.@janawinter obtained a dozen DHS & FBI warnings about hackers hiding malware in 'fake news' stories. https://t.co/OAHuZcVNRk
— Noah Shachtman (@NoahShachtman) January 4, 2017
Any of you more tech-competent people want to tell us whether this story should alarm the rest of us?
… For nearly a decade, various hacker groups accused of working for the Russian government have used fake news in cyberespionage campaigns targeting U.S. government, law enforcement, and military officials—not to mention think tanks, defense contractors, and universities. That’s according to more than a dozen reports and warnings issued by the Department of Homeland Security, the FBI, and other federal agencies over the last three years and reviewed by The Daily Beast. Private industry security firms, conducting their own research, have reached similar conclusions…
Most recently, hours after Donald Trump became president-elect, a post-election campaign was launched against political supporters from both sides of the aisle. The hackers, believed to be tied to the Russian government, used fake news sent from Gmail addresses and what appeared to be hacked email accounts at Harvard’s Faculty of Arts and Sciences, according to security firm Veloxity. Two of the emails claimed to be forwarded from the Clinton Foundation; others contained malicious links to efax or PDF attachments of news articles on topics including:
• “Elections Outcome Could Be revised [Facts of Elections Fraud]”
• “The ‘Shocking’ Truth About Election Rigging”
• “Why American Elections Are Flawed”
• “Clinton Foundation FYI #1”That same group—sometimes referred to as “the Dukes,” “APT29,” and “CozyBear”—is believed to be affiliated with Russia’s premiere intelligence service, the FSB. Both the U.S. government and private security analysts say that “CozyBear” was one of two that penetrated the DNC in the run-up to the 2016 election. Their hacks have used fake news in targeted cyberespionage campaigns since at least 2008, according to a report on their activity by F-Secure, a second cybersecurity firm…
SiubhanDuinne
I shall read this entire thread with great interest, but gods willing it won’t be until tomorrow morning sometime (didn’t get to sleep until after 5:00 a.m. today and got less than five hours’ worth after that, so I am dragging).
I’m about as far as one can get from tech-competent, but this sounds rather alarming.
Gin & Tonic
If you click on a URL you find in an e-mail you get from a random Gmail account you are a fucking moron and deserve to be pwned.
BJ Lurker
Another reason to avoid any interaction (including electronic) with trumpkins.
Corner Stone
COURIERS!
Corner Stone
It is simply glorious watching Trump destroy Cole’s BFF Chris Christie.
I can’t stand any single bit of anything having to do with Trump. Nothing. But grinding Christie into less than nothing is simply glorious, and I don’t care who does it.
Corner Stone
@Gin & Tonic: You mean that emailed offer for property with unobstructed views of..the Gulf Coast…may not…oh, shit.
hovercraft
@Gin & Tonic:
I don’t even open e-mails from anyone I don’t recognize, who knows what I’m missing. Now if only I could stop the little people in my house from clicking on shit, I’d be all set.
Scamp Dog
It looks (to my non-security expert eyes) to be the standard “get somebody to click a link” method of getting them to download the malware you want to inflict on them.
Corner Stone
@hovercraft:
If you have Leprechauns living with you don’t you already kind of have it made?
BillinGlendaleCA
@Corner Stone: Couriers worked out OK for Bin Laden.
Miss Bianca
@Corner Stone: FTW!
NW Phil
@Gin & Tonic: YES, many times yes.
– – – – – – – – – – – –
And if you’re running an organization that doesn’t use the latest and greatest security for web and email you deserve what you get. Actually it probably doesn’t matter, since you outsource so much of your staff (cleaning, security, cafeteria…) that your security is a joke.
Corner Stone
@BillinGlendaleCA: I would suggest Trump has a point if you take The Wire as an instructive case review.
hovercraft
@Corner Stone:
The best thing is that he’s getting it from all sides, loathed and despised here in Jersey, and being humiliated nationally by the shitgibbon. How great is it that the very thing that made him famous and got him the governorship in the first place, prosecuting insiders and their paymasters, is the very thing that is responsible for him not getting high profile job with the shitgibbon. He flouted norms by always making his collars as public as possible, he called the press, cuffed them and made them do the walk of shame, Charles Kushner was one of his higher profile perps, of course the salacious details involving hotels and hookers sent it to the next level. Paybacks a bitch. The goddess is smiling down on me.
Miss Bianca
I bet “DNC Will Rig the Election with this ONE WEIRD TRICK!” got a lot of hits…
BillinGlendaleCA
@Corner Stone: Trump learns all he needs to know from “the shows”.
NotMax
Gone phishin’.
In Russia, phish bite you!
hovercraft
@Corner Stone:
Since they come with a pot of gold instead of bleeding you dry, I’m ready to make an exchange.
Corner Stone
@NW Phil:
I am totally confused now. What, exactly, is the latest and greatest security for web and email for orgs?
rikyrah
Part of the setup for the GOP to try and shill that they are attempting to ‘RESCUE’ Obamacare by
REPEALING IT.
They didn’t take 50 votes for ‘RESCUE’ of Obamacare…
They took 50 votes for ‘REPEAL’ of Obamacare…
……………………………..
Trump Warns GOP To Make Sure Dems ‘Own’ Obamacare Failure: ‘Be Careful!’
By Esme Cribb
Published January 4, 2017, 10:25 AM EDT
President-elect Donald Trump told Republicans in a series of tweets Wednesday morning to “be careful!” and make sure that Democrats take ownership of any failures of the Affordable Care Act, as the GOP takes its first steps towards repealing the healthcare law.
“Republicans must be careful in that the Dems own the failed ObamaCare disaster,” Trump tweeted, apparently warning Republicans to avoid acting in undue haste that might lead to poor optics. “Dems are to blame for the mess. It will fall of its own weight – be careful!”
…………………..
House Republicans on Tuesday introduced and approved new chamber rules that included a special glide path for their efforts to dismantle Obamacare. Senate Budget Committee Chairman Mike Enzi (R-WY) also introduced a budget resolution to kick-start the budget reconciliation process Republican lawmakers will likely use to scrap major parts of the bill and avoid a Democratic filibuster.
Trump similarly chided Republicans via Twitter on Tuesday after members of Congress approved a rules change in a closed-door meeting that would have gutted an independent House ethics watchdog (an outpouring of constituent anger led to a swift reversal of that rules change). While he didn’t appear to take issue with the House GOP’s position on the watchdog, which he described as “unfair” in the tweets, Trump wrote that “weakening” the Office of Congressional Ethics shouldn’t be as big of a priority for the incoming Congress as an issue like healthcare.
Gin & Tonic
@Corner Stone: I’ll send you an e-mail about it.
Millard Filmore
Rule 1: do not use a Microsoft product. Use Linux or BSD or anything else. You can download a “live” DVD of Linux from many of the distributions listed at distrowatch.com. The live DVD will allow you to boot your computer into Linux without touching your main hard disk, there is no installation needed.
Rule 2: If you must use Microsoft, do not use the Explorer. Use Firefox. A mandatory add-on is NoScript (free but contributions are encouraged). “Extra protection for your Firefox” … you can whitelist trusted sites, like your bank, and block most other crap.
I am not an expert, but many years of promiscuous activity using Linux has resulted in no infections.
hovercraft
@BillinGlendaleCA:
We may be misunderestimating him again. Perhaps this is all part of a genius plan, stop Courier from moving to Mexico, place intelligence into the units and send them to our operatives all over the world. It’s so genius, no one will ever be able to spy on us again.
JPL
@rikyrah: On day one, Trump will take executive actions that can weaken the ACA. When it collapses, the media will not mention what the President did. I’m sorry but after watching this con man, I’m just not optimistic about the future.
rikyrah
front pagers,
please watch the first segment of Maddow. She talks about resistance in the era of Cheeto Benito.
Omnes Omnibus
@Corner Stone: Not if it’s like the one in the Jennifer Aniston movie.
NotMax
@NotMax
Arrrgh.
Fingers have a life of their own. Of course, what was thinking (but not typing) was “In Russia, phish hook you!”
tpherald
@Millard Filmore: Since you are “not an expert”, then don’t go around saying “don’t use Microsoft”!
Nothing wrong with Microsoft products, but not using IE is good advice. Don’t do it!
Do not auto-load images in emails (stops pixel tracking), do not allow cookies (tracking as well and file access) and do NOT click on obvious CLICK BAIT!
rikyrah
Never thought I’d write this:
My money’s on the CIA
Wall Street Journal
✔
@WSJ
Breaking: Trump is working with advisers on a plan that would restructure and pare back the top U.S. spy agency
tpherald
Don’t worry, everyone, I heard today that the new alliance of Hannity, Assange and Greenwald have come to tell us that Russia is great and we should all accept our new overlords with open arms … So, RELAX! It’s much easier that way …
mai naem mobile
@Corner Stone: I think Christie might end up being the one to bring Lumpy down. He was the US Attorney in NJ and he prosecuted Kushners dad. Pretty sure he knows people in the NY NJ FBI offices. I can totally see Christie setting up something slowly to bring Lumpy down. He’s just as vindictive as Lumpy. I am sure Lumpy told him stuff when they were buddies during the campaign.
Corner Stone
I also have a weird thing for Ana Marie Cox. And Jen Psaki. Maybe it’s the ginger? Hmmm, my ex’s sister is a ginger….
I’m going to have to TMI on this for a while…
Miss Bianca
@Omnes Omnibus: btw, to answer your question from a couple nights ago…horsies are fine. Been having lots of fun with the newest in the herd, a cute little Arab gelding. I’ve quite lost my heart to him. : )
Corner Stone
@mai naem mobile: I honestly don’t think Christie is smart enough to pull that off. Nothing he has done to this point would give me confidence that he knows what he is doing about basically anything.
Omnes Omnibus
@Miss Bianca: An Arab? Aren’t you afraid he’s going to kill you in the night? What kind of American patriot are you?
tpherald
@rikyrah:
Classic move of a tyrant / dictator. Reward loyalists and punish your perceived political enemies (CIA in this case).
tpherald
@rikyrah:
Explains why Greenwald is a big Trump fan now. He’ll sacrifice Putin influence in the US for a pared-down CIA.
tpherald
@tpherald: Of course, it’s easy to be cool with Trump when you’re Greenwald since he doesn’t even live in the US.
Michael Bersin
Outgoing Missouri Secretary of State Jason Kander (D) [also, unsuccessful senate candidate, but ever so close] gave the republican super majority in the Missouri House a voter suppression farewell wedgie in his address during the ceremonial opening of the new legislative session.
The republicans were not pleased. They withheld their ceremonial thank you resolution. The media noticed.
Miss Bianca
@Omnes Omnibus: The only way I’d be afraid this little guy would kill me in the night would be by trampling me to get to a carrot on my bedside table. I iz a faulty American patriot, evidently.
Corner Stone
@efgoldman: Or, he could…kind of actually answer the question. At this point, I’m kind of ok with either. I just want to take a nap every day when I wake up so, yeah.
Miss Bianca
@efgoldman:
What?? I’m pretty sure I heard that efgoldman was the next candidate for Bard-hood, after the Earl of Oxford.
JPL
Most republicans hold Putin in higher esteem than President Obama. Now the GOP is split on whether or not the CIA is correct that Russia was in fact hacking the DNC. This will not end well, imo.
Lizzy L
@JPL: The only thing these bastards care about is remaining in power. The. Only. Thing. Oh, and money. Fuck the security of the USA. Apres nous le deluge.
JPL
@Lizzy L: Tax cuts for their buddies.. I’m streaming CNN and Woolsey is tying himself in knots defending Trump. SAD
Mike in NC
There was this guy who was a courier on the Western Front in WW1. Was gassed and awarded the Iron Cross. People welcomed him as an outsider, so I’ve read.
Miss Bianca
@efgoldman: I can no other answer make, but thanks, and thanks, and ever thanks – – Twelfth Night
Corner Stone
@Mike in NC: Snoopy?
Corner Stone
@JPL: James Woolsey may actually be the nuttiest nutbag that ever came out of the CIA. Whitey Tape notwithstanding.
Lizzy L
@JPL: I said, “And money.” And I too question your sanity in watching CNN. As for Woolsey — I have nothing good to say about him since he signed on as one of T’s “advisors” and started bad-mouthing Hillary. He’s a shit. Fuck him and the horse he rode in on.
a hip hop artist from Idaho (fka Bella Q)
@Miss Bianca: He sounds cute! They are dangerously intelligent, but can be quite witty.
O/T: I’ll get reading tomorrow.
Miss Bianca
@efgoldman: Ooh, I got:
That’s so freaking awesome, I may have to put that on a T-shirt!
Dog Dawg Damn
BREAKING: Obama releasing CIA report on Russian hacking Monday @ 2pm. (NPR)
Miss Bianca
@a hip hop artist from Idaho (fka Bella Q): He is the darling of the world. I love his little freakouts – I can feel one eye rolling back like, “are you going to let me get away with this?” “No”. “Oh, OK – just checking”.
No rush! : )
Doug R
@Corner Stone: You may like one of Josh Marshall ‘s tweets then. Just don’t click on it at work.
NotMax
@efgoldman
A taste of “Omelette, the Musical”.
(Alternate with full and clear audio but no video action.)
a hip hop artist from Idaho (fka Bella Q)
@Miss Bianca: I got:
-The Scottish Play
He’ll check and check – it’s a good game to him. Lucky guy!
Botsplainer
@Gin & Tonic:
“One Great Trick to cure toenail fungus AND ED in (name your city)”
Millard Filmore
@tpherald:
Sorry, my mistake. I should have said “I am not a security expert.”
I started my software career around the time that minicomputers were new. For the first 30 years of Microsoft, its software quality was an industry joke. My contempt of the company has grown to the point that I have lost track of what they put out. Have they picked up their game in the last 10 years? Does Windows still need third party anti-virus protection? My son’s Windows 10 computer picks up sludge rather easily so any progress must have been in the last few years, if at all.
How much of a security expert do I need to be to notice the difference between my Linux computer and my son’s Windows machine? Seriously … I would dearly love to know from a real security expert how many malware problems would simply go away by ditching Microsoft.
RepubAnon
@efgoldman: You can download the best, big league antivirus protection at malware.gullible.joke
O. Felix Culpa
@a hip hop artist from Idaho (fka Bella Q): Mine was rich in words and somehow fitting to the times:
ETA: Henry IV Part 1
Botsplainer
@Corner Stone:
Don’t do your ex’s sister. Bad, bad karma, and if it turned into something, Thanksgiving would be awkward.
NotMax
@a hip hop artist from Idaho (fka Bella Q)
Gotta link to “God, I Hate Shakespeare”, just for grins.
Takes some lyrical chutzpah to rhyme genius with penis.
mai naem mobile
@efgoldman: last I heard the NJ legislature was going to try and impeach him. I can see Krispy seething and plotting against Lumpy and his son in law Malignant Mass.
khead
@rikyrah:
Yeah, I am pretty sure this is the first time in my life I am rooting for the CIA vs. the Executive Office.
Corner Stone
@Doug R: I said TMI because I considered masturbating for a bit while contemplating my ginger preferences. I did not say TPM because, my God man, what kind of fucking freak are you?
Miss Bianca
@a hip hop artist from Idaho (fka Bella Q): They’re like Huskies that way – they’ll always test you! What does it say about me that that’s the sort of animal companion I evidently prefer!
Lizzy L
From the CNN website:
JPL
@Doug R: What was the point of Josh’s tweets? I didn’t really understand what was going on, and I certainly didn’t understand the point he was making.
mai naem mobile
@Botsplainer: you sound like you speak from experience. I had a friend,years ago,who was married who was screwing around with his brothers wife who ended up getting preggers. They didn’t know whose kid it was andone had to do a paternity test. Luckily it ended up being the husbands kid. No,they didn’t love happily ever after. Everybody divorced.
NW Phil
@Corner Stone: comments 22 & 28 covered the basics (you can use Microsoft).
Firefox w/noscript is a great way to start on the web. Make sure your Add-ons are set to “Ask to Activate” (Tools>>Add-ons>>Plugins) and disable/remove Extensions and Plugins you don’t use.
Thunderbird for an email client. Use an email provider with great spam and virus protection. Gmail has it’s limits, so watch yourself. I use Aquamail as an email client on Android and limit the download size of messages (and no images) until I want to read more of it.
Make sure you have firewalls, hopefully on each PC and on your modem/router.
Every toy on your network offers more ways to compromise you, be aware and turn off features you don’t use. I had someone’s Playcast asking permission to run on my Roku, so I turned off Screen Mirroring.
Take advantage of the free malware checkers on the market. Like Malwarebyte.
Keep software up-to-date.
Chip Daniels
@Corner Stone:
You have to click the link to find out.
Major Major Major Major
@JPL: he tweeted porn on accident and now he’s trying to be too cute and half pretend he half meant to.
Steeplejack (tablet)
@Miss Bianca:
Saving this for some trolls: “Thou art so leaky that we must leave thee to thy sinking.”
Corner Stone
@NW Phil: This is hilarious.
dopey-0
@Corner Stone:
Common sense.
mai naem mobile
TrumpCare will go out of business like all his other endeavors. He’ll have to be bailed out. The people paying the premiums will get their money stolen and the providers will get paid pennies on the dollar. But the premium bills will come in yuuge gold embossed envelopes. Klassy!
Botsplainer
@mai naem mobile:
I see these events from time to time. There are complexities….
BillinGlendaleCA
@Millard Filmore:
Here’s your answer, none. Hackers and malware programmers would go to whatever the dominant OS was. Sort of like water flowing downhill or Willie Suton’s reason for robbing banks.
ETA: You haven’t needed a 3rd party Antivirus program for Windows for probably about 10 years, Windows Defender/Firewall works fine.
Corner Stone
@dopey-0: We Are So Fucked
Miss Bianca
@Steeplejack (tablet): Sick, sick burn. The Bard FTW!
Major Major Major Major
@BillinGlendaleCA: isn’t Linux the dominant OS planet-wide?
MobiusKlein
@Gin & Tonic: nobody deserves to be powned.
Quit victim shaming.
JPL
@Major Major Major Major: I found it odd, and it made me uncomfortable. I follow Josh for news.
RepubAnon
@Millard Filmore: Microsoft’s gotten better, but they still get cracked into, as do Android devices (http://www.zdnet.com/article/google-patches-dirty-cow-security-flaw-in-latest-android-security-update/) and especially Apple products – whose users typically aren’t as careful due to the perception that Apple products don’t get viruses.
The big problem with Microsoft Windows is that it’s very popular – so the return on investment for malware developers is greater (more devices to crack into). Apple’s reputation for higher income and less cautious users has begun drawing it some unwanted attention from the blackhat crowd. (http://www.zdnet.com/article/apple-backdoor-steals-the-keys-to-your-kingdom/)
In short, my non-professional viewpoint is that the old standbys still hold:
* Keep your system updated, and have antivirus software running always
* Implement 2-factor security
* Use a different password for each site – especially financial sites (make sure they’re secure, and hard for a computer to guess -see https://xkcd.com/936/)
* Don’t click on embedded HTML links
* Avoid HTML e-mails where possible
* Avoid clickbait.
* Watch out for e-mails from friends telling you to do something risky, such as “click this link”. Call them first – someone may have forged their return address or hacked their e-mail.
I’ve probably left some out, but these are a good start.
;)
Corner Stone
@Botsplainer: Cousin(s)?
BillinGlendaleCA
@Major Major Major Major: Nope, not even close.
Corner Stone
Speaking of my ginger obsession….oh,baby.
Corner Stone
@Major Major Major Major: God, no. Really?
Major Major Major Major
@BillinGlendaleCA: @Corner Stone: oh, are we not calling phones computers?
ETA: and I meant *nix more generally.
BillinGlendaleCA
@Corner Stone: It might be closer if you count Android as Linux.
Major Major Major Major
@BillinGlendaleCA: android is the dominant OS, iirc.
ETA: for phones, obvs
BillinGlendaleCA
@Major Major Major Major: You know many folk running Ubuntu on cell phone? I’ve heard that it’s possible on some phones, I’ve never tried it.
El Caganer
@JPL: I was streaming CNN, too. Afterwards I remembered to flush and wash my hands.
lamh36
Damnit…I sometimes forget how engrossing the original Law & Order was…but thanks to ION-tv …I never forget!
Eljai
@Michael Bersin: Go Kander! I hope he runs again.
Major Major Major Major
@BillinGlendaleCA: I’m sure I know a nonzero number of people who do.
Botsplainer
@Corner Stone:
Third only.
Corner Stone
@BillinGlendaleCA: Sure. I guess I missed that conflation.
If there are other stats I am open sourced to hearing them.
NW Phil
@Corner Stone: It’s nothing compared to what any organization needs to do for basic online security.
Jeffro
@rikyrah: amen
Corner Stone
@Botsplainer: Not related to me, you fool! Fucking Kentucky Family Lawyer. Jeebus.
Steve in the ATL
@Miss Bianca:
Earl F. Goldman?
Jeffro
Folks we so incredibly do not need to worry about this clown anymore … he is busy tweeting tonight about how the career of Jackie Evancho has taken off since she accepted the invitation to perform at his inauguration.
Our soon to be commander-in-chief is staying up late tonight trying to convince the country that a 16-year-old YouTube star is Primo inauguration material.
I’m so laughing my ass off… hey Republicans you bought this clown show, no returns or exchanges
Corner Stone
@NW Phil: That was my original question to your comment.
tpherald
@Millard Filmore: Hackers would simply turn their attention to the most popular platforms.
Some MSFT products are more vulnerable than others. But Apple, Linux, Google, etc all have vulnerabilities of their own.
It’s only natural that the more popular platforms used by less sophisticated users get attacked most often.
Omnes Omnibus
@Corner Stone: James Jesus Angleton.
Corner Stone
@Omnes Omnibus: That dude just needed to get laid.
Major Major Major Major
@tpherald: yeah, it’s this last part, combined with the fact that there aren’t going to be many damaging emails stored on your coffee maker or thermostat, that are really relevant for the kind of hacking and phishing we’re talking about.
Corner Stone
Hmmm…Dan Senor, Michael Steele, Kristen Welker…
That’s balanced and fair.
Mary G
@efgoldman: Those are amazing. I might just start tweeting them to Trump, starting with
It fits him perfectly, with his horrible skin from hanging out on golf courses.
sneezy
@Millard Filmore:
Here are the top ten software products ranked by the number of Common Vulnerabilities and Exposures (CVEs) found in them during 2016: 1. Android (523) 2. Debian Linux (319) 3. Ubuntu Linux (278) 4. Flash Player (266) 5. Novell Leap (259) 6. OpenSUSE Linux (228) 7. Acrobat Reader DC (227) 8. Acrobat DC (227) 9. Acrobat (224) 10. Linux Kernel (217)
You could note that the top three are all linux (android counts) as are two others. So linux is half of the top ten. You could also note that none of the top ten are Microsoft products. The highest ranked Microsoft product is Windows 10 at #14.
It’s pretty clear from this list that if you want to rail against a commercial software vendor for poor security, it should be Adobe, not Microsoft.
Finally note that I say this as someone who does not primarily use Microsoft products or even like them very much in general (although I love Excel).
DanF
I’ve been tempted to drop a CIDR block on my servers for China, Russia and the Ukraine. They probably account for 80% of the scripted attacks against my systems… I’d still get attacked by these guys of course, but it’d have to come from an owned system from elsewhere that they can burn. Biggest concern is DDoS attacks from IoT devices. If you’re a target there ain’t much you can do. We’re going to have to start signing packets before long.
Omnes Omnibus
@Corner Stone: Hey, a Kentucky family law practitioner is going to be an expert on the topic.
Omnes Omnibus
@Corner Stone: You have a point.
NW Phil
@Corner Stone: $1,000/day plus expenses gets you that answer and that’s cheap advice (in both meanings). Hire a full-time IT staff member who is certified and experienced.
Aleta
Do I understand this right ? Exxon just paid its voluntarily resigned CEO a bribe of 108 million dollars to go represent its interests while discharging the duties of the US Secretary of State so help them God?
Omnes Omnibus
@NW Phil: So, in addition to a butler, housekeeper, cook, valet, housemaids, footmen, and chauffeurs (not counting outside staff), I need an IT guy?
BillinGlendaleCA
@Aleta:
There’s an old saying in the oil bidnis, “Exxon has more money than God”.
Millard Filmore
@BillinGlendaleCA:
As someone that has been in the bachelor herd way too long, I have been to some VERY dodgey places with Linux and escaped with nary a scratch. If a real security expert will stand up and say this is entirely due to Firefox and NoScript then I can accept what you say.
Yet even with Linux source code to examine, it has not been the target of a world-wide malware outbreak.
Dog Dawg Damn
So #BLMKidnapping is #1 Trend on Twitter.
It’s fueling racial animus. Politicizing a terrible tragedy.
NotMax
@NW Phil
And then there’s the eight bucks an hour plus lunch IT help.
:)
Millard Filmore
@Omnes Omnibus:
You have a computer wiggling its tail on the internet? Then Yes.
FlyingToaster
@Omnes Omnibus: Two IT guys. One for hardware maintenance, one for software monitoring.
Don’t cheap out like here at Chez Toaster (Where I am SysAdmin, wiring specialist, maintainer of the now ancient SPI router, replacer of the utterly separate WAP). My day job is procurement officer and chauffeur for the nine-year-old.
Omnes Omnibus
@Millard Filmore: I am talking to you here. I must have some internet thingie. Mustn’t I?
NW Phil
@Omnes Omnibus: If you’re running an organization.
C’mon, are you completely new to the internet? Most of this has been around since the world wide web started.
BillinGlendaleCA
@Millard Filmore: There’s little “bang for the buck” hacking Linux, at least in the past due to it’s low market penetration. Now android is a different story.
Omnes Omnibus
@FlyingToaster: Golly, I may have to discharge a footman/housemaid or two. The modern world is rather complex. I think I’ll have a brandy.
Omnes Omnibus
@NW Phil: Are you new to the internet? I asked the question as though I were the Earl of Grantham.
NW Phil
@FlyingToaster: Time to put that nine-year-old to work at Chez Toaster.
Corner Stone
@NW Phil: You sound more and more stupid with every reply.
NW Phil
@Omnes Omnibus: yeah, I was being a jerk.
NotMax
@Omnes Omnibus
Any more than three footmen is terribly gauche.
NW Phil
@Corner Stone: You asked a question, I couldn’t help you. So what?
Omnes Omnibus
@NotMax: But one needs at least two.
khead
@efgoldman:
It’s worth watching the openings just to get the Lennie Briscoe quip before the first commercial.
Omnes Omnibus
@efgoldman: Still tucked away. ::shudders::
Corner Stone
@NW Phil: C’mon friend. You said this:
I asked what that meant. You replied FireFox with NoScript. I said, what? You then said $1000 a day something something.
Sheesh.
Aleta
@FlyingToaster:
And data analyst?
Omnes Omnibus
@efgoldman: One wants proper staff. One also wants proper musicians. What the daft Hungarians do doesn’t matter.
Hob
@tpherald: Your last two points don’t seem at all relevant to the question of how to avoid malware.
“Do not auto-load images in emails (stops pixel tracking)” – pixel tracking is not an attack vector, just a way for the sender to determine whether the message was read.
“do not allow cookies (tracking as well and file access)” – unclear what you mean here by “file access”. The cookie itself is stored in the local filesystem, but doesn’t convey access to any other files. Generally when people refer to cookies in this way it means they don’t actually know what cookies are.
NotMax
@efgoldman
Esterhazy. *sniff* Hungarian parvenus.
;)
Major Major Major Major
@Aleta: well yes, of course, who isn’t, that goes without saying.
Steeplejack (tablet)
@efgoldman:
Ion, WGN, TNT, Sundance, WeTV on my system.
Omnes Omnibus
@Major Major Major Major: I believe that I have people who do that. Do I need that done?
Major Major Major Major
@Omnes Omnibus: perhaps you have a young son or nephew who’s good with the cyber?
khead
@efgoldman:
You watch those to see DA Stone deliver some righteousness. That was before Moriarity freaked out and left the USA.
Omnes Omnibus
@Major Major Major Major: One of the footmen seems tech savvy.
Dog Dawg Damn
@Corner Stone: If I were a PoC now, I’d be buying a gun, or three.
NW Phil
@Corner Stone: There is no single answer that will solve all IT security issues. It depends on what you actually doing to access the internet. Larger organizations need advice tailored to their use and it requires competent help. It’s not a doing something and walk away it’s all solved issue.
NotMax
@Major Major Major Major
That ad showing grandparents, arms brimming with electronic stuff, warmly greeting the visiting grandkids with a hearty “All of these are broken” is cute.
Major Major Major Major
@Omnes Omnibus: would he have time to analyze data? What’s your guest throughput?
Dog Dawg Damn
Okay, I’m going to own that I’m an alarmist:
This Russia thing won’t go away, because it’s true, and Trump is going to be faced with it being thrown in his face by his own party. This will unnerve him, and he’ll retaliate.
He may attempt to create a national crisis to distract from this and unify his support. (What he accused Obama of doing prior to 2012 election.)
He may classify BLM as a terrorist organization (as his prominent surrogate David A. Clarke suggested.)
He may send in federal troops to this inner city (as he has suggested).
He will support legislation restricting “terrorists” from purchasing weapons. (As he has said.)
He may target Muslims instead (as Allen West suggested.)
There is a non-insignificant chance we will see state-sponsored racial violence on a scale not seen since the darkest days of Jim Crow.
Hob
@Major Major Major Major: Not sure what your point is about the coffee maker and thermostat. The reason security on those is a problem isn’t because someone can find your email there, it’s because someone can hijack the device as part of an attack against someone else, at which point your own network becomes less than useful to you because it’s busy sending a billion bits of garbage off to who knows where. Or, if the device in question is your network (i.e. your router), it can be made to intercept or redirect your Internet usage in general. And unfortunately with devices that don’t have any regular security update mechanism, every user is in effect a “less sophisticated user.”
Apologies if you already know all that and I just misunderstood your point.
NotMax
@Omnes Omnibus
Go with the hall boy. Always hungry for advancement, that lot.
Omnes Omnibus
@Major Major Major Major: This is complicated. My butler and I will try to work it out.
Yarrow
@Dog Dawg Damn:
I don’t know which city you mean by “this” but in general a lot of inner cities have seen white people move back into them, displacing people of color. Commonly referred to as ‘gentrification.’ If he’s sending federal troops into inner cities he’s going to upset a lot of white people who have paid top dollar for their expensively remodeled or new homes.
Hob
@Dog Dawg Damn: I don’t think it is nitpicking to point out that this part is misleading: “He may send in federal troops to this inner city (as he has suggested)”. At least, if you’re talking about this thing. That is, it’s unclear whether he suggested such a thing, and if that’s what he meant it’s not something he can do just by saying so.
Yarrow
@NotMax: Can I just have a cabana boy serving me umbrella drinks by the pool? That would be good enough for me right now.
Major Major Major Major
@Hob: what I meant is that nobody’s going phishing with your DVR or trying to do cross-origin voodoo with your Nest to get your Facebook password. We aren’t talking about botnets here. A bunch of toasters with factory default passwords isn’t the kind of security vulnerability to talk about in this discussion so it doesn’t really matter that there’s a lot of tiny Linux machines around.
Omnes Omnibus
@Dog Dawg Damn: @Hob: He can’t do that.
Omnes Omnibus
@efgoldman: Yes, but this is complicated.
Steeplejack (tablet)
@efgoldman:
Cognitive dissonance when Jerry Orbach shows up in Season 2 as (I think) a shady lawyer.
dww44
@tpherald:Another must watch segment in the LOD 10 p.m. hour tonight on MSNBC with Ari Melber subbing for him. He had Evan McMullan and Charle Sikes on this very issue. McMullan went even further and said that Trump’s moves against the CIA and his earlier moves against the press are classic traits of authoritarians when they assume power. He allowed that he is more concerned/worried/scared than at any time since the election.
Video should be up by tomorrow.; couldn’t find it just now, but then the MSNBC site gives me fits anyways.
Gretchen
@mai naem mobile: that idea makes me feel better
NotMax
@Yarrow
If it’s Guido, ask for references. :)
Not to mention the scuttlebutt.
Hob
@Major Major Major Major: Toasters no, but router vulnerabilities are still relevant, no? If you can’t trust your DNS, it becomes harder to tell what’s safe to do.
Yarrow
@dww44: McMullin is right. That’s exactly what authoritarians do. The moves against the press are classic authoritarian. Then attacking enemies and undermining them. His moves against the CIA today are to be expected. And he’s not even in office yet.
Omnes Omnibus
@efgoldman: And?
Hob
@Yarrow: DDD is talking about Chicago, where this just happened.
Major Major Major Major
@Hob: routers, sure.
Dog Dawg Damn
@Hob: I mistyped “this”. Didn’t mean any specific one. I think there’s a non-insignificant chance he’ll use National Guard to quell protests and/or specter of minority violence.
That clear it up?
fuckwit
@Hob:
Now that is a sick-ass burn.
Steeplejack (tablet)
@efgoldman:
Yeah, I get that, but Orbach showing up as a lawyer really sticks out because of his, what, 270 episodes as Lennie Briscoe.
Dog Dawg Damn
@Yarrow: I totally agree.
I mean, look. Am I being alarmist? Yes. I am.
Can anyone point to anything that shows restraint on his part?
Are we not actually on DJT meltdown fueled by Fox Propaganda that causes some severe awful thing happening? I don’t think anyone can.
He has done absolutely nothing to assure the American public that he will respect our Republic. He has called for a coup d’etat, targeted the press, aligned with a foreign power, spread conspiracy theories about “thousands of Muslims cheering” that are insidious and bigoted.
What am I missing that calls for calm?
EBT
I am interested in the breakdown between people who are able to push the monthly android security updates, and people stuck on carrier branded android devices that are months or years out of date.
Calming Influence
I got tired of worrying about online security a while ago, so now my entire online presence is through a stolen identity. If I get hacked, I’m fine, but a dentist in Sheboygan is gonna be totally fucked.
sukabi
@efgoldman: he might be able to offer something on drumpf as an incentive for justice to cut him some slack…
Raven Onthill
In minor but annoying news, the servers of the old LiveJournal social network have been moved to Russia, and LJ has dropped encryption for everything but password traffic, making its users vulnerable in many ways.
Time to move to Dreamwidth, if you have accounts there. See this link for how.
Calming Influence
@Raven Onthill: Oh sure, you want me to click on that helpful “link”! I think nyet, comradski!
Steeplejack (phone)
@Calming Influence:
Okay, that was funny. I laughed. Ta.
Hob
@Dog Dawg Damn: If you’ve already decided that the only two options are “alarmist” vs. “calling for calm”, then I guess there’s no point in discussing it at all, is there? It seems like you think the worst possible scenario is automatically right regardless of whether it makes sense.
The President isn’t Emperor Ming. He can’t just push a button and make any damn thing happen that comes into his head, even if he wants to. Deploying the National Guard is a governmental action subject to rules, and to pushback from the states. If he were able to just do it, on no more pretext than “there are Black Lives Matters protesters doing something bad somewhere”, then our problem would be not so much “Trump wants to execute a coup” as “a coup already happened at some point in the past”.
Calming Influence
@Steeplejack (phone):
You’re able to laugh because you’re not the dentist in Sheboygan. I’d say that’s a bit insensitive.
Hob
This is not to say that Trump can’t do plenty of other terrible shit. Just that it might be worthwhile to start with the assumption that the entire United States government has not already been completely dismantled and replaced by a magic tyranny machine, because if that were the case then what does it even matter whether we’re panicking sufficiently or not?
Millard Filmore
@Dog Dawg Damn:
I’m with you on this. A hostile foreign power ratfucked our election, and (nearly ???) the entire Republican leadership is acting like they participated or are actively covering it up.
Dog Dawg Damn
@Hob: Good point. It’ll take something bigger than a BLM protest to cause anything major.
I’m not under the assumption the worst will happen. Most of the time the worst happening is perfectly set up, it doesn’t actually happen. However, that’s not necessarily a reason to flirt with it by not being alarmed.
I think stronger messaging on this could have paid off–no one knows that he was spewing Russia propaganda during the campaign, for instance. Anyway, I’ll settle down. I imagine this CIA shit is going to come to a head really quickly and we’ll see how he’s going to actually rule.
Calming Influence
@Millard Filmore:
Oh, but president elect Trump is finally getting a briefing on the hacking THIS FUCKING FRIDAY?!?
The hacking has been known to the intelligence branches for months, a foreign goverment breached our security. And the president elect is not fully briefed on this already, because:
A) This is the first he’s heard about it;
B) What’s the big deal, Vlad’s a pal;
C) Trump couldn’t get an earlier appointment with the National Security briefers, because they were extremely busy already getting the president elect up to speed. (oh, wait…)
tpheraldb
@Hob: if you don’t wanna be tracked, don’t auto load images on emails and don’t allow cookies. Cookies can absolutely be saved as files and pixel firing is a common way for hackers to probe an organization’s network and topology. I see it every day.
Barney
So, not actually ‘fake news’, just linking to a site they can use to infect others with malware from. I was going to ask “why use fake news, when that’s most likely to be linked to by mouthbreathers with no money or secrets worth stealing?” (Trump being the exception to that, of course – he’ll click on any old shit, and would be worth hacking); it seems they thought of that too. So, this isn’t really a ‘fake news’ story; it’s a ‘fake news site’ story.
mapaghimagsik
Links in twitter are also being used to host malware. Interestingly enough, Twitter doesn’t have a specific reporting category for that.
Miss Bianca
@Omnes Omnibus: How do you fit all those folks into a 1200-ft. condo?
NCSteve
@Gin & Tonic: Yes, but your whole organization doesn’t. These aren’t kids grifting for credit card numbers. They’re spies for a hostile power looking for intelligence and blackmail material.