Friday Squid Blogging: Jurassic Squid and Prey

A 180-million-year-old Vampire squid ancestor was fossilized along with its prey.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on April 9, 2021 at 4:08 PM123 Comments

Comments

Mr. Peed Off April 9, 2021 10:09 PM

“Despite decades of investment in cybersecurity personnel and capabilities, today the congressionally run Government Accountability Office (GAO) says U.S. federal cybersecurity capabilities have regressed from prior years—and federal cybersecurity is currently in the GAO’s category of government programs at high risk of failure. Under the “assume breach” mindset, the GAO’s reasoning is clear. There are no internal walls to prevent breaches from spreading.

For this reason, it is time for a different model for cybersecurity. U.S. military bases have layers of walls, guards, badge readers, and authentication measures to control access. The United States needs the same mindset for its cybersecurity.

Agencies need to adopt an “assume breach” mindset and invest in the security controls required to stop intruders’ internal movements. To “assume breach” in cyberspace means to invest in a comprehensive defense-in-depth strategy to stop intruders from moving freely throughout a network once they’ve broken past the perimeter. What’s more, the government needs to continuously test its security controls to ensure they work. ”

https://www.lawfareblog.com/us-government-needs-overhaul-cybersecurity-heres-how

SpaceLifeForm April 9, 2021 10:34 PM

Another FB dump.

You get one guess as to where it was found.

https://www.vice.com/en/article/qj8dj5/facebook-phone-number-data-breach-telegram-bot

An online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Page, and the underlying dataset appears to be separate from the 500 million account database that made headlines this week, signifying another data breach or large scale scraping of Facebook users’ data, Motherboard has found.

“Hello, can you tell me how you got my number?” one person included in the dataset asked Motherboard when reached for comment. “Omg, this is insane,” they added. Another person returned Motherboard’s call and, after confirming their name, said “If you have my number then yes it seems the data is accurate.”

Ismar April 10, 2021 12:48 AM

This article from Google Zero Project highlights the importance of collaboration across companies to improving of the overall computer security
as well as what they call offensive security work

https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html?m=1

“ Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.”

Winter April 10, 2021 4:22 AM

@Mr P
“For this reason, it is time for a different model for cybersecurity”

It is clear that USA institutions, e.g., Intelligence Services, Military, and FBI, are all failing in their job of protecting US governmental institutions and citizens.

I blame their insisting on open access to all ICT systems for this failure. As long as offensive needs alwayd overrule defensive needs, no one will be safe.

I see a parallel in USA law enforcement and health care, where punishment and medical cures (i.e., cleaning up the mess) are always prioritized over prevention.

Ismar April 10, 2021 4:24 AM

https://arstechnica.com/information-technology/2021/04/ransomware-shuts-down-production-at-two-manufacturing-plants/

“ Patching and reconfiguring devices in industrial settings can be especially costly and difficult because many of them require constant operation to maintain profitability and to stay on schedule. Shutting down an assembly line to install and test a security update or to make changes to a network can lead to real-world expenses that are nontrivial. Of course, having ransomware operators shut down an industria”

hhsecwatch April 10, 2021 5:16 AM

I try to rationalise the synergy and conflict between security and privacy on a regular basis. Seeing the recent news about mitre and a system for “guessing” your name based on your face, or vice versa, I’m reminded of how bad something like this is for personal privacy and the potential for abuse or misuse. It seems to me as though nation states do not care so much about individual privacy because it hinders their objectives. And individuals mostly care more about privacy because ultimately it is other humans that are in control of our data. And so there is likely to always be a conflict between these two opposing forces, with varying degrees of compromise being reached. I think the mistake is to believe that there is a perfect answer to resolve this conflict. And the bigger mistake is to think that once you have picked a side, that you have any chance of achieving a victory that all will be happy with. I want a national security team that can protect me. But I don’t want to be spied on or profiled (aware I have not even mentioned fb, Google, or Amazon yet). What are our best options for finding peace in this landscape? Fight for a perfect system, or accept that there will never be one and get on with our lives? Asking for a friend.

Mel Orca April 10, 2021 8:50 AM

Google had a proposal to W3C TAG (Technical Architecture Group) to treat multiple domains as same origin?

According to this:
https://www.theregister.com/2021/04/08/w3c_google_multple_domains/

This of course would have had an effect on same-origin policies for scripts and other interesting things…

Anyway TAG shut it down saying among other things:

“We are concerned that this proposal weakens the concept of origin without considering the full implications of this action.”

They in particular had a concern about it in connection to Google’s “Privacy Sandbox“.

Apple’s Lead for WebKit development was also concerned about “bad faith claims,” adding:.

How to prevent domains that are not actually owned and controlled by the same party from making claims of being related? For example, an ad network could get its top publishers to enter an association to regain a certain level of tracking powers.

All in all interesting, considering that Google (Alphabet) has probably world’s largest ad network.

Mr. Peed Off April 10, 2021 9:52 AM

@ Winter
“I blame their insisting on open access to all ICT systems for this failure. As long as offensive needs always overrule defensive needs, no one will be safe.

I see a parallel in USA law enforcement and health care, where punishment and medical cures (i.e., cleaning up the mess) are always prioritized over prevention.”

I agree.

Ignorant US redneck April 10, 2021 10:33 AM

@ hhsecwatch

What are our best options for finding peace in this landscape? Fight for a perfect system, or accept that there will never be one and get on with our lives?

1 ‘Best options’ is pretty subjective, but I think I know what you mean.

2 From a personal perspective: acceptance is much easier on my mental state than worry and anxiety. I’m mostly ad blind so I don’t care much that someone uses my profile to send ads that they think will make them money.

3 From a security prospective: doing as much as an individual can do to keep my system(s) clean, updated, and backed up on a frequent basis. And, avoid dodgy websites as best as I can.

3a I don’t use my extremely expensive portable spying device, jokingly called a cellphone, for anything but making and receiving calls and texting friends and family.

I realize that’s not much help, but you did ask.

Ignorant US redneck April 10, 2021 10:46 AM

@ Winter

… where punishment and medical cures (i.e., cleaning up the mess) are always prioritized over prevention.

It seems to me that there is a whale of a lot more profit to be made in the treatment area than there ever will be in the prevention stage. Big Pharma and the Mega Hospitals have a vested interest in treating the symptoms rather than curing anything.

I shudder to think of what the world would look like if polio was just now being addressed.

JonKnowsNothing April 10, 2021 11:50 AM

@Ignorant US redneck

Successful eradication of infectious diseases has been achieved twice before, with smallpox and bovine rinderpest.

Recent polio cases arise from two sources, the original ‘wild’ poliovirus (WPV), and mutated oral vaccine strains, so-called circulating vaccine-derived poliovirus (cVDPV). There were 140 diagnosed WPV cases worldwide in 2020, a decrease from 2019’s 5-year high, an 81% reduction from the 719 diagnosed cases in 2000 and a 99.96% reduction from the estimated 350,000 cases when the eradication effort began in 1988. Of the three strains of WPV, the last recorded wild case caused by type 2 (WPV2) was in 1999, and WPV2 was declared eradicated in 2015. Type 3 (WPV3) is last known to have caused polio in 2012, and was declared eradicated in 2019.[7] All wild-virus cases since that date have been due to type 1 (WPV1). Vaccines against each of the three types have given rise to emergent strains of cVDPV, with cVDPV2 being most prominent, and such strains caused over 1000 polio cases in 2020.

2 out of thousands. Polio is not yet one of them.

Some countries are trying for a 3d, other countries plan on keeping a sustainable level of COVID-19, low enough to prevent hospital overload and high enough to prune the ends of the economic cycle tree.

ht tps://en.wikipedia.org/wiki/Polio_eradication
(url fractured to prevent autoun)

Fed.up April 10, 2021 12:02 PM

@SpaceLifeForm

RE that Vice article

It shows that FB sells access to customers based on Commercial Page likes. FB discontinued allowing commercial page Likes in Jan 2020. Why?

Mobile phones were compromised in the recent O365 breach. The tools that were compromised pertain to mobile phone management including MSFT Intune, Authenticator and security services. This is detailed in their Dec to Feb blog posts. DHS recently admitted that they replaced all employee phones after their breach.

To breach a mobile phone, you need a phone number.

Perhaps FB and Linked aren’t reporting the 500 Million user leaks as a breach because the data was sold or available to data sharing partners? According to these court documents filed last year, all it would take is a few bad actors inside at LI to cause massive attacks across the supply chain. Is this what happened? https://www.patentlyapple.com/patently-apple/2020/07/full-court-document-details-a-class-action-filed-against-microsofts-linkedin-for-brazenly-violating-apple-user-privacy.html

It has happened before in 2016. https://www.csoonline.com/article/3086942/linkedin-data-breach-blamed-for-multiple-secondary-compromises.html

The danger with allowing phone numbers to be sold or shared is that this may be the attack vector for the MSFT 0365 compromised credentials.

To use this article’s scenario as an example. Did FB and LI sell access to phone numbers of employees at specific employers? Was this another way of doing it? Of course LI and FB data is more valuable when combined.

Isn’t it strange that LI and FB both experienced leaks of 500 Million users in the same week? Who did this? Contractors? Do they use the same vendor?

I heard that LI records all password attempts and to be careful about using a password meant for other sites accidentally in LI. If this is true why would LI do such a thing? Do other sites do this? That seems really nefarious if true.

Microsoft promised to abide by CCPA for all Americans, which means they must identify all the data that LI has on us, who has access to that data (internally and externally), what countries our data is stored in or accessible in and the process by which we can correct our data or opt out. https://blogs.microsoft.com/on-the-issues/2019/11/11/microsoft-california-privacy-rights/

The one thing about dishonesty is that at some point you always get caught. So from a business perspective it is not smart to have a non sustainable business model. I think social media can be used for good and make money. It is just a choice. Perhaps they need new employees with vision. When you have compliant employees who just play follow the leader, the dynamic creativity and entrepreneurship disappears. They are stuck in the dark.

JonKnowsNothing April 10, 2021 12:06 PM

@Clive, SpaceLifeForm, Winter, MarkH, All

re: Achieving Herd Immunity by Vaccination/Recovery or Not

UCL = University College London
ICL = Imperial College London

“Herd Immunity by Vaccination/Recovery” will achieved in the UK on April 9, 2021.

  • Britain will on Friday achieve herd immunity from Covid-19, according to a forecast from scientists at University College London – which was no sooner made than disputed.
  • Prof Karl Friston and his UCL colleagues claimed that by 9 April, 73.4% of the population would have immunity either through vaccines or by having been infected with Covid and recovered.
  • They have added a disclaimer, however.
    “Much like long-term weather forecasts, the ensuing predictions should not be taken too seriously because there is an inherent (although quantified) uncertainty about underlying epidemiological and socio-behavioural variables.”

There is some dispute about the timing and effect

  • We need to define herd immunity carefully as we think about the future,”
    Prof Christl Donnelly, of Oxford University and Imperial College London (ICL)

So far the best ever analysis of what this really means in the current context from the journalist reporter:

A year, three lockdowns and 127,000 deaths later, it is clear that even with very effective vaccines, herd immunity – in the sense of the end of any spread of the virus – would be very much harder to achieve than was supposed then.

Manaus, on the Amazon river in Brazil, was thought last summer to have achieved herd immunity. Tests on donated blood suggested 66% of people had antibodies against the virus in July, following a devastating first wave of infection. By October that had risen to 76%. And then in January a second wave hit, hospitals were overwhelmed and patients’ relatives pleaded for oxygen cylinders because the city had run out. Between 25% and 61% of those infected had already had one bout of Covid. They were not immune.

The P1 variant was responsible for the savage second wave. It is now known to have a mutation called E484K that confers some resistance to vaccines and antibodies against the regular virus. The tale of Manaus was a salutary one – that Covid could never be allowed to run its course in hopes of generating herd immunity.

  Sarah Boseley Fri 9 Apr 2021 10.19 EDT

===

ht tps://www.theguardian.com/world/2021/apr/09/ucl-team-claim-covid-19-herd-immunity-achieved-uk-disputed-scientists

  • UCL team’s claim that herd immunity set to be achieved in UK disputed
    Many scientists critical of University College London Covid-19 forecast as ‘over-confident and over-optimistic’

(url fracture to prevent autorun)

Ignorant US redneck April 10, 2021 12:51 PM

@ JonKnowsNothing

2 out of thousands. Polio is not yet one of them.

I’m aware. I was thinking of the competing Pharma Companies, and the subsequent differences between the Salk and Sabin vaccines. It took several years for the results to be recognized and the fallout reduced.

I remember being jealous of the new kids who only had to eat a sugar cube compared to the two painful injections I received.

…other countries plan on keeping a sustainable level of COVID-19, low enough to prevent hospital overload and high enough to prune the ends of the economic cycle tree.

I suspect that, whether planned or unplanned, COVID-19 is here to stay. In one variant or another.

JonKnowsNothing April 10, 2021 1:27 PM

@Ignorant US redneck

I was lucky I got the sugar cube for polio but I also got the pin cushion for smallpox.

Remember smallpox?

They put this goo on your skin and then pricked the area like a sewing machine needle. The size of the scar area varies.

They also decided not to tell folks that the immunity faded in time. iirc(badly) about 10 years.

They also decide not to give any boosters or renew vaccinations.

Because?

The only stocks of smallpox are in biological warfare labs around the world and they’ve been busy bees making it more virulent and deadlier.

The original vaccine may no longer be useful.

===

ht tps://en.wikipedia.org/wiki/Smallpox_vaccine
ht tps://en.wikipedia.org/wiki/Smallpox_vaccine#Vaccine_stockpiles

  • From 1958 to 1977, the World Health Organization conducted a global vaccination campaign that eradicated smallpox, making it the only human disease to be eradicated. Although routine smallpox vaccination is no longer performed on the general public, the vaccine is still being produced to guard against bioterrorism and biological warfare.

(url fractured to prevent autorun)

Ignorant US redneck April 10, 2021 2:45 PM

@ JonKnowsNothing

Ya. I do remember the Smallpox damage. The sore was nearly 1 inch in diameter and itched like crazy. The scar was somewhat smaller. Like abut .75 inch and was prominent for years. It has faded in recent years.

I did get two subsequent vaccinations for smallpox. Both as a result of being deployed to Southeast Asia. Only one took and it more like a small insect bite.

More troublesome was the injection of gamma globulin. At the time (early 60’s) medical science was uncertain about the volume required to combat hepatitis A. Somehow the powers that be decided that the safest dose was 1cc per 10 lbs of body weight. A simple mental calculation will show that the dose (injected in the gluteus maximus) was sufficient to produce a knot somewhat larger than a golf ball. Those injections were part of a large number that we took every six months. Lovely memories.

Anders April 10, 2021 3:10 PM

Hack of ‘150,000 cameras’ investigated by camera firm

hxxps://www.bbc.com/news/technology-56342525

Anders April 10, 2021 3:24 PM

Exchange saga continues…in sad notes for Bill…

hxxps://www.bbc.com/news/technology-56325784

hxxps://www.bbc.com/news/technology-56321567

hxxps://www.bbc.com/news/world-us-canada-56304379

lurker April 10, 2021 3:45 PM

Brave browser to save the ‘net? NYT thinks so[1], but when I was looking for a sensible browser for my new system Brave’s “rewards tokens” put me off. How can that work without some form of history/tracking?

The idea appealed to a local tech correspondent[2]. She did however explain how it wasn’t just my “senior” cussedness that puts me off banking or health apps on my phone. That stuff just works better on a bigger screen without fat-thumbs (towards the end of the 14 minute spiel).

[1] https://www.nytimes.com/2021/03/31/technology/personaltech/online-privacy-private-browsers.html

[2] https://www.rnz.co.nz/national/programmes/sunday/audio/2018791059/is-it-time-to-make-the-switch-to-private-browsers

SpaceLifeForm April 10, 2021 3:52 PM

@ Fed.up, Clive

Perhaps FB and Linked aren’t reporting the 500 Million user leaks as a breach because the data was sold or available to data sharing partners?

I have a very rare perspective. Unique. From the trenches. Literally, there is no one else that has experienced the combinations of the players involved that I dealt with over time. Because I know who I worked with over the years and where I was at the time. Most people have that same experience. It’s the combinations of where, when, who and why that make it unique for everyone. And how you connect the dots.

The answer is ‘Yes’.

Your mission, should you decide to accept it, is to identify the ‘data sharing partners’.

Partners. Plural.

vas pup April 10, 2021 4:57 PM

Why we shouldn’t be afraid of nightmares
https://www.bbc.com/future/article/20210330-why-we-shouldnt-be-afraid-of-nightmares

“While nightmares are strongly linked to a host of mental illnesses, some vivid =>dreams help us to process the emotions of the previous day, says Joanne Davis, a clinical psychologist at the University of Tulsa. Understanding why bad dreams become nightmares is helping to treat people who have experienced trauma.

While we sleep, we organize and file away our memories of the previous day and give =>our older memories a bit of a dust-off and reshuffle. It is thought that this happens throughout sleep, but it is in the Rapid Eye Movement (REM) stage (just before we awake or as we dip into sleep) =>that we store our most emotional memories. !!!These emotionally charged memories then become the subject of our dreams.

A bad dream might help people in waking life. The hypothesis “sleep to forget, sleep to remember” suggests REM sleep strengthens emotional memories, safely storing them away, and also
==> helps to tone down our subsequent emotional reactions to those events. For example, if your boss shouts at you and later that night you dream about it, the next time you see your boss you will feel less emotional about that event.

It’s an intriguing idea that our dreams train us to control our emotions – but what evidence is there?

When our brains are in the REM stage of sleep, both the hippocampus and amygdala are highly active. The former is the part of our brain that orders and stores memories, the latter is the part that helps us to process emotions. This has led researchers to suggest that vivid, =>emotional and memorable dreams during the REM stage are the manifestations of our brains storing memories and “pulling off the emotional tag, or tearing up the receipt”, says Ho. The analogy of taking off an emotional tag is one used widely in sleep psychology.

After a bad dream, the area of the brain that prepares us for being afraid is more effective, as though the dream trained us for this situation. The longer people had felt fear during their dreams, the less their emotion centres were activated when they were shown stressful images. (It’s one thing to be better prepared for looking at distressing photos and another to be prepared for your boss shouting at you in reality, however.)

Our amygdala might need this period of processing to reset before the next day. =>Perhaps dumping the emotional baggage of the previous day overnight allows us to start from a new baseline in the morning. Studies on stressed workers show that our cortisol level, the hormone that helps to regulate our stress response, is highest ====>in the morning, meaning we are better able to react well to stress early on.

During REM our brain produces low-frequency, slow theta waves in the hippocampus, amygdala and neocortex (we produce theta waves while awake, too, but they are particularly characteristic of REM sleep).

!!!!It’s one thing having the odd beneficial bad dream and another entirely having chronic nightmares. “With nightmares the process seems to be stuck,” says Davis. “Your brain might intend to process this emotional event, but it gets stuck because you wake up in the middle of it so you don’t see it all the way through.”

“Once you have nightmares over a long period of time they become kind of like habits,” says Davis, who cites that some of the patients she sees have lived with =>chronic nightmares for decades before seeking help. “You worry about having a nightmare, maybe you avoid sleep or try to get to sleep as quickly as possible – so self-medicate to get through the night.”

As a clinical psychologist, Davis treats trauma survivors, who might include veterans, active service personnel, children or people with conditions like bipolar disorder, using exposure, relaxation, and rescription therapy (ERRT). In ERRT, the patient writes out their nightmare exactly as they recall it (exposure – which works particularly well with people who have anxiety, she says) or writes out their nightmare with a new ending (rescription).

So next time you have a bad night’s sleep, think of it as your brain’s way of regulating your emotions by tearing up the receipts for the previous day’s stresses. Davis says you should only be concerned if nightmares are regular or if they start to affect your health.
=>For most people, the odd bad dream might be a good thing.”

vas pup April 10, 2021 5:24 PM

You can’t spot a liar just by looking, but psychologists are zeroing in on other techniques that might actually work.

https://www.bbc.com/future/article/20210401-how-to-tell-when-someone-is-lying

“Across cultures, people believe that behaviors such as averted gaze, fidgeting and stuttering betray deceivers.

In fact, researchers have found
=>little evidence to support this belief despite decades of searching. “One of the problems we face as scholars of lying is that everybody thinks they know how lying works,” says Hartwig, who co-authored a study of nonverbal cues to lying in the Annual Review of Psychology. Such overconfidence has led to serious miscarriages of justice, as Tankleff and Deskovic know all too well. “The mistakes of lie detection are costly to society and people victimized by misjudgments,” says Hartwig. “The stakes are really high.”

Psychologists have long known how hard it is to spot a liar. In 2003, psychologist Bella DePaulo, now affiliated with the University of California, Santa Barbara, and her colleagues combed through the scientific literature, gathering 116 experiments that compared people’s behavior when lying and when telling the truth. The studies assessed 102 possible nonverbal cues, including averted gaze, blinking, talking louder (a nonverbal cue because it does not depend on the words used), shrugging, shifting posture and movements of the head, hands, arms or legs. None proved reliable indicators of a liar, though a few were weakly correlated, such as dilated pupils and a tiny increase – undetectable to the human ear – in the pitch of the voice.

Common wisdom has it that you can spot a liar by how they sound or act. But when scientists looked at the evidence, they found that very few cues actually had any significant relationship to lying or truth-telling. Even the few associations that were statistically significant were not strong enough to be reliable indicators.

Police experts, however, have frequently made a different argument: that the experiments weren’t realistic enough. After all, they say, volunteers – mostly students – instructed to lie or tell the truth in psychology labs
==>do not face the same consequences as criminal suspects in the interrogation room or on the witness stand. “The ‘guilty’ people had nothing at stake,” says Joseph Buckley, president of John E Reid and Associates, which trains thousands of law enforcement officers each year in behavior-based lie detection. “It wasn’t real, consequential motivation.”

Confirming these results on a large scale years later, Hartwig and Bond reviewed the literature for studies comparing people’s abilities to detect high- and low-stakes lies.
=>They found no evidence that people were any better at detecting lies told by criminals or wrongly accused suspects in police investigations than those told by laboratory volunteers.

NB!!!The finding that deceivers can successfully hide nervousness fills in a missing piece in deception research, says psychologist Ronald Fisher of Florida International University, who trains FBI agents. “Not too many studies compare people’s internal emotions with what others notice,” he says. “The whole point is, liars do feel more nervous,
==>but that’s an internal feeling as opposed to how they behave as observed by others.”

Studies like these have led researchers to largely abandon the hunt for nonverbal cues to deception. But are there other ways to spot a liar?

!!! Today, psychologists investigating deception are more likely to focus on ==>verbal cues, and particularly on ways to magnify the differences between what liars and truth-tellers say.

For example, interviewers can strategically withhold evidence longer, ==>allowing a suspect to speak more freely[that is why ALWAYS take 5th Amendment -vp], which can lead liars into contradictions. In one experiment, Hartwig taught this technique to 41 police trainees, who then correctly identified liars about 85% of the time, as compared to 55% for another 41 recruits who had not yet received the training. “We are talking significant improvements in accuracy rates,” says Hartwig.

Another interviewing technique taps ==>spatial memory by asking suspects and witnesses to sketch a scene related to a crime or alibi. Because this enhances recall,
===>truth-tellers may report more detail. In a simulated spy mission study published by Mann and her colleagues last year, 122 participants met an “agent” in the school cafeteria, exchanged a code, then received a package. Afterward, participants instructed to tell the truth about what happened gave 76% more detail about experiences at the location during a sketching interview than those asked to cover up the code-package exchange. “When you sketch, you are reliving an event – so it aids memory,” says study co-author Haneen Deeb, a psychologist at the University of Portsmouth.

The experiment was designed with input from UK police, who regularly use sketching interviews and work with psychology researchers as part of the ===>!!!nation’s switch to non-guilt-assumptive questioning, which officially replaced accusation-style interrogations in the 1980s and 1990s in that country after scandals involving wrongful conviction and abuse.”

Read the whole article to the end. It is very interesting!

SpaceLifeForm April 10, 2021 5:27 PM

@ vas pup

It is best to wake up from a dream.

That means your liver and brain are still communicating while you sleep.

Clive Robinson April 10, 2021 5:54 PM

@ JonKnowsNothing, ALL,

With regards,

“Herd Immunity by Vaccination/Recovery” will achieved in the UK on April 9, 2021.”

I live in the UK, and have various chronic illnesses that make me “special” according to the UK Government and I have the letter from them to prove it… I’d frame it and hang it on the wall if I was alowed to go out and buy a frame, but that would be on contravention of the “necessary lockdown rules” that are currently in place…

So yes I’d be rolling around on the floor with laughter over that stupid statment, if it was not so terribly sad, that not just are lots of people still being infected daily, but others infected about a month or so ago are dying.

These deaths are not in the over 70’s any longer, they are in the over 40’s now, and if the Brazil P1 gets a toe hold as it has in Europe it will be in the over 25’s soon…

The level of prevelance is such that the mutation rate is higher than the immunisation rate… In other words even though the UK started much earlier than some nations we are loosing the race between,

“Jabs in the arms and new strains in the lungs”.

That is the virus is in no way becoming less virulant with time…

What the heck is happening in Europe where the vaccination “disharmony” appears insummountable politically, medically and economically I have no idea, but it can not be good.

I hear Brazil P1 has been found in Europe… It’s also been found in India, which is sometimes called “The Pharmacy of the World” due to the drugs an precursor chemicals it makes. Well they know they are loosing the immunization race, which is why I fully expect them to act on a statment a year ago effectively “India’s drugs are for India” and that the vaccines they have been making and having one or two production problems may well not get shipped abroad, but end up in Indian arms. And to be honest who can realy blaim them?

As for the original “Herd Immunity Policy” we know itcwas a bust as Sweden and now Brazil have proved beyond any doubt, yet some still go on with it for various reasons…

As for “Natural Herd Immunity”(NHI) well the absolutly essential evolutionary downwards response in virulance required is very obviously not happening due to the nature of the virus’s infection cycle so nor is NHI.

Worse you can now “double tap” with a mutation infecting you not just a second time but actually much harder the second time as Brazil has shown, and worse it is also mutating down the ages as well and out from under the vaccines…

Well unlike others who think COVID will be here for ever, and I was warning the same nearly a year ago… I’m now starting to consider in my darker moments that it will not, because we will loose the race. That is unless sufficient humans get born with natural immunity it’s a down hill journey for mankind. First will be a substantial drop in the average age of death, probably ending up getting below 45 in the Western world and maybe in the 20’s in third world areas. Thus the birth rate will drop significantly thus health care will become near impossible within a generation or two, so the viral death rate will rise even further.

If inate or natural immunity does not happen then mankind will drop back to the sorts of numbers that supposadly happened when either a large rock dropped in from out of space, or a mega volcano blew it’s top. That is there will be one or two pockets in issolated places where the virus may not get so it will die out before humans but not by much…

Of course it would be relatively simple to stop this happening…

You just have to be totally ruthless about area quarantining. In effect a “shoot to kill” or similar policy for people trying to illegaly cross borders, and restrictions so severe that the borders are effectively closed. Trade will continue to cross by automation but humans no, you stay on sea / air side and leave without entering. The goods get sanitized in ways I’ve talked about in the past.

You can bet your spare change that such a measure is being considered/talked about by the likes of some in New Zealand and Australia. Where they’ve found out the hard way that entry quarantining is never going to be reliable especially as the virus becomes more virulant and it’s pathogenicity increases.

In Europe we know from bitter experience and many many deaths just how hard it is to keep people out who consider they have nothing to loose and every thing to gain by trying to get across a border. That is a 50/50 risk of death or serious debilitanting injury is to them a more than acceptable risk to get what they see is a better life (Sangat Channel tunnel train jumpers, Mediterainian death boats etc).

Some have said with such a mental outlook the only way to stop them is “to stop them dead” and that was long befor COVID-19 mutations raised the risks of illegal entry to “potentially fatal” to the whole regional area population.

So we have to win the immunization befor mutation race not just in the West but everywhere. But stupid politics and the self-interested “entitled” will as is now normal, make a bad situation a lot lot worse just because they can…

Anders April 10, 2021 6:53 PM

Thing are getting heated up again.

hxxps://www.thedrive.com/the-war-zone/40118/turkey-confirms-u-s-destroyers-are-headed-for-the-black-sea-amid-russia-ukraine-crisis

Lot of RU heavy weaponry near UKR border, not to mention electronic warfare
systems. Something’s cooking.

Anders April 10, 2021 7:36 PM

and…

hxxps://defence-blog.com/news/army/russia-deploys-iskander-systems-with-extended-range-missiles-to-ukrainian-border.html

Winter April 11, 2021 4:16 AM

@vas pup
“You can’t spot a liar just by looking, but psychologists are zeroing in on other techniques that might actually work.”

There are two indirect approaches to detecting lying known:
1) When lying requires more thinking, detect that (pupil dilation, looking away, increased reaction times)

2) Detect knowledge or missing knowledge (often brain responses to photos)

All the rest can be simulated using basic actor training.

I have always been surprised by the simplistic views about truth and lying I have encountered. Especially in USA law enforcement, and especially in the lie detector literature. But that might have been PR to pull the wool over juries’ eyes.

insec April 11, 2021 4:57 AM

@SpaceLifeForm
Your mission, should you decide to accept it, is to identify the ‘data sharing partners’.

Some of which are, if not shell companies working for some alphabet agencies (not necessarily U.S.), then the alphabet agencies themselves.

Fed.up April 11, 2021 8:13 AM

Has the O365 SAML attacks been happening for a few years?

O365 attacker recently sentenced:
https://www.justice.gov/usao-sdca/pr/it-contractor-sentenced-two-years-deleting-carlsbad-company-s-microsoft-user-accounts

Also why did Federal LEO think it was worth flying him back to the US and jailing him for 2 years? What is most perplexing is this person will be on probation for 3 years and allowed to work in the US so he can pay back the org he attacked. The US is going to give him his work visa back so he can do this to another company? Also do they think he has the capacity to earn $200k because they mistakenly think he’s a hacker? But if it was due to SAML it’s not a hack, it is just an access technique Microsoft taught him. He worked for them: https://in.linkedin.com/in/deepanshukher?trk=public_profile_samename-profile_profile-result-card_result-card_full-click

I don’t understand why the DOJ keeps the names of the MSPs secret when doing so just guarantees that these attacks reoccur. There should be a public database of breaches listing the technology, contracting company and MSP’s involved. Also his former US clients should be alerted.

DHS says they cannot stop hacks because the private sector is not disclosing enough information. But it works both ways. The US private sector needs to know who has perpetrated attacks so they can procure from reputable vendors. But the big impediment to doing so is the government keeping this attack data secret.

Who he attacked is not named on LI and has some of the top security in the world. Which is likely why they fired him right away. They probably looked at his logs and couldn’t find any.

Please look at this April 11, 2021 9:16 AM

This looks really weird: ht tp://patents.google.com/patent/CN107149689A/en

can someone verify the tech here? looks like UAP or worse… matrix inducing….

Another 1 April 11, 2021 9:26 AM

Check ht tps://fdocuments.us/document/templating-cdse-tetrapods-at-the-airwater-interface-with-popc-lipids.html

JonKnowsNothing April 11, 2021 10:01 AM

@Fed.up

re: Also why did Federal LEO think it was worth flying him back to the US and jailing him for 2 years?

Kher, an Indian national, was arrested when he flew from India to the United States on January 11, 2021, unaware of the outstanding warrant for his arrest.

He was not extradited from India, he traveled to the US and “someone” paid his airfare. He continued to have a valid visa or one marked “notify FBI” when entered into the flight booking/manifest system.

What he planed to do in USA was not stated. Maybe he wanted a vacation in a COVID-HotSpot?

Exactly where his was arrested on arrival was not stated in the article. There is a big difference legally if you are arrested/detained before you clear customs versus after you clear customs.

From the details in the article about how

… two months after his return to India, Kher hacked into the Carlsbad Company’s server and deleted over 1,200 of its 1,500 MS O365 user accounts.

one might very well think, the company did not change passwords. They may not have wanted to go through the pain-economic-loss of resetting all the passwords on all the servers, including master access passwords.

As far as FBI keeping him?

I think they will pump him for a information on India Tech and Malware. The guy isn’t going to repay $500K USD working a gig-economy job, no matter what DodgyDriverCos say people can earn.

ht tps://www.justice.gov/usao-sdca/pr/it-contractor-sentenced-two-years-deleting-carlsbad-company-s-microsoft-user-accounts
(url fractured to prevent autorun)

JonKnowsNothing April 11, 2021 10:27 AM

@Fed.up, @Clive, @SpaceLifeForm, @All

re: Massive Password Resets

There really needs to be another way for companies to deal with the insider attack/evil maid. The logistics of changing passwords is a nightmare.

Individuals rarely do it and use the most simply guessed ones because those are the ones they remember.

Companies rarely do it because it requires a wholesale “work stoppage” while people get new passwords and then forget them. Lots of stickies under the keyboard.

The employee turnover is/was so great in some companies they really cannot do this in a timely manner, if at all. Temp workers are Temp and that means a constant churn.

Deactivating a password/account is not sufficient.

A “password book with a master password to open the book granting full access to all passwords in it” just does not cut the mustard either, no matter where it is stored: in the cloud or localized for the same reasons.

iirc(badly) recently there was a MSM report of a cracked password book. It did not say how it was cracked or if the LEOs guessed the master word or scrapped it during a surveillance session.

  • It’s a pickle, no doubt about it… Oracle/Matrix

Fed.up April 11, 2021 10:45 AM

@JonKnowsNothing

He was fired and lost his visa years ago. I’m no Visa expert but the Trump admin cancelled the H1B program due to Covid. He was still president when this person returned. Extradition only works when the foreign nation has an equivalent law. I am not paying to read the complaint but I assume he broke into the client’s account while still employed which isn’t a crime in India. There’s no privacy laws in India. US corporations that offshore to India don’t comprehend this risk.

The H1B program was cancelled until last week. So this guy was punked to return to the US and the government paid for it. They probably already pumped him for information which is why so much was uncovered about the numerous Microsoft attacks. But his past employer (during this attack) is still recruiting for India based jobs for American companies that are extremely sensitive and shouldn’t be allowed to be offshored. He has multiple LI accounts and one is misleading about who he worked for during the attack.

Meanwhile LinkedIn was shut down last week. All employees suddenly given the week off. There was no advance notice. On Friday then were informed they would be shut down on Monday. Were they locked out? Facebook needs to do this too. But disable sensitive features while they do so.

The US client identified him as a bad actor right away. I won’t disclose who they are but they are NOT the typical outsourced to death American company with no security.

Likely now with this judgement the client can sue the MSP and/or Microsoft. Insider theft may not be covered by Cybersecurity insurance perpetrated by offshore contractors. That’s likely an exclusion. Someone made an American LI page for the perp just showing MSFT as his employer. I wonder who did that? Might not have been him. I hope the victim is smart enough to save these LI profiles offline. They may disappear now.

Fed.up April 11, 2021 11:39 AM

@JonKnowsNothing
You are joking about password reset. Right?

Password reset does not protect against an active Golden SAML attack. Microsoft supposedly doesn’t use passwords internally.

Google stopped using passwords internally years ago and they wiped out phishing by doing. Yubico.

Passwords are useless due to clipboard scraping and BYOD with O365. Now that everyone is working from home mobile device O365 access should be disabled IMHO. Have employees take their laptops to bed instead. (Joke)

But make sure that management in the critical path print out their team and leadership phone directory. Disaster Recovery plans also need to printed out. During one of these MSFT attacks the print capability was disabled too. Old fashion Y2K phone tree techniques need to be resuscitated.

I also don’t advocate SSO and Federation. I’ve never seen it implemented with sufficient security. Too many eggs in one basket.

The only way to stop a Golden SAML that can evade detection, lock everyone out for a week, but better if it is 14 days. Don’t pre-announce it.

JonKnowsNothing April 11, 2021 12:01 PM

@Fed.up

There is more than one type of visa.

H1B is a limited duration working visa controlled by Corporations/USGov with many restrictions. There are several variations of what is called H1B for different professions.

There are visit/tourist visas and non-working residency visas as well as working residency visas and many others.

Timeline in the article:

  • 2017 the Contracting Company was hired the US Company
  • 2017 – May 2018 Kher was employed by the Contracting Company
  • January 2018 – May 2018 – Kher was sent to work at US Company by Contracting Company
  • January 2018 – Kher was pulled from US Company HQ
    [removed the building]
    [remained in USA]
    [still working for Contracting Company]
  • May 4 2018 Kher was fired by Contracting Company
    [no follow on contract]
  • June 2018 Kher returned to India
  • August 2018 Kher hacked into US Company
    [2 months after return to India]
    [3 months after end of the contract]
  • January 2021 Kher flew to USA “unaware of warrant”
    [this would be under a different visa]
  • January 11 2021 Kher was arrested
    [@2.5 years after hack event]

===

ht tps://www.justice.gov/usao-sdca/pr/it-contractor-sentenced-two-years-deleting-carlsbad-company-s-microsoft-user-accounts
(url fractured to prevent autorun

Fed.up April 11, 2021 1:51 PM

@JonKnowsNothing

American embassies in India were closed due to Covid. No visa processing. It is just starting up again. But it will be extremely slow because of the double mutant strain and also the State Dept is under investigation by the Inspector General and Congress concerning these attacks.

H1B are tied to the work location and assigned client. Meaning the MSP pulling him off the client and keeping him in the US working, the perp was only allowed to be working for the client he attacked. But with only 10 year maximum sentence he wasn’t charged with immigration fraud. I looked at the sentencing guidelines and it doesn’t fit the financial damages he caused. Minimum mandatory sentence for immigration fraud alone is 3 years. I don’t want to go into why it was immigration fraud, but it was either before or after he was on-site, possibly both.

Also if a company fails to remove access rights of a former employee it is not as serious a crime as hacking. If he used SAML with the knowledge of his MSP employer that may account for the lesser charge. He wasn’t charged with federal hacking which is a class B felony punishable up to 20 years in prison. He was charged with a much lesser crime which only had a 10 year maximum sentence. He qualified for much more unless he gained this access as an employee. 2 years is nothing for doing that damage. Obviously he took a plea too.

Also this case looks like it is sealed. Name of the victim is normally in the indictment. It is difficult to seal a federal indictment unless in the case of national security.

The former head of DHS CISA Chris Krebs blamed these MSFT attacks on out of control contractors https://mobile.twitter.com/C_C_Krebs/status/1368004411545579525

Finally why do MSP’s exploit SAML? Or does Microsoft even call it SAML? It isn’t always for attack purposes. It takes a long time for H1Bs to receive privileged access when they first arrive on-site. So there’s no downtime, the former staff leave backdoors. Also lots of inexperienced H1Bs are sent to the US and they are supported by staff in India through backdoors or SAML. I’ve had a few admit to me how common it is. Especially when I needed things done quickly they tried to convince me to bypass official change control when we had turnover on-site. When you work in an IT department with a luggage room, that’s problematic, but common.

Also CrowdStrike admits in this article that they are unable to tell what access Microsoft MSP’s have – https://www.bleepingcomputer.com/news/security/crowdstrike-releases-free-azure-security-tool-after-failed-hack/

We need more H1B’s to come forward and dish to the FBI about backdoors and SAML. I imagine it’s a great way to expedite a green card.

xcv April 11, 2021 2:29 PM

Is this another “Click Here to Kill Everybody?”

https://www.bbc.com/news/world-middle-east-56708778

A nuclear facility in Iran was hit by a “terrorist act” a day after it unveiled new advanced uranium centrifuges, a top nuclear official says. // He did not say who was to blame but urged the international community to deal with nuclear terrorism. // Israeli media suggest the incident was a result of an Israeli cyber attack. // Last year, a fire broke out at the Natanz underground facility, which the authorities alleged was the result of cyber sabotage. // …

Several issues with the Mainstream Media’s reporting:

First, inasmuch as an international community” or even worse, the international community” exists — to “deal” with some sort of incident in some manner, that is an explicit hard-line Marxist communist type of “community” or, in reality a New World Order or One World Government // Bilderberg // Trilateral pharmaceutical drug cártel that seeks to impose various real-estate-like conditions, covenants, and restrictions (CC&Rs) on international trade with the U.S., Iran and other countries.

Second, Israeli Communists are taking broad credit for the click-here-to-kill-everybody cybersecurity breach which is alleged to have caused the damage, after the recent incident with the Microsoft-Corporation–Santa-Cruz-Operation–GitHub-installed backdoor in PHP, a language originally created by other Israeli researchers, who are not of the same political alignment.

Fed.up April 11, 2021 3:26 PM

@xcv

I follow Bruce’s community guidelines – so I will keep this to a discussion of tech. At this point Iran can only blame themselves for their constant Cybersecurity failures. In the US does a Regulator (I,e.: SEC, FTC) fine an attacker or a victim for a cyber attack? The answer is the victim pays the fine because they have a legal obligation to be smarter than their attacker.

When you are up against people with tech like this, the smart thing is to give up.
https://www.bbc.com/news/world-middle-east-55214359

It seems like you are upset at the attackers for enforcing international treaties. Or would you rather Iran be bombed? Iran’s nuclear plant was bombed in 1981. The US has since developed MOPS bombs that can destroy underground structures. Much stronger than the nukes dropped in Japan. They are very cool. Look – https://www.youtube.com/watch?v=BrBVudn-ev0

Me, I’m glad for technological solutions.

Law is black and white.

Clive Robinson April 11, 2021 8:36 PM

@ Ismar,

Unfortunately, you seem, as most of the time, correct in predicting a gloomy outlook for COVID 19 unfolding

Do you know how much I wish to be wrong?

I suspect others feel the same way, as we watch opportunities to halt COVID-19 slip by time and time again whilst politicians squable…

However all I do is build my models simple as they are and look at the trends… And when I should sleep fail to, as I see the curves like neon lighting in my dreams.

As can be seen in the NYT article you link too Sweden (a country I like quite a bit) has the Brazilian P1 mutation.

From what I can tell with respect to the B117 it is,

1, More infectious/virulent.
2, Hospitalizes younger people at a significantly increased rate.
3, Vaccines are less effective against it.
4, Re-infects those previously infected by earier strains.

Most of which was true of B117 compared to earlier strains (though re-infection was suggested it was not officialy concerned).

So that is two or more generations of virus evolution that is going the wrong way when compared to what is normally seen with other virus evolution.

As I’ve noted before this is most probably due to the fact that the normal pathology for SARS-CoV-2 unlike just about any other air bourn virus is for you to become infected, then highly infectious before you show symptoms (if at all). Thus there is not an evolutionary counter preasure against these virus mutations, and thus they very quickly become dominant.

We’ve seen what P1 did to Manus in Brazil’s summer, imagine that radiating out from Sweden across Europe… In fact there is next to nothing to stop it except for spring/summer weather (not that it appeared to have much effect in Brazil).

Brazil is in South America which is mainly south of the equator thus going into winter, a time when respiratory diseases traditional spread faster…

Oh and I’m told P1 is in the US as well…

Anyone else care to extrapolate what will happen if a third generation mutation turns up heading in the same direction. That is 60-70 times more infectious than P1, one and a half times as deadly as P1 and starts putting twenty year olds in hospitals, oh and can reinfect all those that have been previously infected…

And still the politicians “play their fiddles whilst Rome burns around them”. Still deaf to what science is telling them…

The two things I wish they would take on board are,

1, Mutation rate is proportional to the number of people currently infected (prevelance).

2, The current direction of the mutations is to increased infection rates thus higher prevelance.

This is in effect a spiral that is going downwards, at the moment we might just be able to inject our way out, but that becomes less likely every day we delay the inevitable.

That is the only real way to stop the spread we know is by hard regional quarantining within countries. Further we need to maintain it not until R0 goes below 1.0 as we have done, but when it is significantly below 1.0, so that a new varient does not flick it back above 1.0 gaining dominance. So maybe when R0 is effectively 0 as has been done in other countries. But even then we need hard borders around countries with none but absolutly essential travel for probably 2 years.

We also need to keep our vigilance high. We know that the virus can remain viable if it’s frozen for time periods longer than a year so far, and maybe ten years or more… We do not know enough to know if that is a threat or not because the research is almost non existant. We need to change that, we need that knowledge and we need it now.

SpaceLifeForm April 11, 2021 11:14 PM

@ ALL

If you use Chrome, you may want to learn about FLoC and SimHash.

Interestingly, if you rarely use Chrome or only for specific websites, it is possible that you can be more easily fingerprinted.

https://amifloced.org/

Winter April 12, 2021 12:45 AM

@xcv
“And what in hell are Germany and Israel doing on the same side of the war? And why do “we” in the U.S. want to get dragged into that bloody circumcised mess between the Middle East and Europe?”

Because none of these want Iran to have nuclear missiles. They all consider another mad leader with nukes a very bad idea. I can understand followers of Trump et al. think such missiles could never threaten US Republicans, but those who actually research such questions think otherwise.

MarkH April 12, 2021 2:59 AM

@Please look at this:

I don’t use science fiction as a guide.

If I got the right patent, and didn’t badly misunderstand it (they all look weird to me), it seems innocuous.

Probably most human-made stuff in the world today is manufactured from more or less viscous fluids (different kinds of goop, really) which harden under some ambient condition: cooling, drying, passage of time, mixing with a curing agent, spatial distribution, or sometimes light.

If I understood the idea, the patent is for the use of some light-hardened compounds, combined with a suitable light source, for use in medical applications.

What this has to do with Neo — or other people who parade about flashing their ultra-chic costumes — I don’t know.

Sunny April 12, 2021 3:09 AM

The brightness of the spot from the laser beam depends on the laser power and the reflectivity of the surface. At the same power, the human eye is the most sensitive in the green region (wavelength 520-570nm) of the spectrum, which seems to be brighter than other colors. The sensitivity of red or blue wavelengths is decreased.
high power fiber coupled laser diode

name.withheld.for.obvious.reasons April 12, 2021 3:58 AM

Mistakenly I understood the original story was about Star Trek, where the Enterprise is enumerated as NC-1701. Boy, was I wrong. This is just more evidence that there is a deliberate action plan to take the U.S. general population back to the 15th century (or earlier, as in 11th century). If you cannot tie the threads of these actions together than you are not paying attention. As a threat to domestic tranquility, I rank it number one. And, as often posts are moderated into oblivion, it is the larger picture that is the actual goal–it is but a piece of the puzzle.

11 April 2021 — Legislative Attack on Science
The following has been reported out by Andrew Seidel from the Freedom From Religion Foundation (FFRF.ORG). Freedom from Religion Foundation is tracking 900+ bills nationally with about 600 of those bills being considered unconstitutional.

SUMMARY
The Arkansas state legislature has passed a bill that is has been reported out to the state senate education committee for a vote, it is considered that it will pass the other body making it law in Arkansas sometime this week.

DESCRIPTION:ABSTRACT
Arkansas House Bill 1701 (HB-1701) — Allow Creationism to be taught as a theory in public schools. Arkansas once again is attempting to redefine religious text as science. Arkansas courts had struck down creationism in 1928 as unconstitutional as it established a specific religious text. In 1981, Arkansas again attempted to introduce creationism using a “balanced treatment” argument. With this argument, creationism is a asking for equal time with science based courses. Now Arkansas has decided to pass new legislation with the reasoning behind the bill was that there is a new Supreme Court.

The underlying basis is quoted from Genesis, from the Holy Bible, that God created man and woman. This is not a legislatively honest proposal, and sympathy of a court does not form a rational for legislative action. Quoting from a specific religious text that defines the “truth” is also quite troubling when understanding how legislators seek to draft new law. This is a wind-blown exercise that speaks volumes as to the legislative agenda of the state’s legislature.

Barker April 12, 2021 7:59 AM

Mr. Dunning Kruger himself aka Clive Robinson:

>>Do you know how much I wish to be wrong?

I suspect others feel the same way,…<<<

Well if that is the case you certainly must be delighted to know that in fact most of the mental flatulence that you vomited out of your cranial cavity has been proven wrong or outright deceptive and false time and time again, really no surprise there.

‘Overwhelming circumstantial evidence' points to COVID-19 lab leak:

https://www.youtube.com/watch?v=-gZGQM0dtsQ

Wuhan Institute of Virology 'highly probably' the source of COVID-19:

https://www.youtube.com/watch?v=YBq-LV3Jm1M&t=429s

See, even the MSM is slowly but steadily acknowledging the true origin origin of the virus, contrary to your baseless and completely unfounded claims of a natural origin. You know, ignorance of the fact only brings you so far right until the point where you begin to appear stupid on purpose.

Remember when you told the audience here that the blood clot thing would soon be resolved and that it was a non issue completely blown out of proportion just a few weeks ago? More ignorance and wishful thinking on your part.

That really does not seem to be that way:

‘Up to 80%’ of people in Sicily refusing AstraZeneca’s Covid-19 vaccine over safety concerns:

https://www.rt.com/news/520750-sicily-astrazeneca-vaxzevria-vaccine-refusal/

And now even reuters is reporting that there is a clear link according to ema officials:

Clear link between AstraZeneca vaccine and rare blood clots in brain, EMA official tells paper:

https://www.reuters.com/article/us-health-coronavirus-astrazeneca-vaccin/clear-link-between-astrazeneca-vaccine-and-rare-blood-clots-in-brain-ema-official-tells-paper-idUSKBN2BT1ER

We also know covid can cause blood clots. I'm really beginning to wonder if it isn't so much the virus that does the damage to folks but the immune response.

Why else would we see folks getting any of the vaccines ending up with symptoms that greatly mimic what happens when you get covid? Don't misunderstand me I understand that things like fever and body aches are part of the immune system response and the immune system gets ramped up when you get a shot but I'm just wondering if it isn't that the immune response is worse than the actual virus itself and that when you get the virus if you get it bad it's really just a really horrible immune response.

It is becoming clearer by the day that the cause of the issue is the covid spike proteins, the same proteins the so called vaccines or gene therapies are tasking the immune system to create and it is the lipid nano-particles of the mRNA gene therapies that get them even into your brain (or flatulence filled cavity in your case:):

Never ever forget: It's the lipid nanoparticles that get it there.

Lipid Nanoparticles: A Novel Approach for Brain Targeting

https://pubmed.ncbi.nlm.nih.gov/29886842/

Winter April 12, 2021 8:17 AM

@Moderator

comment-372316
Is insulting and peddles conspiracy theories about COVID-19 and vaccines.

Might violate comment guidelines.

Logon April 12, 2021 8:19 AM

@Spinning Wheel:

Well documented and well done! I agree that this whole deal has been weird from beginning to end. Messaging has been a joke, which is surprising given the revelations of all the ‘gaming’ that was done for this very type of event…dark winter, event 201, etc.

To your point regarding overstatement of deaths, there is the fact that cycle thresholds of pcr tests prior to January 2021 were set way higher than current, and clearly gave significant false positive results.

Fauci acknowledges that any positive result at Ct of 35 or higher results in non replication competent samples – ie non infectious – and the WHO also acknowledged this on Jan 14 with a memo to worlds health agencies suggesting a reduction in Ct levels – which was immediately followed by a precipitous drop in cases worldwide.

Logic would dictate that this fact translates directly in to a significant reduction in attributable deaths to COVID.

Thanks for your post

Barker @ Fu&ck you Win&ter-cu&nt April 12, 2021 8:34 AM

@ Win&ter:

Oh fu6ck you and fu6ck off you stupid, brain6less SS guard wan6ker.

Ohhhh, MUhhhh, authority come and help me, uuuuhhhhhh moderator, someone dared to post some links to a few well researched sources, that hurt my feelings and infringed on my safe space.

You stu6pid little piece of gangrene ridden sh6it house r6at, who do you think you are, Hit6ler himself?

You are a MSM indoctrinated dogmatic ideologue who attacks and discredits each and every poster and every ounce of factual information where-ever possible just to spread you nefarious sadistic agendas.

Your ilk already kil6led enough people with your bull6sh6it. Enough of you sadistic puru6lence.

How can it be that it is always you who has all the time a day offers to immediately jump to attack other users here who do have the audacity to share some factual news?

You are a brain-dead, piss guzzling, sh6it eating fuc6king cu6nt, fu6ck, you stu6pid pr6ick and your mentally degenerated echo chamber, you pedo6phile boy pus6sy lic6ker.

Some additional sources about the true origin and nature of the handle “Winter” and his pedophilia endorsing ambitions can be found here:
https://preview.redd.it/mrrnlxdf7as41.jpg?width=640&crop=smart&auto=webp&s=9a99440706cd32028d3872c661a6a4581a20ffd6

cryptozone April 12, 2021 8:37 AM

@ Spinning Wheel:

As a silent lurker here thank you very much for sharing such a good source and
thank you for such a easy to read and informative article. I’ve sent research papers on the subject of ADE to friends and family but doubt they read to the end. Your presentation flowed like a conversation. One additional subject recently surfaced in the literature is the possible connection between the vaccines and prion disease, as if everything you covered wasn’t enough.
Thank god I’ve not yet been vaccinated.
Thanks again, great read and links!

Lonesome Reader April 12, 2021 9:33 AM

@Moderator:

The following comment:

https://www.schneier.com/blog/archives/2021/04/friday-squid-blogging-jurassic-squid-and-prey.html/#comment-372319

shows that the user posting under the handle “Winter” appears to be living in a fantasy world not least because he is obviously accusing Reuters and the EMA of “peddles conspiracy theories about COVID-19 and vaccines.”.
Are Reuters and the EMA now part of some dubious conspiracy theory about vaccines? That is completely ludicrous and it follows that said user has either some hidden or more nefariously open agenda at play here.

Thanks for reading and for the hard work you do.

Winter April 12, 2021 9:51 AM

@Logon
“there is the fact that cycle thresholds of pcr tests prior to January 2021 were set way higher than current, and clearly gave significant false positive results.”

High number of cycles picks up lower concentrations of virus RNA. A positive PCR result cannot tell us whether the subject is infectious, just that this subject has had viral particles in his/her tissues. If viral RNA is found in your tissues, this means you have harbored viruses, in layman terms you are or hgave been infected.

If you want to claim false positives, you will have to explain where the viral RNA came from. Because a positive results means that the sample contained viral RNA. PCR results are pretty much like finger prints. If you find a person’s fingerprints at a place, someone must have put them there. If it is not the person whose prints these are, someone else will have had to go to very great lengths to put these prints there. The same with positive PCR results.

And if you want to claim COVID did not cause all those deaths, I am curious to hear what other cause killed an extra 300,000 Americans in 2020?

Barker April 12, 2021 10:01 AM

@ A Boy Pus&sy fu&&cker named Win&ter:

You could eat alphabet soups and shit out better stuff than the absolute pile of utter nonsense you exhale daily.

Like a dried out piece of sh&it that gets sprinkled with some water (or pi&ss in your case) starts to stink again, whenever and wherever you post your stupidity shows again:)

Amen

Winter April 12, 2021 11:02 AM

why do je&ws watch po&rn backwards?

so they can come when the prost&itute hands the money to the guy

When does a pentagon not have 5 sides? When it’s intersected by a plane.

Also, how do you pick up hot chi&cks at Ausch&witz? With a dustpan.

I was working on an abor&tion joke too, but it never fully developed

and about my personal experience:

My girl&friend just freaked me out. She gave me a blow&job but insisted on roleplaying as a 14 year old. Fuc&king weird and gross.

I was like, “You’re going to be 14 in a couple of years anyway, what’s the rush?”

So I was balls deep in my girl&friend once; she looked back at me and said “This is excruciating.” I was like; “Excruciating?! That’s a big word for a 12-year old!”

Hey! You don’t joke about the holocast.. my grandfather died in treb&linka. He fell down a watchtower while on a shift.

Listen man this jokes are really fu&cked up ok, my great grandfather actually died in Treblinka too, he got crushed by some dude falling from the guard tower.v

How many cops does it take to change a light bulb?? ..none they just beat the room for being black.

A man enters a pharmacy and asks for birth control pills for his wife and his 7 year-old daughter.

The pharmacist is a little shocked and asks, “Your 7 year-old daughter is sexually active?”

“No,” replies the man, “she just sort of lays there and cries.

What does a ga&y guy and a tumbleweed have in common? They blow and blow until they get stuck on a fence in Wyoming.

I hate how politically correct we have to be nowadays! You can’t even say “black paint” anymore! You have to say “Jamal, would you kindly paint my fence?”

A little girl walks into the bathroom and sees her father in the shower. Being young and quite naive she points to her fathers penis and asks when she will get ‘one of those’

Her father looks at his watch. “When your mother leaves for work”

How do you stop the black kid from hanging out in your front yard?

Cut him down!

I called my mate after he finished the Boston Marathon. He said he had a blast and can’t feel his legs.

What’s the difference between my gun and my dick? The 8-year old boy doesn’t cry when my gun goes off in his mouth.

What breaks when you give it to a toddler? Her hips.

I’m on the fence about abortion. On the one hand, it kills babies, which I’m all for. But it gives women a choice, which I’m, against.

Those poor kids from Sandy Hook, they wanted books but all they got were magazines.

How is eating pus&sy and being in the mafia the same?
one slip of the tongue and you’re in deep sh&it

Jesus once turned water into wine. Well Ad&olf Hit&ler turned 6,000,000 Je&ws into bars of soap.

Your move, Jes&us.

A Rab&bi and a Pri&est are rowing a boat and a teenaged boy is walking over a bridge. The Pri&est asks the Rab&bi, want to fu&ck him? The Rabbi responds, out of what?

A Mus&lim Imam, Jew&ish Rab&bi, and Cath&olic Pri&est are on a cruise ship when it starts to sink. The Im&am yells, “Think of the children!”

To which the Rab&bi responds, “Fu&ck the children!”

The priest inquires, “Do we have time?”

- April 12, 2021 12:06 PM

@Moderator:

Clean-up crew to isle 13,

1, Barker, #comment-372316
2, Spining Wheel, #comment-372318
3, Logon, #comment-372317
4, Logon, #comment-372320
5, Barker…, #comment-372323
6, cryptozone, #comment-372324
7, Lonesome Reader, #comment-372326
8, Barker, #comment-372329
9, Winter, #comment-372333

Are a past offending troll at work yet again, and/or the breaching of the posting guidlines with sock-puppetry, language not suitable for work, false accusations and much more.

The knee-jerk, alt-right style response by “canned-affrontery” clearly underlines the desperate pushing of a harmful political position, that science currently disagrees with for very good reason.

Freezing_in_Brazil April 12, 2021 2:21 PM

@ Clive Robinson

Dear Clive, would it be ok to translate your post #372261 into pt_BR, and publish it as a point of view of a “prestigious poster of a prestigious Internet Security forum” ?

We need something strong to scare people into action down here, and my native’s POW won do in these lightsless times.

Pretty please?

Regards.

AL April 12, 2021 2:58 PM

I don’t see a problem with Spinning Wheel, #comment-372318
It might not take in everything I’m going to consider, but I don’t see where the comment is out of line.

Separately, in a podcast with CNN’s Dr. Sanjay Gupta, I noticed the doctor has joined an increasing number of people that think the lab leak hypothisis is the most likely explanation for how the pandemic started. (Starts around 28 min, 25 sec, carries on for 5 minutes or so).
https://embed.podcasts.apple.com/us/podcast/sanjay-gupta/id1527832549?i=1000516300481

So, we have a virus with unknown origins that has exceptional contagiousness, and experimental vaccines. And then, we had the “noble” lie at the beginning of the pandemic, the lie that masks don’t work. They opened the door with their noble lie, so don’t blame me, and don’t blame Spinning Wheel. Do we know that is the last noble lie?

My view is, the vaccines aren’t’ as good as stated, but since the consenus is increasingly that there was a lab leak involved, that this bat virus was bred to be extremely contagious in humans. And it appears that it attacks multiple organ systems. We may not know the long term effects of the vaccines, but we don’t know the long term effects of the virus either. So, I don’t think the virus is as good as stated either. It looks like this extreme contagiousness business will allow the variants to proliferate for quite a while, if not forever.

I’m leaning towards taking a non-mRna vaccine. That is my one big disagreement with the “experts”. They say we shouldn’t pick and choose our vaccines – well I choose to do so.

vas pup April 12, 2021 3:31 PM

Thoughtful, inclusive urban design can make streets safer for women – something that has multiple benefits

https://www.bbc.com/worklife/article/20210409-how-to-design-safer-cities-for-women

“Rather than victim-blaming individual women and girls, many people are asking how to transform cities so that female residents don’t have to fear leaving the house. One element of that transformation is thoughtful, inclusive urban design.
==>This involves relatively small changes – like more walkable streets, open gathering spaces and well-lit pathways – so that women feel visible and welcome in public spaces. And while these changes would improve women’s security, they would also help improve cities’ accessibility and liveability for everyone.

Yet it’s clear that, overall, women experience cities differently from men; they might be hyper-aware of male strangers or decide not to go out at all, for example. In Dublin, 36% of women surveyed felt unsafe walking in their neighborhood at night, compared to 13% of men. In Honiara, the capital of the Solomon Islands, 93% of girls in a focus group sometimes felt unsafe in public.

Gender is also the most significant factor in how anxious passengers feel on public transport. The gaps can be enormous: one UK survey found that 93% of female respondents felt fearful while waiting for a train at night, compared to 53% of male respondents, because of poor visibility.

==>A seemingly easy fix would be to install more lights at stations and in other spaces that women or potentially vulnerable people use frequently. But as the Hastings example suggests, this isn’t always easy. There can be ecological, financial and other issues with blanketing public spaces with lights.

Kalpana Viswanath, cofounder of safe-cities organization Safetipin, which ==>has developed apps that map the safety levels of different areas based on factors like lighting and public transport, highlights “visibility in the area” as a key factor in making women feel safe.
==>!!!She describes this as natural surveillance: if a person is walking down the street, it’s the reassuring presence of street vendors, local residents and shop owners, and passers-by. So high boundary walls, for instance those enclosing gated communities, are ultimately harmful to women’s overall safety. Those walls block off the visibility for everyone else.”

vas pup April 12, 2021 3:40 PM

FBI arrest man over alleged Amazon centre bomb plot
https://www.bbc.com/news/technology-56719618

“US authorities have arrested a man who allegedly plotted to bomb an Amazon data center, which he believed would “kill off about 70% of the internet”.

Seth Aaron Pendley, 28, was arrested after receiving a dud explosive device from an undercover FBI agent, and was charged with a malicious attempt to destroy a building with an explosive,

He came to the FBI’s attention after somebody reported his online posts.

If convicted, Mr Pendley could face up to 20 years in prison.

According to investigators, Mr Pendley’s main goal was to damage Amazon’s ==>web server network.

He believed that there were 24 buildings that “run 70% of the internet”, ==>including services used by the CIA and FBI, according to a conversation detailed in the criminal complaint against him.

Damaging them would frustrate the “oligarchy” – or small group of elites – in power in the United States, he believed.

==>Amazon Web Services (AWS) does play a hugely important role in the modern internet, hosting and processing the information behind many popular online services and websites.

Outages caused by a problem at one center tend to knock services offline for several hours at most, and often for a limited number of people or for specific sites.

===>In late January, Mr Pendley began using the encrypted messaging app Signal to detail his plans to bomb an AWS facility – but the recipient of those messages was a confidential FBI informant, investigators said.

On 31 March, the confidant introduced Pendley to a supposed explosives supplier – who was actually an undercover member of the FBI. His plan at this point, according to a recorded conversation, was to attack three Amazon buildings clustered close together.

On 8 April, at the handover of the supposed explosives, the undercover FBI employee showed Mr Pendley boxes he claimed were C-4 weapons-grade explosives, and showed him how to arm and detonate them. After Mr Pendley took the devices and placed them in his car, he was arrested by the FBI.”

vas pup April 12, 2021 3:45 PM

Microsoft makes $20bn bet on speech AI firm Nuance

https://www.bbc.com/news/business-56722862

“Microsoft Corp plans to buy a tech firm known for helping to develop Apple’s Siri speech recognition software in a deal valued at $19.7bn (£13.3bn).

The purchase of Nuance Communications is the second largest in Microsoft’s history, after its acquisition of networking site LinkedIn in 2016.

Microsoft said it would bolster its software and artificial intelligence expertise for healthcare companies.

So-called “telehealth” and remote doctor visits have boomed in lockdown.

This growth is forecast to continue after the pandemic.

“Nuance provides the AI layer at the healthcare point of delivery,” Microsoft chief executive Satya Nadella said in a statement. “AI is technology’s most important priority, and healthcare is its most urgent application.”

The deal, which includes Nuance debt, is expected to be completed this year.

Nuance, based in Massachusetts, was founded in 1992. It employs more than 1,600 people globally and is active in 28 countries.

Known as a speech recognition pioneer, it has more recently focused on providing software to the healthcare industry, such as software that helps to automate radiology reports and makes it easier for doctors to create patient notes by dictation.

Nearly 80% of US hospitals are already Nuance customers, Mr Nadella said. Purchasing the firm will dramatically expand Microsoft’s potential market in the health care industry.”

Laogai April 12, 2021 3:55 PM

“At about 13:49 on May 3, 2018, a catalyst explosion occurred in the hydrogenation reactor of No. 1 hydrogenation reactor of a Pharmaceutical facility causing one death and an immediate economic loss of 1.446 million yuan ($216,061,320 USD). According to the “Safety Production Law of the People’s Republic of China”, the bureau led the establishment of an accident investigation team composed of the Municipal Public Security Bureau and the General Labor Union. At the same time, the People’s Procuratorate of Taizhou City was invited to send personnel to participate in the investigation. The accident investigation team entrusted a professional appraisal agency to identify the accident material certificate and hired three experts to form an expert group to analyze the cause of the accident. In accordance with the principles of “scientific and rigorous, legally compliant, seeking truth from facts, and paying attention to practical results”, the investigation team found out the cause of the accident through on-site investigation, investigation and evidence collection, expert argumentation and comprehensive analysis. In the case of casualties and direct economic losses, the nature and responsibilities of the accident were identified, suggestions for handling the responsible persons and responsible units were put forward, and suggestions for accident prevention and rectification measures were proposed.

Clive Robinson April 12, 2021 4:38 PM

@ Freezing_in_Brazil,

Dear Clive, would it be ok to translate your post #372261 into pt_BR, and publish it

If you wish to, by all means, what I post here, I post for all to read.

However one very minor condition,

“If you ever meet our Host Bruce, buy him two drinks. The first is for his graciousness in allowing us to post. The second, is if Bruce and I finally ever meet, he can buy me a drink”

It’s not a condition I enforce, but it’s a nice idea 😉

We were once in the same building (UCL) at the same time, for entirely seperate reasons but we did not meet (though I still owe Bruce a cup of tea I promised).

SpaceLifeForm April 12, 2021 4:57 PM

@ Moderator, -, Winter, Clive, AL

The list that – put together is accurate. Plus the comment-372340 Winter noted after – list.

As to comment-372318, that may or may not be related to sock puppeting. But appears so based upon time line and the fact that the other comments referred to it.

Bottom line at this time is that it does not matter as to the source of the virus.

It is out there, and we (collective we) must deal with it.

Bitching and whining about the source solves NOTHING.

vas pup April 12, 2021 5:07 PM

What can hackers do with my email address? A lot.

https://www.yahoo.com/lifestyle/email-address-theft-lastpass-premium-gemini-162256342-223830498.html

“Your email address is actually a precious commodity for hackers because ==>it’s essentially “a tile to the mosaic of your life,” says Adam Levin, cyber security expert and founder of CyberScout. And it’s a big tile, because
==>once a scammer connects your email address to your name, the rest of the mosaic can materialize, and that could include your social security number, driver’s license and other identity-theft ammo.

Email theft is a common occurrence — 1.68 billion email credentials were stolen in 2018 alone, according to the Identity Theft Resource Center — and it can have far-reaching repercussions. Think of how often you use your ==>email address as a username for online log-ins, for instance. “Hackers who want to break into your online accounts now have 50 percent of the puzzle,” says Levin.

Once your email address is on a scammer’s radar, it’s game on.
!!!In a laser-focused attempt to learn your online passwords, they can delve into your personal information or even fire off well-disguised phishing emails to get you to disclose the passwords yourself. And if a hacker is able to break into your actual email account, they can start accessing all of your associated accounts and even lock you out while they’re busy doing damage.

!!!The damage can extend even beyond you.
===>“With the password of the main email, hackers can
impersonate the [owner],
send emails to their contact list or send private messages through social networks,” Rafael Lourenco, executive vice president of fraud-prevention organization ClearSale, tells Yahoo Life. “The attacker can ==>spread viruses…They may have access to your physical address, phone numbers, purchase history, workplaces, etc.”

Clive Robinson April 12, 2021 6:01 PM

@ SpaceLifeForm, Moderator, -, Winter, AL

As to comment-372318, that may or may not be related to sock puppeting.

It appears to be the website of a life/personal coach so, my guess would be “unsolicited advertising” or similar, might also apply.

But… as I do not remember seeing the handle “spining wheel” before, and it is within a very short time window of 20mins from the “Barker” post, it is suspicious.

Then there is the “logon” test message 13min prior to the “spining wheel” post and then the second “logon” post is three minutes later. Which is way to short a time to have read the “spining wheel” page and typed up such a lengthy praise/response.

So like you I’ll go with sock puppetry…

MarkH April 12, 2021 6:46 PM

@SpaceLifeForm:

I agree that knowing the origin of Covid-19 won’t help fighting the pandemic!

I have an open mind about the lab-origin question … it’s not impossible. However, I read that the real experts are very skeptical of that hypothesis.

If we disregard the nutty conspiracy theories, it’s very likely a transfer from wild animals, or a sliver of possibility of transfer from a lab with inadequate safeguards.

Epidemiologists have published guidelines for reducing the risk of transfer from wildlife, which are largely ignored.

And people know how to run labs safely. The origin question is interesting, but not the most important.

Clive Robinson April 12, 2021 7:34 PM

@ MarkH, SpaceLifeForm,

I have an open mind about the lab-origin question … it’s not impossible. However, I read that the real experts are very skeptical of that hypothesis.

From what I’ve been told for good reason.

Apparently these “illegal in the US experiments” the lab carried out on behalf of the US Government are sufficiently documented and inspected that the animal species known to be in the lab have been ruled out as an intermediary host for the zoonotic transfer (which is still a missing link).

Whilst that does not say the lab was not involved it’s strongly sugestive that it was not as a result of the research.

It’s been pointed out that it is quite likely that those sourcing research creatures may also have been involved in the more profitable wild animal “bush meat” trade and could easily have supplied restaurants in the area of Whan around the wet market and lab.

Also apparently there appears to be evidence that in other parts of China months before an unknown pneumonia with similar symptoms occured…

Some are even saying it was US officials visiting the lab that released the virus. In a way much like the CIA did on the New York subway several decades ago, to track “infection spread”… Part of that argument is the timing with the bigest movment of Chinese people each year. That is it’s way to coincidental.

But also that “spring festival” is also the time to show conspicuous affluence. Much as we in the West celebrate Xmas with meals out etc, which arguably would have increased the demand for “exotic wildlife” for “bush meat”.

So what to make of it all?

I very much doubt we will ever find out, there is too much disconnect in the science to say anything other than maybe, possibly, not so likely, we can not join the dots together.

The only reason it matters at all, in reality, is to try and prevent similar happening again in the future.

xcv April 12, 2021 7:59 PM

@ Clive Robinson

the more profitable wild animal “bush meat” trade and could easily have supplied restaurants in the area of Whan around the wet market and lab.

“Wuhan” I suppose you mean, although I can’t claim any better correctness of the English spelling than you can.

Anyways it reminds me of Nassim Nicholas Taleb, author of The Black Swan, complaining about overpriced rat-infested restaurants downtown New York City, and the risk of Plague or Black Death, whether that is actually a valid complaint about the rats, or if it’s just some author waiting on book royalties trying to get a nice restaurant meal at a better price.

SomeWhatOld April 12, 2021 11:19 PM

Somewhat old news. From September 2020.

Amazon names ex-NSA chief Keith Alexander to its board
ht tps://www.cnet.com/news/amazon-names-ex-nsa-chief-keith-alexander-to-its-board/

He’s expected to serve on Amazon’s audit committee according to the sec filing
ht tps://www.sec.gov/ix?doc=/Archives/edgar/data/1018724/000101872420000026/amzn-20200909.htm

Wonder what’s he auditing? User data?

SpaceLifeForm April 12, 2021 11:29 PM

@ Ingenuity

Your flight has been delayed for at least a week.

Software fixes are in progress. Prepare for download.

https://mars.nasa.gov/technology/helicopter/status/290/work-progresses-toward-ingenuity-s-first-flight-on-mars/

The Ingenuity team has identified a software solution for the command sequence issue identified on Sol 49 (April 9) during a planned high-speed spin-up test of the helicopter’s rotors. Over the weekend, the team considered and tested multiple potential solutions to this issue, concluding that minor modification and reinstallation of Ingenuity’s flight control software is the most robust path forward. This software update will modify the process by which the two flight controllers boot up, allowing the hardware and software to safely transition to the flight state. Modifications to the flight software are being independently reviewed and validated today and tomorrow in testbeds at JPL.

SpaceLifeForm April 13, 2021 1:10 AM

@ Harry Potter

Interesting article.

I wonder if it (the abuse) may have slipped under the radar if the Skype for Business code was not crappy and actually did caching.

Also, I find it suspicious that the abuse was expanded over time. Almost like they knew it would save them money.

After Microsoft bought Skype, you had to guess bad things would happen.

Jon April 13, 2021 2:34 AM

Lie Detection, the easy way:

1) Ask your suspect a lot of questions.
2) Tell them you know they’re lying.
3) Imprison them in miserable circumstances.
4) Repeat 1,2,3, until they tell you what you want to hear.
5) Claim that as proof they were lying.

That’s torture, of course, but who’ll convict the torturers? And hey, they were ‘just asking questions’, right? And they did catch them lying, didn’t they? Right? J.

SpaceLifeForm April 13, 2021 2:39 AM

@ ALL

WhatsApp?

It’s clear that using email addys and/or phone numbers and/or SMS is not going to cut the mustard.

With FB blaming scraping instead of their crap APIs, they are not going to work at resolving the problem.

https://www.forbes.com/sites/zakdoffman/2021/04/10/shock-new-warning-for-millions-of-whatsapp-users-on-apple-iphone-and-google-android-phones/?sh=735c03467585

Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in. Even two-factor authentication will not stop this.

RIP Terry A. Davis April 13, 2021 3:26 AM

https://archive.org/download/TerryADavis_TempleOS_Archive/videos/2017/2017-07-12T04:47:05+00:00%20-%2008JewishPig.MP4

  • TPTB want you to forget about TempleOS and the idea of “do it yourself” software, unless of course it’s software THEY control! And the idea of “no networking” is peace of mind in the times of Internet of Things and everything connecting to the beast, I mean internet. Men in high and low places harassed this man and may have intentionally led to his death, in my opinion.

Clive Robinson April 13, 2021 3:32 AM

@ xcv,

“Wuhan” I suppose you mean, although I can’t claim any better correctness of the English spelling than you can.

A Typo on my part caused by “Fat finger syndrome” on this mobile phones touch screen

However the anglicisation of non english proper nouns has always been a bit of a disaster.

I remember from five decades ago being told scathingly by a teacher –who had lived through WWII and had yet again coloured my work book in red ink– that, some American’s had decided that the use of doubled vowles was a cause of many spelling mistakes and had thus produced a dictionary without them… Except for what we now call “native American place names”.

I have never investigated if that were true or not, but I note that there are a large number of English-english spelled words with the likes of “ae” whilst the American-english spellings lack them. For some reason (“archaeism” perhaps?) these crop up in medicine, law and the Victorian and earlier “natural philosophy” we now call “the science of the times” like botany. As these involve the tourture of greek and latin words beyond that for which they were originaly intended, I can make a guess that they were a form of Orwellian Newspeak to “keep the proffessional club small” for both profit and to bamboozle others, and thus now a curse for all who follow.

As for, Nassim Nicholas Taleb, yes he is known for his hyperbolic tangential musings, but he may now have not a feeling of smugness, but one that several others have of impotence, over predicting the likelyhood of a pandemic associated with the food chain and being unable to stop it whilst seeing Western politicians etc squandering just about every opportunity to stop it.

Clive Robinson April 13, 2021 4:16 AM

@ Jon,

Lie Detection, the easy way:

Yes, though it has nine steps not five, and it has been taught to most US,Detectives.

Known as the Reid System/Technique[1], it is associated with more false confessions and even tampering with evidence than most could imagine[2], and was significantly involved in a case that led to the largest payout for wrongful conviction the US had seen[3]

[1] https://en.wikipedia.org/wiki/Reid_technique

[2] http://ocdw.com/main/wp-content/uploads/2017/08/Reid-Technique-Article.pdf

[3] https://www.newyorker.com/news/news-desk/juan-rivera-and-the-dangers-of-coercive-interrogation

Also look for the “falsified evidence” the prosecution was going to enter into court. The faux evidence a pair of Mr Rivera’s trainers thay said haf the victims DNA on. Well one of the defence attornies found out, that the trainers were not even on sale in the US at the time of the attack, and the date and time Mr Rivera purchased them and from where was quite a bit after the attack. Unfortunately the jury were never to see this evidence of very probable criminal evidence tampering by the detective taskforce… But even when DNA evidence had cleared Mr Rivera he was still taken to court and prosecuted yet again… Mainly based on the false confession that detectives had extracted from Mr Rivera. Analysis has shown that the only acurate facts in the confession were those fed to Mr Rivera as part of the Reid Interrogation they subjected him to over multiple days.

Winter April 13, 2021 4:33 AM

@xcv/Clive
““Wuhan” I suppose you mean, although I can’t claim any better correctness of the English spelling than you can.”

The official Pinyin spelling is: Wuhan / Wŭhàn (the second with tones).

Pinyin is the official Chinese transcription of spoken Mandarin into latin alphabet. The characters are used to approximate the International Phonetic Alphabet, which does most certainly NOT use English pronunciation. The best approximation in English transcription would be “Woo-hahn”.

Or just paste 武汉 into a Translate app and click the pronounce button.

ResearcherZero April 13, 2021 5:18 AM

Howard Dean on how to prevent emerging economies receiving cheaper vaccines, while also increasing profit.
hxxps://www.newsweek.com/march-not-answer-opinion-1564972

brilliant stuff

xcv April 13, 2021 12:37 PM

https://www.foxbusiness.com/lifestyle/sheriff-ex-dispatcher-accused-of-refusing-to-return-1-2m

A former sheriff’s dispatcher in a suburb of New Orleans has been arrested, accused of refusing to return more than $1.2 million that had been accidentally deposited into her brokerage account, authorities said. // … // Kelyn Spadoni, 33, was taken into custody Wednesday on charges of theft valued over $25,000, bank fraud and illegal transmission of monetary funds, nola.com and WVUE-TV reported. The reports said she was fired by the Jefferson Parish Sheriff’s Office after her arrest.

That’s no “accident” or “mistake.” She had plans for the money, and knew what to do with it right away, just like the Citigroup–Revlon scandal.

https://www.bloomberg.com/news/articles/2021-04-09/citigroup-fights-for-freeze-on-500-million-it-sent-in-blunder

Revlon Inc. lenders that received more than half a billion dollars in accidental payments from Citigroup Inc. are asking a judge to free up the money he’s already ruled is theirs to keep. // … // The bank sued 10 asset managers for the Revlon lenders last summer to force them to return $504 million it had mistakenly wired them, an epic back office blunder that led to a closely watched trial.

A fat-fingered clerical error? No, I don’t think so either.

Winter April 13, 2021 1:11 PM

@xcv
“A fat-fingered clerical error? No, I don’t think so either.”

On the other hand, every time I visit the USA I am appalled by the quality of service by the antiquated financial system. I am totally unsurprised that their back offices make such horrible mistakes.

And I am also not surprised at all that the banks will make the poorest customer pay for the bank’s mistakes.

SpaceLifeForm April 13, 2021 4:55 PM

@ Winter, xcv

In the olden daze, a bank had a department called ‘proof’.

To catch mistakes by tellers. If the ‘proof’ department caught a teller error, they would flag it for the ‘batch’ department.

And the ‘batch’ department could also catch mistakes by the ‘proof’ department.

Sometimes a ‘proof’ department error could be resolved by the ‘batch’ department.

Usually in the case of a human misread.

Exceptions at that point would be kicked back to teller department to be resolved later next business day. The transaction would not be processed that night. The transaction would be removed from the batch.

Every night, Monday thru Friday. Before the transactions were actually processed by computer to update the database.

Oh, did I forget to mention this was paper based?

https://siliconangle.com/2020/12/01/capital-one-closes-all-data-centers-to-rely-on-aws-on-demand-infrastructure-reinvent/

Weather April 13, 2021 5:00 PM

@all
A question, what effect would happen if sha256 was weakened? I’m not thinking much apart from cracking a shadow file.
It shouldn’t be that bad?

JonKnowsNothing April 13, 2021 5:30 PM

@All

From The COVID-Lands Open for Business…

Can you spot the Ring-rZ?

note: names and such have been changed, deleted etc etc.

Your free doorbell camera awaits
When you sign up for Home Security

Then lots of these to bypass some email limitations

  • & z w n j ; & z w n j ;

The Free Part:

1 Requires purchase of new control panel and new subscription to monitoring services. Installation or shipping fees apply….

===

ht tps://en.wikipedia.org/wiki/Zero-width_non-joiner

ZWNJ preheader hack
Preheader is a preview text that’s displayed by most email clients along with an email subject.

(url fractured to prevent autorun)

vas pup April 13, 2021 5:43 PM

Very good video BBC/CLICK on Covid scammers:

https://www.youtube.com/watch?v=unkbbgVM1ZQ

I love starting minute 15 in particular (AI vigilante against scammers. I wish in US they will not chase vigilante, but rather scammers – sorry, but recently looks like LEAs as well as FTC/FCC do almost nothing to protect against scammers. When law is silent, vacuum is filled by vigilantes), but all video is good.

JonKnowsNothing April 13, 2021 5:57 PM

@All

re:What happened to the Sports Heart Monitor Watch?

MSM report about the death of a person that took authorities NINE YEARS to notice. This is a normal death, not criminal. Just an elderly person living on their own.

No one notice that the man had stopped “putting out the rubbish excessively” (1) and neither did any of the technology run parts of business western societies that people deal with daily, monthly, yearly. They just “kept right on ticking/taking”.. (2)

  • Man died in April 2011, based on a carton of milk and a letter that were found in his apartment
  • His pension was stopped in 2018 when the Norwegian Labour and Welfare Administration (NAV) could not get in touch with him
  • His bills continued to be paid automatically from his bank account
  • If he had died 30 years ago, the man would not have remained undiscovered for nine years [when people made physical contact]
  • The failure of new technological systems to raise red flags when someone did not make physical contact was
    “the price we’ve paid for digital services”
    Arne Krokan, a professor at the Norwegian University of Science and Technology.

Field Scientists tracking wild animals use Mortality Event Monitors on the tracking collars. Comes as a shock to hunters illegally or “questionably legal” situations where they kill a tracked animal. The Mortality Event triggers a BIG response to the area: police, helicopters, game wardens all descend en masse to the location.

Zho,

If the man’s pension was stopped 7 years after the death and the auto-pay continued for 9 years, did these companies steal the money from the man’s heirs, bank, or Norway Pensions Department?

===

ht tps://www.theguardian.com/world/2021/apr/09/mans-body-was-found-after-lying-in-norway-flat-for-nine-years-say-police

Man’s body was found after lying in Norway flat for nine years, say police

Oslo death sparks questions about role of technology in reducing physical contact in society

1, 2 movie, idiom quotes.
(url fractured to prevent autorun)

Weather April 13, 2021 11:57 PM

@slf
Can you do me a favor, can you post a sha2 hash, and I should be able to tell you the chars used. Any byte range just 32 different chars at most, less if you want.

SpaceLifeForm April 14, 2021 12:35 AM

@ Weather

This is sha256sum of small file, pure 7-bit ASCII.

e6795bca9d792182eb317b5cd63dd17a9d92abb7c6e3af61699df9c401a6f1ed

Weather April 14, 2021 1:27 AM

@slf
Its 2-5 chain, normal it is quickly than that, I’ll post the range, please post the str

SpaceLifeForm April 14, 2021 1:33 AM

@ Bruce, Clive, ALL

This is certainly a first.

https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-effort-disrupt-exploitation-microsoft-exchange

Today’s [2021-04-13 ed] operation removed one early hacking group’s remaining web shells, which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks. The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path).

xcv April 14, 2021 3:05 AM

@ SpaceLifeForm

https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-effort-disrupt-exploitation-microsoft-exchange

Today’s [2021-04-13 ed] operation removed one early hacking group’s remaining web shells, which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks. The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path).

They’ve got a problem. U.S. courts cannot properly authorize U.S government resources and U.S. employees’ time to “donate” general development work to Microsoft Corporation on that basis.

Microsoft is responsible for fixing its own problems.

The D.O.J.’s job is to go after federal felons, not to “donate” general IT and development work to a private corporation.

Freezing_in_Brazil April 14, 2021 9:15 AM

@ Clive

If you wish to, by all means, what I post here, I post for all to read.

I will do. It is much appreciated. 🙂

However one very minor condition,
“If you ever meet our Host Bruce, buy him two drinks. The first is for his graciousness in allowing us to post. The second, is if Bruce and I finally ever meet, he can buy me a drink”
It’s not a condition I enforce, but it’s a nice idea 😉
We were once in the same building (UCL) at the same time, for entirely seperate reasons but we did not meet (though I still owe Bruce a cup of tea I promised).

You’re kidding? You can see I still have the advantage, no? Ok, I comply. I owe you both a pint. I would be delighted if such an occasion materialized…

Best regards. Peace you all.

Mr. Peed Off April 14, 2021 1:03 PM

Two weeks after it was freed from the Suez Canal, the giant container ship Ever Given is once again stuck.

This time however, the 220,000-ton megaship is not caught in the sand, but snared in a legal row between Egyptian authorities and the ship’s owners over the financial impact of the accident.

The massive ship has been impounded by a court in Ismailia, as the Suez Canal Authority pursues its Japanese owners for the cost of the salvage operation and lost transit fees for the week that the canal was blocked.

https://www.theguardian.com/world/2021/apr/13/ever-given-impounded-as-suez-canal-authority-pursues-salvage-costs

The for-Ever Given headaches continue.

Clive Robinson April 14, 2021 2:11 PM

@ Mr. Peed Off,

The massive ship has been impounded by a court in Ismailia, as the Suez Canal Authority pursues its Japanese owners for the cost of the salvage operation and lost transit fees for the week that the canal was blocked.

This was predicted to happen, and it is going to have very very significant effects in the insurance market.

Not just directly, but via re-insurance and outwards or potentially worse in another LMX type spiral. The longterm lookout will be a significantly increased cost in premiums thus making shipping on effect untenable. Thus this will knock on into “supply chain” issues.

But I expect that Egypt will not get very far legally against the owners who have already started protective court action.

The reason being,

1, The ship was under the control of Port Authority Pilots.

2, The operators of the ship are not the owners of the ship or the goods onboard.

3, The owners have already started their legal action.

For the Egyptions to have even a remote chance of winning they would have to show significant negligence on behalf of the operators or owners. From what has been said publically, they are unlikely to be able to do so.

Thus the Egyptions are in effect trying it on. They have the ship bottled up and are holding it hostage. Neither the ship operators or the owners want to loose the vessel, but it’s probably in their interest to actually walk away and let various tax payers pick up the cost via tax right offs.

vas pup April 14, 2021 5:23 PM

Europe seeks to limit use of AI in society

https://www.bbc.com/news/technology-56745730

“The use of facial recognition for surveillance, or algorithms that manipulate human behaviour, will be banned under proposed EU regulations on artificial intelligence.

The wide-ranging proposals, which were leaked ahead of their official publication, also promised tough new rules for what they deem high-risk AI.

That includes algorithms used by the police and in recruitment.

The use of AI in the military is exempt, as are systems used by authorities in order to safeguard public security.

!!!The suggested list of banned AI systems includes:

==>•those designed or used in a manner that manipulates human behaviour, opinions or decisions …causing a person to behave, form an opinion or take a decision to their detriment

==>•AI systems used for indiscriminate surveillance applied in a generalised manner

==>•AI systems used for social scoring

==>•those that exploit information or predictions and a person or group of persons in order to target their vulnerabilities.

European policy analyst Daniel Leufer tweeted that the definitions were very open to interpretation.

“How do we determine what is to somebody’s detriment? And who assesses this?” he wrote.

For AI deemed to be high risk, member states would have to apply ==>far more oversight, including the need to appoint assessment bodies to !!!! test, certify and inspect these systems.

And any companies that develop prohibited services, or fail to supply correct information about them, could face fines of up to 4% of their global revenue, similar to fines for GDPR breaches.

High-risk examples of AI include:

•systems which establish priority in the dispatching of emergency services

!!!•systems determining access to or assigning people to educational institutes

!!!•recruitment algorithms

•those that evaluate credit worthiness

!!!•those for making individual risk assessments

NB!!!•crime-predicting algorithms.

Mr Leufer added that the proposals should “be expanded to include all public sector AI systems, regardless of their assigned risk level”.

“This is because people typically do not have a choice about whether or not to interact with an AI system in the public sector.”

As well as requiring that new AI systems have human oversight, the EC is also proposing that high risk AI systems have a so-!!!!!!!called kill switch, which could either be a stop button or some other procedure to instantly turn the system off if needed.

“AI vendors will be extremely focussed on these proposals, as it will require a fundamental shift in how AI is designed,” said Herbert Swaniker, a lawyer at Clifford Chance.”

READ the whole article!!!

vas pup April 14, 2021 6:01 PM

The hidden fingerprint inside your photos

https://www.bbc.com/future/article/20210324-the-hidden-fingerprint-inside-your-photos

“When you take a photo, your smartphone or digital camera ==>stores “metadata” within the image file.
!!! This automatically and parasitically burrows itself into every photo you take. It is data about data, providing ==>identifying information such as when and where an image was captured, and what type of camera was used.

It is not impossible to expunge metadata, using freely available tools such as !!! ExifTool. But many people don’t even realise the data is there, let alone how it might be used,
==>so they don’t bother to do anything about it before they post images online. Some social media platforms remove information like geolocation (though only from public view), but many other websites do not.

NB!!!
This lack of awareness has proven useful for police investigators, to help them place unwitting criminals at a scene. ==>But it also poses a privacy problem for law-abiding citizens if the authorities can track their activities through images on their camera and social media. And unfortunately,
==> savvy criminals can use the same tricks as the police: if they can discover where and when a photo was taken, it can leave you vulnerable to crimes such as burglary or stalking.

But metadata is not the only thing hidden in your photos. There ==>is also a unique personal identifier linking every image you capture to the specific camera used, but it’s one you’d probably never suspect. Even professional photographers might not realise or remember that it’s there.

To understand what this identifier is, you first have to understand how a photo is captured. Central to every digital camera, including those inside smartphones, is its imaging sensor. This is composed of a grid of millions of silicon “photosites”, which are cavities that absorb photons (light).
!!!Due to a phenomenon known as the photoelectric effect, the absorption of photons causes a photosite to eject electrons a bit like a nightclub bouncer.

The electrical charge of the electrons emitted from a photosite is measured and converted into a digital value. This results in a single value for each photosite, which describes the amount of light detected. And this is how a photo is formed. Or etymologically speaking, a drawing with light.

The different sensitivities of the photosites creates a type of imperceptible image watermark. Although unintentional, it acts ==>like a fingerprint, unique to your camera’s sensor, which is imprinted onto every photo you take. Much like snowflakes, no two imaging sensors are alike.

In the digital image forensics community, this sensor fingerprint is known as “photo response non-uniformity”. And it’s “difficult to remove even when one tries”, says Jessica Fridrich of Binghamton University in New York state. It’s inherent to the sensor, as opposed to measures, such as photo metadata, that are “intentionally implemented”, she explains.

The upside of the non-uniformity fingerprint technique is that it can help researchers like Fridrich identify faked images.

In principle, photos constitute a rich reference to the physical world, and can therefore be used for their evidential value, since they portray what is. However, in the current climate of ==>disinformation – exacerbated by the ready supply of image editing software – it has become increasingly important to know !!!!!!the origin, integrity and nature of digital images.

Fridrich has patented the photo fingerprinting technique, and it ==>has been officially approved for use as forensic evidence in court cases in the United States. It means investigators can ==>identify manipulated areas, associate it with a specific camera device, or establish its processing history.

Fridrich believes this technology could
!!!also be used to reveal AI-generated synthetic imagery known as deepfakes. And tentative research corroborates this. The distinguishing feature of a deepfake is its photorealism. Having gained infamy in 2018, due to their use in pornographic videos, deepfakes present a tangible threat to the information ecosystem.
!!!!If we are unable to differentiate between what is real and what is not, then all media consumed can be reasonably doubted.

Many colour printers add secret tracking dots to documents: virtually invisible yellow dots that reveal a printer’s serial number, as well as the date and time a document was printed. In 2017, these dots may have been used by the FBI in the identification of Reality Winner as the source of a leaked National Security Agency document, which detailed alleged Russian interference in the 2016 US presidential election.

Despite our chronic predisposition to self-disclose over the internet, we vehemently reserve the right to privacy.

!!! In principle, people should be able to decide the degree to which information about themselves is communicated externally. But in light of what we now know about forensic photo tracking, such self-determination may only be an illusion of control.

Standard metadata is difficult enough to avoid – you have to scrub it afterwards, and the only piece of information you can stop from being created in the first instance is photo geolocation. Photo response non-uniformity, however, is far more difficult to extricate. Technically, it should be possible to suppress, for example, by reducing the image resolution, says Farid. But, by how much? This of course depends on many factors such as the type of device used for image capture, as well as the fingerprint matching algorithm employed. There is no one-size-fits-all solution to fingerprint removal.

So, how concerned should we be about photo response non-uniformity from an ethical standpoint? When I asked Fridrich about the implications of its various applications, she candidly remarked,
===> “a carpenter can do wonders with a hammer, but a hammer can also kill”. While no one is saying that the hidden data inside your photos could be deadly, her point is that this is a
!!!!!!!!technique that could cause harm in the wrong hands.”

Clive Robinson April 14, 2021 7:34 PM

@ vas pup,

Photo response non-uniformity, however, is far more difficult to extricate. Technically, it should be possible to suppress, for example, by reducing the image resolution, says Farid.

You should ask an astronomer…

In principle it’s easy, in practice you are dealing with a very large matrix to multiply out…

As noted each and every pixel is a photo-sensor, to be more precise it is a photo diode and has a response that is logrithmic and is changed by temprature and adjacent photo diodes and interconnects.

Some but not all cameras will give you the raw image, that is the output of every single photo diode in what ever resolution it is.

So you find yourself a room with a flat “neutral” wall and set tje camera up on a tripode that you “nail down” so it can not move… You set the room to a given temprature and then take picture after picture at one light setting and average them out, then do the same at the next setting and so on. When you have the set for one temprature you go on to repeate at the next temprature and so on…

This then provides a two dimensional response graph for each pixel…

Then by the magic of mathmatics you make an inverse so that for each pixel you get a correction curve of light level against temperature.

If you are lucky the curve will be flat with temprature or light sensitivity such that you can do a very simple correction factor or piecewise curve. If unlucky you will need to build a largish table.

The end result is that every raw image you take –which can be hugh– can be corrected and low level amplifier “pink bias” etc can be removed.

Obviously for the fakers, knowing the matrix for their camera and the matrix for your camera alows them to produce a photograph that appears to have that finger print coresponding to your camera’s sensor.

That’s why the “fingerprint” should not be used for forensic evidence, because somebody in the know can fake it better than the –mostly amaturish– forensics people can reliably detect.

It’s just another reason I think that forensics is not science, nor can it ever realy be so… Because if I know so many ways to fritz their tests, how many other people do you think know how to fritz with all the other tests the forensics people run without taking the proper preventative actions to stop fritzing?

SpaceLifeForm April 14, 2021 8:58 PM

@ Weather

the string was ‘Weather’ followed by a newline.

8 byte file, all 7-bit ASCII.

I thought you would have guessed that 🙂

Weather April 15, 2021 1:53 AM

@slf
No 0xca etc, the program is still running, will see if its based around 0x41-0x77

SpaceLifeForm April 15, 2021 2:38 AM

@ Bruce, Clive, ALL

Risk. Cloud. Risk. Cloud.

Seems familiar.

Hmmm, where have I mentioned AWS before?

This is the ultimate in irony. Pure gold. Parse carefully.

https://techcrunch.com/2021/04/13/logicgate-risk-cloud-data-breach/

An email sent by LogicGate to customers earlier this month said on February 23 an unauthorized third party obtained credentials to its Amazon Web Services-hosted cloud storage servers storing customer backup files for its flagship platform Risk Cloud, which helps companies to identify and manage their risk and compliance with data protection and security standards. LogicGate says its Risk Cloud can also help find security vulnerabilities before they are exploited by malicious hackers.

[Apparently not]

Clive Robinson April 15, 2021 5:12 AM

@ SpaceLifeForm, ALL,

I Don’t do “verizon” of which TecCrunch is a part of, as they requir JS, so I’m assuming,

https://lecrab.com/2021/04/13/risk-startup-logicgate-confirms-data-breach/

Is about the same story (and you do not need JS or cookies enabled to read it).

The LogicGate behaviour could be earning them 4% GDPR fine, but it’s difficult to say as obviously they have notified some customers by Email but perhaps not all.

But interestingly as a service provider LogicGate may not be those who are to blaim. From the article,

“LogicGate did not say how the AWS credentials were compromised. An email update sent by LogicGate last Friday said the company anticipates finding the root cause of the incident by this week.”

As we know “credentials” are both “valuable” and at the end of the day very very small thus “easy to copy” surreptitiously.

Also depending on the entire process chain may not even be required (if you can see the symetrical encryption keys on the cloud server, then you’ve no need to grab private keys or break psudo One Time Passwords or the like).

Which brings up this point,

“The credentials “appear to have been used by an unauthorized third party to decrypt particular files stored in AWS S3 buckets in the LogicGate Risk Cloud backup environment,” the email read.”

This is far from the first time AWS buckets have fallen under the spot light. As the old saying has it “Once is coincidence, Twice…, Thrice is enemy action”, or in modern more diplomatic terms is “An indicator of a vulnerability that is potentially being exploited”.

Importantly though is,

“When reached, LogicGate chief executive Matt Kunkel confirmed the breach but declined to comment citing an ongoing investigation. ‘We believe it’s best to communicate developments directly to our customers,’ he said. Kunkel would not say, when asked, if the attacker also exfiltrated the decrypted customer data from its servers.”

The obvious answer if it was a level III type attacker is that they might have no need to. Especially if they already have the files from some other source (think back to Google finding out that the NSA had got into their back end communications).

Also the attackers may not even need the actual data, just see what activity is occuring within which parts of it. Look on it as a cross between “File System Archeology” and “Traffic Analysis”. Those two individual techniques when brought together make a rather interesting attack for cyber-industrial-espionage to say play with on the stock market etc. Not quite “insider trading” but certainly a near ring side seat to the bull ring that some corporations board meetings etc are.

But if it is at the Cloud hardware end then people really need to remember a salient fact, it does after all “take two to tango” when organisations offer a Cloud based service,

1, The Cloud Provider(CP).
2, The Service Provider(SP).

As a customer like as not, you will in reality only have a contract with the SP not the CP (unless you think ahead). Which has a certain set of implications[1][2].

But what can a customer of a SP do as mitigation?

Well it is worth remembering befor you start thinking about Cloud Solutions the implications of the two phrases,

1, Two is one, one is none.
2, It takes at least three to clearly vote.

The last being well known to Mariner’s of old when navigation was by clock, compass, sextant and tables[3].

However even that duplication is insufficient in modern times as “bit rot” in it’s myriad of forms is as common as communications errors are at the lower physical layers. Thus coopting such techniques[4] is more usefull within the data than relying on it being in the file system level. Because the file system belongs to the CP and the data belongs to the customer who has their own legal duty of care.

[1] Something people forget when they sign on the dotted line with an SP is that if a SP-v-CP legal dispute arises it is not the SP with whom they have a contract, that holds their data files, but the CP with whom they DO NOT have a contract[2].

[2] Without a robust contract with the CP, the customer of the SP has little or no leverage on the CP who can within a very wide limit, do more or less as they please including claiming ownership of the data in the files. Even when the CP cooperates with the customer they can “still play cute”. Maybe not as low as a 300baud modem link, but maybe the Internet backwater equivalent… As we have seen certain CPs effectively do this already, they have “data trucks” that rush to pull your data into their Cloud, but then offer only insulting little “data boxes” in a suitcase chucked on the bacj of some low grade package deliverer/shifter truck, in comparison when you want your data back. But… Importantly only if you have a contract with the CP, otherwise “Price is What they can get away with” charging…

[3] If two mechanical devices differ in their outputs, all you know is “something is wrong” but “You know not which errs”, if you have three then you have more of a chance of knowing which errs. Likewise that chance improves with every odd number of entrants in a vote. But the cost of having just three sets of entirely seperated Cloud storage, is likely to be cost prohibitive quite quickly thus other in data methods have to be sought[4].

[4] One of the things people using Cloud rarely add is “bit rot” and “tamper evident” methods to the data they store and use in the cloud. So they have no idea what may have changed and by whom, or even when or how. This is not something ordinary “Crypto Recomendations” can solve[5], only error checking codes and good auditing of the CRUDE operations.

[5] Whilst crypto methods on data offer privacy or “confidentiality” of data, they do not offer reliability and “Integrity”. Also they realy only offer privacy to chosen individuals “Authebtication” if two things happen,

1, The keys are never leaked.
2, The data is never in plaintext outside of the full control of those authenticated to use it.

Obviously if data is “processed” in the Cloud it requires both points to be nullified currently. In effect the only reason to have a relationship with a Service Provider is to “process data in the Cloud” in some fashion…

JonKnowsNothing April 16, 2021 12:46 AM

@Clive, Winter, SpaceLifeForm, All

re: Expect COVID-19 booster shots yearly

MSM Report:

The USA White House + Pfizer CEO indicate that vaccinations need to be renewed 6-9 months after initial jabs and they expect Annual COVID-19 Jabs after that.

Data showed that the effectiveness of the Pfizer and Moderna jabs fade after 6 months. With the increasing presence of COVID-Muts new jabs will be needed regularly.

  • 77 million people vaccinated in the US
  • 5,800 vaccine failures (people got COVID anyway)
  • 396 people with vaccine failures required hospitalization
  • 74 people with vaccine failure died

What is not included or specifically stated is what re-vaccinations people will need when multiple puddles of COVID-19 Muts exist in a given area at the same time.

In sunstroked California, we now officially have 4 COVID-19 variants (1). We can play COVID-19 Poker, 2 variants or better to open.

  Mut-A I’ll open for 2 variants
  Mut-B I’ll see your 2 and raise you 3 variants
  Mut-C I’ll see your 3 and raise you 4. Call.

===

1, Local COVID-19 Muts:
  California Variant, UK Variant B117, Brazil Variant P.1, South Afrika Variant.
  The India Mumbai Variant B.1.617 is currently about 220 miles south.

ht tps://www.theguardian.com/world/2021/apr/15/covid-19-booster-vaccine-white-house

ht tps://en.wikipedia.org/wiki/Poker
(url fractured to prevent autorun)

Winter April 16, 2021 1:48 AM

@Jon
“What is not included or specifically stated is what re-vaccinations people will need when multiple puddles of COVID-19 Muts exist in a given area at the same time.”

Things are not as dire as feared. Immunity against multiple variants is already observed

Covid-19 variant found in SA ‘offers immunity against other variants’
https://www.iol.co.za/news/south-africa/gauteng/covid-19-variant-found-in-sa-offers-immunity-against-other-variants-2be15cfd-419a-46c2-a24d-cdd95de85d45

Freezing_in_Brazil April 17, 2021 2:03 PM

@vas pup

Re Last Squid [Europe seeks to limit use of AI in society]. I didn’t have the time to comment there, but I couldn’t resist replicating it here.

The use of facial recognition for surveillance, or algorithms that manipulate human behaviour, will be banned under proposed EU regulations on artificial intelligence.

That’s the Butlerian Jihad arriving for you. Frank Herbert never ceases to amaze me

@Clive Robinson

Thanks, again.

Paix et Santé

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.