Come for the politics, stay for the snark.

When your entire life is steeped in white supremacy, equality feels like discrimination.

And now I have baud making fun of me. this day can’t get worse.

“More of this”, i said to the dog.

You can’t attract Republican voters. You can only out organize them.

fuckem (in honor of the late great efgoldman)

I did not have this on my fuck 2022 bingo card.

I know this must be bad for Joe Biden, I just don’t know how.

My years-long effort to drive family and friends away has really paid off this year.

The party of Reagan has become the party of Putin.

They fucked up the fucking up of the fuckup!

This blog will pay for itself.

The worst democrat is better than the best republican.

I see no possible difficulties whatsoever with this fool-proof plan.

A thin legal pretext to veneer over their personal religious and political desires

When do we start airlifting the women and children out of Texas?

Presidents are not kings, and Plaintiff is not President.

It may be funny to you motherfucker, but it’s not funny to me.

I’d like to think you all would remain faithful to me if i ever tried to have some of you killed.

Come for the politics, stay for the snark.

Let us savor the impending downfall of lawless scoundrels who richly deserve the trouble barreling their way.

The revolution will be supervised.

Black Jesus loves a paper trail.

You cannot shame the shameless.

Fuck these fucking interesting times.

You are here: Home / Foreign Affairs / Open Thread: Fake News, Real Malware?

Open Thread: Fake News, Real Malware?

by | 192 Comments

This post is in: , , ,

Any of you more tech-competent people want to tell us whether this story should alarm the rest of us?

… For nearly a decade, various hacker groups accused of working for the Russian government have used fake news in cyberespionage campaigns targeting U.S. government, law enforcement, and military officials—not to mention think tanks, defense contractors, and universities. That’s according to more than a dozen reports and warnings issued by the Department of Homeland Security, the FBI, and other federal agencies over the last three years and reviewed by The Daily Beast. Private industry security firms, conducting their own research, have reached similar conclusions…

Most recently, hours after Donald Trump became president-elect, a post-election campaign was launched against political supporters from both sides of the aisle. The hackers, believed to be tied to the Russian government, used fake news sent from Gmail addresses and what appeared to be hacked email accounts at Harvard’s Faculty of Arts and Sciences, according to security firm Veloxity. Two of the emails claimed to be forwarded from the Clinton Foundation; others contained malicious links to efax or PDF attachments of news articles on topics including:

• “Elections Outcome Could Be revised [Facts of Elections Fraud]”
• “The ‘Shocking’ Truth About Election Rigging”
• “Why American Elections Are Flawed”
• “Clinton Foundation FYI #1”

That same group—sometimes referred to as “the Dukes,” “APT29,” and “CozyBear”—is believed to be affiliated with Russia’s premiere intelligence service, the FSB. Both the U.S. government and private security analysts say that “CozyBear” was one of two that penetrated the DNC in the run-up to the 2016 election. Their hacks have used fake news in targeted cyberespionage campaigns since at least 2008, according to a report on their activity by F-Secure, a second cybersecurity firm…

Reader Interactions

192Comments

  1. 1.

    SiubhanDuinne

    I shall read this entire thread with great interest, but gods willing it won’t be until tomorrow morning sometime (didn’t get to sleep until after 5:00 a.m. today and got less than five hours’ worth after that, so I am dragging).

    I’m about as far as one can get from tech-competent, but this sounds rather alarming.

  2. 2.

    Gin & Tonic

    If you click on a URL you find in an e-mail you get from a random Gmail account you are a fucking moron and deserve to be pwned.

  5. 5.

    Corner Stone

    It is simply glorious watching Trump destroy Cole’s BFF Chris Christie.

    I can’t stand any single bit of anything having to do with Trump. Nothing. But grinding Christie into less than nothing is simply glorious, and I don’t care who does it.

  7. 7.

    hovercraft

    @Gin & Tonic:
    I don’t even open e-mails from anyone I don’t recognize, who knows what I’m missing. Now if only I could stop the little people in my house from clicking on shit, I’d be all set.

  8. 8.

    Scamp Dog

    It looks (to my non-security expert eyes) to be the standard “get somebody to click a link” method of getting them to download the malware you want to inflict on them.

  9. 9.

    Corner Stone

    @hovercraft:

    Now if only I could stop the little people in my house

    If you have Leprechauns living with you don’t you already kind of have it made?

  12. 12.

    NW Phil

    @Gin & Tonic: YES, many times yes.
    – – – – – – – – – – – –
    And if you’re running an organization that doesn’t use the latest and greatest security for web and email you deserve what you get. Actually it probably doesn’t matter, since you outsource so much of your staff (cleaning, security, cafeteria…) that your security is a joke.

  14. 14.

    hovercraft

    @Corner Stone:
    The best thing is that he’s getting it from all sides, loathed and despised here in Jersey, and being humiliated nationally by the shitgibbon. How great is it that the very thing that made him famous and got him the governorship in the first place, prosecuting insiders and their paymasters, is the very thing that is responsible for him not getting high profile job with the shitgibbon. He flouted norms by always making his collars as public as possible, he called the press, cuffed them and made them do the walk of shame, Charles Kushner was one of his higher profile perps, of course the salacious details involving hotels and hookers sent it to the next level. Paybacks a bitch. The goddess is smiling down on me.

  15. 15.

    Miss Bianca

    I bet “DNC Will Rig the Election with this ONE WEIRD TRICK!” got a lot of hits…

  19. 19.

    Corner Stone

    @NW Phil:

    And if you’re running an organization that doesn’t use the latest and greatest security for web and email you deserve what you get.

    I am totally confused now. What, exactly, is the latest and greatest security for web and email for orgs?

  20. 20.

    rikyrah

    Part of the setup for the GOP to try and shill that they are attempting to ‘RESCUE’ Obamacare by
    REPEALING IT.

    They didn’t take 50 votes for ‘RESCUE’ of Obamacare…
    They took 50 votes for ‘REPEAL’ of Obamacare…

    ……………………………..

    Trump Warns GOP To Make Sure Dems ‘Own’ Obamacare Failure: ‘Be Careful!’
    By Esme Cribb
    Published January 4, 2017, 10:25 AM EDT

    President-elect Donald Trump told Republicans in a series of tweets Wednesday morning to “be careful!” and make sure that Democrats take ownership of any failures of the Affordable Care Act, as the GOP takes its first steps towards repealing the healthcare law.

    “Republicans must be careful in that the Dems own the failed ObamaCare disaster,” Trump tweeted, apparently warning Republicans to avoid acting in undue haste that might lead to poor optics. “Dems are to blame for the mess. It will fall of its own weight – be careful!”

    …………………..

    House Republicans on Tuesday introduced and approved new chamber rules that included a special glide path for their efforts to dismantle Obamacare. Senate Budget Committee Chairman Mike Enzi (R-WY) also introduced a budget resolution to kick-start the budget reconciliation process Republican lawmakers will likely use to scrap major parts of the bill and avoid a Democratic filibuster.

    Trump similarly chided Republicans via Twitter on Tuesday after members of Congress approved a rules change in a closed-door meeting that would have gutted an independent House ethics watchdog (an outpouring of constituent anger led to a swift reversal of that rules change). While he didn’t appear to take issue with the House GOP’s position on the watchdog, which he described as “unfair” in the tweets, Trump wrote that “weakening” the Office of Congressional Ethics shouldn’t be as big of a priority for the incoming Congress as an issue like healthcare.

  22. 22.

    Millard Filmore

    Rule 1: do not use a Microsoft product. Use Linux or BSD or anything else. You can download a “live” DVD of Linux from many of the distributions listed at distrowatch.com. The live DVD will allow you to boot your computer into Linux without touching your main hard disk, there is no installation needed.

    Rule 2: If you must use Microsoft, do not use the Explorer. Use Firefox. A mandatory add-on is NoScript (free but contributions are encouraged). “Extra protection for your Firefox” … you can whitelist trusted sites, like your bank, and block most other crap.

    I am not an expert, but many years of promiscuous activity using Linux has resulted in no infections.

  23. 23.

    hovercraft

    @BillinGlendaleCA:
    We may be misunderestimating him again. Perhaps this is all part of a genius plan, stop Courier from moving to Mexico, place intelligence into the units and send them to our operatives all over the world. It’s so genius, no one will ever be able to spy on us again.

  24. 24.

    JPL

    @rikyrah: On day one, Trump will take executive actions that can weaken the ACA. When it collapses, the media will not mention what the President did. I’m sorry but after watching this con man, I’m just not optimistic about the future.

  27. 27.

    NotMax

    @NotMax

    Arrrgh.

    Fingers have a life of their own. Of course, what was thinking (but not typing) was “In Russia, phish hook you!”

  28. 28.

    tpherald

    @Millard Filmore: Since you are “not an expert”, then don’t go around saying “don’t use Microsoft”!

    Nothing wrong with Microsoft products, but not using IE is good advice. Don’t do it!

    Do not auto-load images in emails (stops pixel tracking), do not allow cookies (tracking as well and file access) and do NOT click on obvious CLICK BAIT!

  29. 29.

    rikyrah

    Never thought I’d write this:

    My money’s on the CIA

    Wall Street Journal

    @WSJ

    Breaking: Trump is working with advisers on a plan that would restructure and pare back the top U.S. spy agency

  30. 30.

    tpherald

    Don’t worry, everyone, I heard today that the new alliance of Hannity, Assange and Greenwald have come to tell us that Russia is great and we should all accept our new overlords with open arms … So, RELAX! It’s much easier that way …

  31. 31.

    mai naem mobile

    @Corner Stone: I think Christie might end up being the one to bring Lumpy down. He was the US Attorney in NJ and he prosecuted Kushners dad. Pretty sure he knows people in the NY NJ FBI offices. I can totally see Christie setting up something slowly to bring Lumpy down. He’s just as vindictive as Lumpy. I am sure Lumpy told him stuff when they were buddies during the campaign.

  32. 32.

    Corner Stone

    I also have a weird thing for Ana Marie Cox. And Jen Psaki. Maybe it’s the ginger? Hmmm, my ex’s sister is a ginger….
    I’m going to have to TMI on this for a while…

  33. 33.

    Miss Bianca

    @Omnes Omnibus: btw, to answer your question from a couple nights ago…horsies are fine. Been having lots of fun with the newest in the herd, a cute little Arab gelding. I’ve quite lost my heart to him. : )

  34. 34.

    Corner Stone

    @mai naem mobile: I honestly don’t think Christie is smart enough to pull that off. Nothing he has done to this point would give me confidence that he knows what he is doing about basically anything.

  36. 36.

    tpherald

    @rikyrah:

    Breaking: Trump is working with advisers on a plan that would restructure and pare back the top U.S. spy agency

    Classic move of a tyrant / dictator. Reward loyalists and punish your perceived political enemies (CIA in this case).

  37. 37.

    tpherald

    @rikyrah:

    Breaking: Trump is working with advisers on a plan that would restructure and pare back the top U.S. spy agency

    Explains why Greenwald is a big Trump fan now. He’ll sacrifice Putin influence in the US for a pared-down CIA.

  39. 39.

    Michael Bersin

    Outgoing Missouri Secretary of State Jason Kander (D) [also, unsuccessful senate candidate, but ever so close] gave the republican super majority in the Missouri House a voter suppression farewell wedgie in his address during the ceremonial opening of the new legislative session.

    The republicans were not pleased. They withheld their ceremonial thank you resolution. The media noticed.

  40. 40.

    Miss Bianca

    @Omnes Omnibus: The only way I’d be afraid this little guy would kill me in the night would be by trampling me to get to a carrot on my bedside table. I iz a faulty American patriot, evidently.

  41. 41.

    Corner Stone

    @efgoldman: Or, he could…kind of actually answer the question. At this point, I’m kind of ok with either. I just want to take a nap every day when I wake up so, yeah.

  42. 42.

    Miss Bianca

    @efgoldman:

    The Peach Pustule no more wrote those than I wrote Hamlet.

    What?? I’m pretty sure I heard that efgoldman was the next candidate for Bard-hood, after the Earl of Oxford.

  43. 43.

    JPL

    Most republicans hold Putin in higher esteem than President Obama. Now the GOP is split on whether or not the CIA is correct that Russia was in fact hacking the DNC. This will not end well, imo.

  44. 44.

    Lizzy L

    @JPL: The only thing these bastards care about is remaining in power. The. Only. Thing. Oh, and money. Fuck the security of the USA. Apres nous le deluge.

  46. 46.

    Mike in NC

    There was this guy who was a courier on the Western Front in WW1. Was gassed and awarded the Iron Cross. People welcomed him as an outsider, so I’ve read.

  49. 49.

    Corner Stone

    @JPL: James Woolsey may actually be the nuttiest nutbag that ever came out of the CIA. Whitey Tape notwithstanding.

  50. 50.

    Lizzy L

    @JPL: I said, “And money.” And I too question your sanity in watching CNN. As for Woolsey — I have nothing good to say about him since he signed on as one of T’s “advisors” and started bad-mouthing Hillary. He’s a shit. Fuck him and the horse he rode in on.

  51. 51.

    a hip hop artist from Idaho (fka Bella Q)

    @Miss Bianca: He sounds cute! They are dangerously intelligent, but can be quite witty.

    O/T: I’ll get reading tomorrow.

  57. 57.

    a hip hop artist from Idaho (fka Bella Q)

    @Miss Bianca: I got:

    Be not lost so poorly in your thoughts.

    -The Scottish Play

    He’ll check and check – it’s a good game to him. Lucky guy!

  59. 59.

    Millard Filmore

    @tpherald:

    Since you are “not an expert”, then don’t go around saying “don’t use Microsoft”!

    Sorry, my mistake. I should have said “I am not a security expert.”

    Nothing wrong with Microsoft products,

    I started my software career around the time that minicomputers were new. For the first 30 years of Microsoft, its software quality was an industry joke. My contempt of the company has grown to the point that I have lost track of what they put out. Have they picked up their game in the last 10 years? Does Windows still need third party anti-virus protection? My son’s Windows 10 computer picks up sludge rather easily so any progress must have been in the last few years, if at all.

    How much of a security expert do I need to be to notice the difference between my Linux computer and my son’s Windows machine? Seriously … I would dearly love to know from a real security expert how many malware problems would simply go away by ditching Microsoft.

  61. 61.

    O. Felix Culpa

    @a hip hop artist from Idaho (fka Bella Q): Mine was rich in words and somehow fitting to the times:

    Why dost thou converse with that trunk of humours, that bolting-hutch of beastliness, that swollen parcel of dropsies, that huge bombard of sack, that stuffed cloak-bag of guts, that roasted Manningtree ox with pudding in his belly, that reverend vice, that grey Iniquity, that father ruffian, that vanity in years?

    ETA: Henry IV Part 1

  64. 64.

    mai naem mobile

    @efgoldman: last I heard the NJ legislature was going to try and impeach him. I can see Krispy seething and plotting against Lumpy and his son in law Malignant Mass.

  66. 66.

    Corner Stone

    @Doug R: I said TMI because I considered masturbating for a bit while contemplating my ginger preferences. I did not say TPM because, my God man, what kind of fucking freak are you?

  68. 68.

    Lizzy L

    From the CNN website:

    President Barack Obama delivered a mandate to Democrats on Wednesday: “Don’t rescue” Republicans on Obamacare. Less than three weeks out from leaving the White House, Obama visited Democratic lawmakers on Capitol Hill with a mission to save his signature healthcare reform law as Republicans are moving quickly to unroll the Affordable Care Act. In the closed-door meeting, the President urged fellow Democrats to not “rescue” Republicans by helping them pass replacement measures, according to sources in the room. He also floated this idea: Start referring to the GOP’s new plan as “Trumpcare.”

  69. 69.

    JPL

    @Doug R: What was the point of Josh’s tweets? I didn’t really understand what was going on, and I certainly didn’t understand the point he was making.

  70. 70.

    mai naem mobile

    @Botsplainer: you sound like you speak from experience. I had a friend,years ago,who was married who was screwing around with his brothers wife who ended up getting preggers. They didn’t know whose kid it was andone had to do a paternity test. Luckily it ended up being the husbands kid. No,they didn’t love happily ever after. Everybody divorced.

  71. 71.

    NW Phil

    @Corner Stone: comments 22 & 28 covered the basics (you can use Microsoft).
    Firefox w/noscript is a great way to start on the web. Make sure your Add-ons are set to “Ask to Activate” (Tools>>Add-ons>>Plugins) and disable/remove Extensions and Plugins you don’t use.
    Thunderbird for an email client. Use an email provider with great spam and virus protection. Gmail has it’s limits, so watch yourself. I use Aquamail as an email client on Android and limit the download size of messages (and no images) until I want to read more of it.
    Make sure you have firewalls, hopefully on each PC and on your modem/router.
    Every toy on your network offers more ways to compromise you, be aware and turn off features you don’t use. I had someone’s Playcast asking permission to run on my Roku, so I turned off Screen Mirroring.
    Take advantage of the free malware checkers on the market. Like Malwarebyte.
    Keep software up-to-date.

  72. 72.

    Chip Daniels

    @Corner Stone:

    I am totally confused now. What, exactly, is the latest and greatest security for web and email for orgs?

    You have to click the link to find out.

  77. 77.

    mai naem mobile

    TrumpCare will go out of business like all his other endeavors. He’ll have to be bailed out. The people paying the premiums will get their money stolen and the providers will get paid pennies on the dollar. But the premium bills will come in yuuge gold embossed envelopes. Klassy!

  79. 79.

    BillinGlendaleCA

    @Millard Filmore:

    I would dearly love to know from a real security expert how many malware problems would simply go away by ditching Microsoft.

    Here’s your answer, none. Hackers and malware programmers would go to whatever the dominant OS was. Sort of like water flowing downhill or Willie Suton’s reason for robbing banks.

    ETA: You haven’t needed a 3rd party Antivirus program for Windows for probably about 10 years, Windows Defender/Firewall works fine.

  85. 85.

    RepubAnon

    @Millard Filmore: Microsoft’s gotten better, but they still get cracked into, as do Android devices (http://www.zdnet.com/article/google-patches-dirty-cow-security-flaw-in-latest-android-security-update/) and especially Apple products – whose users typically aren’t as careful due to the perception that Apple products don’t get viruses.

    The big problem with Microsoft Windows is that it’s very popular – so the return on investment for malware developers is greater (more devices to crack into). Apple’s reputation for higher income and less cautious users has begun drawing it some unwanted attention from the blackhat crowd. (http://www.zdnet.com/article/apple-backdoor-steals-the-keys-to-your-kingdom/)

    In short, my non-professional viewpoint is that the old standbys still hold:
    * Keep your system updated, and have antivirus software running always
    * Implement 2-factor security
    * Use a different password for each site – especially financial sites (make sure they’re secure, and hard for a computer to guess -see https://xkcd.com/936/)
    * Don’t click on embedded HTML links
    * Avoid HTML e-mails where possible
    * Avoid clickbait.
    * Watch out for e-mails from friends telling you to do something risky, such as “click this link”. Call them first – someone may have forged their return address or hacked their e-mail.

    I’ve probably left some out, but these are a good start.

    ;)

  103. 103.

    Steve in the ATL

    @Miss Bianca:

    What?? I’m pretty sure I heard that efgoldman was the next candidate for Bard-hood, after the Earl of Oxford.

    Earl F. Goldman?

  104. 104.

    Jeffro

    Folks we so incredibly do not need to worry about this clown anymore … he is busy tweeting tonight about how the career of Jackie Evancho has taken off since she accepted the invitation to perform at his inauguration.

    Our soon to be commander-in-chief is staying up late tonight trying to convince the country that a 16-year-old YouTube star is Primo inauguration material.

    I’m so laughing my ass off… hey Republicans you bought this clown show, no returns or exchanges

  106. 106.

    tpherald

    @Millard Filmore: Hackers would simply turn their attention to the most popular platforms.

    Some MSFT products are more vulnerable than others. But Apple, Linux, Google, etc all have vulnerabilities of their own.

    It’s only natural that the more popular platforms used by less sophisticated users get attacked most often.

  109. 109.

    Major Major Major Major

    @tpherald: yeah, it’s this last part, combined with the fact that there aren’t going to be many damaging emails stored on your coffee maker or thermostat, that are really relevant for the kind of hacking and phishing we’re talking about.

  111. 111.

    Mary G

    @efgoldman: Those are amazing. I might just start tweeting them to Trump, starting with

    Thou gorbellied weather-bitten canker-blossom!

    It fits him perfectly, with his horrible skin from hanging out on golf courses.

  112. 112.

    sneezy

    @Millard Filmore:

    How much of a security expert do I need to be to notice the difference between my Linux computer and my son’s Windows machine? Seriously … I would dearly love to know from a real security expert how many malware problems would simply go away by ditching Microsoft.

    Here are the top ten software products ranked by the number of Common Vulnerabilities and Exposures (CVEs) found in them during 2016: 1. Android (523) 2. Debian Linux (319) 3. Ubuntu Linux (278) 4. Flash Player (266) 5. Novell Leap (259) 6. OpenSUSE Linux (228) 7. Acrobat Reader DC (227) 8. Acrobat DC (227) 9. Acrobat (224) 10. Linux Kernel (217)

    You could note that the top three are all linux (android counts) as are two others. So linux is half of the top ten. You could also note that none of the top ten are Microsoft products. The highest ranked Microsoft product is Windows 10 at #14.

    It’s pretty clear from this list that if you want to rail against a commercial software vendor for poor security, it should be Adobe, not Microsoft.

    Finally note that I say this as someone who does not primarily use Microsoft products or even like them very much in general (although I love Excel).

  113. 113.

    DanF

    I’ve been tempted to drop a CIDR block on my servers for China, Russia and the Ukraine. They probably account for 80% of the scripted attacks against my systems… I’d still get attacked by these guys of course, but it’d have to come from an owned system from elsewhere that they can burn. Biggest concern is DDoS attacks from IoT devices. If you’re a target there ain’t much you can do. We’re going to have to start signing packets before long.

  116. 116.

    NW Phil

    @Corner Stone: $1,000/day plus expenses gets you that answer and that’s cheap advice (in both meanings). Hire a full-time IT staff member who is certified and experienced.

  117. 117.

    Aleta

    Do I understand this right ? Exxon just paid its voluntarily resigned CEO a bribe of 108 million dollars to go represent its interests while discharging the duties of the US Secretary of State so help them God?

  118. 118.

    Omnes Omnibus

    @NW Phil: So, in addition to a butler, housekeeper, cook, valet, housemaids, footmen, and chauffeurs (not counting outside staff), I need an IT guy?

  119. 119.

    BillinGlendaleCA

    @Aleta:

    Exxon just paid its voluntarily resigned CEO a bribe of 108 million dollars to go represent its interests while discharging the duties of the US Secretary of State so help them God?

    There’s an old saying in the oil bidnis, “Exxon has more money than God”.

  120. 120.

    Millard Filmore

    @BillinGlendaleCA:

    Here’s your answer, none.

    As someone that has been in the bachelor herd way too long, I have been to some VERY dodgey places with Linux and escaped with nary a scratch. If a real security expert will stand up and say this is entirely due to Firefox and NoScript then I can accept what you say.

    Hackers and malware programmers would go to whatever the dominant OS was.

    Yet even with Linux source code to examine, it has not been the target of a world-wide malware outbreak.

  121. 121.

    Dog Dawg Damn

    So #BLMKidnapping is #1 Trend on Twitter.

    It’s fueling racial animus. Politicizing a terrible tragedy.

  123. 123.

    Millard Filmore

    @Omnes Omnibus:

    So, in addition to a butler, housekeeper, cook, valet, housemaids, footmen, and chauffeurs (not counting outside staff), I need an IT guy?

    You have a computer wiggling its tail on the internet? Then Yes.

  124. 124.

    FlyingToaster

    @Omnes Omnibus: Two IT guys. One for hardware maintenance, one for software monitoring.

    Don’t cheap out like here at Chez Toaster (Where I am SysAdmin, wiring specialist, maintainer of the now ancient SPI router, replacer of the utterly separate WAP). My day job is procurement officer and chauffeur for the nine-year-old.

  126. 126.

    NW Phil

    @Omnes Omnibus: If you’re running an organization.
    C’mon, are you completely new to the internet? Most of this has been around since the world wide web started.

  127. 127.

    BillinGlendaleCA

    @Millard Filmore: There’s little “bang for the buck” hacking Linux, at least in the past due to it’s low market penetration. Now android is a different story.

  138. 138.

    Corner Stone

    @NW Phil: C’mon friend. You said this:

    And if you’re running an organization that doesn’t use the latest and greatest security for web and email

    I asked what that meant. You replied FireFox with NoScript. I said, what? You then said $1000 a day something something.
    Sheesh.

  141. 141.

    Hob

    @tpherald: Your last two points don’t seem at all relevant to the question of how to avoid malware.

    “Do not auto-load images in emails (stops pixel tracking)” – pixel tracking is not an attack vector, just a way for the sender to determine whether the message was read.

    “do not allow cookies (tracking as well and file access)” – unclear what you mean here by “file access”. The cookie itself is stored in the local filesystem, but doesn’t convey access to any other files. Generally when people refer to cookies in this way it means they don’t actually know what cookies are.

  150. 150.

    NW Phil

    @Corner Stone: There is no single answer that will solve all IT security issues. It depends on what you actually doing to access the internet. Larger organizations need advice tailored to their use and it requires competent help. It’s not a doing something and walk away it’s all solved issue.

  153. 153.

    Dog Dawg Damn

    Okay, I’m going to own that I’m an alarmist:

    This Russia thing won’t go away, because it’s true, and Trump is going to be faced with it being thrown in his face by his own party. This will unnerve him, and he’ll retaliate.

    He may attempt to create a national crisis to distract from this and unify his support. (What he accused Obama of doing prior to 2012 election.)

    He may classify BLM as a terrorist organization (as his prominent surrogate David A. Clarke suggested.)

    He may send in federal troops to this inner city (as he has suggested).

    He will support legislation restricting “terrorists” from purchasing weapons. (As he has said.)

    He may target Muslims instead (as Allen West suggested.)

    There is a non-insignificant chance we will see state-sponsored racial violence on a scale not seen since the darkest days of Jim Crow.

  154. 154.

    Hob

    @Major Major Major Major: Not sure what your point is about the coffee maker and thermostat. The reason security on those is a problem isn’t because someone can find your email there, it’s because someone can hijack the device as part of an attack against someone else, at which point your own network becomes less than useful to you because it’s busy sending a billion bits of garbage off to who knows where. Or, if the device in question is your network (i.e. your router), it can be made to intercept or redirect your Internet usage in general. And unfortunately with devices that don’t have any regular security update mechanism, every user is in effect a “less sophisticated user.”

    Apologies if you already know all that and I just misunderstood your point.

  157. 157.

    Yarrow

    @Dog Dawg Damn:

    He may send in federal troops to this inner city

    I don’t know which city you mean by “this” but in general a lot of inner cities have seen white people move back into them, displacing people of color. Commonly referred to as ‘gentrification.’ If he’s sending federal troops into inner cities he’s going to upset a lot of white people who have paid top dollar for their expensively remodeled or new homes.

  158. 158.

    Hob

    @Dog Dawg Damn: I don’t think it is nitpicking to point out that this part is misleading: “He may send in federal troops to this inner city (as he has suggested)”. At least, if you’re talking about this thing. That is, it’s unclear whether he suggested such a thing, and if that’s what he meant it’s not something he can do just by saying so.

  160. 160.

    Major Major Major Major

    @Hob: what I meant is that nobody’s going phishing with your DVR or trying to do cross-origin voodoo with your Nest to get your Facebook password. We aren’t talking about botnets here. A bunch of toasters with factory default passwords isn’t the kind of security vulnerability to talk about in this discussion so it doesn’t really matter that there’s a lot of tiny Linux machines around.

  164. 164.

    dww44

    @tpherald:Another must watch segment in the LOD 10 p.m. hour tonight on MSNBC with Ari Melber subbing for him. He had Evan McMullan and Charle Sikes on this very issue. McMullan went even further and said that Trump’s moves against the CIA and his earlier moves against the press are classic traits of authoritarians when they assume power. He allowed that he is more concerned/worried/scared than at any time since the election.

    Video should be up by tomorrow.; couldn’t find it just now, but then the MSNBC site gives me fits anyways.

  166. 166.

    NotMax

    @Yarrow

    If it’s Guido, ask for references.     :)

    Not to mention the scuttlebutt.

    You Knew LOTS of Creepy Things about Guests

    Everyday when I got in, I leafed through a thick manifest. It detailed every guest who was staying at the property along with their room number. There were several VIP codes (none of which were “VIP” because duh) and you looked out for those: everything from Person We Disappointed Last Time to, say, Host of Famous Reality Singing Competition. If a celebrity was staying under an alias, their real name would also be listed. This was helpful to know, as well, because you were also instructed to report paparazzi, which I had to do from time to time. Most of the celebrities just wanted to chill, in their glasses and hats, and I actually felt pretty responsible for their relaxation.

    The best part of the manifest, though, was the notes. We were told to report pretty much any details about a guest’s personal life that we learned while serving them. You wrote them down on little notecards and slid them in a box. Usually the notes were pretty odd but benign: You knew that Miss Hanson in Room 206 liked iced tea extra cold but also that her daughter Josephine was studying Comparative Literature at Wesleyan. Sometimes they were really interesting reads. One guy, who lived at the resort all summer, had multiple pages including a drug-induced shower slip, a fight with his wife, a fight with a woman who was not his wife, etc. Source

  168. 168.

    Yarrow

    @dww44: McMullin is right. That’s exactly what authoritarians do. The moves against the press are classic authoritarian. Then attacking enemies and undermining them. His moves against the CIA today are to be expected. And he’s not even in office yet.

  172. 172.

    Dog Dawg Damn

    @Hob: I mistyped “this”. Didn’t mean any specific one. I think there’s a non-insignificant chance he’ll use National Guard to quell protests and/or specter of minority violence.

    That clear it up?

  173. 173.

    fuckwit

    @Hob:

    Emanuel spokesman Adam Collins responded in a statement by saying that if the federal government wants to help, it can fund summer jobs programs for at-risk youth and pass meaningful gun laws.

    Now that is a sick-ass burn.

  174. 174.

    Steeplejack (tablet)

    @efgoldman:

    Yeah, I get that, but Orbach showing up as a lawyer really sticks out because of his, what, 270 episodes as Lennie Briscoe.

  175. 175.

    Dog Dawg Damn

    @Yarrow: I totally agree.

    I mean, look. Am I being alarmist? Yes. I am.

    Can anyone point to anything that shows restraint on his part?

    Are we not actually on DJT meltdown fueled by Fox Propaganda that causes some severe awful thing happening? I don’t think anyone can.

    He has done absolutely nothing to assure the American public that he will respect our Republic. He has called for a coup d’etat, targeted the press, aligned with a foreign power, spread conspiracy theories about “thousands of Muslims cheering” that are insidious and bigoted.

    What am I missing that calls for calm?

  176. 176.

    EBT

    I am interested in the breakdown between people who are able to push the monthly android security updates, and people stuck on carrier branded android devices that are months or years out of date.

  177. 177.

    Calming Influence

    I got tired of worrying about online security a while ago, so now my entire online presence is through a stolen identity. If I get hacked, I’m fine, but a dentist in Sheboygan is gonna be totally fucked.

  179. 179.

    Raven Onthill

    In minor but annoying news, the servers of the old LiveJournal social network have been moved to Russia, and LJ has dropped encryption for everything but password traffic, making its users vulnerable in many ways.

    Time to move to Dreamwidth, if you have accounts there. See this link for how.

  182. 182.

    Hob

    @Dog Dawg Damn: If you’ve already decided that the only two options are “alarmist” vs. “calling for calm”, then I guess there’s no point in discussing it at all, is there? It seems like you think the worst possible scenario is automatically right regardless of whether it makes sense.

    The President isn’t Emperor Ming. He can’t just push a button and make any damn thing happen that comes into his head, even if he wants to. Deploying the National Guard is a governmental action subject to rules, and to pushback from the states. If he were able to just do it, on no more pretext than “there are Black Lives Matters protesters doing something bad somewhere”, then our problem would be not so much “Trump wants to execute a coup” as “a coup already happened at some point in the past”.

  184. 184.

    Hob

    This is not to say that Trump can’t do plenty of other terrible shit. Just that it might be worthwhile to start with the assumption that the entire United States government has not already been completely dismantled and replaced by a magic tyranny machine, because if that were the case then what does it even matter whether we’re panicking sufficiently or not?

  185. 185.

    Millard Filmore

    @Dog Dawg Damn:

    aligned with a foreign power

    What am I missing that calls for calm?

    I’m with you on this. A hostile foreign power ratfucked our election, and (nearly ???) the entire Republican leadership is acting like they participated or are actively covering it up.

  186. 186.

    Dog Dawg Damn

    @Hob: Good point. It’ll take something bigger than a BLM protest to cause anything major.

    I’m not under the assumption the worst will happen. Most of the time the worst happening is perfectly set up, it doesn’t actually happen. However, that’s not necessarily a reason to flirt with it by not being alarmed.

    I think stronger messaging on this could have paid off–no one knows that he was spewing Russia propaganda during the campaign, for instance. Anyway, I’ll settle down. I imagine this CIA shit is going to come to a head really quickly and we’ll see how he’s going to actually rule.

  187. 187.

    Calming Influence

    @Millard Filmore:

    Oh, but president elect Trump is finally getting a briefing on the hacking THIS FUCKING FRIDAY?!?

    The hacking has been known to the intelligence branches for months, a foreign goverment breached our security. And the president elect is not fully briefed on this already, because:

    A) This is the first he’s heard about it;
    B) What’s the big deal, Vlad’s a pal;
    C) Trump couldn’t get an earlier appointment with the National Security briefers, because they were extremely busy already getting the president elect up to speed. (oh, wait…)

  188. 188.

    tpheraldb

    @Hob: if you don’t wanna be tracked, don’t auto load images on emails and don’t allow cookies. Cookies can absolutely be saved as files and pixel firing is a common way for hackers to probe an organization’s network and topology. I see it every day.

  189. 189.

    Barney

    “Usually, the contents of the decoys appear to be taken from public sources, either by copying publicly accessible material such as a news report or by simply repurposing a legitimate file that has been openly distributed,” the F-Secure report notes.

    So, not actually ‘fake news’, just linking to a site they can use to infect others with malware from. I was going to ask “why use fake news, when that’s most likely to be linked to by mouthbreathers with no money or secrets worth stealing?” (Trump being the exception to that, of course – he’ll click on any old shit, and would be worth hacking); it seems they thought of that too. So, this isn’t really a ‘fake news’ story; it’s a ‘fake news site’ story.

  190. 190.

    mapaghimagsik

    Links in twitter are also being used to host malware. Interestingly enough, Twitter doesn’t have a specific reporting category for that.

  192. 192.

    NCSteve

    @Gin & Tonic: Yes, but your whole organization doesn’t. These aren’t kids grifting for credit card numbers. They’re spies for a hostile power looking for intelligence and blackmail material.

Comments are closed.