Friday Squid Blogging: China Closing Its Squid Spawning Grounds

China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce.

This is the first time China has voluntarily imposed a closed season on the high seas. Some experts regard it as an important step forward in China's management of distant-water fishing (DWF), and crucial for protecting the squid fishing industry. But others say the impact will be limited and that stronger oversight of fishing vessels is needed, or even a new fisheries management body specifically for squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on July 10, 2020 at 4:09 PM • 149 Comments

Comments

John WoodwardJuly 10, 2020 6:31 PM

I’m no security guru, I’ve been out of IT for 10 years and I never learned much about routers. Nonetheless, I have a question: why can’t routers monitor outgoing traffic with deep inspection for signs that a ransomeware is happening? The first step nowadays is not the file encryption; it’s the copying and theft of all the files. Surely this means a sudden spike in outgoing traffic? If deep inspection is not feasible, routers should at least recognize suspicious traffic patterns, especially a increase in traffic from the file servers in the intranet out to unfamiliar addresses. Maybe we need a new kind of router-adjacent machine that gets all traffic before it goes to the routers, in order that the routers are not overworked.
Deep inspection could read the names of the files passing through and compare them to a list of files that are never supposed to leave the intranet.
Cisco, are you listening?

San Fran CiscoJuly 10, 2020 6:47 PM

@John Woodward
Malware nowadays encrypts the traffic with its command and control centres (CC). This, along with the fact that CCs are hosted behind dynamic IPs makes the detection among other numerous encrypted comms hard, unless you are whitelisting IPs, but that gets us back to the all familiar story of security vs convenience.

John WoodwardJuly 10, 2020 7:24 PM

@San Fran Cisco
There would still be a pattern of much more outgoing traffic, wouldn’t there? And a pattern of heavy load on the computers doing the encrypting. And if these things are done at night so the staff don’t notice any sluggish performance, the spike in outgoing traffic would stand out. I just don’t believe that a major ransomware attack leaves no foot prints.

MarkHJuly 10, 2020 7:54 PM

@John Woodward:

As I understand the "classical" ransomware attack, it doesn't steal anything except money.

The files are encrypted in place on the targeted computers, not exported via a network. Such an attack need not send out even a single byte of data.

The victim (person or organization) will reach out to the attacker -- after the encryption has completed -- if they want to restore the targeted system.

I don't see what a router could do about this kind of attack.
______________________

On the other hand, I've wondered whether a background security process could look out for the distinctive patterns of filesystem operations which take place during ransomware encryption, and "raise the alarm".

I don't know whether anybody has attempted that.

John WoodwardJuly 10, 2020 8:09 PM

@MarkH
“Classical” ransomware attacks are so 2017. All the cool gangs are downloading as many files as they can and threatening to post them online or sell them to “data brokers.” And keep the financial transaction data, bro, that stuff’s a money-maker! Brian Krebs documented the ransomware gang’s’ switch to the new “business model,” Shipping ALL the company’s files out the door would require a lot outgoing traffic, and the pattern should be there to see - if anybody reads the logs.

San Fran CiscoJuly 10, 2020 8:57 PM

@John - files might be sent one at a time and to different IPs to blend in with the rest of the traffic or in one big push during the night - reading the logs will not help in either case (second one will be likely to be detected but it would be too late).
In any case, what rules would you configure on the router to prevent this in a large organisation with Windows updates and analytics itself producing similar traffic patterns ?

JonKnowsNothingJuly 10, 2020 9:26 PM

@John Woodward @All

iirc there are 2 general paths to exfiltration

 1.Get 'em now, Get 'em fast.
 2.Slow and stealthy

Type 1 can raise many alarms and the speed of transmission is what limits how much is taken. If they see something worth blowing their cover, they will grab it fast. Of course they stage as much as they can before exposing the operations.

Type 2 will sit very quietly in the corner, siphon small amounts at time and timed so that the extraction is done while some other big process is running. A few nanoseconds at a time. This method is used when they plan a long term attack and expect to harvest lots of data over time.

If either Type 1 or Type 2 get noticed or flagged, a set of self-erasures and multiple deletions take place to prevent back tracking to "a source".

LEOs all do the same thing, there's no difference in methods.
Source attribution is unreliable, due to false flag operations.

ht tps://en.wikipedia.org/wiki/Clifford_Stoll

ht tps://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg

an accounting error of 75 cents in the computer usage accounts.... traced the error to an unauthorized user who had apparently used nine seconds of computer time and not paid for it. Stoll eventually realized that the unauthorized user was a hacker who had acquired superuser access ...

ht tps://en.wikipedia.org/wiki/False_flag

(url fractured to prevent autorun)

UncleJuly 10, 2020 11:31 PM

@Aunty - very interesting , t takes some effort to construct this pile of useless information while making it just borderline intelligible . I will christen it BLI (borderline intelligible) attack. Keep posting , we are all ears :-)

SpaceLifeFormJuly 11, 2020 12:48 AM

@ Uncle

It's a bot. Ignore the bot.

The only thing the bot is capable of is noticing that it's posts have disappeared.

Clive RobinsonJuly 11, 2020 1:18 AM

@ SpaceLifeForm, Uncle,

It's a bot.

Or lesser life form...

I think it was Douglas Adams who first noted the collectivism of amoebic dysentery as a singular comedic entity.

SpaceLifeFormJuly 11, 2020 2:15 AM

HAHAHAHAHA. Sure. Sure it is.


Apple says that customers concerned about illicit camera access should watch for the green light that comes on when the camera is activated. The camera is engineered so that it can't be accessed without the indicator light turning on.

hxxps://www.macrumors.com/2020/07/10/apple-macbook-camera-cover-warning/

SpaceLifeFormJuly 11, 2020 2:36 AM

@ Clive

Could you drop me a hint about the bugout insecure keymat distribution process?

I am missing a piece of the puzzle.

SpaceLifeFormJuly 11, 2020 2:48 AM

@ Clive

If it is purely based upon knowledge of recovery procedure and listening, can it be shown to be provably secure?

If the comm channel is not secure, then does it not really become a security thru obscurity thing?

MarkHJuly 11, 2020 3:36 AM

@John Woodward:

I suspect that encrypt-only ransomware is still active. If anybody can find statistics on the distribution of recent ransomware attacks, I'd be interested to study them.

I did a little search on exfiltration-type ransomware, and read that typically this malware is selective, using rules of thumb to exfiltrate the files most likely to have "blackmail" value. This is done for two reasons:

1. Transmitting large volumes of data makes the attack easier to detect (to your point).

2. The attacker must maintain copies of the files, in order to complete the blackmail threat. Typical user-data directories may have many gigabytes of data (think videos etc.), and the attacker might wish to run thousands or even hundreds of thousands of attacks concurrently; the required storage could grow cumbersome and expensive.

As mentioned above, the exfiltrated files can be transmitted using techniques which resemble usual network traffic.
_____________________

I still think that monitoring filesystem activity might be the most practical means to detect an attack in progress.

Clive RobinsonJuly 11, 2020 3:53 AM

@ SpaceLifeForm,

Could you drop me a hint about the bugout insecure keymat distribution process?

First there are five assumptions,

1, The Home Station is assumed to be secure at all times (ie in the home country). This gives you your root of trust.

2, All communications go through the Home Station never between Out Stations (this can be relaxed under certain conditions).

3, That all Out Stations are secure prior to bugout.

4, Prior to hostilities there was a secure courier service between the Home Station and the Out Stations.

5, Qualified CommCen staff at Out Stations have a "Posting ID" and two memorised secrets one of which is an authenticator the other a duress code. As well as knowledge of certain procedures that alow authentication.

From this there are a number of different things you can do to reestablish secure communications without the use of technology, that might have been EMP fried or riddled with holes by shrapnel or bullets, left behind[1] etc.

Thus the old and reliable way was, with the emergency comms and crypto kit in the stay-behind cache[2] you also keep a number of One Time Pads[3] and code books[4] in sealed tamper evident packaging along with pencils and matches, water and food etc.

When the OTPs etc are recovered any "open comms channel" can be used to first authenticate then if crypto kit is available transfer "Tempory one off keys" from the Home Station. This way all comms can be checked for signs of either duress, impersonation or betrayal.

If crypto kit is unavailable then limited traffic secure comms becomes available.

The complicated part is how you "two-man" the system to reduce the risks of duress, impersonation or betrayal as well as simply reliably authenticate all messages. For obvious reasons such things have to remain secret, as would be impressed on people taking any "Escape and Evasion" course.


[1] Whilst less of a concern these days, Mil / Dip crypto kit tends to be apparently "bomb proof" by design. Whilst not actually bomb proof you have a lot of heavy shielding and filtering TEMPEST type components inside and the overal equipment has to survive a repeated drop test of significant hight. Thus it's very robust thus heavy some older BID equipment was more than a half hundred weight. Not something you want to drag out of the crypto cell and jump out a window with when unfriendlies are knocking on your door with RDX /Det-cord knockers or a GPMG (gimpy) etc. All you want to do is pull the plugs and select the timer for as short a period as you can so you can get clear.

[2] People tend to think of caches with coldwar "stay-behind" opperations and terrorists like the IRA hiding weapons. But the simple fact is it is a standard "Field Craft" technique and used by lots of people. You could look on "Bank Security Deposit Boxes" as being just another version. The main problem with holes in the ground are water, temprature and vermin, and these days the possability of idiots with metal detectors. A more subtle issue is "the changing landscape", we are ever more rapidly turning countryside into town, chopping down trees and moving fences and other boundries. Caches need to be findable from written instructions that can be memorized without the need for the instructions, map, or GPS to be carried by the retrieval team, nor obvious tools.

[3] These OTPs are in books with perforated tear out pads five to an A4 sheet, thus if shrapnel etc goes through the book some of the pads remain usable.

[4] Yes even in this modern age old fashioned paper code books have advantages. The biggest of which is that they can be used as a form of "compression" where a sentence or more can become a "Five Letter Group". If each code is only ever used once then it can also be as secure as an OTP or one of those "Messages for our friends" made famous during WWII. There is a fun story from WWI where one code book had a code printed on it's front cover to be used incase the code book was lost or compromised and the code was "DAMN DAMN DAMN", kind of easy to remember.

Clive RobinsonJuly 11, 2020 6:09 AM

@ Jonathan Wilson,

Any thoughts on the plan by Signal to start storing more user data?

I don't use Signal or any other security app because they are insecure by design, I've said as much repeatedly and I think anyone who "trusts" then is shall we say not living in reality.

The "Insecure by Desigh" is a point all the developers of such apps should --but do not-- be upfront and honest about. Especially Moxie Marlinspike, who should know it more than most and be open and honest about it. But as I've noted in the past he's failed to be.

Well now apparently he thinks there is a valid reason to go "data gathering",

    “For most users, this also increases the security of their metadata. Most people's address book is syncing with Google or Apple, so this change will prevent Google and Apple from having access to your Signal contacts."

Which sounds good but is mostly pointless as an argument, but importantly an admission that my point about the insecurity of the desgin is correct.

The reason it's pointless as an argument is because,

Firstly the underlying security issue is the fact Signal has the security end point before the end of the reach of the communications end point, thus attackers can still perform end run attacks around the Signal application via the OS, other Apps or even device drivers to get at the voice etc "plaintext".

So without fixing that all security bets are off with regards any "Security Application" not just Signal.

Secondly the fact that things like the users contacts list already have a "security end run" attack already happebing against them by the OS etc "backing up" to the cloud is a clear example of why security apps as they currently are, are a major security fail and have been for a long time now.

Thirdly though to prove the point, the --alleged-- French hack of the EncroChat phones made public with lots of fan fare in the news very recently should also be a big red flag accompanied by big noisy wake up air raid style klaxons. Because any and all mobile phones, and connected smart devices are woefully open to such "Over The Air"(OTA) or comms attacks fascilitating "end-run attacks".

Whilst Matt Green and The Gruge are correct in what they say, they likewise are ignoring the above issues. Which is why I keep pointing out all such security apps not just Signal are a compleate failure and only give security by illusion not even obscurity.

RjJuly 11, 2020 8:28 AM

End-to-end security is best if there are only 2 endpoints, and no points in between. Of course, this doesn't work over the internet, because there are always points in between. These points have opportunity to gather at least routing metadata. This in turn can be used to gather more points in between. Eventually the endpoints are exposed. Thus "they" know these 2 endpoints exchanged data. If I am really worried about security, I probably don't want anyone to even know that the 2 endpoints communicated, yet this is exposed. Complicated scenarios can be devised to pass only partial data over a given path, and other data over another path, etc. How can we communicate without "lighting ourselves up" and making the event of our communication knowable? We need some form of steganography here. We want to be able to originate a message that does not need to pass thru any intermediaries on its way to the other endpoint, and does not radiate in such a manner as to give away the location of the originator of the message.

Free air broadcast solves the intermediary problem, but it inadvertendly disclosed the location of the transmitter. If a narrow enough beam can be formed, then this possibility can be reduced, but it then requires line of sight for the transmission path. Communication over a low power laser beam is an example.

But how to hide the location of the transmitter. Light is subject to scattering, which can both help to disclose the location of the transmitter, and leak actual signal to the covert observer.

Spread spectrum and other LPI (Low Probability of Instersect) waveforms obscure the signal by spreading its information over a wide band of frequencies, usually as a function of highly synchronized time keeping between the source and destination.

But there are statistical algorithms that can detect the presence of spread spectrum modulation even if they cannot extract the actural signal. By using multiple such receivers together with directional antennas, one can triangulate to determine the location of the transmitter.

So how to hide the transmitter? Bounce the signal off of a diffuse scattering reflector, such as the ionized trails of micrometeorites in the ionosphere. The result is that the transmitter transmits over a relatively narrow beam pointer up at the sky, and the signal appears to raindown from a diffuse location in the sky, making it much more difficult to locatize where the transmitter is located. A moonbounce reflaction might also work to obscure the transmitter, but the round trip delay time os generally too long to be acceptable.

metaschimaJuly 11, 2020 8:50 AM

I have the same question as Jonathan Wilson.

I use Signal a lot, and I would have to disagree that it is insecure by design. I agree that endpoint security compromise like Encrochat is a major point of failure, but it is this way for any program where the endpoint is any type of electronic computing device like desktop, laptop, mobile, etc. What I want is an app that is secure while not considering endpoint security, because that's a whole nother issue that is extremely hard to fix. You may say that is ignorant, but I'm not using Signal for illegal activities so the government has no reason to expend resources on trying to compromise my phone. I want to think about this in practical terms. Before this new pin addition I considered Signal to be the most secure end to end encryption app, but now I may have to look for another app.

Bruce SchneierJuly 11, 2020 9:40 AM

@Kameni Spavac:

"Interesting choice of the web site for a squid story Bruce"

My bar is pretty low for squid stories.

Unknown Uncle OwensJuly 11, 2020 11:36 AM

I have been wondering for some time why the squid is fascinating. Perhaps we intuitively attribute to it the possession without effort of two important characteristics the we as humans mostly have to struggle for. The elegant elemental streamlined body and the prominent gazing eyes cause us to attribute intrinsic settled knowing to it, and the immediate connection to the head of the many supremely dexterous grasping arms suggest that it suffers minimal mediation or indirection or uncertainty in fulfilling its needs. We however struggle for even unsettled wisdom, and can attain our needs only through complicated indirect and uncertain means.

Clive RobinsonJuly 11, 2020 12:47 PM

@ Rj,

So how to hide the transmitter?

Why bother that's not the problem you need to solve.

On a wired network or any data network for that matter both the transmitter and receiver have to be able to find each other to communicate which means that their locations have to be known.

You can not get around that issue.

The problem you are actually trying to solve is "traffic analysis".

Now you've four choices at this moment,

1, Scratch your head and give up.
2, Sit down and work out a way to do it.
3, Ask forbearence of others and get me to explain one way all over again.
4, Search back on this blog for mentions of the "fleet broadcast" system.

Now if I read you right you'll take a stab at the second option first now I've given you a direction to think in.

So just to be nice I'll give you a clue, think about putting a network of ring-networks on a packet switching network, and what that gets you.

Clive RobinsonJuly 11, 2020 1:28 PM

@ metaschima,

I use Signal a lot, and I would have to disagree that it is insecure by design.

As has been pointed out by our host @Bruce and many others, the security chain is only as strong as it's weakest link. When that fails the whole system fails.

That is why Signal is insecure by design, because it does not take the weakest link into account and either fix it --near impossible-- or mitigate it which is actually not that difficult.

I agree that endpoint security compromise like Encrochat is a major point of failure, but it is this way for any program where the endpoint is any type of electronic computing device like desktop, laptop, mobile, etc.

It's not just EncroChat it's all current security apps running on devices that contain the communications end point.

What I want is an app that is secure while not considering endpoint security, because that's a whole nother issue that is extremely hard to fix.

No, what you realy want is "convenience" or "ease of use" or just plain lazyness.

As I've explained befor it's actually quite simple to fix. You can get as much security as,you might desire way beyond what any SigInt agency can break, it can be done with a pencil and paper and any old open communications link, and just a little effort on your behalf.

I'm not using Signal for illegal activities so the government has no reason to expend resources on trying to compromise my phone.

Wrong, you might say you are not doing anything wrong, but the SigInt and Intel agencies will not believe you nor will the FBI or US DoJ. They will include your traffic patterns in their database along with all your traffic and it will be analysed now or at some point in the future.

Oh and with the current US AG you will find that all phone manufactures will be forced to include a "frontdoor" or other method such that they can gain access without a warrant to the HCI of what ever security app you are runing...

Oh and as far as the US AG is concerned you are doing something wrong because you are willfully defying what he sees as his and the Executives entitlement of what was once called "divine right".

I want to think about this in practical terms.

That's easy, give up the convenience of "faux security" which all the security apps runing on Smart Devices give you.

Then think about if you even need security at all, and if you do then go about doing it in a way that offers real security not just some illusion of security.

The choice at the end of the day is upto you, think and consider wisely.

I'm sorry if that's not the answer you wanted, but I see no reason why people should not be told the truth just because it's not convenient, that's the way people like journalists and protestors get imprisoned or killed by authoritarians etc.

SpaceLifeFormJuly 11, 2020 2:44 PM

@ Clive

"On a wired network or any data network for that matter both the transmitter and receiver have to be able to find each other to communicate which means that their locations have to be known."

I guess you did not have much tea in you yet when you wrote that sentence, but did as you wrote the 4 points.

I appreciate your explanation of bugout and the 5 assumptions.

But I must conclude that my assumptions are also correct.

Ultimately, Security, at it's fundamental basis, requires reliance upon Obscurity, which relys upon Secrecy, which relys upon Trust.

We have an existential problem.

Alice and Bob Trust each other.

But they can not meet Face-to-Face and have no secure courier to transfer Keymat so they can Securely Communicate.

I believe this is a solvable problem.


SpaceLifeFormJuly 11, 2020 3:45 PM

@ MrC

Ignore the bot.

The bot is metamorphing. It will fly away to be eaten by a bird soon.

SpaceLifeFormJuly 11, 2020 4:03 PM

@ Weather

8 more bits takes a lot longer than you thought, right?

You will eventually find it, but probably a few more days.

Singapore Noodles July 11, 2020 4:09 PM

Aerosol, shmaerosol

But none of the commercially available tests can offer real-time results. That’s something that Jing Wang and Guangyu Qiu at the Swiss Federal Institute of Technology (ETH Zurich) and Swiss Federal Laboratories for Materials Science and Technology, or Empa, are working on.

They’ve come up with a plasmonic photothermal biosensor that can detect the presence of SARS-CoV-2 without the need for PCR. Qiu, a sensor engineer and postdoc at ETH Zurich and Empa, says that with some more work, the device could provide results within 15 minutes to an hour. “We’re trying to simplify it to a lab on a chip,” says Qiu.

https://spectrum.ieee.org/the-human-os/sensors/chemical-sensors/devices-monitor-coronavirus-in-the-air

Clive RobinsonJuly 11, 2020 4:12 PM

@ SpaceLifeForm,

But they can not meet Face-to-Face and have no secure courier to transfer Keymat so they can Securely Communicate.

To communicate securely they need a "root of trust" or if you prefere a "shared secret" from which they can both perform the same actions to create other secrets (KeyMat) that are used for individual communications.

In the past when we had only code books, paper and pencil ciphers, mechanical and logic based ciphers if you could not share a secret, then it was game over before you started.

Then someone asked a philisophical question about maps. That is if you go from an ordered set (plaintext alphabet) to a permutated set (ciphertext alphabet) how many ways could you go through the permutation process. That is could there be two or more ways to transform one map to the other map. Unsueprisingly the answer was yes. The next question was the hard one which was how do you come up with two or more ways to carry out the transformation. Well the answer to that has been several ways.

The result is using mathmatics you can indeed find two transformation processes and Public Key crypro became a way to transfere a secret from one person to another securely over distance in the sight of others.

The problem is that man is a strange creature, almost as soon as some one has designed something, another person comes along and tries to tear it down... And with maths based ciphers they appear to have had a fair old rate of tearing down success, which is worrying to put it mildly.

Are there ways other than mathmaticaly that a secret could be established remotely in the plain sight of others?

The answer is likely to be found fairly soon if you count 50+ years as soon (Which somepeople do).

WeatherJuly 11, 2020 4:53 PM

@Spacelifeform
It ran though the combination, which it worked out to 36 from 92, but don't think it had all the chars to find a match.

vas pupJuly 11, 2020 5:16 PM

https://www.bbc.com/news/technology-53192469

"Robots and drones have certainly come into their own during the global lockdown.

The Boston Dynamics Spot robot has been used to help enforce social distancing in Singapore, while drone regulation has been fast-tracked in North Carolina to allow Zipline to deliver medical supplies to hospitals and telepresence robots have helped connect people in quarantine.

Daniela Rus is head of the Computer Science and Artificial Intelligence Laboratory at the Massachusetts Institute of Technology and her lab designed a disinfectant robot, which is being used to clean Boston's food bank.

She told the BBC that robots have made a "tremendous contribution" during the pandemic. "They have helped keep people out of harm's way and that is very powerful."

In future, she sees them taking on a wider role in smart cities "helping with both physical and cognitive work".

Cities already collect vast amounts of data via sensors embedded in infrastructure and even lamp posts, observing a range of metrics - from air quality and transport usage to the movement of people.

And, for probably the first time, ordinary people became interested in this information - how many cars are entering city centers or how many people are gathering in parks was suddenly directly pertinent to their health and well-being.

!!!!!!And in the wake of the success of home working during lockdown, firms are starting to question the need for big, expensive, centrally located offices.

"The skyscraper's moment may be over. As a result of the pandemic, urban planners are going to have to rethink the idea of space," said Prof Richard Sennett, an urban planning expert who helped redesign New York City in the 1980s and who is currently chairman of the Council on Urban Initiatives at the United Nations.

"What we have built now are fixed, immobile structures that only serve one purpose."

What is needed, he explained, is more flexible buildings, ones that can adapt to the short-term need for greater social distancing but also, in future, to changing economics which might mean offices need to become retail outlets or even homes.

===>"Sensors can't tell you why a crowd has gathered. We can replace the cop on the corner with a camera but what are we looking for?"

In San Diego, there are suggestions that smart street lights were used to spy on Black Lives Matter protesters, raising civil liberties questions.

And actually data is pretty dumb, said Prof James. "I can tell you how many pedestrians are wandering through Newcastle city center but I can't tell you why they decided to do that today.

!!!!"A smart city has to work with citizens, behavioral scientists, social policy-makers. It shouldn't just be about data and technology."


SpaceLifeFormJuly 11, 2020 5:25 PM

Maybe SMS phish. Maybe not.

"The password is 64 digits, randomly generated, and unique. And somehow they still got it."

hxxps://www.twitter.com/BriannaWu/status/1281746922273898497

ChrisJuly 11, 2020 6:09 PM

Hi so as a so called "hacker" i am looking at the so called normal security flaws that comes again and again

We can call them "replay" attacks

First thing an attacker does is to
- Find passwords used in the realtime memory
- Find passwords used in passwords files to hacke them
- Find passwords used to pass the hash
* normaly this is very difficult to fix. infact its almost impossible

Beware especially against BankID and similar attacks
but so.. there is today no protection to copy an ID such as
- Telegram ID
- Signal ID
- Line ID
etc
These are all copiable between 2 computers
and even more so using Pidgin accounts

So....
Where is exactly the security in lets say Signal ?

SpaceLifeFormJuly 11, 2020 6:15 PM

@ Weather

You were getting there.

The 8 char one was 'Weather!'

We both may have buggy software.

My 9 char was:

sha256sum test

Where the file test (via vim) was 'Weather!'

But, immediately remembered there was a newline.

I did the 8 char via

dd if=test bs=8 count=1 | sha256sum

You have the answer. In theory, this should be reproducible test.


ChrisJuly 11, 2020 6:24 PM

Hi ok so lets do this again since 99% here didnt understand what i just said

--
Lets start as a Secure comm platform called Signal
By the way this is just an example!
--

I manged to hack into computer A.
I copied the files from
/home/user/.config/Signal to my personal Profile

This can ofcourse be done to any Messenger that is in use
the jackpot would be a .purple directory for Pidgin

ChrisJuly 11, 2020 6:35 PM

You think it doesnt work?
test it, i do these things on daily bases it never changes
talking goes but the real security never changes

WeatherJuly 11, 2020 7:57 PM

@Spacelifeform
The 8 char one selected LBFjCqrgsToNSl
,so wouldn't have found it, the 9 char one didn't have Wa!, so same there.
I'm thinking that 92 instead of 256 is unbalancing the output, at its default search limit some are 8, some are 82.
The table max size is 0x800000 because of malloc crash's the program.
I'll try 256^3 and see if anything changes.
Haven't test to see if that was the password, I'll take your word.

CalcanharJuly 11, 2020 9:12 PM


https://tinyurl.com/y86eyprv

" The prosecution of Collaery and Witness K throws a spotlight on the nexus between politics and intelligence, and the unfettered power of ministers in Australia’s intelligence regime. Unfortunately for Collaery and Witness K, and the 7,000 staff currently working in Australia’s intelligence agencies, it also shows that opportunities for an operative to challenge a direction to perform an immoral or illegal act are limited and likely to be career-ending.

Australians accept the need for extreme secrecy around spying operations aimed at combating terrorism and other security threats. But does that social licence extend to using espionage for illegal, immoral or corrupt acts? Should the state use its spies against a friendly government for purely economic gain, either for the state or for private companies? "

itsworsethanwecodethoughtJuly 11, 2020 9:35 PM

While in the process of trying to identify where certain types of hate crimes might be originating from, I was surprised to find this from a recent year:

https://www.buzzfeed.com/patrickstrudwick/this-map-shows-where-in-europe-trans-people-have-rights

I didn't realise until this time, that so-called 1st world nations were still forcing certain types of people to be sterilised!

To me, this does indicate the possibility that some specific hate crime international terrorism accross nation state bounderies might be related to this kind of rarely discussed modern eugenics-related tragedy.

While I'm not on the rainbowflag hashtag such and such matters bandwagon of sensationalism, I find this wierd relic of hostility to individual freedoms and choices to be likely related to intercultural tensions which might be undercurrents related to if and when and where and why certain kinds of vicious violent bullying occurs and while the profilers of perps might keep missing the perpetraitors if they simple rely upon conventional stereotypical guides.

Thanks for the continual vigilance in favor of security.
Security matters to me more than bandwagon slogans.

MarkHJuly 12, 2020 2:16 PM

From one of my most beloved books (of advice to airline pilots):

If ever the day should come when you are faced with a choice of stalling, or doing something else, choose the alternative. It cannot be put too strongly. Whatever you do, don't stall the aeroplane.

Not all of the Covid-19 news is bad ... for example, mortality rates appear to be declining substantially, probably from several causes.
____________________

I've been growing more and more worried about non-fatal cases.

It was clear from early days that many who survived by way of ventilators were facing lengthy -- or perhaps permanent -- impairments.

It's also many weeks now, since we saw reports of lung scarring even in mild cases. This has since been confirmed in asymptomatic cases as well.

Two of our faithful commenters linked very recently, to reports of profound brain damage associated with Covid-19 infection.

In my layman understanding, viruses typically have considerable mobility within their host organism, but attach to host cells with varying degrees of success or failure, depending on the type of cells.

From the beginning, Covid-19 was associated with lower lungs, because the virus is very successful in taking root there. But this doesn't mean that SARS-CoV-2 has no effect in other tissues.

In the past 10 days or so, I've been seeing reports that the virus reproduces in blood vessels also, making it an agent of vascular infection.

This would be consistent with reports of kidney and liver damage in Covid patients (for example, hospitals with enough ventilators but running short of dialysis machines).

SARS-CoV-2 in blood vessels gives rise to clots (for example, pulmonary embolisms). Clots are dangerous indeed, one manifestation being stroke.

Pathologists performing autopsies on people who died from Covid have reported finding clots in almost every organ of the deceased.

Medical investigators are now considering the possibility that some percentage of "sudden deaths at home" are Covid cases with little or no symptoms, which produced deadly blood clots.

It reminds me of Oppenheimer's statement to a reporter (about the fusion bomb), "this is the plague of Thebes."

My personal suggestion:

If ever the day should come when you are faced with a choice of exposing yourself to SARS-CoV-2, or doing something else, choose the alternative. It cannot be put too strongly. Whatever you do, don't contract Covid-19.

JG4July 12, 2020 2:37 PM


With the right safeguards - the ones light-years from your star system - this would be a good idea.

the net is vast and deep... all your value are belong to us...

U.S. Customs and Border Protection has admitted that there is no practical way for Americans to avoid having their movements tracked by its license plate readers, according to its latest privacy assessment.

CBP published its new assessment — three years after its first — to notify the public that it plans to tap into a commercial database, which aggregates license plate data from both private and public sources, as part of its border enforcement efforts.

The U.S. has a massive network of license plate readers, typically found on the roadside, to collect and record the license plates of vehicles passing by. License plate readers can capture thousands of license plates each minute. License plates are recorded and stored in massive databases, giving police and law enforcement agencies the ability to track millions of vehicles across the country.

The agency updated its privacy assessment in part because Americans "may not be aware" that the agency can collect their license plate data.

https://www.yahoo.com/finance/cbp-says-unrealistic-americans-avoid-221307517.html

name.withheld.for.obvious.reasonsJuly 12, 2020 3:48 PM

Battle of the Polar
In recent weeks, given all the confusion and outright idiotic that has plagued the world visa-via authoritative bodies (the word government implying governance--when there isn't), we are starting to see the first bits of polarization in global power and authority. If I am reading this correctly, China is moving toward an international power model that has what I call a "WeChat-centric integration model", or WIM, flavor to it.

For example; Hong Kong appears to have fallen directly into China's hands. Is Taiwan next? U.S. companies have expressed concern for data-centers and data that is exposed (or stored) in Hong Kong. If China makes good on its promises than those companies have a serious compliance issue. And, with GDPR I don't see how European concerns manage to make this work.

As I understand, China sees no borders to data or information at the governmental level. This is not a communist perspective, this is a Chinese empirical one. The Chinese people are not allowed to know the state secrets of its own country. Pro-democracy is out, conforming to state ideology is in. And some would argue that is true in the United States as well, may I suggest this is the affect of agent orange.

The United States is exceedingly impotent (that may be a good thing) in the context of international relations. Those outside of the U.S. have grown tired of the incompetence and outright malice that is U.S. foreign and security policy.

My point, a serious set of events prescribes a large scale alignment with actions and reactions that have anything but a predictable outcome. And for the most part, it is being done outside the view of the the citizens of the concerned nation states. I think it was a Outer Limits episode and a sci-fi book that wrote about a captive human picks up a book titled "Humans, How to Prepare". Two seconds later, the human opens the cover page, the subtitle: "A Cookbook".

Clive RobinsonJuly 12, 2020 4:02 PM

@ MarkH,

SARS-CoV-2 in blood vessels gives rise to clots (for example, pulmonary embolisms)

The main mode of death from SARS-CoV-2 infection is by first shock, due to blood vessel blockage then sepsis, then generalised blood clots (DIC) for which little can be done[1].

Well I've been wondering since Feb why they don't use anti-coagulants they are very well known in primary and secondary healthcare and routinely prescribed[2].

Well... The international committee of worthies on anti-coagulation have just recently tentitively suggested that maybe all patients exhibiting COVID symptoms should be put on a full --not prophylactic-- dose of low molecular weight Heparin.

My thoughts on hearing this was, "WTF, why has it taken them six months to come out and say the bleeding obvious"[3].

However I get the feeling there will be a political backlash fairly soon, because as it might have become clear to increasing numbers, some in Government actually view the high mortality rates and the disproportianate way they fall across the population as, if not exactly "desirable", atleast "benificial"...

[1] As I've mentioned before to stay sane both Drs and Nurses develop a defence mechanism that exhibits it's self as black humour. Which is why "DIC" unofficialy gets called "Death Is Comming" you will also find other things scribbled in side notes especially on Friday and Saturday nights in A&E such as FWP or the slightly politer FWI standing for "fallen whist intoxicated" and occasionally SPAF for "Stupidly Pissed As a Fart".

[2] Back when I was on the "rat poison" if I had to have surgery of any form they had a standard method of switching me from warfarin tablets to low molecular weight Heprin and after a short while after surgery a re-loading regime for getting me back onto the very high levels of warfarin I was on (ie upto 16mg/day easily more than three little old ladies).

[3] Why "the bleeding obvious" well about a decade and a half ago they ran a trial in several hospitals where all non emergancy surgery inpatients were given Deep Vein Thrombosis (DVT) stockings and standard doses not prophylactic of Heparin. The trial suggested there was good reasons to do both as standard and few if any downsides. However apparently after the political arm of the UK NHS then at Richmond House decided that the increased number of lives saved, did not justify the actually quite minimal cost involved...

Clive RobinsonJuly 12, 2020 4:37 PM

@ name.withheld..., ALL,

The United States is exceedingly impotent (that may be a good thing) in the context of international relations. Those outside of the U.S. have grown tired of the incompetence and outright malice that is U.S. foreign and security policy.

Never ever assume that something that might be "impotent" is "toothless". In fact the more "impotent" it becomes the more likely it is to use those teeth with less and less care for the consequences.

In effect it's a form of mental aberation that effects not just creatures but the societies that arise from those creatures deemed to have some form of individual or collective intelligence.

Thus Empires, nations and tribes have historically tended to end badly in vengeful behaviour that is also self destructive.

Few tend to remember that this was one of the original arguments against "Mutually Assured Destruction"(MAD) that resurfaced in the 1980's with the fall of the CCCP (USSR).

I suspect that it will be a concern again, now that Russia under Putin is re-arming in part because of China arming up and effectively making MAD moot (MAD is essentially a two player system and rapidly fails as more players enter the game).

The US is the only Nation so far to use nuclear weapons as an act of war. Likewise as far as we know the US is the only nation where a commander in the field has demanded the right to use nuclear weapons against an opponent (Korean war).

For example; Hong Kong appears to have fallen directly into China's hands. Is Taiwan next?

This fear of nuclear weapons actually from China over it's desire to force it's writ over the South China Seas (and possibly a cause for their "Squid Ban") is worrying not just to Taiwan, but Japan, South Korea and a number of other nations there. They have seen China build up medium range nuclear missiles and other delivery systems not just to fight other nuclear states (India, Russia) but as an equivalent of the old US "bomb them back to the stoneages" foreign policy in the South China Sea and larger area.

The signs are there that the US military are steping up in war preperations, thus the question arises not just as to where, but who will likewise step up.

WeatherJuly 12, 2020 5:35 PM

@spacelifform
Didn't notice the input to openssl wanted the string length not 32, yeah the 8 char is showing a match, I think I need a major turn, there are seven hash values with a average of one and a half byte, plus I know three chars can be extended to six...
Any ideas?

StephenMelbaJuly 12, 2020 9:14 PM

@ Clive Robinson

"Government actually view the high mortality rates and the disproportionate way they fall across the population as, if not exactly 'desirable', at least 'beneficial'."

Yes, governments around the world are failing to take necessary action despite it now being clear both: that the virus can be eliminated; and that the less virus there be the better an economy functions.

This is particularly concerning because the approach is unrecognisable as belonging to Western/Democratic culture.

Contrast (what I understand to have been) the NZ approach. The elimination of the virus is announced as the aim. The achievement of the aim requires a whole of community effort but the whole of the community benefits. The life of every person has equal value. Each person has an equal stake in the outcome.

So, first, most everyone will co-operate. Secondly, in the absence of a specific rule, any actor may measure her actions against the achievement of the aim. Thirdly, morale, community and democracy are all strengthened.

JonKnowsNothingJuly 12, 2020 9:58 PM

@StephenMelba @Clive @All

re:

Clive: "Government actually view the high mortality rates and the disproportionate way they fall across the population as, if not exactly 'desirable', at least 'beneficial'."

StephenMelba: governments around the world are failing to take necessary action despite it now being clear both: that the virus can be eliminated

The economic value of Herd Immunity Policy that is followed by UK, USA, Brazil and other countries depends on killing as many older, weaker, sicker people as possible in the shortest amount of time to "preserve the neoliberal ideals of economic value". Neoliberal economics do not like old, sick, disabled or non-working humans dragging on their economies.

There are many references within these blog archives about this policy initially defined by Sweden also known as The Do Nothing Policy among other euphemisms.

We know from initial discussions about the Swedish /Do Nothing / Herd Immunity Policy that the lifetime value of a worker was set at $10MillUSD.

So your death, at most, costs a mega-oligarch a little bit over 1 hour.

The value of the dead in wealth transfers is what I've been researching. I do not have a definitive answer but will post something about it soonerish.

name.withheld.for.obvious.reasonsJuly 12, 2020 10:58 PM

@ Clive

Never ever assume that something that might be "impotent" is "toothless". In fact the more "impotent" it becomes the more likely it is to use those teeth with less and less care for the consequences.
You know me, that is not my style. May I suggest that the posture our friend the U.S. takes resembles that of a rabid badger?!

It is of concern that being a rabid badger finds itself in a corner, all bets are off. It can go completely sideways. I suspect the Bulletin of Atomic Scientists to be updating the clock soon...maybe to 45 seconds before midnight instead of 100.

SpaceLifeFormJuly 12, 2020 11:58 PM

@ Weather

I have no more input. I obviously mis-guessed what you are experimenting with. I assumed you were doing something close to brute-force.

@ Clive

I laughed so hard, I almost did a B | N > K
I found this via Sarah Cooper (@sarahcpr).

So Nigel Farage tried to come to my pub today...

hxxps://twitter.com/munyachawawa/status/1279771012134064135

SpaceLifeFormJuly 13, 2020 2:01 AM

Danger, Will Robinson!

If you want good security, you have to work at it.

Only requiring a 4 digit PIN is flat-out security fail.

https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/

"This last part is bad for SVR, because if an attacker can extract even a single copy of one processor’s attestation signing keys, and can compromise a Signal admin’s secrets, they can potentially force Signal to replicate their database onto a simulated SGX enclave that isn’t actually running inside SGX. Once SVR replicated its database to the system, everyone’s secret seed data would be available in plaintext."

...

"Finally, we had a long technical discussion about the vulnerability of replication in SVR databases. At the risk of misstating his side: Moxie’s perspective is that this kind of replication is needed in order to operate a functional service, and that the need to retain persistent backup data trumps the potential security issues."

myliitJuly 13, 2020 2:41 AM

@JonKnowsNothing

You wrote: https://www.schneier.com/blog/archives/2020/07/friday_squid_bl_736.html#c6813688

“... For intersting OpSec error

... infringement of [covid-19] stay-at-home directions was discovered after two people ordered about 20 meals at a KFC store ... The large order raised suspicion....[and they] notified police of their concern. ...”

Funny story, but not so funny at the same time. iirc, Florida hit 15000 new covid-19 cases in a day, shattering old infection state records, and covid-19 test results can be taking about a week to deliver in the United States of Amnesia (USA)

https://www.washingtonpost.com/nation/2020/07/13/coronavirus-live-updates-us/

myliitJuly 13, 2020 3:14 AM

@SpaceLifeForm

“... So Nigel Farage tried to come to my pub today...”

+1, for that and your Brianna Wu link

You have probably seen this:

https://twitter.com/sarahcpr/status/1281641996877275138 32 seconds

“How to cognitive

Here it is other places:
YouTube: https://youtu.be/omTd0bvQT_M
Instagram: https://instagram.com/p/CCeARAiAnMG/
Facebook: https://facebook.com/therealsarahcooper/posts/10160053619718266… ...”

For non TikTok users would twitter be preferred? Should people in the USA, in general, try to avoid TikTok?

Clive RobinsonJuly 13, 2020 4:28 AM

@ SpaceLifeForm,

I found this via Sarah Cooper

Yes Munya Chawawa can hit the nail with the most beautifully wrapped thumps.

I hope you got all the jokes as there was a little "scatter gun" at the bigining till the main charge got on target.

For those that do not know Nigel Farage is a dispicable brown nosing self promotor who trys to wrap himself in an "Ordinary bloke down t' pub" image. All whilst sucking up to both the blond quiffs who appear to have formed their own "Special 'needs' Relationship". I guess instead of "UKUSA Agreement" it should be called the "USURPER Agreement"...

Oh as for "Niggle" as he is also sometimes called it's been decided by some that due to his behaviour "Farage is now a verb" but please do not ask what "to farage" might mean as it's what you might call "Not Suitable for Work" rated :-S


MarkHJuly 13, 2020 5:27 AM

.
U.S. White House Using Counterintelligence Methods

Axios reports that the Acting Chief of Staff has been "feeding" information to various White House staff members, in an attempt at identifying people who "leak" supposedly confidential information to the press.

In concept, this is simple: if I tell a certain story to X and no other person, and that story is published by news organizations, then I can infer the X was the at least the first link in the chain by which that story was leaked.

Similar techniques have been used by intelligence agencies in hopes of rooting out spies.
______________________

Of course, practice is messier than theory:

1. The story should be a fabrication. If it's factual, then the possibility exists that it might have reached the press by a route unknown to me.

1a. By feeding fabrications to staff members, I risk damaging whatever trust they may place in me.

2. The high-level news organizations which have been reporting most "insider information" during the present administration, are generally conscientious about verification. They probably won't publish, unless they can confirm the story using a reasonably independent source. Accordingly, a fabricated story I pass to a single staff member is not likely to be published, even if that person actually disclosed it to the press.
______________________

Ironically, the Acting Chief of Staff is said to have told this plan to more than one staff member, which would be an example of very poor security.

This "leak detection scheme" apparently became public, because trusted staff members ... leaked it to the press.

name.withheld.for.obvious.reasonsJuly 13, 2020 7:38 AM

Nothing to Fear from the Inquisition, we're not Spanish
David McBride, a former military officer for the Australian government turned over documentation that exposed the war crimes carried out in Afghanistan and later reported out by the Australian Broadcasting Corporation. Earlier last year ABC's offices were raided related to the reporting. Now, not only is the prosecution of the whistleblower similar to what has happened in the United States, prosecutions have been extend to a disturbing scope and breadth.

Well, Australia has literially said "Hold my beer!". The secret trial of "Witness K" for revealing the ASIS's illegal spying in East Timor over gas and oil negotiations during the Howard administration has become draconian in the extreme. Bernard Collaery, a former attorney general of the ACT, is being prosecuted for the crime of representing "Witness K". In effect, making those that would provide a legal defense for those charged as in McBride's case, susceptible to prosecution. Also the journalist Dan Oaks may be charged in parallel to McBride's prosecution.

This represents a prosecutorial breach unseen in legal corners anywhere in modern society with a quasi-functioning judiciary. When an individual is charged, access to legal representation is paramount when left to face the state and the resources mustered to prosecute an individual. The apparent theory is to make whistleblowing impossible, that all the forces of the state will be exercised in a manner akin to the Spanish Inquisition of the 12th century.

So a whistleblower, a journalist, and a lawyer walk into a court (or is it hauled into a court)...I leave you to ponder the punchline.

Clive RobinsonJuly 13, 2020 9:20 AM

@ MarkH,

In concept, this is simple: if I tell a certain story to X and no other person, and that story is published by news organizations, then I can infer the X was the at least the first link in the chain by which that story was leaked.

It's generaly not done that way, and almost always they do not use purely fabricated information.

The trick is to use "temporal subsets that change" that is you have ten suspects you tell all ten the general facts but one piece of information you give to five and not the other five. Each time you map people into a subset. The fact you chose to use this way is of little real use but has a high embarrassment or other factor that would make it a plumb to journalists.

Over time with moving people in and out of two groups you build up a signiture for each person, the result is you get to find out not just who the prime suspect is but also others who might be involved either unknowingly (patsy) or knowingly (conspiritor).

But as always these systems only work reliably if the suspect people are unaware of them. Which is why some smart leakers walk away whilst others not so smart do durance vile for long periods.

By smart I do not mean as in IQ but in terms of counter-surveillance, and also they are probably not strongly motivated by the usual MICE drivers either.

But they also have to be smart in other ways. One of the biggest dangers to a street corner drug dealer are their more needy customers for various reasons. Likewise the biggest danger to a confidential whistleblower is the journalist, who is likely to suffer from all the same failings as a needy drug user.

So as a supplier the whistleblower should be responsible for managing the relationship and sanatising the information. First and formost the whistleblower ensures a one way flow of communications and other details. At the end of the day journalists will give up their sources if they can and enough preasure is brought to bear upon them. The whistleblower can do nothing about the "preasure", but they sure as heck can do a lot to stop the "can", because people can not give up what they do not have no mater how much preasure is applied to them.

Which means that as a whistleblower you have to turn your chosen journalist into a junkie. That is you build up a relationship over time, starting with small pieces of information. The journalist if they are of any use will quickly come to realise the whistleblower is of worth and will put up with the arrangments the whistleblower puts in place. If not the whistleblower finds another journalist etc.

Suprisingly to many the actual objective of a smart whistleblower is to eventually work their way up to becoming their own target. The only way they can do that is by remaining totaly anonymous, rise through the ranks getting closer to what it is they are trying to stop.

This is because the simple fact is those at the bottom of the power pyramid get crushed as examples in the excercise of power, whilst those at the top walk away often into lucrative positions as others are too scared to move against them. The reason is the higher you get the more bodies you've buried and knowing and in the process find out where others have buried the bodies they have. Knowing where to dig up the skeletons others have buried tends to keep them in check, especially if they suspect you have one or two deadmans switches hiding in the landscape waiting to be triggered.

JonKnowsNothingJuly 13, 2020 10:08 AM

@All

re: An embarrassment of innuendoes

The Register is known for its pithy and pointy headlines and sarcastic journal style but an article today really hit a Not So Funny Bone for me.

The article is about a zero day exploit in ZOOM.

Well who woulda thunk it, that Zoom, that bastion of high-tech high-security video conferencing system, has a zero day exploit. (we can all do sarcasm).

But the part that was more annoying was this:

Better get Grandma off Windows 7 because zero-day bug in Zoom allows remote code execution on vintage OS
...
With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax – it's only if you're on Windows 7 or older.

Zho...

  1. Only Grandma has Win7
    LOTS of folks have Win7, there are millions of still working computers with DOS.
  2. Vintage computers
    LOTS of folks are happy to have any computer at all. Recycle Shops not only repair them, they resell them and some charities give such older machines to the many people that cannot afford the latest and greatest overpriced stuff.
  3. Old OS is "responsible" for the zero day bug
    The responsible party for the bug is a programmer(s)/team at ZOOM.
  4. Relax it's not you
    Security and especially zero day bugs show pathways that are likely to exist in other products. The same technique and exploit are wakeup calls to look at their own systems for similar.
  5. Zoom is THE ONE
    Zoom is popular, @Bruce has posts about his use of the product. A popular product gets more exposure so the squeaky wheel gets noticed. Less popular products may have similar security faults but those go under noticed and the exploit remains active for longer.
  6. Patching fixes it
    Patching may fix it, if you can patch. Older no-longer supported systems are deemed "unworthy and not profitable" to fix by their manufactures. By putting a huge spike in the system lifecycle they intend to force people to upgrade. Their focus is on disposable income. Not many have any disposable income left.
  7. Once Patched Forever Patched
    If by some chance you manage to patch an older system, because there is no system integration or regression testing, you don't know what else is going to break. Even in newer Top of the Line Systems, patches get rolled-back or lost in during code build. Rolling Over competing and/or mutually exclusive patches are known to create more havoc.

The zero day has a patch. No one with windows 7 is going to patch, It's an ongoing security failure due completely to the abandonment of the product by its makers. There are a ton of excuses why, but the de facto aspect remains:

  All abandoned tech remains in it's last patch state...forever.

Aside from the "blindness" of the humor, there are some addition thinking points.

COVID19 has changed the world. It's not going away anytime soon. No one has a clue about what to do in countries following The Swedish Treatment because the continuous cycles of opening and lockdown make our previous methods of doing things inoperable. The upheavals of the Saw Blade Economic Recovery Cycle will go on for years in the Herd Immunity Policy Countries like USA, UK, Brazil, Sweden and others.

Just trying to implement distance learning for anyone without a reliable low cost internet connect every where on the globe, with hardware and software suitable for each geographic region, with a separate system needed for each learning member is a logistical nightmare.

It may be that manufactures are expecting families in poverty to shell out $2-3k USD per student, with the attendant non-existent rural internet connection with enough bandwidth to accommodate distance learning AND distance working, but the reality is that the 97% of the 99% are lucky to have an old hunka-junka hand-me-down.

The elitist attitude is Just Buy A New One. The stores are closed. The manufacturing lines are stopped. The workers are home and their family members are dying or dead. There are graves to dig and funerals to pay for.



ht tps://www.theregister.com/2020/07/13/in_brief_security/

ht tps://en.wikipedia.org/wiki/Innuendo

An innuendo is a hint, insinuation or intimation about a person or thing, especially of a denigrating or a derogatory nature. It can also be a remark or question, typically disparaging (also called insinuation), that works obliquely by allusion. In the latter sense the intention is often to insult or accuse someone in such a way that one's words, taken literally, are innocent.

(url fractured to prevent autorun)

vas pupJuly 13, 2020 12:58 PM

@ALL interested in COVID fighting

Coronavirus: Llamas provide key to immune therapy
https://www.bbc.com/news/science-environment-53369103

"Scientists from the UK's Rosalind Franklin Institute have used Fifi's specially evolved antibodies to make an immune-boosting therapy.

The resulting llama-based, Covid-specific "antibody cocktail" could enter clinical trials within months.

The development is published in Nature Structural and Molecular Biology.

It involves "engineering" llama antibodies, which are relatively small, and much more simply structured than the antibodies in our own blood.
===>>>That size and structure means they can be "redesigned" in the lab.

Antibodies are part of what is known as the adaptive immune system; they are molecules that essentially morph in response to an invading virus or bacteria.

"Then if you get re-infected," explained Prof Naismith, "your body looks for any [virus particles] with antibodies stuck around them and destroys them."

This type of immune therapy essentially boosts a sick person's immune system with antibodies which have already adapted to the virus.

There is already evidence that antibody-rich blood, taken from people who have recently recovered from the coronavirus, could be used as a treatment. But the key trick with this llama-derived antibody therapy is that the scientists can produce coronavirus-specific antibodies to order.

The small re-engineered part of the llama antibody is also known as a nanobody, said Prof Naismith."

Read the whole article - very good chart explaining mechanism. Enjoy!


MarkHJuly 13, 2020 1:52 PM

@Clive:

1. The man in question, Mark Meadows, is well known for the brutal inferiority of his thought processes. As witness to this, he reportedly told his scheme to colleagues of the suspect leakers.

On this basis, I suppose that his planting of stories was neither subtle nor sophisticated ... but I don't have details.

2. I don't know what journalists do in the U.K., where you have no legal protections comparable to those in the U.S.

In the U.S., journalists are generally zealous concerning protection of sources -- especially those journalists who cover the White House for leading news organizations.

Not only do they regard such protection as a sacred ethical trust, but as a practical matter the outing by a reporter of even one confidential source would have a devastating effect on the ability of every American journalist to learn anything the powerful wish to be concealed.

I remember well one of my closest friends spent about a year prepared to go to jail rather than disclose the source of a corruption allegation he had reported. The case was local -- the official and the magazine were minor -- but he was never going to tell. [The legal proceeding within which his liberty was threatened, was eventually dropped.]

Many of our generation will recall that the identity of the most famous leaker in American history ("Deep Throat") was protected by the reporters who knew him, until his death decades afterward.

For those interested in U.S. journalists who refused to give up sources -- in the face of very great pressure -- here's some history:

https://www.rcfp.org/jailed-fined-journalists-confidential-sources/

Clive RobinsonJuly 13, 2020 3:58 PM

@ MarkH,

I don't know what journalists do in the U.K., where you have no legal protections comparable to those in the U.S.

For how much longer in the US?

We know that US journalists are having their phones tapped, their computers implanted and a whole slew of other attacks, if not by US Government agencies but by other nations agencies (ie the UK) on their behalf.

The moral still remains,

    What someone does not know, they can not, tell[1]

And the problems are only going to get worse with time, because most technology attacks are now beyond human counter abilities.

Read Matt Greens comments on Moxie Marlinspike's changes to Signal. It boils down to,

1, Moxie and friends can grow their service if they make it more user friendly.

2, Moxie and Co have gone a long way to force these changes down peoples throats without giving them a way to opt out.

3, The change has a very major security downside which is the users avility to remenber a secret. So Moxie has gone for a four digit PIN.

4, Moxie has claimed a way to strengthen the PIN problem that I and many others have know for sometime is flawed beyond redemption and should not under any circumstances be used (Intel enclaves).

5, Due to the effort Moxie and Co have gone to, it's unlikely that they will not add further user data insecurity in the name of "ease of use" because that will get them more idiot users to swell the service numbers...

Even though Moxie has allegedly come up with a way to "opt out" we only have his word that it is true and will remain so (remember Facebooks games with user privacy?). But like with all physical objects have three dimensions so does communications security. That is,

1, You as the first party.
2, Who you communicate with as the second party.
3, The communications service/equipment supply as the third party.

Giving you some difficult to use "opt out" does not stop the second or third party still squirreling away to uncontroled or vulnerable storage things you do not want squirrled away[2].

The first basic rule of OpSec can be put as,

    "If you trust people they will get you killed, so trust only where you absolutly must".

As a "confidential source" a journalist needs not know who or what you are or even how to contact you. They only need the information you send them and what confidence in it you have, that's it, and if you break that rule for what ever reason you only have yourself to blaim when you get your feet held to the fire or worse you do what used to be called "the hemp fandango"[3].

I guess you could call the phoned in bomb warnings to newspapers and other media outlets by the IRA during the Irish "troubles" the ultimate in being a confidential source. The exact details are still not known but they used to send DTMF dial tones as a method of authentication as the IRA either knew or assumed all incomming calls would be recorded.

Obviously their aim was to give information --a warning for what ever reason-- but not be identified in any way.

[1] Or disclose inadvertantly... Your information is only secure as long as it is 100% under your control. It might seem odd but in times passed people believed that their names and images and hair etc had power over them if others possessed them. Back then we supposadly civilized people thought they were mad, well our civilized science has turned those beliefs into reality. Now those things do have power over you as criminals demonstrate every day, via identity theft and worse.

[2] People still ask me why I don't do "Whatsapp" or other supposadly secure messaging app. When I tell them the quite numerous and very valid security reasons they come out with the "convenience argument" when I shoot that down they come up with the old "But you've nothing to hide" argument and when I shoot that down they still grumble. Eventually it boils down to either they think "I'm making their life difficult" or that "I don't trust them" well there's no surprise for thousands of years people have complained they are not trusted and then they go and flap their gums to prove the point of why... They don't like it if I tell them that "No I realy think you are an inappropriate person to put any trust in what so ever because you put your lazy self ahead of anyone elses valid concerns over their life and liberty", now of course I can just ask them if they've heard of Encrochat...

[3] It comes from the fact that the more flexible ropes are made from hemp fiber, and the fandango was a short lived dance, thus it is a euphemism for being executed. Other gallows humour varients are "the sisal twostep" or "the gallows jig" all refering to the movments the feet of a badly hanged person makes.

SpaceLifeFormJuly 13, 2020 4:15 PM

@ Weather

Well, now that you mentioned openssl...

First, I would use libressl.

Also, if you are not familiar with the complete mess that is Certificates and CAs, root certs, intermediates ...

DNS and Certificates both need to be replaced.

hxxps://twitter.com/sleevi_/status/1282681901069873152

hxxps://scotthelme.co.uk/tag/certificate-authorities/

WeatherJuly 13, 2020 5:38 PM

@spacelifeform
I'm just using the sha c and header files from openssl, I just call init,update and final.
I'll take a look at libressl.
I haven't had much experience with certificate didn't set them up when looking at web servers.
I though Firefox and others were moving to dnssec?

JonKnowsNothingJuly 13, 2020 6:33 PM

@MarkH @Clive
re:

MarkH: I don't know what journalists do in the U.K., where you have no legal protections comparable to those in the U.S.

Clive: For how much longer in the US? We know that US journalists are having their phones tapped, their computers implanted and a whole slew of other attacks...

The protections of the Fourth Estate in the USA are about to crumble under the onslaught of newly revised definitions by the intelligence committees in congress with special inputs from the Nat-Sec LEAs and other popular law enforcement groups.

Tolerance of whistleblowing and reporting of leaked documents depends entirely on which side is doing the leaking. There are always at least two sides. Governments have attempted to shape 100% of the perception of their policies and leaks that do not mesh with those views are their main target.

Propaganda is OK while exposure of illegal or questionable activities is Not OK.

Marcy Wheeler has been following many of these trends for a long time. The process is not in one tidy little piece, it's strewn along many legal paths by the US LEAs forte in the Re-Definition Game
  (see: "relevant" means ALL and "enhanced interrogation" is Not Torture).

At the time that Snowden and the Guardian and other world wide news organizations began exposing the extent of the NSA illegal surveillance of their citizenry, USA Senator Dianne Feinstein had an entire committee attempting to define "journalism" and who would qualify as a "journalist" in order to prosecute everyone who published, handled or read such documents.

While her definition was pretty cumbersome, it exposed the extent to which she as a senior member of the committee (she might have been the committee chair at the time) intended to drill down and prosecute non-propaganda leaks.

It's taken a good few years but they are closing in on the goal. Some of the fro-and-toing over the Vault 7 Leaks, the Julian Assange + Chelsea Manning exchanges, the recent inclusion of Sarah Harrison among others, are targeting the Big Fish: Edward Snowden.

The Fourth Estate is pretty much gone anyway, there are almost no printed papers and the broadcast media is tightly controlled.

Of Note: Marcy Wheeler announced on July 9, 2020 she has moved to Ireland.


ht tps://en.wikipedia.org/wiki/Fourth_Estate

The term Fourth Estate or fourth power refers to the press and news media both in explicit capacity of advocacy and implicit ability to frame political issues. Though it is not formally recognized as a part of a political system, it wields significant indirect social influence.


ht tps://en.wikipedia.org/wiki/Dianne_Feinstein
ht tps://en.wikipedia.org/wiki/Sarah_Harrison_(journalist)

ht tps://www.emptywheel.net/
ht tps://www.emptywheel.net/2020/07/09/june-bug-goes-to-ireland/

ht tps://en.wikipedia.org/wiki/Anthony_Fauci
ht tps://en.wikipedia.org/wiki/Anthony_Fauci#Coronavirus_Task_Force
(url fractured to prevent autorun)

Clive RobinsonJuly 13, 2020 7:31 PM

@ SpaceLifeForm,

Also, if you are not familiar with the complete mess that is Certificates and CAs, root certs, intermediates ...

And it's about to get a whole lot worse...

@ ALL,

As gets mentioned from time to time hear is that IoT devices do not get updates, even security updates. But who even thinks about "CA Root Certificate Updates"?

Nobody...

But who also thinks about how broad this IoT lack of update problem realy is?

The answer is not many, but fairly soon they will do...

As the lack of updates applies to nearly all "Smart Devices" quite a few of which you might not even be aware of such as "Smart Meters". Or you are only vaguely aware of such as peoples "home appliances". Many of which are going to quite suddenly stop working. That is all those "Smart Device" be it your mobile phone, some kind of net book or pad, TV or your home entertainment system, those devices some have in their kitchen built into the units or white goods to browse through recipes etc are going to stop working and become worthless scrap...

Why? You might well ask, well the reason is simple and obvious only once it's explained (though some will have guessed by now).

Most of the Internet runs on PKI that is you get a PubKey cert from the server you wish to visit. Your software --often but not always a web browser-- makes some checks. The usual explanation is it checks for a valid certificate and that's about all you get told.

The reality is a lot lot messier. What actually happens is the "site certificate" is actually at the end of a chain of certificates from the various issuing entities finally ending up at a "CA Root Certificate". But how do you trust that CA Root Certificate? Well the simple answer is your smart device has a copy of it embedded into the OS or application, against which it compares.

The fun thing is that Certificate Authorities started setting themselves up in business seriously in the late 1990's. Back then the rules governing CA setup were a little "Wild West" but the one thing most agreed on was a CA Root Certificate should have an expiry date, and the consensus was it would be a maximum of twenty five years...

Which means those CA Root Certificates embedded in your Smart Device, that gets no updates are going to start expiring "real soon now"...

Welcome to the world of "forced obsolescence by security". It will be interesring to see how many Smart Devices start to fail...

Yes there are sort of work arounds that server site admins can do where they move over to CA's who's Root Certificates have more millage on the clock, but eventually even that will fail.

I've warned about the problem of embedded devices and their lack of being able to be updated on a number of times before on this blog. And I have and still do lay the blaim at the doors of NIST and it's crypto competitions. It's been clear for decades that a standard "framework" was required so that to remain secure all embedded devices needed a standard way to update crypto not just algorithms which often fail in less than a quarter of a century but other related aspects of which Root Certificates are just one.

Remember Smart Devices with security covers not just the smart meters in your home that should last atleast fifty years, but also in some cases those little boxes of electronics in your body that keep you alive for the next few decades... Do you realy want to go under the knife because your "heart" supporting device will no longer function correctly? Probably not, but you may have no choice...

NIST should have acted on this decades ago, but failed to... So when your embedded device fails due to the lack of a standard and mandated way to update the crypto such as the Root Certificates you know who to cuss-out.

Clive RobinsonJuly 13, 2020 8:25 PM

@ JonKnowsNothing,

Of Note: Marcy Wheeler announced on July 9, 2020 she has moved to Ireland.

She and her family are not the first and won't be the last. I suspect some are waiting to see what Nov brings.

Someone I know has already moved a few months back. They have decided that they will give up US Citizenship as they see no reason to keep throwing good money after bad. Luckily they have close family and citizenship rights.

It's odd but the people I know off that are upping sticks and getting out of the US are the ones who a nation would generally not like to loose.

But one thing I've heard mentioned more than once is "Healthcare and dental" as a good reason to move, even if they will earn less they figure they will end up with more in their pocket...

name.withheld.for.obvious.reasonsJuly 13, 2020 10:06 PM

@ JonKnowsNothing

The protections of the Fourth Estate in the USA are about to crumble under the onslaught of newly revised definitions by the intelligence committees...
I would add the political class and media (claiming to be of the fourth estate) is actively engaged in undermining the press and journalism.

Ignorance is Blessed
The noteable media outlets proffer a self ascribed fatalistic nihilism that knows not that it will drown their own. No media concern can be certain that when the time to sort the "press" into friend or foe, most do not understand where that line will be and how it is formed, whom will sit to their left or right--or if it is their fate in the balance.

Describing when to Search, the What and Where?
That all tangible items, or a specifically abstract concept, are enumerated using apriori such that any warranted search for evidence will certainly be found everywhere, and anywhere. Or more specifically, COLLECT IT ALL.

Past Crimes of the Future
What is going to roll this mobile fecal blob back up the hill--to the source. It seems that the basis for whistleblowers is really to make clear, the guilty party is not behind the curtain. John Karioku, Binney, Drake, Winner, Snowden, and other guilty government employees were responsible for torture programs, wholesale internet spying, and the XKeyScore program. They compounded their crimes by leaking this to Cheney and Bush as was necessary to counterterrorism efforts. They lied, these whistleblowers dishonored their charge, it was not for counterterrorism but for counterdemocracy that we made secret our laws and public their crimes.

name.withheld.for.obvious.reasonsJuly 13, 2020 10:21 PM

On a related note:
U.S. Government Proves Secrecy is Incompetence and Corruption, Again
The Naval Research Laboratory is in the middle of an organizational and mission crisis. A report by the Naval Research Advisory Committee sheds light on the issue (oh wait, did I say light, I meant darkness).

Steven Aftergood of the Federation for American Scientists has an article and a very interesting experience with the NRL and the reporting bodies. Seems more intrigue than is reasonable or warranted, but I digress he spells the issues out here:

hxxps://fas.org/blogs/secrecy/2020/07/nrac-nrl/

Look for the suppressed report and see why this is so dangerous...hint, it has nothing to do with science.

MarkHJuly 14, 2020 1:00 AM

@Clive et alia:

I don't claim such powers of precognition, as you folks have.

I offer a few non-predictive observations:

1. Where the law touches press freedom in the U.S., the final arbiter is SCOTUS.

2. The commitment of SCOTUS to the 1st amendment has been pretty steady during my lifetime. Though the court has become hyperpolitical, defense of freedom to communicate ideas seems to be broadly agreed.

3. To the extent that "press vs. not-press" is considered (which is much less than most people suppose), the Supreme Court will make such determination, not any Congressional committee.

4. I don't know what definitions Wheeler was writing about, but by settled law the press is protected in the publication of state secrets, provided that the information was brought to them. A journalist who unlocks the filing cabinet himself is not protected.

5. Yes, the government spies on journalists. Instead of surrendering, they've improved their OpSec.

Those who disclose what the powerful want concealed have always faced risk.

The tension between secrecy and openness is many centuries old. I don't see the signs of imminent decisive victory for secrecy ... but I don't have the right sorts of tea leaves, crystal orbs and goat entrails available to some of us.

SpaceLifeFormJuly 14, 2020 1:44 AM

A review of old tech, with less intercept issues than today. The whistleblowers in the olden daze had it easy.

These days, those using Signal need to re-evaluate.

"What does a zero sound like?"

hxxps://twitter.com/jadedcreative/status/1282672613731508224

JonKnowsNothingJuly 14, 2020 2:11 AM

@MarkH

re:

Where the law touches press freedom in the U.S., the final arbiter is SCOTUS.

I am not as eloquent as Marcy, nor as well informed. However I can share with you my take-away from her extremely detailed analysis over the years.

While we were all sleeping soundly in our beds, the NSA, CIA, FBI all crept up on Red Riding Hood and refined the word "WOLF".

We have some freedoms or privileges (1) defined by the constitution and bill of rights and amendments.

During our sleep, the NSA, CIA, FBI and the great number of other USA LEAs got together with Congress (Senate and Representatives) to create and carve out exceptions to those freedoms. This is encompassed by the FISA laws and FISC ex parte courts. Ex Parte means only the government participates.

Using redefinition of common words and understandings, the FISC and FISA laws as well as direct actions of the LEAs have altered our more common understanding of many words. This redefinition is important because "redefined words do not mean what you think they mean".

Using this semantic alteration, the LEAs have successfully set up a series of precedents which are important to any SCOTUS challenge. These precedents are carefully staged so that at each step of the judicial challenge process though the court systems, they are accepted. Tiny alterations add up to an avalanche.

The entire process is/was intended to go unnoticed, except for some very astute observations.

Their end goal is almost in sight. A poor summation:

ANYONE with unauthorized access to classified material
ANYONE receiving any classified material no matter how it was acquired
ANYONE who describes or instructs or communicates details about security protocols, systems, software ... (it's a long list)
ANYONE who shares knowledge of such material or passes it on to another
Can and will be prosecuted under the USA Espionage Act or other applicable laws.
The USA claims global application of these laws
(similar to how China now claims their laws are valid outside of China).
Application of this redefinition has no statute of limitations.

People like our host, Bruce are in danger because we know he had access to and reviewed some of the ES documents. Global application means extradition or rendition, so Sarah Harrison a UK Citizen can be charged. Our RICO Laws add more cover to claim conspiracy for exchanges between source and receiver as well as within the publishing process (Jeremy Hammond). At risk would be Alan Rusbridger who was Editor of the Guardian at the time of the ES Files. He is also subject to UK laws for exposing UK secrets (another branch of the same process). Australia is prosecuting the exposure of serious allegations of war crimes.

By recasting the exposure of government secrets, illegal or questionable actives, releasing historical documents as NOT Journalism and NOT of Journalistic Value, case law is being laid that such reporting falls into the unprotected speech.

Cases ongoing in Australia, UK, and other countries have similar goals.


1. On Rights vs Privileges see George Carlin videos for explanation.

ht tps://en.wikipedia.org/wiki/Federal_law_enforcement_in_the_United_States
ht tps://en.wikipedia.org/wiki/Federal_law_enforcement_in_the_United_States#List_of_agencies_and_units_of_agencies

ht tps://en.wikipedia.org/wiki/United_States_Foreign_Intelligence_Surveillance_Court

ht tps://en.wikipedia.org/wiki/Ex_parte

ht tps://en.wikipedia.org/wiki/Racketeer_Influenced_and_Corrupt_Organizations_Act

ht tps://en.wikipedia.org/wiki/Alan_Rusbridger

ht tps://www.theguardian.com/commentisfree/2020/jul/04/the-case-against-dan-oakes-exposes-how-dangerously-fragile-press-freedom-is-in-Australia

(url fractured to prevent autorun)

MarkHJuly 14, 2020 3:50 AM

@JonKnowsNothing:

I don't mean to minimize the sinister developments you describe.

SCOTUS is the final arbiter. No 3-letter agency, or act of Congress, can override the Court's judgment as to constitutional conformance.

If I'm getting this wrong, please explain where.

The Court has been dreadfully complicit in hacking away at the 4th amendment. I see no comparable trend with respect to the 1st.

JonKnowsNothingJuly 14, 2020 11:13 AM

@MarkH

re:

SCOTUS is the final arbiter. No 3-letter agency, or act of Congress, can override the Court's judgment as to constitutional conformance.

disclaimer: I am not a lawyer nor knowledgeable about the application of laws in this regard, my civilian interpretation of what I've read is all I can share.

Normal day to day stuff isn't the target. Baseball scores, cost of a beer, reviews of restaurants and political Op-Ed are all still OK and fall into Protected Speech, at least for now.

The main direction is to criminalize any unauthorized publicized leak.

Unauthorized means, not a deliberate propaganda leak.

In order to differentiate between legally protected speech and not protected speech requires some linguistic gymnastics. Because words on paper are just words on paper. It's the content or meaning of the words that differentiates between them.

So a report about a ship sailing is OK if you are reporting on a cruise line but Not OK if you are reporting on military ship movements, unless the report is a pre-vetted approved one like "ship x has arrived in our port to celebrate name-a-day."

The problem or issue is: these all report nearly identical information. It can and does fall mostly into protected speech.

The way the government creates a difference is they attach a "secret" tag to the military information and the laws change if that tag is in place. Words on paper are still words on paper but if the content derives from information with the "secret tag" the laws no longer recognize this as protected speech.

Currently, in the USA, news agencies and reporters have some court protections when reporting about information derived from secret tagged documents. The key word here is "derived".

As the internet as expanded over the years, copies or duplicates of secret tagged documents are exchanged as proof of authenticity and accuracy of the information being disclosed. They get a drop file in some "secured" drop box. Now the reporter or news organization or advocacy group actually has a copy of the secret tagged document. They no longer have to rely solely on third-party disclosures but have the source document in possession.

If the information is a propaganda one, there's no fuss from the government. Maybe some of the population gets ruffled feathers but this is WAI (working as intended).

If the information is not a propaganda piece and it causes "embarrassment" or creates an "actionable legal framework" against person(s)/groups /officials/governments that's when the new reworded or redefined words come into play.

Having even seen a copy of a secret tagged document and reporting on it in any way (paper, voice, video, P2P etc) catapults the reporter and news agency into the espionage act along with anyone in the "chain of custody". It doesn't matter if the news is old news or new news, it's labeled as Not News but as Espionage.

SCOTUS takes a very narrow scope on any case they take. It's down to the commas and semi colons. They don't often make broad sweeping alterations . They base their decisions on precedent (previous cases). "Secret tags" and both FISA and FISC have passed muster with them. The Federal courts provide the FISC judge.

Once the item is imbued with a secret tag, this can be a retroactive tag, possession, knowledge and transmission of such information falls out of Protected Speech.

In theory some documents are supposed to lose their secret tags and many do. The secret tag can be reapplied later and if you have, seen, or shared that information even if it was during a period when the items were Not Secret, you can still be prosecuted and sent to jail. There are plenty of precedents already established.

The current set of federal cases are designed to be precedents in setting the differentiating bars lower as to what is and isn't protected speech.

Even explaining how to make your computer secure is one of the cases in play.

Yes, that would technically mean everyone reading anything on this blog is at risk, because using the RICO laws of conspiracy means we are exchanging information that might be contrary to the objectives of other organizations.

MarkHJuly 14, 2020 1:45 PM

@JonKnowsNothing:

Congress can outlaw whatever it chooses. If the Supreme Court declares such a law unconstitutional, that law is dead, and any penalties exacted according to that law are vacated.

Because the U.S. is a republic, the sentiments of voters are the ultimate backstop. Every elected federal officer can be replaced within 6 years of any given date.

Even the Supreme Court takes some account of public sentiment (as illustrated within the past few days). SCOTUS has no army or police force to enforce its decisions; its authority ultimately derives from its perceived legitimacy, which most Justices understand can be lost if they too brazenly defy the will of the people.

The U.S. has greater public support for free speech than any other country, and probably the most comprehensive system of legal protections as well.

There will always be a tug-of-war over free speech. Governments will always seek to expand repression. There's no finish line, or Victory Day ... the work must go on.

Consider the present reality: the U.S. has its most authoritarian regime in its 230 years as a constitutional republic. This regime has declared the free press to be the "enemy of the people." As yet, there have been no press prosecutions, and the "enemy of the people" has been walloping the administration on its fat bottom with alacrity. Even the WSJ, famous for political conservatism, has done a terrific job of exposing administration misconduct.

In my homeland, press freedom is neither dead, nor dying.

It could vanish very quickly if people stopped caring. Right now, lots of people care.

It's valuable and important to "sound the alarm" and make worst-case projections by way of caution. In general, it's an error to mistake those worst-case scenarios for prophecy.

JonKnowsNothingJuly 14, 2020 3:24 PM

@MarkH

re:

It's valuable and important to "sound the alarm" and make worst-case projections by way of caution. In general, it's an error to mistake those worst-case scenarios for prophecy.

It's not prophecy. Doesn't fit the definition.


ht tps://en.wikipedia.org/wiki/Prophecy

A prophecy is a message that is claimed by a prophet to have been communicated to them by a deity. Such messages typically involve inspiration, interpretation, or revelation of divine will concerning the prophet's social world and events to come (compare divine knowledge).

(url fractured to prevent autorun)

WeatherJuly 14, 2020 4:55 PM

@All
Based on above I'll try sha128 avanchilce on two, just saying I'm extracting 10 bytes from sha two, but three can be extended to six, ten too twenty.
I've done enough tweaking, need to change the code.

SpaceLifeFormJuly 14, 2020 5:09 PM

DNS, Windows. 17-Year-Old ‘Wormable’ Bug

hXXps://www.wired.com/story/sigred-windows-dns-flas-wormable/

"It requires no interaction. And not only that, once you’re inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy," says Omri Herscovici. "It’s basically game over."

SpaceLifeFormJuly 14, 2020 6:25 PM

SigRed is probably worse than is being let on.

It may have already been exploited by an APT, that
previously laid down unknown rootkits into the servers.

At this point, I would assume that any Windows network that used MS DNS is potentially compromised already, and applying the registry setting fix or the patch may just be theatre.

https://thehackernews.com/2020/07/windows-dns-server-hacking.html

name.withheld.for.obvious.reasonsJuly 14, 2020 11:29 PM

@ MarkH

but I don't have the right sorts of tea leaves, crystal orbs and goat entrails available to some of us.
<sarcasm>
I'm shocked and surprised my good @MarkH, besides the stoic attention to detail it seemed natural for your skillset to extend to the macabre and/or magical (depending on free time available). May I suggest a concoction to quiff, this liqueur consists of ear of newt and tail of frog and some Trumpet cult chants.
</sarcasm>

1.) The Assange case, the clearly political persecution of a publisher and journalist that has significant press credentials, a brew made in the bowels of the "deep state" in a vindictive revenge attack that has little to do with the constitution and first amendment principals. A rampage from within includes those that have lost touch with the core foundation of self-governance and is at the basis for their existence. Federal paychecks, from taxpayers, supports those convinced the cause of silencing a critic is just, but it is not. Appears the moral authority, law, and the resulting actions are the acts of highly dissociative individuals or group.

How distance is the oath of office, the honor to history, fealty to truth, and more perfect aspirations from the ocular of the mind. The further away, the scope and focal plane of matched lens, the more obscure the field of view. The faulty binoculars employed to to give vision to the future certainly provides much for forensic scientists to explore in the future.

MarkHJuly 15, 2020 1:44 AM

@name.withheld.for.obvious.reasons:

The case of Assange is more than a little complicated. To focus on what is most relevant to U.S. press freedom, no U.S. court (to my knowledge) has yet heard arguments on the merits of the charges against him.

Legal scholars seem to think the charges poorly founded, with a substantial likelihood that they will eventually fall.

Whilst this apparent prosecutorial overreach is very serious, it does not determine the legal status of press freedoms. Only final court rulings can do so.

I don't rule out the possibility that the U.S. could drop the Espionage Act charges before extradition is settled.

By my cursory read of history, nothing which might ordinarily be classified as journalism has been successfully prosecuted under the Act in the past 75 years. [Note that I don't count disclosure of secrets by those granted government access as "journalism" for the purpose of this discussion.]

WeatherJuly 15, 2020 2:02 AM

@spacelifeform
Is that bug if you have 7 requests that equal the same basic hash(4 bytes) the 8th crash's it.
It has to be done quickly before the counter gets reset, that was win2k3 so ids and logs aren't getting read.

WeatherJuly 15, 2020 2:19 AM

You can use dig -a -t txt to see version and if its a windows DNS server

name.withheld.for.obvious.reasonsJuly 15, 2020 3:43 AM

Whilst this apparent prosecutorial overreach is very serious, it does not determine the legal status of press freedoms. Only final court rulings can do so.
It's kind of my point, the fact that Assange is sitting in a high security prison is the result of the cabal within the deep state that is acting out of vengeance. Those that are exposed are guilty, free, and able to continue to harm those that are honest and forthright with a bonus prize of harming the institutions and citizens of the United States. So without a SCOTUS ruling, the jailing of a journalist is very real. Too bad we cannot hear from Assange but we can hear plenty from those that should know and do better.

On point 4., there is law that specifies that classification cannot be applied to criminal acts, fraud, and misappropriation. But, as we have come to see, the script has been flipped in practice.

name.withheld.for.obvious.reasonsJuly 15, 2020 3:50 AM

Apologies @MarkH, I'd quoted your statement (am in concurrence for the most part, the legal basis and lawful status) without attribution--my bad!

Clive RobinsonJuly 15, 2020 4:22 AM

@ SpaceLifeForm,

SigRed is probably worse than is being let on.

That is more likely than not when you think about it[1].

It may have already been exploited by an APT, that previously laid down unknown rootkits into the servers.

The thing about "infrastructure code" is people do not like to touch it or redo it as the chances of messing it up is high. Thus something like working DNS code is going to carry forward year after year unchanged unless there is a reason to change it.

For instance we know that Microsoft rarely change the "NT Kernel" thus any vulnerability found with it today will most likely also be in Win2000 or earlier. Which is why the cost of fixing say WinXP through Win7 is going to be negligable when you have to fix Win10. Thus Microsoft not supporting Win7 or earlier for kernel and similar vulnerabilities makes no technical sense, only one of "profit"[2].

[1] The probability a bug will be made public has two basic routes,

1.1, Testing.
1.2, Observation.

Whilst a few people do black box testing and reverse engineering in the public space, there number is small and they are not well resourced. The same is not true in either the criminal or SigInt spaces. Thus the probability is not in favour of the public space.

But when bugs are vulnerabilities there is a probability they will be used by those in the criminal and SigInt spaces. If they are used there is a probability that they will be observed in some way that leads those in the public space finding it via various focused testing techniques.

The important point to note is that the more covert the usage by someone in the criminal or SigInt spaces the vastly decreased probability it will be observed by those in the public space. As time goes on however the probability that the bug will be found by testing increases. Therefore it's actually quite likely that after a period of time the bug will be found in the public space just from testing and not from observation even though it is being covertly used as a vulnarability, and this may well be the case. Obviously once known in the public space people will look backwards in time to see if the vulnarability has been exploited...

[2] Yes I still support code I wrote over a third of a century ago within certain bounds. I had hoped that the rapid change in hardware would have stopped it being used. But no one customer who uses it for controling plant equipment still scurries around buying up replacment parts. What is worse is the hardware has become "retro" so they are making duplicates using more modern chips... Thus I'm in danger of still supporting it till either the customer or I turn up our toes...

name.withheld.for.obvious.reasonsJuly 15, 2020 5:02 AM

From Craig Murray's Blog, "Damage to the Soul" - 14 Jul 2020
An article from Craig Murray's site, the journalist in the room during the U.K. Rendition, no, Extradition hearing comments on the "new" and "improved" superseding indictment (my words):

hxxp://www.craigmurray.org.uk

Suggesting to those that have little in the form of factual information surrounding the persecution of Assange by U.S. Justice department and U.K. courts, read the article titled "Damage to the Soul". It does well to expose the original charges, new charges, and the general disposition of this case. If you haven't been aware of what a complete and utter canard this case represents then I suggest more reading and less pontificating.

Nearly everyone here knows the background, the article does much to clarify the legal and administrative constructs and their application in this case.

Clive RobinsonJuly 15, 2020 5:11 AM

@ MarkH, name.withheld...,

Whilst this apparent prosecutorial overreach is very serious, it does not determine the legal status of press freedoms. Only final court rulings can do so.

There is a problem with your reasoning, and it involves the age old prosecutorial trick of "Rights Stripping" via any one of a number of tactics.

Thus "Only final court rulings" can only happen if the case gets to court in the first place, then goes through the entire appeals process.

The usual FBI / DoJ trick is to find a court well away from where you live, then even if you do get bail you get restricted to that location away from friends family work etc, they then find every excuse possible to make you bankrupt.

In theory there are ways you can force things into court but then the court can keep delaying and delaying and even finding excuses to use contempt rules to keep you locked up and away from justice for quite some time (I think 17years is the US record so far).

But there are other tricks such as "continuing investigations" they pull you in, you decide to fight, it gets to court, you win and they promptly arrest you for something else at the court room door and whisk you away to a court in another part of the country.

Of course there is also "special administrative measures" it's not clear what all the rules are but in essence you don't get contact with anyone even your lawyers. Oh and there is the rules about you have to have specially approved lawyers for various reasons such as "National Security" so the prosecution in effect decide who gets to represent you...

I could go on, but one thing to note is that one trick with people in foreign countries is to not start the legal process untill after the person is extradited or grabbed of the streets and forced into the US. This has the advantage that the clock does not start ticking untill then.

In the case of Assange it's fairly clear the plan between the UK Executive and the US Executive is to use "enhanced techniques" to not just to "rights strip" him, but also to "mentally tourture" and deny him medical care as well as quite deliberately endangering his life.

So realistically Assange is going to be destroyed bit by bit "as an example" of "the power of the state" expressed by just one or two individuals that still fervently believe not just in the odious "might is right" doctrine but worse the contemptible psychopathic notion of "Divine Right" to do what they want when ever they want irrespective of whatever constraints there are put in place on them by the citizens or the courts via the fundemental laws of the country.

To try and argue that this is not happening, is shall we say a bit quaint and not inline with what can be seen is currently happening and how things are progressing.

As a matter of international law the US has no rights over assange, he is not a US citizen he has not been in the US to commit the supposed crimes and contrary to what the US thinks their legal jurisdiction ends at their borders irrespective of what laws they might pass. Thus for Assange to be where he is has always required the juresdiction he has been in to play along for "political reasons" if you look into most extradition treaties "political reasons" are exempt for very good abd proper reasons.

So what you are witnessing is the excercise of purely vidictive political behaviour backed by almost unlimited state power to crush an individual who pointed out that those same vindictive people were not just lying but actively covering up crimes that showed that contrary to what they keep trying to portray they are most certainly not "The Good Guys". Thus thet have absolutly no right to try claiming "the moral high ground", worse is it also shows that they are frequently those who start the criminal behaviours they then try to call others out for. Some might think it's just hypocrisy, but in fact it could very easily lead to not just war but a global war in which the numbers of dead would be well up in the tens of millions.

MarkHJuly 15, 2020 5:13 AM

@name.withheld.for.obvious.reasons:

The case of Assange is unusual in several important respects. However one feels about the work of wikileaks, it is distinct from conventional news organizations.

My first concern is the ability of the press in the United States to function as a check on exercises of power. As far as I can see, the Assange case does not seem to be significantly deterring the American press from doing its job ... though I can't be sure whether there is some "chilling effect" that doesn't show on the surface.

Historically, major press organs have been bold about confrontations with the law, and willing to fight like hell if a prosecution is attempted. If Assange is indeed extradited, it is clear that major news companies will contribute far more money and expertise to his legal defense than he could ever hope to muster himself, because of their concern about a possible harmful precedent.

name.withheld.for.obvious.reasonsJuly 15, 2020 7:17 AM

@ Clive

There is a problem with your reasoning, and it involves the age old prosecutorial trick of "Rights Stripping" via any one of a number of tactics.
Surely you jest my friend, "Ask me your questions three, I'm not afraid!"

"What's your favorite color?" Red, no blue. :^)

These governments are seriously putting an effort into this issue for a reason. This is not a simple case as MarkH and Clive have more than suggested. But I assert that this is THE lynchpin in a global neo-kleptocratic-theomonic-fascistic power struggle that includes the title of ruler of a Mono-polar world. The extraterrotrial use of state law, now being mimicked by China with respect to Hong Kong makes it clear states are normalizing their behaviors.

Yes Clive, we are watching a slow motion execution by the states involved. I never thought I'd live to see this type of crude overt power of a state crush someone or something. There is an incivility that strikes at the heart of humanity in a way that seems outside any historic precedent. Even Nazi Germany had an ideological center, though a most horrible one, this current flavor of fascism has a unlimited appetite for cruelty and violence but comes from an unknown and unpredictable non-idealogical psychosis/psychopathy. When magical thinking forms the basis of social theory we are back to the 13th century.

Having written exhaustively on this case, and I continue to notice the states action as persecution--and have seen this not unlike the Spanish Inquisitions. "Witnesses pulled from a cellar, fabrication of evidence, torture chambers (Gitmo), coercion of allies and friends via any number of dirty tricks are just a few forms of manipulation."

I also argued that if an attempt to extradict, as I stated Rendition, could result in Assange landing at Gitmo. There is a level of violence and hatred pointed at Assange not described in the DSM-5 nomenclature.

JonKnowsNothingJuly 15, 2020 9:09 AM

MSM report on Microsoft's involvement in LEA surveillance systems.

Summary: M$ attempts to maintain an arms-length distance between the various departments, divisions and provider systems to create a "Not Us - Look over There" façade on their full system applications for law enforcement agencies around the world.

Some good conference slides and images of their command and control centers (Domain Awareness System) and their newest enhanced patrol car.

Microsoft Advanced Patrol Platform, or MAPP. MAPP is an IoT platform for police patrol vehicles that integrates surveillance sensors and database records on the Azure cloud, including “dispatch information, driving directions, suspect history, a voice-activated license plate reader, a missing persons list, location-based crime bulletins, shift reports, and more...
  • MAPP patrol car uses IoT - aka IdiOT technology.
  • 360-degree high-resolution camera streams live video to Azure
  • automatic license plate reader that can read 5,000 plates per minute

The system has something for everyone: buff cars, fast cameras, mini-robots, on-line and real-time, AI/ML to “identify bad actors” and lots more.

The only things you need to bring with you are:

   your own wheels and a lot of cash.


ht tps://theintercept.com/2020/07/14/microsoft-police-state-mass-surveillance-facial-recognition/
(url fractured to prevent autorun)

JonKnowsNothingJuly 15, 2020 9:36 AM

@MarkH and Others

The case of Assange is unusual in several important respects. However one feels about the work of wikileaks, it is distinct from conventional news organizations.

Perhaps you should consider this part of your statement very carefully if you are going to follow the rat down the hole.

Attempt to carve out exactly what you mean, intend, thought or expected that line to represent.

Provided you can come up with some actual differences between:

  • conventional news organizations
  • non conventional news organizations
  • privately published news (aka social media)
  • and every sort of magazine, printed system, video, audio etc.

The main objections offered between wikileaks vs conventional media is in the areas of redaction/editing.

Legal cases attempting to make a distinction are happening around the global. Once you can move wikileaks into column B, you can move reporters into column B also. It's not just the USA but every government has an interest in suppressing information. Some don't need a court, they just shoot you.


ht tps://en.wikipedia.org/wiki/Redaction

Redaction is a form of editing in which multiple sources of texts are combined (redacted) and altered slightly to make a single document. Often this is a method of collecting a series of writings on a similar theme and creating a definitive and coherent work.

The term is also used to describe removal of some document content, replacing it typically with black rectangles which indicate the removal

ht tps://en.wikipedia.org/wiki/Concision

Concision (alternatively brevity, laconicism, or conciseness) is using only the words necessary to convey an idea. It aims to enhance communication by eliminating redundancy without omitting important information.

ht tps://en.wikipedia.org/wiki/Noam_Chomsky
ht tps://en.wikipedia.org/wiki/Noam_Chomsky#News_media_and_propaganda

...the media's role in reinforcing and acquiescing to state policies across the political spectrum while marginalizing contrary perspectives. Chomsky asserts that this version of censorship, by government-guided "free market" forces, is subtler and harder to undermine ... points to examples of important news stories that the U.S. mainstream media has ignored because reporting on them would reflect badly upon the country.

(url factured to prevent autorun)


vas pupJuly 15, 2020 3:07 PM

The perfume makers that can't smell a thing:
https://www.bbc.com/news/business-53189292

See extract below and enjoy reading the whole article on AI utilization.


"One company is shaking up the sector by giving consumers the opportunity to play with the technology directly.

In Breda in the Netherlands, ScenTronix allows customers to create their own personalized scent based on a questionnaire they answer when they walk into its Algorithmic Perfumery shop.

After answering questions such as how do you see your role in life and what kind of environment did you go grow up in, the algorithm analyses the data to create unique perfumes for the customer within seven minutes. Customers can buy five samples for €30 ($33; £26)."


What is security vector? Smell is very powerful to affect the weakest link in every security application - human behavior.

WeatherJuly 15, 2020 3:09 PM

Iis bug
Attach ida debugger to iis process set it to run, open a web browser and type 127.0.0.1/aaaaaaaaaaaaa switch back to ida and pause, open a new hex window and search for aaaaaa and set a hardware breakpoint at that location, it will be between 0x200000 and 0x6f00000 ,you can only have 4 hardware breakpoint at a time, set the ida to run, switch back to web browser and resend, the debugger should pause at that place, if the string is something like not/authority/machine I'd/Istart.htm/aaaaaaaaa single step to you get a for loop in asm that does
Var*62
Var1=Var1+Var
,copy paste the asm to c compiler and run match's for istart.htm if the Hash's match, send 8 of those hash as quickly as possibly.

SpaceLifeFormJuly 15, 2020 4:05 PM

@ vas pup

Old article. Can't find newer article atm, but have read that it is now in use.

Maybe best it is to smell like a squid?

hxxps://v1.escapistmagazine.com/news/view/90111-We-Can-Smell-If-Youre-Lying-To-Us

SpaceLifeFormJuly 15, 2020 4:46 PM

@ name.*.*.*.*

In a Mono-polar world, eventually, the Methane Hydrates will win.

It may happen sooner than one would think.

The Methane Hydrates, they are Antifa.

SpaceLifeFormJuly 15, 2020 5:16 PM

I have bridges for sale

hxxps://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html

hxxps://www.theverge.com/2020/7/15/21326200/elon-musk-bill-gates-twitter-hack-bitcoin-scam-compromised

https://mobile.twitter.com/TwitterSupport/status/1283518038445223936

We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.

[For various definitions of 'shortly']

Clive RobinsonJuly 15, 2020 5:22 PM

@ name.withheld...,

There is a level of violence and hatred pointed at Assange not described in the DSM-5 nomenclature.

Such a level as to be orders of magnitudes worse than would feature in any normal undamaged persons worst nightmare.

Thus few can comprehend the pure evil of it, nor realise that for the instigators they see it as no more than swatting a mosquito.

name.withheld.for.obvious.reasonsJuly 15, 2020 5:33 PM

Not in Our Name, a film by John Furse -- Consortium News -- 14 Jul 2020
The miscarriage of justice stated by Director Furse in a discussion regarding the film puts the basis for how Assange is being victimized in the extreme.

The Ewe-Tube vid is at xx s;//www.youtube.com/watch?v=W7M41Nbtp5Y
(mangled uri/url)

More of a film-ella, the concise and accurate reporting of facts and actions surrounding this miscarriage is easily digestible from an objective stance, but I must say there is an emotional reaction as the nature and extent of injustices laid bare in the film brings to the conscious observer that may be unavoidable. More than a report, it is a damning indictment of our systems of order and discipline. Makes one wonder what life on a planet not in this galaxy might be like. Could other worlds experience and live life on a rational and concrete plane? Does one need to detach from the lived experience as deniable, excusable, or inconsequential?

Finally, a comprehensive narrative to a most tragic series of circumstances, so many victims in this farcical drama. Shakespeare would be disillusioned having failed to lay on parchment by way of pen what governments have put to Assange by way of Justice.

name.withheld.for.obvious.reasonsJuly 15, 2020 5:45 PM

@ SpaceLifeForm
Good call, the only side bet I have is narcissistic nihilism begets vaporization--say of the troposphere, stratosphere, ionosphere, magnetosphere, and the life-o-sphere. No ostrich is safe.

SpaceLifeFormJuly 15, 2020 5:50 PM

Twitter is so f*cking pwned, that I doubt this tweet from TwitterSupport has any meaning.

'You may be unable to Tweet or reset your password while we review and address this incident.'

SpaceLifeFormJuly 15, 2020 6:06 PM

Forgot to mention:

We have no way of verifying that this alleged tweet actually came *FROM* TwitterSupport.

There is no Signature.

'You may be unable to Tweet or reset your password while we review and address this incident.'

SpaceLifeFormJuly 15, 2020 6:25 PM

@ name.*.*.*.*

Eventually, the Methane Hydrates will win.

Even post Global Nuclear War.

Even post Global Nuclear Winter.

Eventually, Mother Nature wins. She is a physics expert.

Mother Nature is the Supreme Leader of Antifa.

name.withheld.for.obvious.reasonsJuly 15, 2020 7:20 PM

@ SpaceLifeForm
Okay, had me for a minute. I was thinking it was fearless leader, not supreme leader. moose and squirrel are nearby, donning protective aluminum and tin alloy soft hat.

SpaceLifeFormJuly 15, 2020 7:39 PM

@ name.*.*.*.*

Watch out for moose with stingrays and the squirrels with cell phones.

And beware the owls at night. They have good vision into nefarious deeds.


name.withheld.for.obvious.reasonsJuly 15, 2020 7:44 PM

@ SpaceLifeForm
Thanks for the shark alert and the heads up about squirrels. Wasn't aware they'd be using burner phones, no wonder I cannot pen-trap that one in the backyard tree.

echoJuly 15, 2020 11:38 PM

I'm not a fan of Assange and Craig Murray can be an acquired taste but I believe the idea of law, which is to varying degrees open and accountable, as opposed to rules which can be slippery and arbitrary is where we should be. Buying into framing language such as "rules based order" or "deep state" just play into the weaponised psychology of mercenary lawyers and value free politicians supported by loopholes and freedom of information avoiding special advisors and nudge units and the not very "dark money" but actually very public wealthy individuals whose wealth is sustaining anti-science think tanks and quasi terrorist infomercial social networks.

MarkHJuly 16, 2020 12:03 AM

Re: Press Freedom in the U.S.

I agree with what Clive wrote, about the capacity of malicious prosecution to damage individuals.

As far as I can see, such tactics must be very much less effective against large well-resourced institutions.

As a practical matter, the great majority of pushback against governmental power based on "leak" sources is made by such institutions, and I think has been for as long as disclosure of state secrets has been a criminal offense.

MarkHJuly 16, 2020 12:32 AM

.
The Assange Case and U.S. Law

It's worthwhile putting the espionage charges against Assange into some historical context.

After those charges were made public, press reporting disclosed:

1. Under the Obama administration, the DoJ spent a long time studying the possibility of making such charges against Assange, ultimately concluding that such charges would (a) violate the spirit of the Constitution, and (b) eventually be rejected as unconstitutional in the courts.

2. A number of federal prosecutors disagreed with the 2019 decision to press those charges.

I think a reasonable interpretation of this context, is that the charges are not representative either of the meaning U.S. law, nor of long-term U.S. policy.

They didn't come for more than two years after the start of the Trump administration -- but they did come two months after the installation of William Barr, probably the most authoritarian U.S. Attorney General of modern times.

After the recent volcanic eruption of corruption at the top of the federal government, many millions of Americans are anticipating cleansing and rehabilitation ... starting in about 6 months.

Wesley ParishJuly 16, 2020 1:13 AM

Just came across this courtesy of slashdot:

Exclusive: Secret Trump order gives CIA more powers to launch cyberattacks
https://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html

The CIA’s new powers are not about hacking to collect intelligence. Instead, they open the way for the agency to launch offensive cyber operations with the aim of producing disruption — like cutting off electricity or compromising an intelligence operation by dumping documents online — as well as destruction, similar to the U.S.-Israeli 2009 Stuxnet attack, which destroyed centrifuges that Iran used to enrich uranium gas for its nuclear program.

I see the CIA have been so kind as to substantiate my claim that "cyberweaponry" are the new capital weapons and have made the previous capital weapons obsolete, though the US Strategic Command, like the battleships in the Great Powers' navies until the Second world War, still believes it's central and important.

Another key change with the finding is it lessened the evidentiary requirements that limited the CIA’s ability to conduct covert cyber operations against entities like media organizations, charities, religious institutions or businesses believed to be working on behalf of adversaries’ foreign intelligence services, as well as individuals affiliated with these organizations, according to former officials.
[...]
“Before, you would need years of signals and dozens of pages of intelligence to show that this thing is a de facto arm of the government,” a former official told Yahoo News. Now, “as long as you can show that it vaguely looks like the charity is working on behalf of that government, then you’re good.”

Whoopeee!!! Make America Gulag Again, V 2.0! Trail of Tears Release 2.0, here we come. The All-American Bataan Death March Release 2!!!

SpaceLifeFormJuly 16, 2020 2:17 AM

@ echo

The easiest explanation is that most of the "leadership" on both sides of pond are being blackmailed.

SpaceLifeFormJuly 16, 2020 4:09 AM

I still have not seen any evidence that Twitter has contacted FBI.

Note: @FBI has not tweeted a word since this started.

I am shocked, shocked I tell you!

Maybe this senator has bought a vowel.

hxxps://www.nbcnews.com/politics/congress/after-twitter-cyberattack-gop-senator-calls-jack-dorsey-work-feds-n1233972

The FBI's office in San Francisco, where Twitter is headquartered, also said it was aware of the scam, but it did not say whether it planned to investigate.

"The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud," the office said in a statement. "We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident."

echoJuly 16, 2020 4:20 AM

@SpaceLifeForm

God knows what explains the collective outbreak of insanity. I wouldn't be surprised if blackmail isn't one element of many in the toxic toolbox.

name.withheld.for.obvious.reasonsJuly 16, 2020 5:43 AM

PPD 20 and Cyber Warfare Craziness
@ Clive and Wesley Parish...some duplicative info but added perspective

From The Register, the past becomes the future when a cited change to authorizations under PPD 20 in 2018 (source article at Yahoo) modified administrative cabinet powers regarding engaging in cyber warfare activity. Some were aware back in 2013/14 and few covered or understood what the original directive implied. Having screamed into the wind to draw attention to a unique devolution of power by the Executive, I failed to draw the implications and problems in a way that was cogent or clear.

The article is referenced at the Register and available from Yahoo (indirect citing):
xx sp://www.theregister.com/2020/07/16/cia_secret_cyberwar/

From the article by way of the Reg, story at Yahoo;

The CIA is now able to authorize its own covert cyber operations, according to officials, rather than gain approval from the White House or discuss plans with other departments. One source called the memo “very aggressive,” and “a vehicle to strike back.”

This is what I complained about when I commented on a read of the Presidential Policy Directive, the devolution of power and authority from the Executive down to Under and Deputy Secretaries. At the time I implored others to consider the ramifications of a policy that removes or modifies a core element of the Executive's enumerated responsibilities.

Furthermore the Reg Story, sourced from Yahoo...

Most critically, according to the report, the CIA is not required to prove it has evidence that organizations are carrying out activities on behalf of another’s countries intelligence services before it can launch a cyber offensive against them. It merely has to have a strong suspicion, opening up news organizations, non-profits, tech companies, and a whole range of other bodies to state-sponsored hacking.

And this is the fun that will result, now imagine a department going off reservation and stirring it up--the Executive could be caught flat footed with problem that would make the Bay of Pigs look like a Saturday pork rib picnic.

name.withheld.for.obvious.reasonsJuly 16, 2020 7:08 AM

NIST has announced a program abstract with respect to what I would call robust blockchain architecture from a holistic and broad set of capabilities and domains. Integrity, resilience, performance, validation, testing and verification. It is a roadmap type effort, a framework for a set of device and inter-device capabilities with an as yet specified feature set.

Documents located at the NIST.GOV website.

rrdJuly 16, 2020 9:43 AM

@ ALL

The easiest path to understanding a complex machine is to consult its creator.

Without consulting the design docs slash reference materials, the best you can know is that you don't know, but most people aren't humble enough to admit that.

And so, not knowing how the machine works, they are left hacking about, wondering why this is this way and that that. All the while not knowing that they have access to the operating manual, if only they'd open it.

There is no more complex machine in the universe than the human being. Not knowing this marvelous machine's purpose (including the system that supports us) precludes a person from understanding themself. A proper machine's purpose dictates its operating principles. Thus we are.

One of our problems is that we are free to choose to believe whatever reason we imagine is our purpose and operating principles. Mostly that just comes down to what other people told you is the purpose. And here we are, the bulk of us not knowing why things are so effed up.

The life of Boltzman is instructive. But who has ears to hear, eyes to see and a heart that will choose the path of understanding?

Willful ignorance is why the CDC will no longer be handling hospital data here in the US. Our federal govt and many state govts (eg: GA & FL) are willfully ignoring their emerging health crises.

Even if the effects aren't of the same magnitude, all willful ignorance is the same, but that's not how the willfully ignorant see it.

Even the governors of FL and GA choose to not willfully ignore the teaching that we should all wipe our asses after we drop a deuce. What I mean is that just because we don't ignore every medical teaching doesn't mean we don't ignore important information in other spheres.

_____________

@ Weather and ALL

>> You have nothing to do with this, its a technical issue.

Everything I say is (to the best of my abilities) technical. Never forget what Boltzman faced, and what he preached, and what Einstein proved just a few years later. What I say here is that understanding morality is essential to implementing security.

I'll not hazard a guess as to why people ignore the possibility that it is possible to achieve personal moral purification, but I do know that sometimes it's because their culture denies its possibility or worth. They are satisfied with however they are, acting and believing within whatever range their chosen culture dictates they behave.

James Watson comes to my mind, who said (my paraphrase), "I find religious people to be daft." So he ignored the entire subject, and winds up a eugenicist and racist. Not the company I would choose to keep, but I see his tendencies all over our Internet society.

I prefer Aldous Huxley, who wrote both "Brave New World" and "The Perennial Philosophy". Who can better explain today's world of woe, Watson or Huxley? Which is more important, the structure of DNA or why our leaders are helping their people die?

And here's a crucial point: Watson didn't make himself more evil; it was merely a side-effect of his not engaging any effort to question and improve his morality. Our default state is to be "not-enlightened"; we must choose to level-up, and that's hard graft, especially because we each have vices to root out and transmute into their virtues.

Then there are the Bill Barrs of the world that put forth effort to make themselves more amoral, more evil. To gain more selfish power and even take pleasure in causing misery in others. They lose their ability to be happy along that journey, even if they gain more pleasure. (Most people don't understand the distinctions between happiness and pleasure.)

It is likely that none of you folks belong to that deliberately evil crew, that being the result of our host's commitment to the EFF and its Earthwide mission to help us all have access to any and all information that will help us improve our lives. Compassion for *ALL* our fellow human beings is the essence of positive morality. Such love makes the people who embrace it see the world differently; we feel the pain of others and seek to alleviate it. An organization's founders set a tone within it. That's what makes this place special in an internet filled with vocal, ignorant morons.

We each live on the spectrum within the polarity of good and evil. Morality is not only where we choose to exist within that range of human potential, it is the direction we apply force within the field, i.e. the direction we choose to move our moral selves. At the end of all our choosing, how we treat *all* others is the measure of each of us, irrespective of what we say we believe. Some actively love, some kindof care but not enough to do anything to help others, and some take pleasure from the kind of winning that requires others to lose. There are no other categories.

Ignorance is but one of the 19 conditions in our being that produces a force that moves us towards the negative pole of our potential, the pole that is less compassionate, less kind, less considerate to and of others.

Hubris says one can understand our place in this universe without acknowledging and accessing its Creator, which is senseless because we are the ultimate information processors: why not test our limits of perception regarding the greatest conceivable mysteries? One's assuming, without even trying, that the universe is not the database server to our mind's client has done neither enough deep reading nor thinking. And don't be silly enough to put preconditions or constraints on the rules for what and how we can access It. No, you've just got to learn how the communication channel works, the protocol and the passwords, the abilities and limits, the laws and ramifications, and how obeying the rules allows greater access, greater comprehension, greater clarity, both within and without.

Thanks, @Weather, you can call on me anytime, I'm at your service!

For me to act like I don't know would be a form of lying, and I despise lying, especially in myself. For others to act like I don't know is just how most human beings choose to live their lives, but I do not care because I am only responsible for my own attitudes and behaviors. My taking responsibility for my manifestations of them is what gives me strength, peace, happiness and discernment of myself and others.

Think upon the inner force that drives people away from the concepts I elucidate here.

Think upon the force that drives our leaders to let their people die of COVID-19 when all they have to do is order people to cover their faces, social distance and gather in fresh, open air.

Think upon the (his very own words) "force [that] came over" the serial rapist/killer/burglar ex-cop that just pled guilty in San Francisco.

Think upon the fact that one can never draw deep conclusions about any complex system without first understanding the foundations upon which it is built and operates.

Think about a secure, perfect society and what characteristics its members *HAVE* to embody for it to work. Why can they never be divorced from morality/ethics?

Boltzman presented statistical mechanics as a fundamental mechanism of the universe.

I am presenting fundamental human mechanics of morality and how they apply to governance, psychology, sociology and, believe it or not, security. Who else has even claimed to be able to teach others how to measure one's "humanity" (and with it, that of others)?

It is said a genius is known not by their answers but by their questions.

Let me create an addendum quote here, "And the ignorant can be defined by which questions they refuse to entertain."

Remember, technically correct is the best kind of correct and the technically correct can only come from the ranks of those who humbly endeavor to learn their craft, one honest question and answer session at a time.

rrdJuly 16, 2020 10:24 AM

@ vas pup (and ALL)

>> What is security vector? Smell is very powerful to affect the weakest link in every security application - human behavior.

Stanislaw Lem wrote a book (or short story, I don't remember) about societal use of mood-affecting scent technology to prevent people from perceiving how horrific their environment and food was. If anyone can remind me of the title, I'd greatly appreciate it. It had a Matrix-like "wake up from the lies the govt is telling you" vibe, IIRC.

But the real question is: what is more important than morality?

It wasn't smell that led that Los Alamos Lab guy to selling our nuclear secrets to the Soviets. (Feynman borrowed his car to see his dying wife, IIRC.)

It is possible to gain self-control over our subconscious desires. No matter how good a woman smells (is she ovulating? is the smell even conscious?) I'll not even entertain the thought of cheating on my wife with her. That is because I understand the situation and try my best to make conscious choices, always trying to measure myself against the best ethic I can learn and adapt. Besides, such selfish impulses that could potentially cause harm to others always lead us to more unhappiness for ourselves. And that would lead to regret. No thanks.

Our chosen morality (like all our choices) changes how we perceive the world, which is precisely why Huxley researched "cleansing the doors of perception".

Black people are not intrinsically less human than any of us; it is the misperception of racists that lead other willfully ignorant human beings to glom on to those hateful, ignorant attitudes and then act belligerently. And black racists believe the same thing about white people. Such negativity is merely a human mammalian potential. The Imperial Japanese demonstrated it against other oriental peoples to horrific effect in WWII. And Nazis against the Jews, amongst others, of course.

Only people who are not actively self-evolving their morality are susceptible to subtle scent behavioral modification. Same for subtle (or not so subtle) memes, which are far more dangerously destructive, as evidenced by, well, everything we see and hear on the news here in 2020.

Sherman JayJuly 16, 2020 12:19 PM

When considering 'human exceptionalism' and (ab)use of natural resources - always remember:

MOTHER NATURE BATS LAST!

That combination makes me feel rather insecure.

Clive RobinsonJuly 16, 2020 12:58 PM

@ Sherman Jay,

MOTHER NATURE BATS LAST!

But it's the laws of physics that are the umpire...

You might not know but we've been hit by a very minor solar storm the past couple of days whilst it's not had much effect above the FM Broadcast band even at 50MHz it's had some interesting effects.

Whilst it's been way to minor to cause a Carrington Effect it has produced auroras at lower latitudes than you might expect, which has given some astronomers some rather good photo ops.

What many do not realise is that in of it's self the Carrington Effect was actually quite minor and as technology back in 1859 was nether sophisticated or common it's effects were limited. The same level event today could take out national infrastructure over continental sized regions and many satellites would be impared or stop working altogether, that would eventually by cascade effects of satellites hiting satellites effectively close space to mankind for some time to come.

However the Carrington effect is still minor compared to a direct hit from some solar ejecta which would have significant effects on the earth's biome, including what may well be a mass extinction event.

But we may already be dead and not yet know it... Occasionaly some stars go high order big style as Supernova and send out jets of x-rays etc to span not just solar systems but from one galaxy to another... Whilst a type II supernova would have to be within 26light years a type Ia could be as far as 3000 lightyears and still have a noticable effect on our biosphere.

vas pupJuly 16, 2020 2:20 PM

EU-US Privacy Shield for data struck down by court

https://www.bbc.com/news/technology-53418898


"A major agreement governing the transfer of EU citizens' data to the United States has been struck down by the European Court of Justice (ECJ).

The EU-US Privacy Shield let companies sign up to higher privacy standards, before transferring data to the US.

But a privacy advocate challenged the agreement, arguing that US national security laws did not protect EU citizens from government snooping.

Max Schrems, the Austrian behind the case, called it a win for privacy.

"It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role in the EU market," he said."

Read the whole article! Enjoy.

vas pupJuly 16, 2020 2:34 PM

Coronavirus: Russian spies target Covid-19 vaccine research
https://www.bbc.com/news/technology-53429506

"Russian spies are targeting organizations trying to develop a coronavirus vaccine in the UK, US and Canada, security services have warned.

The warning was published by a international group of security services:
◾the UK's NCSC
◾the Canadian Communication Security Establishment (CSE)
◾the United States Department for Homeland Security (DHS) Cyber-security Infrastructure Security Agency (CISA)
◾the US National Security Agency (NSA)

[All are from 5 eyes - by the way - just observation]


""They [Russians] have lots of people, we have lots of people, the Americans have even more people, as do the Chinese," commented Prof Ross Anderson from the University of Cambridge's Computer Laboratory.

"They are all trying to steal this kind of stuff all the time."

I agree with Prof Anderson - everybody do the same with more or less success. Regarding Russia: people are cured our of COVID by State funding medical service. People pay nothing. So, if Russian spies could steal something related to COVID treatment, beneficiaries are all the whole population. I guess in reverse case I doubt US spies similar activity will benefit all population, but rather big pharma.
I wish I am wrong on that, but truth is stronger than loyalty.

SpaceLifeFormJuly 16, 2020 2:43 PM

Hey FBI

While you are investigating the Twitter hack,
I suggest you look into AWS as the vector.

When Twitter says "We detected what we believe..." that is just handwaving, mental masturbation.

Twitter has no clue as to how pwned they are.

When users proactively changed their password, then get told to change their password, and when they attempt to do so, and it does not work, well, the nature of the hack is not what Twitter is saying.

When users are told that their email addy is incorrect, the nature of the hack is not what Twitter is saying.

Did Twitter apply the MS DNS Patch?

Or was the hole already exploited months ago?

vas pupJuly 16, 2020 3:32 PM

Move over, Siri! Researchers develop improv-based Chatbot
https://www.sciencedaily.com/releases/2020/07/200715095502.htm

"Computer scientists have incorporated improv dialogues into chatbots to produce more grounded and engaging interactions.

The SPOLIN research collection is made up of over 68,000 English dialogue pairs, or conversational dialogues of a prompt and subsequent response. These pairs model yes-and dialogues, a foundational principle in improvisation that encourages more grounded and relatable conversations. After gathering the data, Cho and May built SpolinBot, an improv agent programmed with the first yes-and research collection large enough to train a chatbot."

echoJuly 16, 2020 4:19 PM

@Vas pup

The legal battle over data protection standards versus data transfer both outside the EU generally and to the US specifically has been going on for some time. Without looking things up - in the UK some people decided to withhold censor data because it was being transferred to a US based company for data processing and they were prosecuted. The judge found them guility. A judgement on another later unrelated case said basically yes they were right and the judge was wrong. The latest case you report on the EC only confirms that US privacy protections are not as good as the EU. Not only that but the ECJ is cracking down on none EU law and contracts subverting peoples rights in EU law. Under the withdrawal agreement this decision of course applies in the UK.

When there is no enabling statute and human rights and equality and other law is ignored this particular issue not just of state sector making up "rules" as they go along but also some private sector especially making corporate based law is a very worrying trend.

While common law jurisdiction law and some pre-imndependence US and Honk Kong etcetera law can have legal force in the UK it falls to judges to admit other equivalent law into the court. You cannot simply assert it. Now there are legal instruments including Civil Law jurisdiction instrument which are not immediately admissible which with some work can fit within UK law or can be put forward with a high degree of confidence because it follows on from existing law and fills a gap but again this is for the judge to decide.

Yes I know there is no such thing as UK law but I'm not adding caveats on every single point of law every time just to seperate England and Wales from Scotland.

Back in the day King James the whatever tried to unify Scotland and England and Wales under one legal system but the City and various politicians put a block to this. It was a fantastic idea but alas the English establishment "Alt-right" were having none of it. Fast forward until today and the Johnson regime is actively trying to backdoor Scottish governance in the past week alone. And as we all know the UK government has been ignoring EU legal obligations with respect of human rights for some time now.

SpaceLifeFormJuly 16, 2020 4:31 PM

Another possible vector on the Twitter hack.

This subdomain exists

twitter[dot]zoom[dot]us


hxxps://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/

JonKnowsNothingJuly 16, 2020 5:21 PM

re: COVID19 in Mink

MSM Reports from Spain that a mink farm there has been infected with COVID19.

In previous posts (somewhere on the blog) are references to mink to human transmission of COVID19 in the Netherlands and COVID19 outbreaks in mink farms in Denmark.

We know that mink to human is possible.

Netherlands/Denmark Transmission route:
 Human -> Human -> Mink -> Mink -> Human
 Human -> Human -> Cat -> Mink -> Mink -> Human

Spain Transmission route:
 Human -> Human -> Mink -> Mink

Some details:

  • The number of mink to be culled varies by report from 92,000 to 100,000 minks.
  • 7 human keepers became sick May 22, 2020
  • They infected by a visitor 6 weeks earlier (~April 10, 2020)
  • Initial tests showed 30 mink infected (~July 1, 2020)
  • Tests on July 13, 2020 showed 87% of the mink infected. (~87,000 mink)

So the infection rate went from 30 to 87,000 in 14 days.

The COVID19 virus strain in Netherlands was a local version. There was an outbreak at the same time in Denmark affecting 3 mink farms. 2 of the Danish farms had similar strains. The reports at that time did not indicate if all 3 the Danish farms had the same strain or if the strain was the same as in the Netherlands.

The Strain in Spain has yet to be Explained...
(oh sooooo bad .. the devil made me do it)


ht tps://www.mirror.co.uk/news/world-news/spain-orders-deaths-92000-mink-22368290
ht tps://www.reuters.com/article/us-health-coronavirus-spain-minks-idUSKCN24H28U
ht tps://www.straitstimes.com/world/europe/spain-to-cull-nearly-100000-mink-with-coronavirus

ht tps://en.wikipedia.org/wiki/Flip_Wilson
ht tps://en.wikipedia.org/wiki/Geraldine_Jones_(character)
ht tps://en.wikipedia.org/wiki/WYSIWYG#Etymology
(url fractured to prevent autorun)

echoJuly 16, 2020 6:34 PM

@vas pup

Thanks. I'm sorry I haven't provided citations on everything but I'm not a lawyer and it's not my day job. I regret now not organising everything in an organised database especially given the volume of material I've collected.

It's really difficult to convey the pseudo-authority and grace and favour routine unlawfulness of rote learned silo mentalities. Clive says the same thing only orders his words differently. The fact the UK even in England alone has three competing legal systems in practice (Celtic, Roman, and Norman) with each entity cherry picking to suit themselves is a real pain. This is before you get into interaction with the EU where the majority of states have Civil Law systems with the Human Rights Act being Civil Law implemented in a Common Law jurisdiction. Now some blowhards claim the UK (meaning England in practice and the rest suffer) doesn't do Civil Law but this is not true. Ecclesiastical Law is Civil Law. Then there are the old courts of equity and habeous corpus being rolled up under judicial review which the current government has actively tried to do away with. This has been helped in part by abusing the deprecating of the House of Lords as the highest court in favour of their function being passed to the Supreme Court which, by a slight of hand, is subject to the Commons so actually has less power not more based upon the legal myth of "Parliamentary Sovereignity" and other concentrating of power by the executive. Enter the topic of "legal drift" and nod along judges passing the buck and short memory syndrome and you can perhaps understand how the UK government gets away with things as they do.

A technical note: Parliament is composed of the Commons, House of Lords, and the Monarch. The General Synod is a branch of parliament and the General Medical Council is a quasi-parliamentary body as are others. This is without considering the monarchs role as custodian of the common law on behalf of the people, the actual status of statute being less firm than commonly advertised but simply the overwhelming force of societies opinion as expressed via Parliament, and the role and status of the Privvy Council and overseas territories and protectorates.

Sorry for the info dump. I'm just putting this out there to help show how the UK legal system in practice is a complete mess and indicate why some of the more irritating political decisions and injustices may happen.

rrdJuly 16, 2020 7:36 PM

@ Weather

Thanks for the very kind compliment. I'm glad you were thinking of me. (Where does inspiration come from anyway?)

I use "Creator" to not show favoritism towards any language's name of the Unfathomable It. That could prejudice the reader with respect to their prior knowledge of their form(s) of religion.

The Sufi Message is always one of universality three ways: starting with our Creator, then the human race, and finally the Message of Love itself. We strive for Earthwide unity across all our differences in ethnicity, culture and practice, all pointing towards an ethic of compassionate, caring cooperation, and an end to all oppression.

The reason that the Message is universal is that our beings are actually transformed by the process, and we all have the ability to undergo some form of self-evolution in our lifetime, with the aim of self-evolving our entire societies and nations towards greater equality and harmony.

On a separate note -- I've been meaning to ask you -- you asked me for a hash of something a while ago, but I thought it was a joke or something. If you want to run that by me again, I'd be happy to get some code running on my box and produce some output for you. I just need the details. I'm sorry I didn't take your request seriously and I'll try not to do it again.

echoJuly 16, 2020 7:59 PM

As a continuation of my previous comment about rote learmed soli mentalities and a garbage system during pandemic downtime I've been watching and curating alongside other material lots of youtubes on cooking and special forces military. I find it amazing that you can listen and watch and learn from people who are or who have been at the very top of the game.

By learning from the best I don't just mean the odd technique, such as ratios in recipies which is a big open secret which once cracked gives you a massive power in the kitchen. Understanding this allows you to rejig a recipe for any number of people but also an understanding of the chemistry involved in cooking which can produce very different end products for exactly the same incredients as well as appearance and flavour issues due to presentation and layering. Most of the military stuff is largely known knowns about fieldcraft but even so I'm still constantly amazed by the efficacy of certain methods and how various tips and tricks play into achieving a very high standard of performance.

One thing which stands out to me, and I think this is important for both discrimination and social policy, is although it is often the loud and shouty types who create controversy and headlines how many people who you would consider top tier are so keen to share their experience and by and large are enthusiastic and quite decent people.

I've also been very interested to learn over the past year about new academic and other work which has highlighted things as diverse as positive training is better for dogs, and supporting work such as how dogs are driven by an oxytocin buzz and get PTSD from negative training or being shouted at. Other very intriguing academic work I read about this past few months on human psychology reflects the Zen "learn by observation" technique where our brains adapt and harmonise at a neurological level to the psycho-social model of other people.

Values and motivations do matter and from a lot of the commentary I've been absorbing a lot of what is expressed does run counter to the authoritarian human rights snubbing anxiety-terror led politics bubble we're currently consumed by.

JonKnowsNothingJuly 16, 2020 8:32 PM

Just for future historical perspectives...

The USA President Trump has order that COVID19 data be rerouted from the CDC, the normal recipient of such data, to the Department of Health and Human Services.

This order was given on Friday July 10, 2020 and effective as of Wednesday July 15, 2020.

As a result of the change, many US based data sites, sources, dashboards, presentations and data analysis are "BROKEN".

In my own small patch of California where the July 4th Surge is wreaking havoc, the county is no longer able to provide daily updates. Per their website and dashboard, data will be presented 2x a week and some data may be pulled from another source.

I can verify that the data is C R A P P E D U P.

Earlier in Brazil, Bolsonaro tried to halt their data but the Brazil Supreme Court blocked his order.

In Australia they are trying something similar there too. An outbreak of COVID19 among hospital workers (@150), the local Pooh-Bah refused to provide details.

Florida has attempted to block or alter data too.

We may have to resort to drone photos of the mass graves like New York, Manaus, Peru, Mexico etc. The cathedral in Peru filled with 5,000 images of local dead maybe our Plaza de Mayo.



ht tps://arstechnica.com/tech-policy/2020/07/trump-admin-undercuts-cdc-seizes-control-of-national-covid-19-data/

ht tps://www.theguardian.com/australia-news/2020/jul/16/victoria-refuses-health-workers-have-covid-19-hospital-staff-looming-crisis-coronavirus

The Victorian government has refused to answer questions about hospital surge capacity or the number of medical institutions coping with outbreaks of Covid-19, with hundreds of health staff now in precautionary quarantine due to potential exposure to the virus.

ht tps://www.nytimes.com/2020/06/08/world/americas/brazil-coronavirus-statistics.html

ht tps://www.cnn.com/2020/06/15/us/florida-coronavirus-data-dashboard/index.html

ht tps://www.theguardian.com/world/2020/jun/15/peru-archbishop-fills-church-with-portraits-of-covid-19-victims

(url fractured to prevent autorun)

echoJuly 16, 2020 8:53 PM

@JonKnowsNothing

I think the UK government attempted a similar takeover of the narrative but has also been more actively with fiddling behind the scenes so not so overt. Throw in political grandstanding and amaetur hour behaviour from politicians, and academic versus virologist and various medical people tripping overtheir own empires, NIH, and differences in technical jargon, and at the administrative level various failings to share and publish timely information and everything is quite a mess.

What irritates me is how so many job titles seem to think they are the only people with skills who can process and understand academic papers and policy and data in real time. They're not fooling anyone only themselves.

I cnnot comment on the US but I am satisfied to a very high degree of certainty thatsome of the decisions by UK ministers has been to actively conceal or muddy the waters as strategy to avoid attracting judicial reviews or destroy or obscure evidence for a future prosection or public enquiry.

I do not believe the current UK Attorney General is acting in the public interest but merely hiding behind the job title to actively conceal unlawful behaviour by the government.

Given I know the UK Ministry of Justice actively pursues unlawful political cases and refuses to answer FOIs and provide information which I personally know is already in the public domain I don't expect any member of staff to blow the whistle soon.

rrdJuly 16, 2020 8:58 PM

@ Weather

I've compiled the code from:

hXXps://codereview.stackexchange.com/questions/182812/self-contained-sha-256-implementation-in-c

which points to:

hXXps://github.com/amosnier/sha-2

And cross-checked it against my built-in sha256sum. It's working and ready.

Q#1: Do you want the input to be 10 of the same char from the set of possibilities, or do you want me to semi-randomly choose 10 chars from that set?

And

Q#2: Do you just want the hex bytes in a simple row or in a particular format?

Thanks for the code kata.

name.withheld.for.obvious.reasonsJuly 16, 2020 11:47 PM

14 Jul 2020 -- Nils Melzer -- Interview with Consortium News

"The real purpose of torture most of the time is intimidation. And it is not necessarily intimidation of the victim, it's intimidation the intimidation of everybody else. That's why people are being tortured in public spaces. That's why women are being raped on the village square in an armed conflict. That's why people are being executed publicly and punished and flogged because you want to intimidate everybody else.

That's the power of torture, and that is what's happening to Julian Assange. It's not about punishing him, it's not about interrogating him and finding the truth or something, but it's about intimidating all other journalists and publishers. Making sure that no one does what he has done because that's states are afraid of. That's what this is about and this purpose has already been achieved, it's not that states think they have only achieved their goal once he is extradited they can take as much time as they want.

As long as Julian Assange is holed up in a high security prison just to prevent his escape in case of extradition, as long as he cannot work, as long as he's isolated they make an example of him. You can see the effects already, how the mainstream media is intimidated and cannot even report about this case objectively because they're so afraid that they might end up in the same place.

You can see that the New York Times publicly acknowledges they submit their own national security relevant articles to the government before releasing them so they're basically being censored already by the government. The New York Times, I mean who would have thought that, so this is already working. Everybody's already intimidated, let's acknowledge it. So this fight is really to re-establish press freedom rather than just protecting them."

Nils Melzer

echoJuly 17, 2020 12:33 AM

@name.withheld.for.obvious.reasons

The Guardian is carrying a story by Anthony Baxter about a documentary called "You’ve Been Trumped Too". He describes the power and influence of Trumps money in closing down the truth and how he intimated people and how he vindictively tried to bully a 92 year old Scottish woman. The good news is after a decade long struggle the documentary is available worldwide from next month.

JonKnowsNothingJuly 17, 2020 2:25 AM

I have no idea what is happening or why but there's some serious policing happening in Portland, Oregon USA.

Several MSM reports indicated Federal Police from a number of agencies are using unmarked vehicles and unmarked uniforms to snatch people off the street there.

There must be a whale sized load of tech being used to target people or it's Federal blundering-bludgeoning in play.

Reports indicate tactics are similar to standard renditions:

  • unmarked vehicles
  • unmarked or masked "police"
  • armed officers with body armour, guns, Tasers etc.
  • victims appear to be random or near some "target line"
  • suggestions that the target line is near a Federal Building or Federal Area
  • no information give at time of snatch
  • victims have their eyes covered
  • destination unknown
  • unloaded into unknown facility
  • Miranda Rights read hours later
  • No information give about what, why they were arrested
  • When released no arrest information given, no paperwork, no police/legal/court contact information.


Some links:

ht tps://www.opb.org/news/article/federal-law-enforcement-unmarked-vehicles-portland-protesters/

Federal Law Enforcement Use Unmarked Vehicles To Grab Protesters Off Portland Streets

Federal law enforcement officers have been using unmarked vehicles to drive around downtown Portland and detain protesters since at least July 14. Personal accounts and multiple videos posted online show the officers driving up to people, detaining individuals with no explanation of why they are being arrested, and driving off.

ht tps://www.newsweek.com/federal-agents-bundle-protester-van-portland-1518302

A viral video shows federal agents bundling a protester into an unmarked van in Portland, Oregon after arresting the person without identifying themselves... The 39-second clip starts as two agents in camouflage gear approach a protester as the person filming asks them: "What are you doing? Use your words. What are you doing?"

The Department of Homeland Security (DHS) has deployed officers in tactical gear from more than six federal law enforcement agencies and departments, The Associated Press reported, to crack down on unrest in Portland, which has seen sustained protests since the death of George Floyd, a Black man, in Minneapolis police custody on May 25.

Other report:
ht tps://www.emptywheel.net/2020/07/16/trumps-rump-coverers-other-mission-militarized-voter-suppression/

Federal personnel without clear identification have been snatching people off the street in Portland, Oregon.

(url fractured to prevent autorun)

SpaceLifeFormJuly 17, 2020 2:46 AM

Twitter basically confirms they have no idea.

They "believe, approximately", "in some way" "as part", "small subset"

If they can not enumerate what a "small subset" of "approximately 130" is at this point, they should not be allowed near a computer.


"Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts."

name.withheld.for.obvious.reasonsJuly 17, 2020 3:50 AM

23 Jun 2020 -- Vice News Interview -- Edward Snowden
On a final thought he says:
"They are used against the people that are most vulnerable, against vulnerable minorities, and then they're used against everyone. Even if you feel like this doesn't affect you personally, it does and it will in time."

"And we need to understand, you know, the pandemic will eventually recede, we do inevitably make progress towards a more just society on the backs of people that sacrificed their lives to win it for us, but the rights we lose to every emergency law that passes because we are afraid, we never get those back. Pandemics recede but, you know, the tide of Rights that recedes too."

...he ties his thoughts together (@ Bruce and Clive, your wheel house)...

"I think we need to understand that when we talk about technologists, when we talk about people working at Facebook, when we talk about people on the street who are standing up and exposing themselves to violence to protect other people from violence this stuff matters, that is the only way the world gets better. It's not enough to read, it's not enough to believe in something, it's not enough to write something, you have to eventually stand for something if you want things to change. What is changing today is the fundamental structure in the relationship of the individual, the citizen, the non citizen, the institution be it corporate or governmental."

"And it's very fashionable I think in the United States, in a lot of developed countries, generally to think about corporations as arms of government, we see the chummy relationship, we see how much influence happens there, but when you think about who has the most influence over what laws written and what laws get passed in the United States I think we need to seriously consider that perhaps it is government that's becoming an arm of the corporation."

Edward Snowden

NOTE: HE JUST SAID...FASCISM

Wesley ParishJuly 17, 2020 6:01 AM

@rrd re: Stanislaw Lem book about societal use of mood-affecting scent technology to prevent people from perceiving how horrific their environment and food was.

It's The Futurological Congress, and a funnier, sharper satire I have yet to read.

myliitJuly 17, 2020 6:02 AM

https://www.newyorker.com/humor/borowitz-report/georgia-governor-orders-statewide-ban-on-science

“ATLANTA (The Borowitz Report)—In his latest response to the coronavirus pandemic, Georgia’s governor, Brian Kemp, has issued a sweeping statewide ban on science.

“Over the past few weeks, scientific information has been spreading throughout the state of Georgia like wildfire,” Kemp said. “We need to flatten the truth curve.”

Under the executive order, Georgians can be fined as much as five hundred dollars for visiting Web sites containing evidence-based information.

Additionally, Kemp is issuing a stay-at-home order for all Georgians planning a trip to a library or bookstore.

The governor said that Georgians could once again visit the Centers for Disease Control and Prevention Web site “as soon as the rest of its data has been safely removed.”

Kemp’s zero-tolerance policy on science drew strong praise from his Republican colleague Donald J. Trump.

[...].

Trump’s support has reportedly emboldened Kemp, who is said to be considering a statewide ban on integers.“

rrdJuly 17, 2020 7:11 AM

@ Wesley Parish

Wow. Thanks a bunch. It must have been over 30 years ago I read/had that book. All I remember is the scent-tech stuff.

FYI, in the past few years I found and dug Lem's "The Invincible". It's pretty much pure hard-SF. I appreciate it for its depth of world-building, much like I love Gibson's capers, tech, social commentary and, well, everything.

________

@ Weather

Yeah, when we go off the rails, posts get pared back to less contentious and at least security-adjacent comments.

Regarding the sha256, here's the hash:

0456d0f6e8b879156fa4a749a7d9c863916ba61ebe621be474fca4ee70b21661

vas pupJuly 17, 2020 3:26 PM

@echo - that is related to subject matter we both are interested in

Police in Germany have too much access to personal online data, top court says
https://www.dw.com/en/germany-police-personal-data/a-54209653

"Germany's Constitutional Court has ruled that current police access to personal data from phone and internet users is unconstitutional. Two groups, one with more than 6,000 supporters, argued their rights were breached.

Germany's top court on Friday ruled that police and intelligence officials have excessive access to personal data on mobile phone and internet users, a decision that will make it more difficult for investigators to access private information held on digital devices and accounts.

The Constitutional Court in Karlsruhe ruled that several regulations that allowed access to so-called "inventory data," which includes internet and mobile users' names and birth dates, were unconstitutional.

In a press release on its website, the court said that current law violates users' "fundamental rights to
=========>informational self-determination

The court said that while accessing such data is generally permissible under German constitutional law, "transmission and retrieval regulations must sufficiently limit the purposes for which the data is used."

Lack of 'concrete danger'

"The Senate has made it clear that the general powers to transmit and retrieve inventory data...generally require a concrete danger present in the individual case and an initial suspicion for criminal prosecution," it said.

In the eyes of the court, authorities had been allowed to access data for causes that did not meet the threshold of legal interest.

The ruling means that Germany's Telecommunications Act and several other laws will need to be revised."

Read the whole article - many other interesting points. Happy Friday!

echoJuly 17, 2020 4:03 PM

@vas pup

DW news is pretty good and available on youtube. Thanks. This article was worth a browse.

Going off on a tangent I know for a fact companies providing financial services in the UK breach both the data protect act and money laundering legislation. Information obtained for one purpose is used to support decisions on service provision without supporting legislation for political reasons including, yes, appeasing overseas out of jurisdiction American regulators. Without going into details this is a breach both of UK domestic human rights and equality law, and in the case of the US I understand politics at a state level is creating similar pressure without supporting authority in law.

I think the German authorities drive to combat the far right and online extremism is a good thing. Some of those on the far right hide behind careful choices of words and take advantage of multiple jurisdictions on the internet. The far right are very sneaky and pernicious. Ultimately the main threat comes from politicians who enable them and give them licence. As we know the Germans sacked their own head of intelligence after he demonstrated on more than one occassion far right sympathies.

I don't think the BBC would dare cover constitutional issues like this or go after the current head of MI6 for being political or the "revolving chair" grifters who are leveraging their income after serving with MI5 or the Joint Chiefs.

As for the Netherlands being lockstep ass kissers of UK-US?...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.