in Johnny Depp-fronted franchise and threatened to leak it in 20-minute instalments unless they receive an undisclosed ransom fee. According to The Hollywood Reporter, Disney CEO Bob Iger revealed the hack and ransom attempt in a town hall meeting with employees in New York City Monday, but he did not divulge which film was compromised. Deadline later reported it is the new Pirates movie, due to open in theaters May 26. Iger reportedly told employees that the movie pirates behind the theft are demanding an sum to be paid via Bitcoin. The hackers are threatening to first release five minutes of footage, and then 20 minutes at a time, until their financial demands are met. But Disney is refusing to pay a ransom fee and has contacted federal authorities, both THR and Deadline report. The latest Pirates film marks the return of Depp to his famous role as pirate Captain Jack Sparrow. The cast also includes Orlando Bloom, Keira Knightley, Javier Bardem and Geoffrey Rush. The franchise launched in 2003 and is incredibly lucrative for Disney. The previous four films have generated $3.72 billion for the company. Disney?s piracy dilemma follows a similar situation at Netflix in April when a hacker going by the pseudonym ?thedarkoverlord? gained access to 10 episodes of the new season of Orange is the New Black , which is not due to premiere until June 9, and held them for ransom. Netflix said the hack occurred when a ?production vendor used by several major TV studios had its security compromised.? Ten episodes of the show's fifth season were leaked online when Netflix refused to meet ransom demands. From rforno at infowarrior.org Wed May 17 05:48:24 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 May 2017 10:48:24 -0000 Subject: [Infowarrior] - MasterCard Serbia asked ladies to share FB photos of, among other things, their credit card Message-ID: MasterCard Serbia asked ladies to share FB photos of, among other things, their credit card http://svedic.org/programming/mastercard-serbia-asked-ladies-to-share-fb-photos-of-among-other-things-their-credit-card From rforno at infowarrior.org Wed May 17 06:06:56 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 May 2017 11:06:56 -0000 Subject: [Infowarrior] - US Senate approves encrypted chat app Signal for staff use Message-ID: US Senate approves encrypted chat app Signal for staff use https://www.engadget.com/2017/05/17/us-senate-approves-signal-for-staff-use/ The United States Senate has been taking cybersecurity more seriously than ever before, thanks to the DNC leaks and various government cyberattacks. Senate Sergeant at Arms Frank J. Larkin and his team have recently finished encrypting all Senators' websites, and it turns out he has also approved Signal for official use by Senate staff members. Sen. Ron Wyden, a privacy and encryption advocate, has revealed that Larkin's office has given one of the most secure messaging apps out there its seal of approval in a letter thanking the Sergeant at Arms for his efforts. While the letter was sent on May 9th, ZDNet says staff members were first allowed to use the app for official business back in March. That the current administration would approve Signal for official use came as somewhat of a surprise. Back in February, House Republicans Darin LaHood and Lamar Smith demanded an investigation into the EPA's use of secure messaging apps to secretly express their dissatisfaction with President Trump's policies. They said encrypted conversations can "run afoul" of the government's record-keeping rules. Nevertheless, Signal's approval isn't really groundbreaking. The National Archives and Records Administration told ZDNet that Senate staff members are exempt from those rules, so long as they don't use encrypted apps for anything considered "historically valuable." From rforno at infowarrior.org Wed May 17 06:09:06 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 May 2017 11:09:06 -0000 Subject: [Infowarrior] - 13 Ideas to Fight Fake News Message-ID: <5425EFC9-1085-423E-9BC6-0C6A607EFE13@infowarrior.org> 13 Ideas to Fight Fake News http://ritholtz.com/2017/05/13-ideas-fight-fake-news/ From rforno at infowarrior.org Wed May 17 09:44:45 2017 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 May 2017 14:44:45 -0000 Subject: [Infowarrior] - ExtraTorrent Shuts Down For Good Message-ID: <8836D457-FCCD-46BD-8228-0897E6CF7903@infowarrior.org> ExtraTorrent Shuts Down For Good ? By Ernesto ? on May 17, 2017 https://torrentfreak.com/extratorrent-shuts-down-for-good-170517/ Popular torrent site ExtraTorrent has permanently shut down. The abrupt decision was announced a few minutes ago in a brief message posted on the site's homepage. This means that after the demise of KickassTorrents and Torrentz.eu, the torrent community must say farewell to another major player. In a surprise move, ExtraTorrent decided to shut down today, for good. Users who access the site?s homepage are welcomed by a short but clear message, indicating that the popular torrent index will not return (the message appears intermittently). ?ExtraTorrent has shut down permanently.? ?ExtraTorrent with all mirrors goes offline.. We permanently erase all data. Stay away from fake ExtraTorrent websites and clones. Thx to all ET supporters and torrent community. ET was a place to be?.? TorrentFreak reached out to ExtraTorrent operator SaM who confirmed that this is indeed the end of the road for the site. ?It?s time we say goodbye,? he said, without providing more details. With ExtraTorrent?s demise the BitTorrent community has lost yet another prominent player. Whether this also means the end of associated release groups, such as EtHD and ettv, remains to be seen. ExtraTorrent was founded in November 2006, at a time when sites such as TorrentSpy and Mininova were dominating the landscape. Nonetheless, ExtraTorrent was determined to develop an audience of its own. The site went on to outgrow many of its predecessors and with millions of daily visitors, ExtraTorrent ended up as the second largest torrent site, trailing only behind The Pirate Bay. The site?s popularity placed it in the crosshairs of various entertainment industry groups in recent months. These outfits regularly pressured hosting companies and domain name services to take action. It?s unclear whether legal pressure had anything to do with the decision to shut down, but that wouldn?t come as a surprise. ExtraTorrent is the latest in a series of BitTorrent giants to fall in recent months. Previously, sites including KickassTorrents, Torrentz.eu, TorrentHound and What.cd went offline. Update: We were informed by SaM that ExtraTorrent?s release group ETRG is gone now. ?Ettv and Ethd could remain operational if they get enough donations to sustain the expenses and if they people handling it ready to keep going,? we were told. From rforno at infowarrior.org Thu May 18 06:22:30 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 May 2017 11:22:30 -0000 Subject: [Infowarrior] - BBC Says It May Contact Your Boss If You Post Comments It Finds Problematic Message-ID: <5D3281BA-C9AB-458C-A430-DE0DEF85C57E@infowarrior.org> BBC Says It May Contact Your Boss If You Post Comments It Finds Problematic from the wait,-what? dept https://www.techdirt.com/articles/20170517/15232937397/bbc-says-it-may-contact-your-boss-if-you-post-comments-it-finds-problematic.shtml There are all sorts of different ways that websites that allow comments have dealt with trollish behavior over the years, but I think the BBC's new policy is the first I've seen in which the organization threatens that it may contact your boss or your school (found via Frank Fisher). The new policy has a short section on "offensive or inappropriate content on BBC websites" where it says the following: Offensive or inappropriate content on BBC websites If you post or send offensive, inappropriate or objectionable content anywhere on or to BBC websites or otherwise engage in any disruptive behaviour on any BBC service, the BBC may use your personal information to stop such behaviour. Where the BBC reasonably believes that you are or may be in breach of any applicable laws (e.g. because content you have posted may be defamatory), the BBC may use your personal information to inform relevant third parties such as your employer, school email/internet provider or law enforcement agencies about the content and your behaviour. ... To be fair, it does seem to limit this to cases where it believes you've violated the law, but even so, it seems like a stretch to argue that the BBC should be calling your boss to tell on you for being a dipshit online, even if you break the law. We've all seen the stories of people actually confronting their own trolls or, better yet, the mothers of their trolls, but to make it official BBC policy seems to be going a bit far. Sure, if someone is breaking a criminal law, informing the police sounds perfectly reasonable, but your boss or your school? Anyway, I guess be forewarned: if you don't want the BBC telling your boss you're a jerk online, maybe don't be a jerk on the BBC's website. From rforno at infowarrior.org Thu May 18 18:19:04 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 May 2017 23:19:04 -0000 Subject: [Infowarrior] - =?utf-8?q?Uber_Doesn=E2=80=99t_Want_You_to_See_Th?= =?utf-8?q?is_Document_About_Its_Vast_Data_Surveillance_System?= Message-ID: <1F3056E7-13BD-42CA-B9D6-2C02EAC10716@infowarrior.org> Uber Doesn?t Want You to See This Document About Its Vast Data Surveillance System http://gizmodo.com/uber-doesn-t-want-you-to-see-this-document-about-its-va-1795151637 From rforno at infowarrior.org Mon May 1 09:26:36 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 01 May 2017 14:26:36 -0000 Subject: [Infowarrior] - =?utf-8?q?Facebook_targets_=E2=80=98insecure?= =?utf-8?q?=E2=80=99_young_people?= Message-ID: <67F6E79F-1056-45F6-9719-81D57333CF50@infowarrior.org> Facebook targets ?insecure? young people A 23-page Facebook document seen by The Australian outlines how the social network can target ?moments when young people need a confidence boost? in pinpoint detail. ? The Australian ? 12:00AM May 1, 2017 http://www.theaustralian.com.au/business/media/digital/facebook-targets-insecure-young-people-to-sell-ads/news-story/a89949ad016eee7d7a61c3c30c909fa6 Facebook is using sophisticated algorithms to identify and exploit Australians as young as 14, by allowing advertisers to target them at their most vulnerable, including when they feel ?worthless? and ?insecure?, secret internal documents ?reveal. A 23-page Facebook document seen by The Australian marked ?Confidential: Internal Only? and dated 2017, outlines how the social network can target ?moments when young people need a confidence boost? in pinpoint detail. By monitoring posts, pictures, interactions and internet activity in real-time, Facebook can work out when young people feel ?stressed?, ?defeated?, ?overwhelmed?, ?anxious?, ?nervous?, ?stupid?, ?silly?, ?useless?, and a ?failure?, the document states. After being contacted by The Australian, Facebook issued an apology, and said it had opened an investigation, admitting it was wrong to target young children in this way. ?We have opened an investigation to understand the process failure and improve our oversight. We will undertake disciplinary and other processes as appropriate,? a Facebook spokeswoman said in a statement sent to The Australian at the weekend. Rumours about Facebook?s advertising sales methods have percolated in media circles for several years, but until now there has been no hard evidence, nor any suggestion they go to such considerable lengths to commercialise their youngest users. In a move that raises profound ethical questions about Facebook?s use of covert surveillance, the document lays out how the world?s biggest social network is gathering psychological insights on 6.4 million ?high schoolers?, ?tertiary students?, and ?young Australians and New Zealanders ? in the workforce? to sell targeted advertising. A presentation prepared for one of Australia?s top four banks shows how the $US415 billion advertising-driven giant has built a database of Facebook users that is made up of 1.9 million high schoolers with an average age of 16, 1.5 million tertiary students averaging 21 years old, and 3 million young workers averaging 26 years old. Detailed information on mood shifts among young people is ?based on internal Facebook data?, the document states, ?shareable under non-disclosure agreement only?, and ?is not publicly available?. The document was prepared by two of Facebook?s top Australian executives, David Fernandez and Andy Sinn, and includes information on when young people exhibit ?nervous ?excitement?, and emotions related to ?conquering fears?. The tactics appear to breach the Australian Code for Advertising & Marketing Communications to Children guidelines which seeks to maintain a high sense of social responsibility. The code defines a child as a person 14 years old or younger, and states a ?child must obtain a parent or guardian?s express consent prior to engaging in any activity that will result in the collection or disclosure of ? personal information.? Personal information is described as ?information that identifies the child or could identify the child?. The revelations cast new light on how Facebook harvests and uses the extraordinary amounts of data that it gathers on the Australian population to figure out what people are doing and thinking. The document claims that Facebook is not only able to detect sentiment, but it can also understand how emotions are communicated at different points during a young person?s week. ?Anticipatory emotions are more likely to be expressed early in the week, while reflective emotions increase on the weekend,? the document discloses. ?Monday-Thursday is about building confidence; the weekend is for broadcasting achievements.? Granular information available to advertisers includes a young person?s relationship status, location, number of Facebook friends they have and how often they access the platform via mobile or desktop. Other moments in young people?s lives Facebook is seeking to sell ads against are associated with ?looking good and body confidence?, and ?working out & losing weight?. Facebook is also able to reap information on how users are ?representing emotion and communicating visually?. For example, using image recognition tools, advertisers can see how people visually represent moments such as meal times on the company?s platforms including Instagram, the photo-sharing site that Facebook owns. Because Facebook rolls out ad products on a regional and global basis, the company could be targeting young children around the world with these methods. In its statement to The Australian, Facebook refused to disclose if the practice exists elsewhere, and claims ?we care deeply about the people who use our services? and ?understand the importance of ensuring their safety and wellbeing?. It adds: ?While the data on which this research is based was aggregated and presented consistent with applicable privacy and legal protections, including the removal of any personally identifiable information, our internal process sets a standard higher than required by law. ??Facebook only permits research following a rigorous procedure of review whenever sensitive data, particularly data involving young people or their emotional behaviour, is involved. ?This research does not appear to have followed this process.? The engine that drives Facebook?s opaque ad sales system is built on algorithms ? sets of complex instructions that Facebook?s engineers use to mine personal information about the preferences of a worldwide audience of 1.86 billion users. Exactly how the ad sales system work is a closely guarded commercial secret. News of the questionable sales tactics is the latest in a series of articles by The Australian about Facebook. Last week, this newspaper reported how Facebook is offering rebates to media agencies based on how many staff they employ, and sweetens ad deals with an all-expenses-paid trip to its US headquarters, where founder Mark Zuckerberg is based. Rebates are common in the media industry. But evidence of their existence raises important questions about whether ad buyers are given incentives to direct client spend to Facebook regardless of whether such purchases are in an advertiser?s best interest. The Australian also reported that Facebook?s ad metrics were over-estimated by 500 per cent, far more than previously thought The Australian revealed that the business had parted company with Australian managing director Stephen Scheeler in February with immediate effect. Former Fairfax Media sales boss and current Yahoo7 chief executive Ed Harrison is said to be the front runner for his job. Mr Harrison will have a big rebranding job on his hands if appointed. Australia is the only Facebook market in the world to experience slowing ad growth. From rforno at infowarrior.org Tue May 2 05:51:02 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 02 May 2017 10:51:02 -0000 Subject: [Infowarrior] - Remote security exploit in all 2008+ Intel platforms Message-ID: <78057657-C8AC-443C-971D-47A4A64A2429@infowarrior.org> (c/o geer) Remote security exploit in all 2008+ Intel platforms Updated: Nehalem through Kaby all remotely and locally hackable May 1, 2017 by Charlie Demerjian Every Intel platform from Nehalem to Kaby Lake has a remotely exploitable security hole. SemiAccurate has been begging Intel to fix this issue for literally years and it looks like they finally listened. Update May 1, 2017 # 3:35pm: Intel just confirmed it, but not to SemiAccurate. You can read their advisory here. < - > http://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ From rforno at infowarrior.org Thu May 4 06:25:53 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 04 May 2017 11:25:53 -0000 Subject: [Infowarrior] - Comey Hints At Expanded NSL Powers And Encryption Backdoors Message-ID: <27C2CBD4-A03E-4A1A-92F5-E19520C6E827@infowarrior.org> At Senate Hearing, Comey Hints At Expanded NSL Powers And Encryption Backdoors https://www.techdirt.com/articles/20170503/12054037296/senate-hearing-comey-hints-expanded-nsl-powers-encryption-backdoors.shtml From rforno at infowarrior.org Thu May 4 10:08:56 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 04 May 2017 15:08:56 -0000 Subject: [Infowarrior] - paper: Privacy Threats through Ultrasonic Side Channels on Mobile Devices Message-ID: <5820ECD6-090B-4F12-9793-D973BFDEB56E@infowarrior.org> Privacy Threats through Ultrasonic Side Channels on Mobile Devices Daniel Arp, Erwin Quiring, Christian Wressnegger and Konrad Rieck Technische Universita ?t Braunschweig Brunswick, Germany Abstract?Device tracking is a serious threat to the privacy of users, as it enables spying on their habits and activities. A recent practice embeds ultrasonic beacons in audio and tracks them using the microphone of mobile devices. This side channel allows an adversary to identify a user?s current location, spy on her TV viewing habits or link together her different mobile devices. In this paper, we explore the capabilities, the current prevalence and technical limitations of this new tracking tech- nique based on three commercial tracking solutions. To this end, we develop detection approaches for ultrasonic beacons and Android applications capable of processing these. Our findings confirm our privacy concerns: We spot ultrasonic beacons in various web media content and detect signals in 4 of 35 stores in two European cities that are used for location tracking. While we do not find ultrasonic beacons in TV streams from 7 countries, we spot 234 Android applications that are constantly listening for ultrasonic beacons in the background without the user?s knowledge. < - > http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf From rforno at infowarrior.org Thu May 4 17:32:24 2017 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 04 May 2017 22:32:24 -0000 Subject: [Infowarrior] - How One Major Internet Company Helps Serve Up Hate on the Web Message-ID: <049C2583-8C83-4F04-AD9C-703EC0D369B6@infowarrior.org> How One Major Internet Company Helps Serve Up Hate on the Web Cloudflare, a prominent San Francisco outfit, provides services to neo-Nazi sites like The Daily Stormer, including giving them personal information on people who complain about their content. by Ken Schwencke ProPublica, May 4, 2017, 8 a.m. Since its launch in 2013, the neo-Nazi website The Daily Stormer has quickly become the go-to spot for racists on the internet. Women are whores, blacks are inferior and a shadowy Jewish cabal is organizing a genocide against white people. The site can count among its readers Dylann Roof, the white teenager who slaughtered nine African Americans in Charleston in 2015, and James Jackson, who fatally stabbed an elderly black man with a sword in the streets of New York earlier this year. Traffic is up lately, too, at white supremacist sites like The Right Stuff, Iron March, American Renaissance and Stormfront, one of the oldest white nationalist sites on the internet. The operations of such extreme sites are made possible, in part, by an otherwise very mainstream internet company ? Cloudflare. Based in San Francisco, Cloudflare operates more than 100 data centers spread across the world, serving as a sort of middleman for websites ? speeding up delivery of a site?s content and protecting it from several kinds of attacks. Cloudflare says that some 10 percent of web requests flow through its network, and the company?s mainstream clients range from the FBI to the dating site OKCupid. The widespread use of Cloudflare?s services by racist groups is not an accident. Cloudflare has said it is not in the business of censoring websites and will not deny its services to even the most offensive purveyors of hate. ?A website is speech. It is not a bomb,? Cloudflare?s CEO Matthew Prince wrote in a 2013 blog post defending his company?s stance. ?There is no imminent danger it creates and no provider has an affirmative obligation to monitor and make determinations about the theoretically harmful nature of speech a site may contain.? Cloudflare also has an added appeal to sites such as The Daily Stormer. It turns over to the hate sites the personal information of people who criticize their content. For instance, when a reader figures out that Cloudflare is the internet company serving sites like The Daily Stormer, they sometimes write to the company to protest. Cloudflare, per its policy, then relays the name and email address of the person complaining to the hate site, often to the surprise and regret of those complaining. This has led to campaigns of harassment against those writing in to protest the offensive material. People have been threatened and harassed. ProPublica reached out to a handful of people targeted by The Daily Stormer after they or someone close to them complained to Cloudflare about the site?s content. All but three declined to talk on the record, citing fear of further harassment or a desire to not relive it. Most said they had no idea their report would be passed on, though Cloudflare does state on the reporting form that they ?will notify the site owner.? ?I wasn?t aware that my information would be sent on. I suppose I, naively, had an expectation of privacy,? said Jennifer Dalton, who had complained that The Daily Stormer was asking its readers to harass Twitter users after the election. Andrew Anglin, the owner of The Daily Stormer, has been candid about how he feels about people reporting his site for its content. ?We need to make it clear to all of these people that there are consequences for messing with us,? Anglin wrote in one online post. ?We are not a bunch of babies to be kicked around. We will take revenge. And we will do it now.? ProPublica asked Cloudflare?s top lawyer about its policy of sharing information on those who complain about racist sites. The lawyer, Doug Kramer, Cloudflare?s general counsel, defended the company?s policies by saying it is ?base constitutional law that people can face their accusers.? Kramer suggested that some of the people attacking Cloudflare?s customers had their own questionable motives. Hate sites such as The Daily Stormer have become a focus of intense interest since the racially divisive 2016 election ? how popular they are, who supports them, how they are financed. Most of their operators supported Donald Trump and helped spread a variety of conspiracy theories aimed at damaging Hillary Clinton. But they clearly have also become a renewed source of concern for law enforcement. In testimony Tuesday before the Senate Judiciary Committee, Chief Will D. Johnson, chair of the International Association of Chiefs of Police Human and Civil Rights Committee, highlighted the reach and threat of hate on the Internet. ?The internet provides extremists with an unprecedented ability to spread hate and recruit followers,? he said. ?Individual racists and organized hate groups now have the power to reach a global audience of millions and to communicate among like-minded individuals easily, inexpensively, and anonymously. ?Although hate speech is offensive and hurtful, the First Amendment usually protects such expression,? Johnson said. ?However, there is a growing trend to use the Internet to intimidate and harass individuals on the basis of their race, religion, sexual orientation, gender, gender identity, disability, or national origin.? A look at Cloudflare?s policies and operations sheds some light on how sites promoting incendiary speech and even violent behavior can exist and even thrive. Jacob Sommer, a lawyer with extensive experience in internet privacy and security issues, said there is no legal requirement for a company like Cloudflare to regulate the sites on their service, though many internet service providers choose to. It comes down to a company?s sense of corporate responsibility, he said. For the most part, Sommers said, a lot of companies don?t want ?this stuff? on their networks. He said those companies resist having their networks become ?a hive of hate speech.? Jonathan Vick, associate director for investigative technology and cyberhate response at the Anti-Defamation League, agrees. He said that many of the hosts they talk to want to get hate sites off their networks. ?Even the most intransigent of them, when they?re given evidence of something really problematic, they do respond,? he said. Cloudflare has raised at least $180 million in venture capital since its inception in 2009, much of it from some of the most prominent venture capital firms and tech companies in the country. The service is what?s known as a content delivery network, and offers protection from several cyber threats including ?denial of service? attacks, where hundreds of computers make requests to a website at once, overwhelming it and bringing it down. Company officials have said Cloudflare?s core belief is in the free and open nature of the internet. But given its outsize role in protecting a range of websites, Cloudflare has found itself the target of critics. In 2015, the company came under fire from the hacker collective Anonymous for reportedly allowing ISIS propaganda sites on its network. At the time, Prince, the company?s CEO, dismissed the claim as ?armchair analysis by kids,? and told Fox Business that the company would not knowingly accept money from a terrorist organization. Kramer, in an interview with ProPublica, reiterated that the company would not accept money from ISIS. But he said that was not for moral or ethical reasons. Rather, he said, Cloudflare did not have dealings with terrorists groups such as ISIS because there are significant and specific laws restricting them from doing so. In the end, Kramer said, seedy and objectionable sites made up a tiny fraction of the company?s clients. ?We?ve got 6 million customers,? he told ProPublica. ?It?s easy to find these edge cases.? One of the people ProPublica spoke with whose information had been shared with The Daily Stormer?s operators said his complaint had been posted on the site, but that he was ?not interested in talking about my experience as it?s not something I want to revisit.? Someone else whose information was posted on the site said that while she did get a few odd emails, she wasn?t aware her information had been made public. She followed up to say she was going to abandon her email account now that she knew.... < - > https://www.propublica.org/article/how-cloudflare-helps-serve-up-hate-on-the-web From rforno at infowarrior.org Sat May 6 10:41:03 2017 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 06 May 2017 15:41:03 -0000 Subject: [Infowarrior] - U.S. Far-Right Activists Promote Hacking Attack Against Macron Message-ID: <6EF53DC4-4A8A-4AB4-A6E8-929A20DD750C@infowarrior.org> U.S. Far-Right Activists Promote Hacking Attack Against Macron https://www.nytimes.com/2017/05/06/world/europe/emmanuel-macron-hack-french-election-marine-le-pen.html From rforno at infowarrior.org Mon May 8 08:57:20 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 08 May 2017 13:57:20 -0000 Subject: [Infowarrior] - Combating Fake News: An Agenda for Research and Action Message-ID: Combating Fake News: An Agenda for Research and Action May 2, 2017, 11:45 am https://shorensteincenter.org/combating-fake-news-agenda-for-research/ From rforno at infowarrior.org Mon May 8 09:03:32 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 08 May 2017 14:03:32 -0000 Subject: [Infowarrior] - Big Data and The great British Brexit robbery Message-ID: <12A94E33-88B8-443D-BE3A-C65B03BC8839@infowarrior.org> The great British Brexit robbery: how our democracy was hijacked A shadowy global operation involving big data, billionaire friends of Trump and the disparate forces of the Leave campaign influenced the result of the EU referendum. As Britain heads to the polls again, is our electoral process still fit for purpose? by Carole Cadwalladr < - > https://www.theguardian.com/technology/2017/may/07/the-great-british-brexit-robbery-hijacked-democracy From rforno at infowarrior.org Mon May 8 09:04:45 2017 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 08 May 2017 14:04:45 -0000 Subject: [Infowarrior] - FBI paid $900, 000 to hack into San Bernardino killer's iPhone Message-ID: <72613C53-EEA5-4387-A891-397C259CA8B9@infowarrior.org> Senator reveals that the FBI paid $900,000 to hack into San Bernardino killer's iPhone Friday, 5 May 2017 | 1:10 PM ETThe Associated Press Pete Marovich | Bloomberg http://www.cnbc.com/2017/05/05/dianne-feinstein-reveals-fbi-paid-900000-to-hack-into-killers-iphone.html Sen. Dianne Feinstein, the top Democrat on the Senate committee that oversees the FBI, said publicly this week that the government paid $900,000 to break into the locked iPhone of a gunman in the San Bernardino, California, shootings, even though the FBI considers the figure to be classified information. The FBI also has protected the identity of the vendor it paid to do the work. Both pieces of information are the subject of a federal lawsuit by The Associated Press and other news organizations that have sued to force the FBI to reveal them. California's Feinstein cited the amount while questioning FBI Director James Comey at a Senate Judiciary Committee oversight hearing Wednesday. "I was so struck when San Bernardino happened and you made overtures to allow that device to be opened, and then the FBI had to spend $900,000 to hack it open," Feinstein said. "And as I subsequently learned of some of the reason for it, there were good reasons to get into that device." Comey hinted at a ballpark range last year, saying the government paid more than he would earn in his remaining seven years on the job, an amount that would have been at least $1.3 million. The federal government paid the sum as it cut short an extraordinary court fight with Apple Inc., which was resisting a judge's order to help the Justice Department hack into the phone of Syed Rizwan Farook, who along with his wife killed 14 people in a San Bernardino attack in December 2015. An unidentified third party came forward last March with a solution to open the phone. The AP and other news organizations last year filed a public records lawsuit to learn how much the FBI paid. The Justice Department has said in court filings that the information was properly classified. It argued that the information it withheld, if released, could be seized upon by "hostile entities" that could develop their own countermeasures and interfere with the FBI's intelligence gathering. Feinstein's spokesman, Tom Mentzer, would neither discuss the senator's remarks nor say whether she was offering an estimate or disclosing information obtained in an FBI briefing. The FBI had no immediate comment Friday. From rforno at infowarrior.org Tue May 9 06:06:15 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 09 May 2017 11:06:15 -0000 Subject: [Infowarrior] - Intel declared war on general purpose computing and lost, so now all our computers are broken Message-ID: <1E03B13C-14B3-4A10-AF9A-7D065B2F0BFA@infowarrior.org> Cory Doctorow / 3:48 am Tue May 9, 2017 Intel declared war on general purpose computing and lost, so now all our computers are broken It's been a year since we warned that Intel's Management Engine -- a separate computer within your own computer, intended to verify and supervise the main system -- presented a terrifying, unauditable security risk that could lead to devastating, unstoppable attacks. Guess what happened next? For the past week, the IT press has been full of news about the AMT module in the Management Engine making millions of systems vulnerable to local and remote attacks, with a firmware update to disable the module as the only really comprehensive solution. But AMT is only one of the many components of ME, and every one of them could have a vulnerability as grave as this one -- and Intel is not offering any way to turn off ME altogether, meaning that there's a lot of this in our future. ME is a brilliant example of why declaring war on general-purpose computing is a terrible idea. There are lots of reasons to want a computer that can only run some programs (instead of every program): preventing poisoned operating systems and other malware, preventing game cheating, enforcing copyright restrictions (DRM), etc... Every one of them is presented as a use-case for ME. But ME isn't a way of designing a computer that can only run "good" programs. Instead, it's a way of putting your general-purpose, universal computer under the supervision of another general-purpose, universal computer, and declaring this second computer (the ME system) to be off-limits to auditing, user-control, modification, etc. That works great, provided that your second computer has perfect security and zero flaws in its programming. But if there is even a single, minor flaw in that second system, you now have a devastating security disaster, because your main computer, by design, can't tell you what that second system is doing, nor can it override the instructions that the supervising system sends it -- once that supervising system is compromised, it's game over. Intel won't tell us how to disable ME altogether for lots of reasons, but a big one is surely the fact that they've sold lots of entertainment companies on the promise of using ME for DRM -- for example, to stop you from running a program that converts one of the W3C's DRM-locked video streams into a download. Letting you shut down this back door into your computer -- and your whole digital life -- would also eliminate the means by which Intel plans to stop you from watching TV the wrong way. This is a terrible trade-off. < - > http://boingboing.net/2017/05/09/management-engine.html From rforno at infowarrior.org Tue May 9 07:05:27 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 09 May 2017 12:05:27 -0000 Subject: [Infowarrior] - The Internet Never Forgets Message-ID: <0B4FF214-EBE9-4111-B7BB-01E71C65C8AA@infowarrior.org> (What a bunch of amateurs. Wondering if he'll try to sic his layers and/or a DMCA complaint on the mirroring sites next? -- rick) The Internet Never Forgets Matt Novak Yesterday, journalists discovered that the Trump regime had deleted the president?s infamous press release from 2015 that called for a ban on all Muslims traveling to the United States. But it wasn?t just the Muslim ban. Every single press release from before January 1, 2017 has been erased from donaldjtrump.com. Thankfully, the internet never forgets. As Russ Kick from the website Memory Hole notes, every Trump/Pence 2016 campaign press release that was deleted this week has been backed up by the Internet Archive?s Wayback Machine. It?s almost impossible to completely erase something from the internet these days?for better and for worse. So whether it?s Trump?s promise to drain the swamp by imposing congressional term limits, or his promise to build a wall and make Mexico pay for it, every one is saved for your reading pleasure. Or displeasure, as it were.... < - > http://gizmodo.com/president-trump-deletes-every-old-press-release-but-th-1795042808 From rforno at infowarrior.org Tue May 9 07:09:31 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 09 May 2017 12:09:31 -0000 Subject: [Infowarrior] - ISPs Could Damage Bitcoin Ecosystem If They Wanted To Message-ID: ISPs Could Damage Bitcoin Ecosystem If They Wanted To https://www.bleepingcomputer.com/news/security/isps-could-damage-bitcoin-ecosystem-if-they-wanted-to/ From rforno at infowarrior.org Tue May 9 12:59:25 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 09 May 2017 17:59:25 -0000 Subject: [Infowarrior] - Vendors approve of NIST password draft Message-ID: <90068B13-B786-42E2-8EEB-6114F053BC8D@infowarrior.org> (x-posted) Vendors approve of NIST password draft Standards group recommends removing periodic password change requirements By Ryan Francis Managing Editor, CSO | May 9, 2017 8:16 AM PT A recently released draft of the National Institute of Standards and Technology?s (NIST's) digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies. The new framework recommends, among other things: ? Remove periodic password change requirements There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach. ? Drop the algorithmic complexity song and dance No more arbitrary password complexity requirements needing mixtures of upper case letters, symbols and numbers. Like frequent password changes, it?s been shown repeatedly that these types of restrictions often result in worse passwords, Wilson adds. NIST said If a user wants a password that is just emojis they should be allowed. It?s important to note the storage requirements. Salting, hashing, MAC such that if a password file is obtained by an adversary an offline attack is very difficult to complete. ? Require screening of new passwords against lists of commonly used or compromised passwords One of the best ways to ratchet up the strength of users? passwords is to screen them against lists of dictionary passwords and known compromised passwords, he said. NIST adds that dictionary words, user names, repetitive or sequential patterns all should be rejected. "All three of these recommendations are things we have been advising for some time now and there are now password strength meters that screen for compromised credentials, not just commonly used passwords,? Wilson said. "While it wasn?t explicitly mentioned in the new NIST framework, we contend that another important security practice is periodically checking your user credentials against a list of known compromised credentials." NIST?s Paul Grassi, one of the authors of the report, noted that many of the above guidelines are now only strong suggestions and are not mandatory yet. The public comment period closed on May 1 and now the draft goes through an internal review process. It is expected to be completed by early to mid summer. ?We look forward to a day in the near future when technology, culture, and user preference allows these requirements to be more broadly accepted. That said, we reviewed a lot of research in the space and determined that composition and expiration did little for security, while absolutely harming user experience. And bad user experience is a vulnerability in our minds,? he said. ?We need technology to support this (not all password stores do), so we didn?t want to create requirements that agencies had no chance of meeting due to tech limitations.? < - > http://www.csoonline.com/article/3195181/data-protection/vendors-approve-of-nist-password-draft.html From rforno at infowarrior.org Tue May 9 16:53:19 2017 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 09 May 2017 21:53:19 -0000 Subject: [Infowarrior] - POTUS fires FBI Director Comey Message-ID: <7B826897-7347-4989-B7E0-3EB914423DFE@infowarrior.org> (x-posted) May 9, 5:47 PM EDT Trump fires FBI director James Comey http://hosted.ap.org/dynamic/stories/U/US_TRUMP_COMEY WASHINGTON (AP) -- President Donald Trump has fired FBI Director James Comey. In a statement, Trump says Comey's firing "will mark a new beginning" for the FBI. The White House says the search for a new FBI director will begin immediately. Comey's firing comes days after he testified on Capitol Hill about the FBI's investigation into Russia's election meddling and possible connections between Russia and Trump's campaign. ? 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. Learn more about our Privacy Policy and Terms of Use.