Tag: Security

It Really Sucks to be You

1 Comment

It appears that in addition to being contemptible people, the purveyors of Parler, the now-shuttered right-wing Twitter, were technically incompetent.

Their tech was incompetently managed, and  a security researcher managed to download almost every post in Parler, including deleted posts and extensive metadata.

I’m sure that the FBI will be most interested in this information:

In the wake of the violent insurrection at the U.S. Capitol by scores of President Trump’s supporters, a lone researcher began an effort to catalogue the posts of social media users across Parler, a platform founded to provide conservative users a safe haven for uninhibited “free speech” — but which ultimately devolved into a hotbed of far-right conspiracy theories, unchecked racism, and death threats aimed at prominent politicians.

The researcher, who asked to be referred to by her Twitter handle, @donk_enby, began with the goal of archiving every post from January 6, the day of the Capitol riot; what she called a bevy of “very incriminating” evidence. According to the Atlantic Council’s Digital Forensic Research Lab, among other sources, Parler is one of a several apps used by the insurrections to coordinate their breach of the Capitol, in a plan to overturn the 2020 election results and keep Donald Trump in power.

………

In the wake of the violent insurrection at the U.S. Capitol by scores of President Trump’s supporters, a lone researcher began an effort to catalogue the posts of social media users across Parler, a platform founded to provide conservative users a safe haven for uninhibited “free speech” — but which ultimately devolved into a hotbed of far-right conspiracy theories, unchecked racism, and death threats aimed at prominent politicians.

The researcher, who asked to be referred to by her Twitter handle, @donk_enby, began with the goal of archiving every post from January 6, the day of the Capitol riot; what she called a bevy of “very incriminating” evidence. According to the Atlantic Council’s Digital Forensic Research Lab, among other sources, Parler is one of a several apps used by the insurrections to coordinate their breach of the Capitol, in a plan to overturn the 2020 election results and keep Donald Trump in power.

………

Operating on little sleep, @donk_enby began the work of archiving all of Parler’s posts, ultimately capturing around 99.9 percent of its content. In a tweet early Sunday, @donk_enby said she was crawling some 1.1 million Parler video URLs. “These are the original, unprocessed, raw files as uploaded to Parler with all associated metadata,” she said. Included in this data tranche, now more than 56 terabytes in size, @donk_enby confirmed that the raw video files include GPS metadata pointing to exact locations of where the videos were taken.

………

Hoping to create a lasting public record for future researchers to sift through, @donk_enby began by archiving the posts from that day. The scope of the project quickly broadened, however, as it became increasingly clear that Parler was on borrowed time. Apple and Google announced that Parler would be removed from their app stores because it had failed to properly moderate posts that encouraged violence and crime. The final nail in the coffin came Saturday when Amazon announced it was pulling Parler’s plug.

………

The privacy implications are obvious, but the copious data may also serve as a fertile hunting ground for law enforcement. Federal and local authorities have arrested dozens of suspects in recent days accused of taking part in the Capitol riot, where a Capitol police officer, Brian Sicknick, was fatally wounded after being struck in the head with a fire extinguisher. 

My suggestion to @donk_enby is that if someone comes sniffing around for the archive that she made, don’t without a subpoena.  Providing the information under compulsion indemnifies you, so if someone wants to sue you for someting like “Invasion of Privacy”, you are covered.  (NOte that I am an engineer, not a lawyer, dammit.*

My second piece of advice is that turning your personal information over to an online site is a stupid thing, and doing so to a business that caters to reactionaries is even dumber.

Businesses that cater to conservatives on the basis of politics tend to be scams.  All you have to do is listen to Rush Limbaugh or Sean Hannity, and see how many of the ads are transparent bullshit like fat burning plant extracts, overpriced gold, phony ED cures, Corona Virus Cures, etc.

For them, it’s all about the Benjamins.

*I love it when I get to go all Dr. McCoy!

Tweet of the Day

No Comments

People who broke into the Capitol Wednesday are now learning they are on No-Fly lists pending the full investigation. They are not happy about this. pic.twitter.com/5GfHo1eVU8

— Ray [REDACTED] (@RayRedacted) January 10, 2021

People who stormed the Capitol are surprised that they are on No-Fly lists.

It never mattered when leopards ate OTHER people’s faces.

Good Point

No Comments

Matt Stoller makes a very good point, that the penetration of “premier” cybersecurity firm SolarWinds by hackers,* was a direct consequence of the private equity looting ethos.

They did not play close attention to security (Passwords from movies, seriously), our-sourced work into Eastern Europe, where the FSB could recruit operatives in a day trip.

Security, you see, is not profitable, even if you are a cyber security firm:

Roughly a month ago, the premier cybersecurity firm FireEye warned authorities that it had been penetrated by Russian hackers, who made off with critical tools it used to secure the facilities of corporations and governments around the world.

The victims are the most important institutional power centers in America, from the FBI to the Department of Treasury to the Department of Commerce, as well as private sector giants Cisco Systems, Intel, Nvidia, accounting giant Deloitte, California hospitals, and thousands of others. As more information comes out about what happened, the situation looks worse and worse. Russians got access to Microsoft’s source code and into the Federal agency overseeing America’s nuclear stockpile. They may have inserted code into the American electrical grid, or acquired sensitive tax information or important technical and political secrets.

………

And that makes this hack quite scary, even if we don’t see the effect right now. Mark Warner, one of the smarter Democratic Senators and the top Democrat on the Intelligence Committee, said “This is looking much, much worse than I first feared,” also noting “The size of it keeps expanding.” Political leaders are considering reprisals against Russia, though it’s likely they will not engage in much retaliation we can see on the surface. It’s the biggest hack since 2016, when an unidentified group stole the National Security Agency’s “crown jewels” spy tools. It is, as Wired put it, a “historic mess.”

……….

The most interesting part of the cybersecurity problem is that it isn’t purely about government capacity at all; private sector corporations maintain critical infrastructure that is in the “battle space.” Private firms like Microsoft are being heavily scrutinized; I had one guest-post from last January on why the firm doesn’t manage its security problems particularly well, and another on how it is using its market power to monopolize the cybersecurity market with subpar products. And yet these companies have no actual public obligations, or at least, nothing formal. They are for-profit entities with little liability for the choices they make that might impose costs onto others.

………

All of which brings me to what I think is the most compelling part of this story. The point of entry for this major hack was not Microsoft, but a private equity-owned IT software firm called SolarWinds. This company’s products are dominant in their niche; 425 out of the Fortune 500 use SolarWinds. As Reuters reported about the last investor call in October, the CEO told analysts that “there was not a database or an IT deployment model out there to which [they] did not provide some level of monitoring or management.” While there is competition in this market, SolarWinds does have market power. IT systems are hard to migrate from, and this lock-in effect means that customers will tolerate price hikes or quality degradation rather than change providers. And it does have a large market share; as the CEO put it, “We manage everyone’s network gear.”

SolarWinds sells a network management package called Orion, and it was through Orion that the Russians invaded these systems, putting malware into updates that the company sent to clients. Now, Russian hackers are extremely sophisticated sleuths, but it didn’t take a genius to hack this company. It’s not just that criminals traded information about how to hack SolarWinds systems; one security researcher alerted the company last year that “anyone could access SolarWinds’ update server by using the password “solarwinds123.’”

Using passwords ripped form the movie Spaceballs is one thing, but it appears that lax security practice at the company was common, systemic, and longstanding. The company puts its engineering in the hands of cheaper Eastern Europe coders, where it’s easier for Russian engineers to penetrate their product development. SolarWinds didn’t bother to hire a senior official to focus on security until 2017, and then only after it was forced to do so by European regulations. Even then, SolarWinds CEO, Kevin Thompson, ignored the risk. As the New York Times noted, one security “adviser at SolarWinds, said he warned management that year that unless it took a more proactive approach to its internal security, a cybersecurity episode would be “catastrophic.” The executive in charge of security quit in frustration. Even after the hack, the company continued screwing up; SolarWinds didn’t even stop offering compromised software for several days after it was discovered.

………

And yet, not every software firm operates like SolarWinds. Most seek to make money, but few do so with such a combination of malevolence, greed, and idiocy. What makes SolarWinds different? The answer is the specific financial model that has invaded the software industry over the last fifteen years, a particularly virulent strain of recklessness typically called private equity.

………

In October, the Wall Street Journal profiled the man who owns SolarWinds, a Puerto Rican-born billionaire named Orlando Bravo of Thoma Bravo partners. Bravo’s PR game is solid; he was photographed beautifully, a slightly greying fit man with a blue shirt and off-white rugged pants in front of modern art, a giant vase and fireplace in the background of what is obviously a fantastically expensive apartment. Though it was mostly a puff piece of a silver fox billionaire, the article did describe Bravo’s business model.

………

As I put it at the time, Bravo’s business model is to buy niche software companies, combine them with competitors, offshore work, cut any cost he can, and raise prices. The investment thesis is clear: power. Software companies have immense pricing power over their customers, which means they can raise prices to locked-in customers, or degrade quality (which is the same thing in terms of the economics of the firm). As Robert Smith, one of his competitors in the software PE game, put it, “Software contracts are better than first-lien debt. You realize a company will not pay the interest payment on their first lien until after they pay their software maintenance or subscription fee. We get paid our money first. Who has the better credit? He can’t run his business without our software.”

………

Did this acquisition spree and corporate strategy work? Well that depends on your point of view; it certainly increased accounting profits. From a different perspective, however, the answer is no. Accounting profits masked that the corporate strategy was shifting risk such that the firm enabled a hack of the FBI and U.S. nuclear facilities. And from the user and employee perspective, the strategy was also problematic. It’s a little hard to tell, but if you look at software feedback comment forums, you’ll find a good number of IT pros dislike SolarWinds, seeing the firm as a financial project based on cobbling together random products from an endless set of acquisitions. (If you are at SolarWinds or another Thoma Bravo company, or use their products, send me a note on your experiences.)

………

It’s not clear to me that Bravo is liable for any of the damage that he caused, but he did make one mistake. Bravo got caught engaging in what very much looks like insider trading surrounding the hack. Here’s the Financial Times on what happened:

Private equity investors sold a $315m stake in SolarWinds to one of their own longstanding financial backers shortly before the US issued an emergency warning over a “nation-state” hack of one of the software company’s products.

The transaction reduced the exposure of Silver Lake and Thoma Bravo to the stricken software company days before its share price fell as vulnerabilities were discovered in a product that is used by multiple federal agencies and almost all Fortune 500 companies.

But the trade could prove embarrassing for Menlo Park-based Silver Lake and its rival Thoma Bravo, which rank among the biggest technology-focused private equity firms in the world.

………

In this case, however, possible insider trading really isn’t the problem. Though I hate the phrase, the real scandal isn’t what’s illegal, it’s what is legal. Bravo degraded the quality of software, which usually just means that people have to deal with stuff that doesn’t work very well, but in this case enabled a weird increase in geopolitical tensions and an espionage victory for a foreign adversary. It’s yet another example of what national security specialist Lucas Kunce notes is the mass transformation of other people’s risk into profit, all to the detriment of American society.

………

There are many ways to see this massive hack. It’s a geopolitical problem, a question of cybersecurity policy, and a legally ambiguous aggressive act by a foreign power. But in some ways it’s not that complex; the problem isn’t that Russians are good at hacking and U.S. defenses are weak, it’s that financiers in America make more money by sabotaging key infrastructure than by building it.

And they are celebrated for it. If Western nations had coherent political systems, the men responsible for this mess would be dragged in front of legislative committees and grilled over the business practices putting all of us at risk. Instead, five days ago, Pitchbook just gave out their Private Equity Awards, and named their “dealmaker of the year.”

Yes, it was Orlando Bravo.

We need to change the laws to hold these guys accountable.

As it currently stands, they borrow money, and then loot the companies, and then retreat behind the bulwark of the bankruptcy courts to avoid any responsibility for what they have done.

*According to “Knowledgeable Sources”, Russia, but no one is willing to go on the record, so YMMV.
Again, no one is willing to go on the record as to whether this was the FSB, or the GRU, or maybe it was the fault of those damn Eskimos.
The line is from Judgement at Nuremberg. It’s a great movie. Spencer Tracy, Marlene Dietrich, Burt Lancaster, Richard Widmark, Maximilian Schell, Judy Garland, Montgomery Clift, and a very young William Shatner. (Widmark says the line about the Eskimos.)

This is Worrying

No Comments

The Secret Service is shuffling the staff for the Presidential detail, and it is strongly implied that this is because some members of Trumps detail are seen as unreliable.

This is what happens when you take a wrecking ball to the civil service, as Trump has:

The Secret Service is making some staff changes in the presidential detail that will guard President-elect Joe Biden, amid concerns from Biden allies that some current members were politically aligned with President Trump, according to two people familiar with the changes.

As Biden readies his new administration, the Secret Service plans to bring back to the White House detail a handful of senior agents whom Biden knows well from their work more than four years ago guarding him and his family when he was vice president.

Staff changes are typical with the arrival of a new president and are designed to increase the trust and comfort the incoming president feels with his protective agents, who often stand by the president’s side during sensitive discussions and private moments.

But the shifts underway occur at a particularly contentious time, as Trump has blamed his reelection loss on unfounded allegations of voter fraud and has sought to block his administration from treating Biden as the president-elect. Some in the Secret Service also came under criticism during Trump’s tenure for appearing to embrace his political agenda.

For instance, some presidential detail members urged other agents and Secret Service officers not to wear masks on presidential trips this year — against the administration’s own public health guidance — as the president felt wearing masks projected weakness, The Washington Post has reported.

This will not end well.

Amazon Ring Hacked to Abuse Homeowners

No Comments

Given that Amazon’s model for its Ring security cameras is its ability to collect extensive data on its users, and their neighbors.

Their plan is to monetize your data, and to share your data with law enforcement to further additional sales.

This model, where there are hundreds, if not thousands, of individuals and organizations with access to the cameras, it should come as no surprise that their system was hacked, and the hackers used their control of the network to harass people:

Dozens of people who say they were subjected to death threats, racial slurs, and blackmail after their in-home Ring smart cameras were hacked are suing the company over “horrific” invasions of privacy.

A new class action lawsuit, which combines a number of cases filed in recent years, alleges that lax security measures at Ring, which is owned by Amazon, allowed hackers to take over their devices. Ring provides home security in the form of smart cameras that are often installed on doorbells or inside people’s homes.

The suit against Ring builds on previous cases, joining together complaints filed by more than 30 people in 15 families who say their devices were hacked and used to harass them. In response to these attacks, Ring “blamed the victims, and offered inadequate responses and spurious explanations”, the suit alleges. The plaintiffs also claim the company has also failed to adequately update its security measures in the aftermath of such hacks.

………

Ring has not said who is behind the hacks, and victims say they still do not know who accessed their homes through the devices.

Repeatedly, Ring blamed victims for not using sufficiently strong passwords, the suit claims. It says Ring should have required users to establish complicated passwords when setting up the devices and implement two-factor authentication, which adds a second layer of security using a second form of identification, such as a phone number.

However, as the lawsuit alleges, Ring was hacked in 2019 – meaning the stolen credentials from that breach may have been used to get into users’ cameras. That means the hacks that Ring has allegedly blamed on customers may have been caused by Ring itself. A spokesperson said the company did not comment on ongoing litigation.

The lawsuit also cites research from the Electronic Frontier Foundation and others that Ring violates user privacy by using a number of third-party trackers on its app.

My old axiom applies, “If they treat their employees like sh%$, how do you think that they will treat you as a customer?”  

Amazon is a pernicious and corrupt organization, and cannot be trusted with your privacy.

House Passes Bill to Regulate the Internet of Sh%$

No Comments

Given that our f%$#ing light bulbs are being hijacked to DDOS Instagram influencers, legislation to regulate the so-called “Internet of Things” is long overdue:

Though it doesn’t grab the same headline attention as the silly and pointless TikTok ban, the lack of security and privacy standards in the internet of things (IOT) is arguably a much bigger problem. TikTok is, after all, just one app, hoovering up consumer data in a way that’s not particularly different from the 45,000 other international apps, services, governments, and telecoms doing much the same thing. The IOT, in contrast, involves millions of feebly secured products being attached to home and business networks every day. Many also made in China, but featuring microphones and cameras.

Thanks to a laundry list of lazy companies, everything from your Barbie doll to your tea kettle is now hackable. Worse, these devices are now being quickly incorporated into some of the largest botnets ever built, resulting in devastating and historic DDoS attacks. In short: thanks to “internet of things” companies that prioritized profits over consumer privacy and the safety of the internet, we’re now facing a security and privacy dumpster fire that many experts believe will, sooner or later, result in some notably nasty results.

To that end, the House this week finally passed the Internet of Things Cybersecurity Improvement Act, which should finally bring some meaningful privacy and security standards to the internet of things (IOT). Cory Gardner, Mark Warner, and other lawmakers note the bill creates some baseline standards for security and privacy that must be consistently updated (what a novel idea), while prohibiting government agencies from using gear that doesn’t pass muster. It also includes some transparency requirements mandating that any vulnerabilities in IOT hardware are disseminated among agencies and the public quickly:

I would suggest some additional requirements, like length of support requirements, and liability for the manufacturers and/or vendors.

So Ready for the Giant Meteor

No Comments

At his speech following the Super Tuesday results, Joe Biden was rushed by two vegan protesters, and his wife, Dr. Jill Biden went after one of them like Ray Nitschke.

This election is going to be a complete sh%$ show, and Donald John Trump is a master of the sh%$ show.

I am SO sick and tired of this bullsh%$.

I appreciate the fact that Jill Biden is a complete bad-ass, but I want to go and live in a f%$#ing cave:

It could have been a scene out of the romantic thriller “The Bodyguard,” except the hero of the moment in this case was not a trained agent but Jill Biden.

The sequence began as former vice president Joe Biden was delivering his victory speech in Los Angeles, thanking his supporters for his Super Tuesday comeback.

Suddenly, a protester rushed the stage wielding a “Let Dairy Die” placard. With the vegan protester just a few feet from her husband, Jill Biden clutched her husband’s right hand and interposed her body between him and the woman lunging at him.

About 10 seconds later, another anti-dairy industry protester stormed the stage. Reacting with lightning speed, the former second lady swung around, extended her arms, grabbed her by the wrists and then blocked her with a stiff-arm.

Wincing, she pushed the woman back as her husband and sister-in-law looked on with concern during the sudden confrontation.

How This Works

No Comments

Someone is Gaming the System

At The Markup, a news org created to do deep dives on technical news story, has found that there are significant differences in the ways that Gmail handles emails from different presidential campaigns.

The Buttigieg andYang campaigns are achieving disproportionate success in getting into the Gmail primary inbox.

The implication of this story is that Google could alter its algorithms to favor one candidate over another.

I do not think that this is a credible concern, at least not yet.

However, it is entirely possible that there are people inside Google who favor one candidate over another who would provide detailed information to the campaigns about how to game the filters.

IMHO, the two campaigns most likely to have a Google insider feeding them information would be those of Buttigieg and Yang, and it is their emails that have achieved the most success in reaching the primary email tab.

It’s called a man on the inside attack:

Pete Buttigieg is leading at 63 percent. Andrew Yang came in second at 46 percent. And Elizabeth Warren looks like she’s in trouble with 0 percent.

These aren’t poll numbers for the U.S. 2020 Democratic presidential contest. Instead, they reflect which candidates were able to consistently land in Gmail’s primary inbox in a simple test.

The Markup set up a new Gmail account to find out how the company filters political email from candidates, think tanks, advocacy groups, and nonprofits.

We found that few of the emails we’d signed up to receive —11 percent—made it to the primary inbox, the first one a user sees when opening Gmail and the one the company says is “for the mail you really, really want.”

Half of all emails landed in a tab called “promotions,” which Gmail says is for “deals, offers, and other marketing emails.” Gmail sent another 40 percent to spam.

For political causes and candidates, who get a significant amount of their donations through email, having their messages diverted into less-visible tabs or spam can have profound effects.

“The fact that Gmail has so much control over our democracy and what happens and who raises money is frightening,” said Kenneth Pennington, a consultant who worked on Beto O’Rourke’s digital campaign.

………

It’s well known that Facebook and Twitter curate which posts people see through the news feed, highlighting some while others are scarcely shown. What’s received less attention is how email has also become an algorithmically curated and monetized platform—essentially another feed—and the effect that can have. Some nonprofits and political causes said inbox curation is reducing donations and petition signatures.

Google communications manager Katie Wattie said in an email that the categories “help users organize their email.”

………

Google communications manager Katie Wattie said in an email that the categories “help users organize their email.” 

………

The tabs also serve another purpose: ad inventory. While Gmail does not sell ads in the primary inbox, advertisers can pay for top placement in the social and promotions tabs in free accounts.

Tweet of the Day

No Comments

This is unbelievably true:

I’ve been thinking about the movie Johnny Mnemonic lately, and how it turns out that that the most unrealistic thing about that movie is corporations giving a damp shit about data security.

— “Observing A Whole Lot of Anti-Chinese Racism” Cat (@No_X_in_Nixon) February 13, 2020

Whenever you hear of a computer hack, know that it is far more likely the result of shortsighted and parsimonious policies from companies than it is a super hacker.

Until there is personal jeopardy for executives who are reckless without data, this will continue.

Cue Alanis Morissette

No Comments

Or maybe not, because unlike her song, the news that hackers took over Facebook’s Twitter account is actually ironic:

An otherwise slow Friday afternoon has been spiced up by a hacker crew that managed to temporarily take control of Facebook’s official Twitter account. OurMine did not say how it got into the Social Network’s Twitter account, but it did take the opportunity to blast Zuck and Co.’s security practices:

This is certainly one way to ruin a Friday afternoon for someone in Menlo Park

Facebook's Twitter feed was hijacked. pic.twitter.com/Ioh58NibIZ

— The Register (@TheRegister) February 7, 2020

It should be noted that these are the people who have collected massive amounts of data on you in the hope of selling your soul to advertisers.

Brilliant

No Comments

If you a checking something expensive onto a commercial flight, include a gun, because it allows you to use a lock that baggage handlers and TSA agents cannot routinely open and rifle through.

It’s a federal regulation.

Once TSA inspects the bag, you put YOUR lock on it, and your valuables are secured

Just remember, it cannot be loaded:

I was talking with a friend who works and travels with drones.

Since his equipment costs tens of thousands of dollars it’s at high risk of being stolen at the airport during checked luggage handling.

The drone industry’s travel safety hack?

Throw a gun in with your drone.

— Kiki Schirr 史秀玉 🗝🗝✂️ (@KikiSchirr) January 8, 2020

TSA requires that gun cases remain locked post-inspection for the duration of travel, locked with a lock only you (and not TSA) has a key for.

Further, any case with a gun is practically escorted through the airport after being checked because it can NOT be lost.

Odd #lifehack

— Kiki Schirr 史秀玉 🗝🗝✂️ (@KikiSchirr) January 8, 2020

What the Actual F%$#?????

No Comments

Note the cell phone and the sign prohibiting them

Taking a chapter from the “Storm Area 51” movement, Congressional Republicans just rushed the Sensitive Compartmented Information Facility (SCIF) where the House Intelligence Committee was interviewing Laura Cooper, the deputy assistant secretary of defense for Russia, Ukraine, and Eurasia about the Trump administration using military aid to extort opposition research from the Ukraine.

They were literally tweeting about it on their phones as they ran into the secure room.

On Wednesday, Republican lawmakers committed a major breach of security guidelines when they carried cell phones as they tried to force their way into a secure room where a closed-door impeachment hearing with a Defense Department official was taking place.

At least one House member, Rep. Matt Gaetz of Florida, got inside the Sensitive Compartmented Information Facility (SCIF) in the basement of the House of Representatives. Despite strict rules barring all electronics inside such closed-off areas, Gaetz openly tweeted: “BREAKING: I led over 30 of my colleagues into the SCIF where Adam Schiff is holding secret impeachment depositions. Still inside—more details to come.”

It should be noted that not only were there Republicans in the hearing already, but about ¼ of the Representatives rushing the SCIF were already authorized to be at the hearing.

This was basically an attempt to recreate the Brooks Brothers riot of 2000, and intimidate the current, and future witnesses.

Lawyers said bringing phones into the secure area was a potential felony. Security officials, meanwhile, stressed how damaging the move could be to national security. The SCIF is designed to prevent electronic eavesdropping so members of Congress can receive sensitive information that is often classified. Often, the materials in the room reveal sensitive operations or show how intelligence officers collect information on adversaries. SCIFs are carefully controlled to prevent electronic signals or electronic devices from leaving the rooms. Chief among these restrictions is no unauthorized electronic devices.

Lock them up!!! Lock them up!!!

Wednesday’s event occurred as members of the House Intelligence Committee were preparing to hear from Laura K. Cooper, the deputy assistant secretary of defense for Russia, Ukraine, and Eurasia. Chanting “let us in, let us in,” the protesting lawmakers prevented the hearing from proceeding. House Intelligence Committee Chairman Adam Schiff turned the protesters away and called on the sergeant-at-arms to break up the crowd.

Schiff should have asked for the Sergeant at Arms to put them with cuffs and leave them face down on the floor for 3 or so hours.

Groundhog Day

No Comments
It looks like the State Department is rebooting its investigation into Hillary Clinton’s emails, because ……… I guess Trump wants to try to run this ploy in 2020.

This is f%$#ed up and sh%$:

The Trump administration is investigating the email records of dozens of current and former senior State Department officials who sent messages to then-Secretary of State Hillary Clinton’s private email, reviving a politically toxic matter that overshadowed the 2016 election, current and former officials said.

As many as 130 officials have been contacted in recent weeks by State Department investigators — a list that includes senior officials who reported directly to Clinton as well as others in lower-level jobs whose emails were at some point relayed to her inbox, said current and former State Department officials. Those targeted were notified that emails they sent years ago have been retroactively classified and now constitute potential security violations, according to letters reviewed by The Washington Post.

In virtually all of the cases, potentially sensitive information, now recategorized as “classified,” was sent to Clinton’s unsecure inbox.

State Department investigators began contacting the former officials about 18 months ago, after President Trump’s election, and then seemed to drop the effort before picking it up in August, officials said.

Senior State Department officials said that they are following standard protocol in an investigation that began during the latter days of the Obama administration and is nearing completion.

“This has nothing to do with who is in the White House,” said a senior State Department official, who spoke on the condition of anonymity because they were not authorized to speak publicly about an ongoing probe. “This is about the time it took to go through millions of emails, which is about 3½ years.”

Yeah, sure.  “Retroactively classified.”

I get that the Trump Administration is relentlessly corrupt and self serving, but beyond the urge to,burn it all down,” there seems no reason whatsoever to do this.

Don’t Let the Door Hit Your Butt on the Way Out

No Comments
John Bolton just got fired.

He should never been hired in the first place; he’s so crazy that he makes Trump look sane:

President Trump announced Tuesday that John Bolton was no longer his national security adviser, ending a stormy tenure marked by widening rifts between an unorthodox president seeking a foreign policy victory and an irascible foreign policy hawk who had been deeply skeptical of much of the president’s agenda.

Trump disclosed the departure in a terse Twitter message, saying he would name a replacement as early as next week. Potential candidates include at least two conservative foreign policy commentators who have appeared on Fox News, where Bolton’s fierce attacks on Democrats endeared him to Trump nearly two years ago.

The appeal didn’t last, however, as Bolton’s opposition to elements of Trump’s approach on North Korea, Iran and Afghanistan, among other issues, put him at odds with his boss and other advisers. Trump also largely blamed his third national security adviser for overselling the strength of Venezuela’s political opposition earlier this year.

“I informed John Bolton last night that his services are no longer needed at the White House,” Trump said on Twitter. “I asked John for his resignation, which was given to me this morning. I thank John very much for his service.”

A pity that this could not be settled in a cage match with flame throwers.

Thanks, Mark

No Comments

Hundreds of millions of phone numbers linked to Facebook accounts have been found online.

The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.

But because the server wasn’t protected with a password, anyone could find and access the database.

Each record contained a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username.

………

Some of the records also had the user’s name, gender and location by country.

Seriously, f%$# Zuck.

Internet group brands Mozilla ‘internet villain’ for supporting DNS privacy feature – TechCrunch

No Comments
An ISP group in the UK is claiming that Mozilla is making users less safe by implementing DNS-over-HTTPS, because it won’t allow the ISPs to filter the sites that the UK government wants them to ban people from.

My guess is that they are really upset because it makes it much tougher for ISPs to collect data to resell to advertisers.

I call hypocrisy for their accusation that Mozilla is an, ‘internet villain’ for using DNS-over-HTTPS:

An industry group of internet service providers has branded Firefox browser maker Mozilla an “internet villain” for supporting a DNS security standard.

The U.K.’s Internet Services Providers’ Association (ISPA), the trade group for U.K. internet service providers, nominated the browser maker for its proposed effort to roll out the security feature, which they say will allow users to “bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK.”

Mozilla said late last year it was planning to test DNS-over-HTTPS to a small number of users.

Whenever you visit a website — even if it’s HTTPS enabled — the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. The security standard is implemented at the app level, making Mozilla the first browser to use DNS-over-HTTPS. By encrypting the DNS query it also protects the DNS request against man-in-the-middle attacks, which allow attackers to hijack the request and point victims to a malicious page instead.

DNS-over-HTTPS also improves performance, making DNS queries — and the overall browsing experience — faster.

………

The ISPA’s nomination quickly drew ire from the security community. Amid a backlash on social media, the ISPA doubled down on its position. “Bringing in DNS-over-HTTPS by default would be harmful for online safety, cybersecurity and consumer choice,” but said it encourages “further debate.”

One internet provider, Andrews & Arnold, donated £2,940 — around $3,670 — to Mozilla in support of the nonprofit. “The amount was chosen because that is what our fee for ISPA membership would have been, were we a member,” said a tweet from the company.

Mozilla spokesperson Justin O’Kelly told TechCrunch: “We’re surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades old internet infrastructure.”

“Despite claims to the contrary, a more private DNS would not prevent the use of content filtering or parental controls in the UK. DNS-over-HTTPS (DoH) would offer real security benefits to UK citizens. Our goal is to build a more secure internet, and we continue to have a serious, constructive conversation with credible stakeholders in the UK about how to do that,” he said.

F%$# the ISPA.

Seriously?

No Comments
I’ve seen a lot of weird sh%$ in my day, but I never expected to see a first lady demanding the resignation of a senior national security council staffer:

First lady Melania Trump demanded the ouster of National Security Adviser John Bolton’s top deputy, Mira Ricardel, on Tuesday as reports swirled about an imminent shakeup of President Donald Trump’s administration.

“It is the position of the Office of the First Lady that she no longer deserves the honor of serving in this White House,” Melania Trump’s spokeswoman Stephanie Grisham said in a statement in response to a question about reports the first lady had sought Ricardel’s removal.

Ricardel, Bolton’s top deputy, clashed with the first lady’s staff after threatening to withhold National Security Council resources during Melania Trump’s trip to Africa last month unless Ricardel or another NSC official was included in her entourage, one person familiar with the matter said.

So basically she tried to shake down the first lady so that she could go along on a junket with her.

I guess that she wanted to go on safari, but if the alleged behavior is true, Ricardel’s behavior is beyond the pale, which would be typical of anyone who is a John Bolton protege.

It’s rare for first ladies to publicly intervene in West Wing staffing decisions, but when they do the clashes usually turn out badly for the aides involved. In what was probably the highest-profile such incident, President Ronald Reagan ousted his chief of staff Donald Regan in 1987 after he crossed Nancy Reagan.

It should be noted that Nancy Reagan did not PUBLICLY CALL FOR REGAN’S FIRING, and Melania Trump just DID.

………

 Melania Trump said in an ABC News interview during her Africa trip she had told her husband that people she didn’t trust worked for him. Asked what happened to those people, she said: “Well, some people, they don’t work there anymore.”

 ………

 While Bolton likes her, according to Trump administration officials, Ricardel is widely disliked among other White House staff. She’s regarded as inflexible and obsessed with process, which some officials complain has complicated coordination between the NSC and cabinet agencies.

Basically, she’s an incompetent and insufferable ass, which explains why John Bolton wanted her as his deputy, he sees himself in her.

This is unbelievavly f%$#ed up though, itn’t it?