Come for the politics, stay for the snark.

Weird. Rome has an American Pope and America has a Russian President.

There are a lot more evil idiots than evil geniuses.

I’m starting to think Jesus may have made a mistake saving people with no questions asked.

“Everybody’s entitled to be an idiot.”

Today in our ongoing national embarrassment…

They punch you in the face and then start crying because their fist hurts.

At some point, the ability to learn is a factor of character, not IQ.

Imperialist aggressors must be defeated, or the whole world loses.

Is it negotiation when the other party actually wants to shoot the hostage?

Trump’s cabinet: like a magic 8 ball that only gives wrong answers.

… gradually, and then suddenly.

They think we are photo bombing their nice little lives.

People really shouldn’t expect the government to help after they watched the GOP drown it in a bathtub.

My right to basic bodily autonomy is not on the table. that’s the new deal.

Fight for a just cause, love your fellow man, live a good life.

If you still can’t see these things even now, maybe politics isn’t your forte and you should stop writing about it.

Insiders who complain to politico: please report to the white house office of shut the fuck up.

Balloon Juice, where there is always someone who will say you’re doing it wrong.

This chaos was totally avoidable.

if you can’t see it, then you are useless in the fight to stop it.

Well, whatever it is, it’s better than being a Republican.

Everybody saw this coming.

There is no right way to do the wrong thing.

Cancel the cowardly Times and Post and set up an equivalent monthly donation to ProPublica.

You are here: Home / Archives for Cybersecurity

Reality Conforms to My Expectations: Today’s Wikileaks Release

by | 132 Comments

This post is in: , , , , , , , ,

Earlier today a couple of you asked me what I thought of the Wikileaks release. I wrote the following in two related comments. I’m highlighting the relative parts and I’ve edited the non-essential portions out from the original comments.

First:

Wikileaks is a distro arm, and has been for a while, of the Russian government. Given that some of what was dropped – and please remember I am, like everyone else with a clearance, not allowed to actually look at anything Wikileaks posts because I don’t need to know it whether its spilled onto the unclassified Internet or not, so I’m working off of other people’s reporting – claims that the CIA has the ability to make its cyber activities look like Russian Intelligence’s cyber activities. And that this is the stuff being pushed heavily by the known Russian governmental propaganda outlets, their fellow travelers, and sites/individuals that seek to shield the President from all criticism… It is important to remember that there is a remarkable amount of overlap, in terms of time and language, between what is reported and tweeted and distroed by other social media by RT and Sputknik towards the US on this stuff, what is then reported and tweeted/retweeted and distroed by other social media by FOX News personalities (Hannity, the Fox and Friends lack of brains trust), right wing radio talkers (Levin, Hewitt, etc), Breitbart, WND, etc, and then, ultimately the President and a number of folks in and around his inner circle. This pattern has been going on and remarked on for months and is quite bizarre.

And:

I think what you’re going to see, and I want to clarify from above, that the claim will be that the CIA did the hacking into the DNC and RNC on Obama’s request, but made it look like Russia and made it looked like Russia was helping the President’s campaign. That’s the only reason you start talking about the CIA having the ability to make its hacking tools and malware look like Russia’s. This will be in order to discredit the charges of Russian hacking and a Russian campaign of active measures in support of the President’s campaign.

Hopefully that makes more sense.

Lo and behold:

 

I don’t think any of this comes as any great surprise to anyone, but its always nice when reality conforms to one’s expectations of it.

Reality Conforms to My Expectations: Today’s Wikileaks ReleasePost + Comments (132)

Security and Privacy Tech Tips Part One

by | 179 Comments

This post is in: ,

In light of this new world we find ourselves in, I figured I’d plan a few tech posts to share some knowledge and best practices relating to privacy and security. I hope this encourages some good conversation, questions, and other tips from readers. More or less, this mostly a good idea/bad idea discussion.

To be clear, this is a mix of technical, conceptual, and philosophical information and represents my views only. When it comes to governments, my concern as a civil libertarian is to preserve all of my legal and civil rights in all situations as possible, and this means preventing anyone except duly authorized parties from accessing my private information.

You may disagree with my stance regarding compliance with government searches of electronic devices (for any physical or electronic search or access to my information, I say “warrant or exigent circumstances, with me or my lawyer present, no you do not have my permission and I will not give away my precious rights”), but I did want to make clear my absolute position on this up-front.

Realms

When it comes to privacy and security of my information, there are three realms that concern me:

  1. Personal – things that you do, use, or carry
  2. Online – considerations and implications of things we do online
  3. Home – things to think about relating to your home/apartment

In these three realms, you should always consider your privacy and information security.

I don’t include Work because that is not an area where you have privacy, no matter what you think. Your employer has the right to observe and track you, and many do, so you cannot really protect what you don’t have!

Threats

Similar to the Realms, there are Threats.  In truth, there are countless Threats, but for the most part, they break down into the following groupings:

  1. Corporations
    Companies want to make money and violating your privacy, selling your information, or otherwise making money off of you beyond sales is a great addition to a company’s bottom line.
  2. Thieves
    People want to steal private information to use for fraud or to sell to others. Ethics and morals are not really in play; they will take everything they can get.
  3. Government (domestic or foreign)
    Depending on your country and status, governments, both domestic and foreign, may want to violate your privacy to understand you, your social connections, and causes (especially protest-related ones). Other goals include gaining insight into a colleague, family member, friend, or neighbor: you may just be a step towards a larger goal.
  4. Manipulators
    People in our lives – family, friends, neighbors, coworkers, and more – are not all angels. There are people who like to spy and nose around people’s private affairs in order to have information that’s useful for manipulation, ego reinforcement, blackmail, or as ammunition in a future argument or fight.
  5. Brokers
    Some parties try to collect as much information as possible purely because accurate information in bulk is valuable. Such brokers are often hackers who steal pre-summarized information from a source such as a company’s website’s unsecured back-end. They can also be app and online widget developers who provide a cheap or free thing in exchange for access to your data. Because their goal is bulk data, there is less emphasis on searching for anything of value beyond that information. In many cases, loyalty cards, free apps, software, tools, services, and websites aren’t free- they’re selling you. Not literally, of course, but they are analyzing and selling your behavior and information.
  6. Social Engineering and Influencing
    There are parties who use private information to affect behavior. For instance, a bad guy may steal some private information in order to successfully impersonate an employee to bluff their way into getting a password reset or door unlocked. Or to blackmail someone into securing a password or piece of personal information they need for a different purpose. Private information can even be used to encourage or discourage behavior – such as identifying folks who can be easily convinced to not vote for a candidate due to a certain term in, or subject of, past emails, chats, or messages. In this case, you don’t need to identify folks who you can convince 100% of the time, just folks who are more likely to be influenceable – if you target one such person, who cares, but if you target 100,000 folks like that, a 10% success rate means 10,000 folks not voting for a candidate. And those kinds of numbers can change elections.

 

As there is a lot to cover and things are in flux, this will be a multi-part series.

show full post on front page

Security and Privacy Tech Tips Part OnePost + Comments (179)

Early Morning Open Thread: Wikileaks Proposes Weaponizing Doxxing

by | 50 Comments

This post is in: , , ,

Dox: search for and publish private or identifying information about (a particular individual) on the Internet, typically with malicious intent.

Putin/Trump’s new BFFs may have overreached themselves. As of Friday afternoon, per Brian Fung the Washington Post:

WikiLeaks wants to start building a list of verified Twitter users that would include highly sensitive and personal information about their families, their finances and their housing situations.

“We are thinking of making an online database with all ‘verified’ twitter accounts & their family/job/financial/housing relationships,” WikiLeaks tweeted Friday.

[Ed. Note: They have since taken that tweet down.]

The disclosure organization, run by Julian Assange, says the information would be used for an artificial-intelligence program. But Twitter users immediately fired back, saying WikiLeaks would use the list to take political vengeance against those who criticize it.

Twitter “verifies” certain users, such as world leaders, nonprofit organizations and news outlets, with a blue check mark beside their names so that other users of the service can be confident about the posters’ identities. WikiLeaks, which has a verified Twitter account, did not say whether it would subject itself to the scrutiny it was proposing. (It was also unclear whether, under its plan, WikiLeaks would seek to uncover information about the financial lives of Russian President Vladimir Putin or President-elect Donald Trump, both of whom are verified on Twitter.)

Asked by journalist Kevin Collier why it needed to build a database of dossiers, WikiLeaks replied that the database would be used as a “metric to understand influence networks based on proximity graphs.”

But the proposal faced a sharp and swift backlash as technologists, journalists and security researchers slammed the idea as a “sinister” and dangerous abuse of power and privacy…

Timothy Berners-Lee, the inventor of the World Wide Web, compared the WikiLeaks proposal to a piece of British legislation that has been criticized as a massive boon to the surveillance industry.

“Don’t.even.think.about.it,” he tweeted.

Even the “hacktivist” organization Anonymous lined up against WikiLeaks.

“This is a sickening display of intimidation tactics,” it said, tagging the official Twitter accounts for the social network, its support team and chief executive Jack Dorsey.

show full post on front page

Early Morning Open Thread: Wikileaks Proposes Weaponizing DoxxingPost + Comments (50)

Data security and you

by | 61 Comments

This post is in: 

Hi everyone….

I’m a friend of John’s for several years now who works in the IT security industry.  I’m also the dad of Cole, his godson.  John and I met through World of Warcraft way back in vanilla and stomped around Azeroth for many years.

He has asked me to do a few posts about helping you secure your personal communications and the like.  This will hopefully be a multipart series that you will find useful.  I want to cover different vectors of communication like texting, instant messaging, email and more.  Later, we can talk about data leakage on social media and the like.

Starting with texting/instant messaging…..  Anything sent via SMS or MMS (traditional text messages) are not secure at all.  They are not encrypted in transit so a man in the middle can read the message while it travels across the network.  Your cellular carrier also keeps copies of these messages and can retrieve them and provide them to law enforcement.  Bottom line, if you care about secure communication, don’t use this AT ALL.  It doesn’t matter who made your phone or what version of the OS is on it, this communication is unencrypted and vulnerable to both rogue malicious actors as well as the state.

Instant messaging has taken off and replaced SMS and MMS for a lot of people, both because it doesn’t cost per message like SMS used to be sold, but also because of the features the different clients offered.  These are things like iMessage, WhatsApp, Telegram, Allo, Facebook Messenger and more.  There is a good article on The Verge that does a quick and dirty breakdown of each from a security perspective.  Click here to read it!

I think that’s all for tonight.  I’ll talk more about how to deal with things like backups, server side copies and more in the coming days.  I leave you with some kid pics of Cole since John said you guys like that stuff.

2015-07-15-17-45-15

Data security and youPost + Comments (61)