Comments
Ted • June 3, 2022 5:48 PM
Genes are weird. However, that seems like really paradigm shifting research. From Nature:
Within coleoids, however, lineage-specific evolution seems to have been governed by novel gene formation, independent expansions among key gene families, and substantial RNA editing.
This wasn’t my parents’ science. Heck, this wasn’t my science. As far as squid posts, that definitely beats a Far Side squid cartoon I saw earlier this week – a possible repeat. However, this research could explain a few things.
vas pup • June 3, 2022 6:18 PM
Take a look at the ‘Mighty Dragon,’ China’s $120 million answer to the Lockheed Martin F-35 fighter jet
https://news.yahoo.com/look-mighty-dragon-chinas-120-050533795.html
“The F-35’s encounters with the J-20 in the East China Sea impressed a top US Air Force general, the South China Morning Post reported.
In an interview with the Mitchell Institute for Aerospace Studies in March, Gen. Kenneth Wilsbach, the head of US Pacific Air Forces, said China’s ability to defend their nation is “robust.”
The jet has a maximum speed of 2,468 kph and a travel range of 5,926 kilometers, according to the aviation website Aero Corner. By comparison, the F-35A has a maximum speed of 1,960 kph and a range of 2,200 kilometers, according to the Royal Australian Air Force.”
JonKnowsNothing • June 3, 2022 6:44 PM
@vas pup
re: The [Chinese J20] jet has a maximum speed of 2,468 kph and a travel range of 5,926 kilometers
Or in Taiwan Lengths of 100 miles.
Distance is ~25 Taiwan Lengths per hour.
Time to landfall for 1 Taiwan Length == 2.5 minutes.
Number of RT Military Action Runs == 13 Runs per hour.
One run every 6 minutes.
Q: How fast can Taiwan blow up their infrastructure?
A: No one knows, but it better be faster than the Ukrainians did.
Leon Theremin • June 3, 2022 7:47 PM
@vas
A company called Epirus has just been demonstrating a drone armed with a high powered microwave.
Expect to see it being used to kill innocent children. The World now only goes towards more evil, never less.
lurker • June 3, 2022 9:44 PM
@Leon Theremin
There appear to be two different devices, the [. . .] System which looks like it could be about 2 metres square x 0.3m. thick, ground-based:
Independently validated to be operator safe.
which can if needed control the other drone mounted [. . .] Pod
. . . generates a beam of microwaves to overload a target’s electronics, causing drones to drop out of the sky, but doesn’t affect people.
There’s a write-up behind a paywall @NewScientist, and a useless 30sec. clip on YT. You could download a data-sheet for the sacrifice of your sanity. They are presented as Heaven’s answer to the riff-raff who are loading deadly substances on $50 Walmart drones. But as you imply, once a weapon, always a weapon.
Nick Levinson • June 3, 2022 11:34 PM
A book by Bruce impressed someone about privacy and surveillance. That person was from Albania, and he, too, knew about surveillance. He had moved to the U.S. and gotten college degrees including in computer science. He applied for jobs, grilled employers about their privacy policies, and took none of their jobs.
(This was discussed in a BBC radio story May 29, but there’s no link here because the BBC doesn’t offer transcripts and I didn’t find anything else about this story.)
ResearcherZero • June 4, 2022 4:41 AM
The Sword of Damocles
“Pervasive tracking is too opaque and potential privacy harms are never felt immediately. The general argument from tech companies is that consumers can always decide to dive into their browser settings and modify the defaults. The reality is that most people will never do that.”
https://weis2019.econinfosec.org/wp-content/uploads/sites/6/2019/05/WEIS_2019_paper_38.pdf
…users don’t understand this and think their data is being protected, when it is actually not.
https://www.blaseur.com/papers/www18privatebrowsing.pdf
How the ad industry categorizes people:
“anxiety disorders” “legal issues” “incest” “abuse support”
https://www.iab.com/wp-content/uploads/2016/03/OpenRTB-API-Specification-Version-2-5-FINAL.pdf
Who is Google flogging your data to?
Ad Manager Certified External Vendors (4,700)
https://developers.google.com/third-party-ads/adx-vendors
What data is Google flogging about you? 😱 (Ha Ha… a full metric butt-load)
https://developers.google.com/authorized-buyers/rtb/realtime-bidding-guide
How often is Google flogging this data? (excessively)
According to the report, Google transmits the same kind of data more than 70 billion times daily, across both regions. By way of online activity and location, a person in the U.S. is exposed 747 times each day to real-time bidding, according to the data.
“Each time a smartphone user opens an app or website that shows ads, their device shares data about that user to help show them a targeted ad.”
https://www.bloomberg.com/opinion/articles/2022-05-16/privacy-google-transmits-our-personal-data-70-billion-times-a-day
ad platforms transmit the location data and browsing habits of Americans and Europeans about 178 trillion times each year
–
They called at me through the fence
They were not making any sense
They claimed that I had lost the plot
Kept saying that I was not
The man I used to be
They held their babes aloft
Threw marshmallows at the security
And said that I’d grown soft
Call it intuition, call it a creeping suspicion,
But their words of derision meant they hardly knew me
For even I could see in the way they stared at me
The spear of destiny sticking right through me
Oh lord, oh my lord
Oh lord
How have I offended thee?
Wrap your tender arms round me
Oh lord, oh lord
Oh my lord
https://www.youtube.com/watch?v=XqkfzzUoatc
If you were to watch this video for example, Google would learn an entire full metric butt-load about you, your device, your location, your OS and enough extra details to help uniquely fingerprint you.
ResearcherZero • June 4, 2022 5:20 AM
“monitoring social media is increasingly essential for government agencies seeking to keep track of erupting political movements, crises, epidemics, and disasters, not to mention general global trends.”
https://www.iqt.org/wp-content/uploads/2013/08/Using_Social_Media.pdf
companies receiving In-Q-Tel funding
https://www.documentcloud.org/documents/2803266-Iqtdoc.html
Chain Bridge I is seeking to acquire a defense contractor that is poised to benefit from government spending on national security.
https://chainbg.com/press-releases/press-release-details/2021/Chain-Bridge-I-Announces-Pricing-of-200-Million-Initial-Public-Offering/default.aspx
“We intend to identify businesses with emerging technologies that will advance the DoD’s strategy as well as the broader interests of the United States in a period of increasing geopolitical instability”
https://www.sec.gov/ix?doc=/Archives/edgar/data/1845149/000110465922035218/cbrgu-20211231x10k.htm
“Why would we ever need privacy legislation for the internet, when only nerds and librarians will use it?” – Mr Government
ResearcherZero • June 4, 2022 5:27 AM
bees can be “fish” under Californian law
Bumblebees are eligible for protection as endangered or threatened “fish” under California law, a state appeals court held…
the Xerces Society for Invertebrate Conservation, Defenders of Wildlife, and the Center for Food Safety – petitioned the Fish and Game Commission to add the Crotch’s bumblebee, Franklin’s bumblebee, Suckley cuckoo bumblebee, and Western bumblebee to the state’s endangered species list in 2018.
The commission quickly designated all four as “candidate species,” providing them with interim protections while it considered whether to list them as endangered.
the Almond Alliance of California, the California Farm Bureau Federation, and five other agricultural groups filed suit in Sacramento County Superior Court to establish that CESA does not protect insects – a point on which the legislature, agencies, and courts have vacillated since 1980, they said.
CESA itself does not define “fish,” but the law is part of the California Fish and Game Code. The code’s definition includes any “mollusk, crustacean, invertebrate (or) amphibian,” Robie wrote. All those categories “encompass terrestrial and aquatic species,” and the state legislature has already approved the listing of at least one land-based mollusk, the opinion said.
“Accordingly, a terrestrial invertebrate, like each of the four bumblebee species, may be listed as an endangered or threatened species,” Robie wrote, joined by Acting Presiding Justice Cole Blease and Associate Justice Andrea Lynn Hoch.
Matthew Sanders of Stanford Law School’s Environmental Law Clinic hailed the decision as “a win for the bumblebees, all imperiled invertebrates in California, and the California Endangered Species Act.” Insects are “foundational to California’s agricultural production and healthy ecosystems,”
https://www.reuters.com/legal/litigation/bees-are-fish-under-calif-endangered-species-act-state-court-2022-06-01/
fib • June 4, 2022 8:32 AM
Re letter from notable people [including our generous host] about cybercurrencies
I don’t see a copyright notice on the letter page, so I assume it’s copyrighted. In my humble opinion, this kind of material is of utmost importance and needs to be disseminated throughout the planet. I would love to publish the material on my modest long-form Portugese language blog. I fight every day, in solitude, to take the people of my country [and other Portuguese-speakers] out of immobility and apathy.
So, if I were the author of the initiative, I would put it in the public domain, for the good of humanity.
@ Clive
I read that you had problems with moderation when you tried to argue with me about my opinion on the need for some form of mobilization against what I call the social media emergency [last week Squid]. I would love to hear your comments.
JonKnowsNothing • June 4, 2022 8:53 AM
@All
There are numerous articles on the topic of Social Media and Free Speech. The US Supreme Court is interested in this topic and some reports of the views of Justice Clarence Thomas have been discussed.
There are 2 portions of the argument that are underscored.
1, Free Speech as defined in the US Constitution
2, Common Carrier status for Social Media
Much is focused on Topic 1: Free Speech and does a corporation provided platform have to carry topics that are not in their own interest or viewpoint.
Extremes of this would be
- Would CorpA providing information and products to reduce Global Warming, with a Social Media Platform (either internal or common access) be required to carry contrary views of CorpB, that there is No Global Warming, and to promote those views equally or at higher visibility than their own view (cloud tags, trending).
- Would CorpC providing Anti-Choice, Anti-Tolerance views, be required to carry, and promote CorpD contrary views on these topics to the same extent.
- Would there be a difference between a Corp Viewpoint and an Individual Viewpoint. Could 2 Corps qualify but not 1 Corp + 1 Person for inclusions or exclusion. (Corporations, PACS, Influencers, Advertising). Previous SCOTUS rulings have rated Corporations, PACS as having the same level of Rights and Protections as an Individual, even though by fund raising activities, they have more money with which to expound their views (buying a bigger megaphone).
What is not getting too much notice was a comment by Justice Thomas that Social Media is a “Common Carrier”.
Generic Background on Common Carrier
Early on, Common Carrier was defined to be Telegraph and Telephone. Eventually this became controlled by a monopoly called AT&T ( American Telephone and Telegraph Company) (note: AT&T has undergone many corporation changes and name changes, it’s not the Original Ma Bell.)
Later when Cable TV industry developed they requested a carve out for their services which delivered DATA and not VOICE. Since their product was different they should not have the same constraints as VOICE providers.
The US agency in charge of this is the FCC Federal Communications Commission. They divided their rules into the 2 groups.
Things became muddled on the development of VOIP (Voice over Internet Protocol) (1) VOIP travels as digital data packets and is not direct VOICE to VOICE. As data packets it qualifies the same as Cable TV. It is not subject to as many restrictions and taxation issues as VOICE transmissions. It is both VOICE and DATA but is treated more as Pure DATA.
After VOIP became common use by corporations and eventually by the Back End Haulers there is a constant see saw about DATA v VOICE.
During the many years of the development and rulings by the FCC, there are some Big Deal Rulings in both camps: VOICE and DATA. To move either group into the other definition would require overruling important precedent cases. To redefine the groups into a Unified Classification requires the precedent cases to be rejected.
Is Social Media a Common Carrier
Social Media is not a Common Carrier.
Social Media is a set of programs provided by a corporation to “registered users” for their use on a specific platform. Most require some sort of Login application and they have their own rules and restrictions about the content or activities or interactions allowed between members.
Social Media travels along Common Carrier paths
Like any other program that runs across the internet, social media programs run the same protocols and follow the same designs as other applications. Social Media program travel the same pathways as MMORPG games and International Chess games.
Social Media User Population
2022 there are 3.96 billion people using social media around the globe. This number is expected to increase to 4.41 billion in 2025. Approximately 239 Million people in USA use social media, 70% of the population has a login. (2)
What changes the US Supreme Court might envision
Common Carrier is normally the physical connections between points. Data flows over those points and is divided into VOICE flows and DATA flows. DATA and VOICE are independent of the carrying media (satellite, hard wire, wireless).
If SCOTUS decides that “Social Media” are common carriers, there would have to be legislation enacted to incorporate this with current definitions. SCOTUS could also jettison the current definitions and open up the process to redefinition. Currently, SCOTUS has indicated they are willing to set aside long established precedents, and they could reshape the entire FCC scope by including Social Media.
SCOTUS would have to decide exactly which companies would qualify as Social Media Companies. This could be defined by membership, financing, profitability or any other metric.
- Would Social Media Definition only apply to those with Login requirements?
- Would Social Media Definition include only companies with $X in revenue?
- Would Social Media Definition be based on percentage of market share?
- Would a Social Media company at a defined threshold, that decides to “break up” into smaller companies remain in the definition (Once In Always In)(Regional Bell Operating Companies (RBOC))
- Would the FCC continue to enforce the legislated rules or would their need to be a new agency for Social Media? The FCC is normally in charge of enforcement of their rulings. Splitting the physical connections from the application.
- Would the FCC or governing agency levy fees, taxes and charges to provide Social Media to the entire country? Rolling out access to the 30% that are not current users.
- Would there be a mandate to provide similar functionality to landline users?
- What happens to companies and providers that do not fit into the threshold definitions and as such do not have Common Carrier status.
Justice Thomas has stated that Social Media is a Common Carrier, exactly what he intends that to mean is not clear.
===
1) Disclosure: I worked on one of the first implementations of VOIP access in the USA.
2) Statistics from WikiP and other sources. 20-30% of the USA population does not use Social Media. 70% have Login access, that number does not include how many actually login (See Elon Musk vs Twitter).
Fezco • June 4, 2022 11:07 AM
Ransomware attack hits major farming equipment maker:
https://www.pcmag.com/news/ransomware-attack-hits-major-farming-equipment-maker-agco
The dangers of malware and hacking are eventually going to reach the point of endangering the food supply. The solution is not going to be fun. More surveillance and less, let’s just say, digital freedoms will be necessary. Constitutional rights and human rights will be narrowed in the name of security and survival.
lurker • June 4, 2022 1:41 PM
@JonKnowsNothing
Common Carrier is normally the physical connections between points.
Because of the costs, mainly geopolitical and financial, the physical connections are owned by a small number of operators. To give the appearance of competition in the market, and avoid definition as Common Carriers these physical link operators lease space on their lines to Virtual Network Operators, who are often also Internet Service Providers. It is these latter who are the modern Common Carriers.
Some Social Media might by virtue of its place higher on the stack argue that it is not a CC. But the bigger SMs own and/or operate their own VNO. Was Justic Thomas arguing from such a technical viewpoint?
JonKnowsNothing • June 4, 2022 3:16 PM
@lurker, @Clive
re: Ground Wires Public or Private
There isn’t much that I’ve read about what Justice Thomas is thinking as a practical implementation other than (paraphrased) “declare it Common Carrier and be done with it”.
Anyone can drop wires in the ground for both public and private use.
Some years back, San Francisco got so tired of their main thoroughfare constantly dug up for new trenching, they put a hold on new trenches after a particular date. The city said they would hold the trench open until that date and anyone who wanted to lay fiber optic cable (or other) got a dig number with a start date along with their permit. Of course, it wouldn’t be a story if it went well. Some of the last groups didn’t get their cables laid because the previous ticket finished early (like a 1 or 2 days) and as a courtesy to the City of SF, back filled the trench. The City refused to reopen the trench and the tail-end cable companies got wagged.
The problem with the huge fiber rings is the construction costs for in ground cable. The big back haul companies, the backbone folks, have enormous investments in trenched fiber optics.
Unless you are 100% internal cabling, similar to what @Clive et al recommend, you are going to travel on some part of that huge system. Once you step out on to the internet you are in Common Carrier territory.
There is another wrinkle and that’s what’s called Public Utility in the USA. It can be connected to Common Carrier in some cases. Pubic Utilities are heavily regulated Federal, State, County, Municipal, District, Zone. Water, Electricity, Gas.
It might be that Justice Thomas considers Social Media to be more like a Public Utility that people pay access for through their internet subscriptions using their ISP’s access to the Common Carrier paths.
Since the currency of Social Media is paid by user data collection and not financial subscription it might appear that Social Media is free access.
If it’s free access and you are discriminating against a “lawful” point of view it might be considered like a public bus.
Anyone can get on the bus and bus systems have to provide access to people who might be disadvantaged (wheelchairs and bicycles and kneel-down buses). The bus travels the “common carrier” road paths but the paths have nothing directly to do with the bus.
The only impact the roadway has is in the bus routing. Discrimination can take place in having bus routes that do not provide equal service to the members of the public based on their routes. Reroutes happen all the time.
Perhaps Justice Thomas sees the Social Media with Restricted Lawful Points of View like a badly configured bus route.
vas pup • June 4, 2022 3:45 PM
@Leon Theremin • June 3, 2022 7:47 PM
Thank you for input. Unfortunately, my post you’re responding to was sanitized by Moderator even it was not from Russian, Chinese, Iranian or N Korean source, but from BBC/UK. Sometimes I was thinking Moderator is actually AI feed for learning with not good input. Bitter joke.
SpaceLifeForm • June 4, 2022 5:00 PM
Tricks with routing
I have my strong guess based upon dots going back for years. I am not going to say my guess.
hxtps://www.vice.com/en/article/qjbggq/anom-third-country-europe-european-union-fbi
That country obtained court orders under its own laws and acted as the data bottleneck that allowed the FBI to monitor Anom phones.
lurker • June 4, 2022 6:29 PM
@SpaceLifeForm
The third country agreed to obtain a court order in accordance with its own legal framework . . .
Normally “country” would mean the sovereign entity, which must mean loose writing by the author to obscure the actual agency of the country which was dealing on an equal basis with US agencies. Somebody must have owed somebody a back scratch.
Clive Robinson • June 4, 2022 6:37 PM
@ SpaceLifeForm, ALL,
Re : I am not going to say my guess.
Well the EU Countries I would put on the list due to their legislation are,
1, Belgium.
2, France.
3, Germany.
4, Holland.
5, Sweden.
The Dutch have some of the most liberal wire-tap laws around as far as Law Enforcment is concerned. They have been used quite a number of times for “Serious International Crime” investigation both for online and more traditional crime such as drugs, human exploitation and worse.
The Swedes are one of the most crypto savy countries in the world when considered by population size, and one heck of a lot of telecom kit for “infrastructure” is designed there. Like the UK they say next to nothing about what their IC gets upto with regards electronic systems. They are however a “respected partner”.
The French have spied on just about everyone as routien and untill recently enforced anti-crypto laws that were considerd quite draconian to assist in their surveillance on individuals and companies. In the past they have openly admitted that state agencies carrying out industrial espionage was less expensive than R&D… And as I’ve mentioned in the past I have first hand experience of catching them in the act.
The Germans have a real problem, as you know they have and still do work very tightly with the US IC and many of their IC like those in the UK “see themselves as above the elected Government”. However the issues with East Germany, has made much of the German politicians and citizens extreamly sensitive to surveillance and privacy invasion. So much so the likes of the BSI have entered into a strange dance with the BND since their “divorce”. Worse it became clear about five years ago that there is no parliamentary control over the BND infact the opposite, with an enquiry concluding with elected members “co-opted into the conspiracy”… In fact it’s been pointed out by some that the BND is effectively the NSA German Field Office, much like that of New Zeland. Worse that the “usual suspects” of NSA associated US Corps are effectively running wild without any restraint or oversight in Germany… This includes Lockheed Martin, Northrop Grumman, and Booz Allen Hamilton. All of whom were named in a “leaked” Jan 2014 email from the German chancellery.
As for Belgium, it’s hard to say what goes on there for various reasons. However it has been used to spy on many individuals including academics and researchers.
But these are just those we have sufficient now “public domain” information.
Perhaps a better way to work out the most likely suspects is to “map the data flow”. Remember we are alegedly dealing with Law Enforcment(LE) not Inteligence Community(IC). LE reach is generally “within borders” and “within jurisdiction” only… Where as the IC is not constrained in either way, so could be Swedish IC illegaly inside Belgium exchange equipment using backdoors developed by Swedish equipment manufacturers (look back at the CIA/NSA Olympic operations).
So if LE is doing the surveillance, if the traffic does not pass through their jurisdiction and borders in theory you can not touch it. As I’ve mentioned before there are for historical reasons flows of traffic going through certain countries that are pinch / choke points. One such is the UK where one heck of a lot of sub-sea cables come up, and because of that a lot of satellite down links as well.
Mapping out these geo-info flows and choke / interchange points, will give a list of likely “crime scenes” as it were, and which “butlers parlor” it was in.
Clive Robinson • June 4, 2022 7:10 PM
@ Lurker, SpaceLifeForm, ALL,
Re : Somebody must have owed somebody a back scratch.
Not of necessity, somebody may have been opportunistic.
Let us say Country A has a taskforce investigating some type of Serious Crime, and they gather evidence, some of which has intetnational relevance. They can just give the evidence to other countries B,C,D,E etc, to get “publicity” and or “brownie points” at home and abroad.
We’ve seen this before, you may remember back to the FBI handing out falsified evidence on Child Exploitation on the internet by a US company –Landslide– acting as a payment gateway (look up US Operation Avalanche, UK Operation Ore). Not only did the FBI falsify web images, they handed over credit card holder details knowing full well a lot of the credit card details had been stolen and were being used illegally by criminals in the likes of Hong Kong.
By the time the truth came out FBI personnel had got their promotions etc and many innocent people had had their lives ruined, loosing their jobs, being divorced or having access to their children blocked, some had suffered extream mental distress that years later they still suffer from, and some had even killed themselves.
Clive Robinson • June 4, 2022 8:37 PM
@ JonKnowsNothing, lurker,
Re : “declare it Common Carrier and be done with it”
The history behind “Common Carrier Status”(CCS) goes back before mechanical, electrical, or electronic communications, to a time when “horse power” realy did involve bales of hay.
In Elizabethan England various sedition laws were brought in some of which covered “Plays, writings, and Public Displays”.
One of the things that became covered by it was “news papers and pamphlets” that became common in the Victorian era. A newspaper printed in London had only limited circulation, thus a publisher would pay to have bundles of them to be taken to places like Edinburgh. The problem was under the acient legislation if the newspaper or pamphlet was found to be sedicious etc then all involved from the pen of the writer to the eye of the reader were guilty.
So for a postal service to work they had to be exempted thus a distinction was brought in between “transportation” and “distribution”.
Put overly simply if your job was to simply move the newspaper or pamphlet without any knowledge of the content AND you provided the same “sight unseen” service to all at a uniform rate then you were transporting as a “Common Carrier” thus were legaly protected. If however you did not offer a sight unseen service “to all at a uniform rate” then you were considered a distributor and were not legaly protected.
Problems realy started with the telegraph, because the operator became privy to the “content”. So a “don’t see, don’t tell” notion was introduced. However many did not trust this, and so the advent of “commercial codes” arose. The problem was that the “rate” was not be weight or distance but by word. Thus some codes used very long words not as words with meaning but instead of pointer numbers in traditional codes.
This caused all sorts of issues, and eventually an international agreement on the “Five letter word” was put in place. Which is why many cipher machines output is in upper case letters in five letter groups with ten groups to the line.
As things moved from the mechanical senders / receivers to electrical with “private offices” rather than “public offices” the “Common Carrier Status” got further stretched. Likewise with the early telephones where the “opporator” effectively “sat in” to determin when a call was finished.
But one part of Common Carrier that has always been a subject of controversy was confidentiality. Officially it was “sight unseen so could not tell” even though when nolonger in an envelope or cover messages could be seen/heard there was also the problem of the “ledger”. In many places the “Post Master” would write in a ledger who was sending a letter, it’s weight, the fee, and to whom it was being sent[1]. This information was not covered by the “don’t tell” legislation. These days we call this ledger information “meta-data” and the ledger it’s self “third party business records”. What level of legal confidentiality these have vary wildly from jurisdiction to jurisdiction.
It is thus wise to assume everything is “recorded” these days, even written messages in envelopes. Further that “to all at uniform rate” nolonger applies either. Thus “Common Carrier Status” now has a very different meaning than it’s name would imply.
In short it’s effectively a “get out of jail for free card” for anyone who does not “hold the pen” regardless of if they are publisher, distributor, or transporter. Which brings up the problem of §230 of the 1996 “Communications Decency Act”(CDA), which understandably often gets confused with Common Carrier Status (if you ignore the historical perspectives or the legal reasoning).
The problem is that information is not tangible, it is impressed on tangible objects of energy/matter to be,
1, Communicated.
2, Stored.
3, Processed.
In times passed with tangible matter objects such as a printed page it was possible to reason about each action as being effectively independent. Now however with electronic objects that are “Bag of Bits”(BoBs) where each bit / byte / packet is an object in it’s own right and can be treated as such the reasoning falls apart at a very fundemental level.
[1] One reason for this was for people who picked up their letters from a post office, which you can still do in quite a few places, and is useful if you are “touring” from place to place. The problem was letters that were not picked up were supposed to be returned to the sender, thus the requirement for the ledgers to account for this. You still see this when you send “Registeted Post” or “Signed for Delivery Post” where legal “Proof of delivery” is required.
ResearcherZero • June 4, 2022 11:26 PM
Feeding souls to the “Dark One”:
“Right now, they are on board,” Ridd said in one phone conversation to plan the ambush operation, referring to top Justice Department and FBI officials. “I have to periodically go up to the throne room and recommit them. … We actually have a lot of buy-in and a lot of support, but I do need to feed the beast.”
https://theintercept.com/2022/06/03/fbi-ambush-leak-reporter-source/
The CIA has the ability to hack the computer systems built into a wide range of consumer products, including cars, televisions, and home appliances.
In the wake of Edward Snowden’s leak of classified National Security Agency documents, intelligence officials moved to label WikiLeaks an “information broker,” which they distinguished from journalism and publishing. In an extraordinary assault on the press, the officials also pushed to apply the same designation to Intercept co-founders Glenn Greenwald and Laura Poitras in a related but failed effort to strip them of First Amendment protections in the wake of the NSA leaks.*
The Obama White House rejected that effort as it related to all three, but under Trump, officials successfully applied the “non-state hostile intelligence service” label to WikiLeaks.
A former official told Yahoo News that the more aggressive label was “chosen advisedly and reflected the view of the administration” and allowed Pompeo and his lieutenants to think more creatively about how to target Assange. Those plans involved both kidnapping and assassination.
https://news.yahoo.com/kidnapping-assassination-and-a-london-shoot-out-inside-the-ci-as-secret-war-plans-against-wiki-leaks-090057786.html
“My concern is that the use of the novel phrase ‘non-state hostile intelligence service’ may have legal, constitutional, and policy implications, particularly should it be applied to journalists inquiring about secrets,”
“The language in the bill suggesting that the U.S. government has some unstated course of action against ‘non-state hostile intelligence services’ is equally troubling.”
“Congress ought not react in a manner that could have negative consequences, unforeseen or not, for our constitutional principles. The introduction of vague, undefined new categories of enemies constitutes such an ill-considered reaction.”
https://www.wyden.senate.gov/news/press-releases/wyden-secures-key-amendments-on-fy2018-intelligence-authorization-act
Top officials of the Central Intelligence Agency impeded an internal investigation into evidence that the agency’s former director, John M. Deutch, mishandled large volumes of secret material, a classified report by the agency’s inspector general concludes. The inspector general’s report discloses that just three days after Mr. Deutch learned that his computer practices were under review, he deleted more than 1,000 classified files from his personal computers.
Mr. Deutch refused to be interviewed by the security staff, and senior C.I.A. officials allowed him to avoid being questioned, according to the report.
Without an interview of Mr. Deutch, the C.I.A.’s security unit ”washed its hands” of the investigation, according to one security official interviewed by the inspector general’s office.
In the fall of 1997 the security office recommended to Mr. Tenet that Mr. Deutch be granted security clearances to serve on an outside commission on weapons proliferation.
https://www.nytimes.com/2000/02/01/us/cia-inquiry-of-its-ex-director-was-stalled-at-top-report-says.html
“My case was part of a broader crackdown on reporters and whistleblowers that had begun during the presidency of George W. Bush and continued far more aggressively under the Obama administration, which had already prosecuted more leak cases than all previous administrations combined.”
Obama officials seemed determined to use criminal leak investigations to limit reporting on national security. But the crackdown on leaks only applied to low-level dissenters; top officials caught up in leak investigations, like former CIA Director David Petraeus, were still treated with kid gloves.
https://theintercept.com/2018/01/03/my-life-as-a-new-york-times-reporter-in-the-shadow-of-the-war-on-terror/
- Note: The “information broker” label was also applied to Kim Dot Com.
Winter • June 5, 2022 2:09 AM
@Security
“Neither the Constitution, nor state law, impose a general duty upon police officers or other governmental officials to protect individual persons from harm — even when they know the harm will occur,”
Common law seems not to formalize a Duty to Rescue. However, civil law systems generally do.
ht-tps://en.m.wikipedia.org/wiki/Duty_to_rescue
If the law says everybody has a duty to do what is reasonable to rescue a person in peril, that also holds FOR LEO’s. And the bar for what is reasonable is higher for LEO’s.
Side note: If the law requires you to help, you cannot sued for damages for doing so. That favorite pastime of the US is extremely rare in Duty to Rescue systems.
Clive Robinson • June 5, 2022 2:18 AM
@ ResearcherZero,
Just so everyone understands “the law”, as it’s in the news from time to time
In most places the police are only required to “protect the kings peace”. That is they are the sovereign states “Guard Labour” in most places. Thus there to stop riots and insurrection, not crimes against individuals or private property.
Which can put you in an awkward position…
Say you or your property come under attack, and you call the police and then defend yourself or your property, you can be the one charged with breach of the peace or a lot worse whilst the criminals get to walk away.
This often happens with people who are suffering from bullying neighbours and similar in the UK. Who when trying to defend themselves or their property end up on the end of anti-social behaviour orders and the like.
Winter • June 5, 2022 2:23 AM
@JonKnowsNothing
SCOTUS would have to decide exactly which companies would qualify as Social Media Companies.
The EU is moving in the same direction with the e-commerce directive:
ht-tps://ec.europa.eu/growth/sectors/tourism/business-portal/understanding-legislation/legal-regulations-e-commerce_en
ht-tps://digital-strategy.ec.europa.eu/en/policies/e-commerce-directive
However, the e-commerce directive is broader than free speech and is targeting consumer protection. Consumer protection is not very popular in the US I understand, so I do not expect to see anything in this direction from the US courts or politics.
John • June 5, 2022 3:33 AM
hmm….
Seems like another silly argument about:
Common Law verses Written Law.
Do we want to live in an eye for and eye, tooth for a tooth world,
Or do we want to live in a ‘I learn to love myself and spread my love to those near me’ world?
John
ResearcherZero • June 5, 2022 3:54 AM
No more “on water” and “under water” kickbacks for ex-PM and pals
A load of anonymous senior Liberal Party officials have gone absolutely fkn in on ex-PM and ex-Party Leader Scott Morrison. They particularly slammed his willingness to defend transphobia and that last-minute superannuation policy. Yep, that one.
These officials spoke to The Saturday Paper, which says it interviewed more than a dozen sitting or ex-Liberal MPs, advisers and officials.
One MP blasted the fact transphobia became such a big part of the campaign.
“We spent a full fking week being transphobes in Parliament and then we spent weeks during the campaign doing the exact same thing, and it was fking insane,” they said.
“The transphobe thing was an absolute disaster.”
“He fked us and his fingerprints are absolutely fkin’ everywhere on that. The bloke thinks he is a master strategist. He is a f**kwit,”
(paywalled)
https://www.thesaturdaypaper.com.au/news/politics/2022/05/28/coalition-loss-the-transphobe-thing-was-absolute-disaster
(not)
https://www.pedestrian.tv/federal-election-australia/anon-liberals-blast-scott-morrison-election-loss/
A small portion of a rather long list of kickbacks…
DCNS sub-mission (now Naval Group)
The ABC can reveal one of Prime Minister Scott Morrison’s key political confidants was recently hired by the French state-owned shipbuilder Naval Group to help improve a rocky relationship with the Defence department, and to secure a crucial Strategic Partnering Agreement (SPA).
“ECG Advisory Solutions“, a lobbying firm founded by former Liberal party candidate David Gazard, has been advising Naval Group since last year on how to handle the difficult SPA negotiations with Australia. Mr Gazard, who was chief of staff to former New South Wales Liberal leader John Brogden, began his friendship with Mr Morrison when he was the Liberal Party’s State Director for the 2003 election.
In a statement, Naval Group confirmed the arrangement but did not disclose how much Mr Gazard’s company was being paid for its lobbying services.
https://www.youtube.com/watch?v=3QhEqr9R6Ac
The French company awarded the right to build Australia’s $50 billion submarine fleet is embroiled in a multi-million dollar bribery scandal over a submarine contract in Malaysia. The allegations in Malaysia have engulfed the country’s prime minister and spun out into a sordid tale of bribery, blackmail and murder.
French prosecutors now allege that DCNS engaged in “active bribery of foreign public officials” to win a $US2 billion contract in 2002 to build two Scorpene-class submarines for Malaysia.
https://www.smh.com.au/politics/federal/contractwinning-french-sub-builder-dcns-tied-up-in-deadly-malaysian-bribery-saga-20160523-gp17ce.html
French prosecutors have charged a French businessman involved in Malaysia’s $US2 billion ($2.8 billion) purchase of two French-Spanish built submarines with paying illegal kickbacks to a Malaysian official linked to Mr Najib, according to the French newsagency AFP.
https://www.smh.com.au/world/troubles-resurface-for-malaysias-najib-in-europe-20160130-gmhmn0.html
Questions about the submarine deal became more intense and sharp in October 2006 after the body of Mongolian model and translator Altantuya Shaariibuu was discovered in the jungle outside Kuala Lumpur. She had been shot in the head and an attempt had been made to destroy her body with military C4 explosives.
Altantuya was the jilted lower of Razal Baginda and she had last been seen causing a scene outside his house.
A few years before she had been a model in France, and in 2004 she accompanied Razal Baginda to act as translator when he was negotiating the Scorpene deal.
In a handwritten letter found after her death, she said she intended to confront Razak Baginda and demand $500,000 as the price of her silence on the details of the Scorpene agreement.
https://web.archive.org/web/20120513032843/http://www.vancouversun.com/business/French+judges+begins+bribery+probe/6576987/story.html
A highly-confidential government document on the Malaysian Navy’s evaluation of the Scorpene submarines it planned to buy was sold by Terasasi (Hong Kong) Ltd to French defence giant DCNS for €36 million (RM142 million)
https://web.archive.org/web/20160304064208/http://www.themalaysianinsider.com/malaysia/article/razak-bagindas-firm-sold-malaysian-naval-secrets-to-french-says-lawyer
Some 22,400 pages of data related to the six Scorpene-class submarines that the French government-owned company DCNS was building for the Indian Navy have been leaked
The leaked documents list out the frequencies at which the submarines gather intelligence and the levels of noise the subs make at various speeds, the news report said. They also contain information on the submarine’s diving depths, range, and endurance, besides its magnetic, electromagnetic, and infrared data.
https://qz.com/india/764665/764665/
Thales own 35% of DCNS and are the controlling shareholder with 64% owned by the French government and 1% owned by employees.
https://www.thalesgroup.com/en/worldwide/press-release/thales-delighted-dcns-has-been-selected-australia-renewal-its-submarine
“abuse of process”
When replacing the old Council of Australian Governments forum with a “national cabinet” comprising essentially the same people, Morrison ensured their deliberations would no longer be accessible to the public by invoking cabinet confidentiality. In 2019 he set up the new Cabinet Office Policy Committee, which comprises only one permanent member — himself — enabling him to hold meetings protected by cabinet confidentiality, even if no other cabinet members are present. The man once famous for hiding uncomfortable “border-protection” truths behind the justification of “on-water matters” has made secrecy a principle of executive government.
Australia’s regulator for privacy and freedom of information, already under-resourced, failed to achieve seven of its eight performance goals for the 2019–20 financial year, yet faces a funding drop from around $22 million in 2020–21 to around $13 million in following years. In the meantime, data provided to Guardian Australia showed that Morrison’s own office complied with legally imposed deadlines in just 7.5 per cent of the freedom of information requests it received in 2019–20. The information commission’s latest annual report showed that practical refusals in the FOI system were up by 71 per cent in a single year, and delays also increased. Complaints were up by 79 per cent.
…and details of just a few of the kickbacks and corruption over the last few years
https://www.themonthly.com.au/issue/2021/february/1612098000/nick-feik/scandals-he-walks-past#mtr
“There’s nothing in front of me which says he’s done anything outside of the rules,”
https://www.smh.com.au/politics/federal/just-throwing-mud-morrison-defends-minister-over-pork-barrelling-20210212-p571v4.html
Winter • June 5, 2022 7:07 AM
@John
Seems like another silly argument about: Common Law verses Written Law.
No, it is a silly argument about “Duty to Rescue” or not.
Some people are adamant that they are not bound to lift a finger to save someone’s life. Others argue you should be required to do so by law.
The boundaries between these two legal visions largely follow Common versus Civil law for no apparent reason.
Do we want to live in an eye for and eye, tooth for a tooth world,
I cannot phantom what this has to do with “Duty to Rescue”.
Nick Levinson • June 5, 2022 8:19 AM
@JonKnowsNothing & @Winter:
On whether a court must decide an issue:
Lawrence Lessig, law professor at Harvard, in one of his books described an argument he made to the Supreme Court and how the court would have to respond. In the book, he recounted a discovery: the Court could ignore the argument completely, and did.
As one Justice noted in another context, the most important rule of the Court is the rule of 5: an opinion of the Court (generally) requires 5 Justices to sign on. That could lead 5 Justices to agree to be silent on a particular issue. And it’s not like a party could sue the Court for having ignored the argument, or even persuade most of the press to cover the omission. Maybe U.S. Law Week would, but not many nonlawyers read that.
JonKnowsNothing • June 5, 2022 9:31 AM
@ Nick Levinson, @Winter, @All
re: The Court doesn’t have to Define it even if they Declare it .
I’ve been considering this as a likely possible outcome too.
SCOTUS has not always been interested in Definitions from the standpoint of New Uses. (Judicial Activism)
SCOTUS is currently highly absorbed in Definitions from the 1700-1920 USA eras. (Judicial Minimalism, Judicial Originalism, Judicial Textualism)
SCOTUS is always fixated on US English Grammar and the placement of a Period(Full Stop) or Comma and other punctuation can shift the entire argument to a different view.
Using the Declare It and leave it to Others to Define It, might appeal to more Justices because it would force the situation back into the laps of the Congress or FCC to do the definition.
It is a good point that SCOTUS does not need to follow any arguments or filings or reasonings (Amicus Curiae) and there have been some “SURPRISE” rulings.
iirc(badly) Once the Court has accepted a brief, they normally issue a ruling. If they don’t accept the brief-petition they can send it back to the lower courts to kick the can about some more or they can Just Say No. Once they take the brief they can also send it back to the lower courts if they don’t have the magic numbers for a ruling or they want the lower courts to do more research on the topic for them.
The end of the SCOTUS term for 2022 is soon (June-July). They can release their rulings over the summer (drip). At some point the Big One is going to get fully released and I’m sure all the SCOTUS Justices will want to be Out of Town when it hits the news. Since the leaked version is not the full version, there is still the possibility of a Jump The Shark Moment when it does. It’s not likely, but can you imagine what fun that would be?
As for the FCC, they will likely get the first hit on the definition of Social Media as a Public Access Point.
===
Search Terms
Judicial interpretation
h ttp s://www .scotusblog. com/
(url lightly fractured)
Winter • June 5, 2022 9:44 AM
@JonKnowsNothing
Using the Declare It and leave it to Others to Define It, might appeal to more Justices because it would force the situation back into the laps of the Congress or FCC to do the definition.
Which is as it is supposed to be. SCotUS is not supposed to write law. Congress is designed to do that. The incompetence and ineptitude of Congress (not to delve into pathological mind states) does not absolve them from their duties.
Nick Levinson • June 5, 2022 1:44 PM
@Winter & @JonKnowsNothing:
The notion that law in the U.S. is to be written by legislatures and not by courts (putting aside the executive branches of various governments) is widespread, especially among legislators and nonlawyer voters, but wrong. The courts, too, are charged with writing law.
Example: When fraud is against the law and someone brings a case alleging it and the opposition denies committing it, legislatures had not had the time to keep up with the forms fraud can take and still don’t and legislatures effectively delegate part of lawmaking to courts. Courts can do this on a case-by-case basis. The judge instructs the jury on the law of fraud as it might apply to the case. Jury deliberations are secret, but the loser can appeal on the instructions’ content. An appellate court agrees or disagrees with the instructions and publishes its opinion of the appellate court. The opinion becomes part of the law for subsequent cases. Lawyers, their clients, and others are thereby informed of the new law or that the law hasn’t changed. Law is that which can be enforced as law generally is, and is not limited to certain forms such as statute.
Example on courts writing law: Marbury v. Madison has long been settled law. I know of no effort to overturn it, even though the U.K., whose historic common law is ancestral to ours, has not the same law as Marbury.
It may be that in many promulgations no provision explicitly gives that authority to a court. That no longer matters, if it ever did. The principle of antiquity likely applies, and antiquity likely can be traced back to the first common law decisions, around 14 centuries ago. Whenever it began, the practice is well established. Should there be a desire to change it, a U.S. Constitutional amendment may be the only way to go.
Winter • June 5, 2022 3:30 PM
@Nick Levinson
The courts, too, are charged with writing law.
To a degree. The abolition of slavery and universal suffrage were not the result of SCotUS decisions. Some laws can move with the times, some changes require new laws.
It tends to be more democratic when laws are (re-)written by representatives with a clear electoral mandate instead of by people who have been selected long ago using opaque dealings by those who were elected representatives at the time.
Justice should be dealt impartial and independent of politics. Laws are inherently political, and should be written in a political process.
vas pup • June 5, 2022 4:55 PM
@Winter said “It tends to be more democratic when laws are (re-)written by representatives with a clear electoral mandate instead of by people who have been selected long ago using opaque dealings by those who were elected representatives at the time.”
Agree 100%.
SpaceLifeForm • June 5, 2022 6:36 PM
Narrator: “It was a Genius Gambling Strategy”
hxtps://nitter.net/EdzraR/status/1532820239787995137#m
roper • June 5, 2022 8:26 PM
– Tails Linux 5.1 is out
“This release fixes the security vulnerability in the JavaScript engine of Firefox and Tor Browser announced on May 24.
This release was delayed from May 31 to June 5 because of a delay in the release of Tor Browser 11.0.14.”
= Get it:
https://tails.boum.org/news/version_5.1/index.en.html
= Changelog:
https://gitlab.tails.boum.org/tails/tails/-/blob/master/debian/changelog
Clive Robinson • June 5, 2022 10:50 PM
@ SpaceLifeForm,
Re : It was a Genius Gambling Strategy
“4-5000 phd level physicists go to Vagas…”
Sounds like the opening line to a joke or limerick 😉
It was 1986, I note one poster not old enough by their photo said
“This is the most genius strategy…”
But maybe, just maybe, they had all been to the Movies a couple of years earlier and heard the famous WOPR line of,
“Professor Falken, this is a strange game. The only winning move is not to play.”
At the end of “War Games” 😉
So humor time just of the top of ny head as it’s 4:50AM in the UK,
4000 phd level physicists go to Vagas.
To the cheap buffets and bars they went.
But at craps and slots they were absent.
The first time the Mob said “they played us”.
Needs a little work but first some sleep.
JonKnowsNothing • June 5, 2022 10:51 PM
@Vas Pup, @Winter, @Nick Levinson, @All
re: clear electoral mandate
In the USA we do not have a clear mandate for anything. Our system is designed that way. Primarily so nothing much changes. We have 2 groups that have diametrically opposed ideas of society and even though the group names have changed over the years, those views shifted to the new names.
- Republican during Lincoln’s time is nothing at all like Republican today and zero in common with Republican Movements such as in Ireland and Anti-Monarchy Groups.
Authoritarian societies do have a mandate, the one from the person at the top of the pyramid, until someone a few rungs below topples that edition.
- Napoleon started small, helped topple a king, ended up big and died isolated in an exile prison hosted by the UK, which installed someone more to their liking.
The other consideration is that clear mandates change, as we will learn shortly when SCOTUS makes their official opinion public. 50 years of mandate is expected to be washed away. If that is the case, there are 50 years of interim opinions and mandates that will come under scrutiny and expected challenges are lining up – just in case.
ResearcherZero • June 5, 2022 11:06 PM
If you are unable to upgrade Confluence immediately, then as a temporary workaround, you can mitigate the CVE-2022-26134 issue
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Clive Robinson • June 5, 2022 11:11 PM
@ JonKnowsNothing, Nick Levinson, Vas Pup, Winter, All,
We have 2 groups that have diametrically opposed ideas of society
Yet they do exactly the same,
“What the big money tells them to do”.
So the policy is almost always harmfull to the ordinary voting citizen…
As you say,
Our [US] system is designed that way. Primarily so nothing much changes.
Maybe, just maybe,
“Taking money out of politics”
Would be a good idea.
lurker • June 6, 2022 12:52 AM
Google “published” YT videos which had no “factual or intelligible basis” attacking former NSW Deputy Premier John Barilaro. Google had failed to adhere to its own policies by doing nothing to prevent the hate speech, cyberbullying and harassment, failed to withdraw the videos duing the court case, and got handed a bill for AU$715K.
lurker • June 6, 2022 1:26 PM
@JonKnowsNothing, “In ancient times it might take months for the boat to land carrying the news of 8 weeks ago.”
Which suggests a simple method to bring social media back to human scale: All posts to social media could be held in a buffer for 90 days before appearing online.
fib • June 6, 2022 3:10 PM
Seen on Slashdot
Telegram reportedly surrendered user data to authorities despite still saying to the contrary
htps://www.androidpolice.com/telegram-germany-user-data-surrendered/
SpaceLifeForm • June 6, 2022 6:00 PM
iOS 16 will allow you to edit and unsend messages
Feature. Not Bug.
Note that Twitter does not do this.
Think outside the box, and connect the dots as to what this tells you that is happening on the backend. See Petraeus.
lurker • June 6, 2022 7:43 PM
@SLF, All
. . once a message is deleted, users can recover them for up to 30 days.
But LEAs can recover it forever? Whose message is this?
Concerning elections, since this is a security blog:
Nick Levinson • June 6, 2022 9:35 PM
@lurker, @JonKnowsNothing, @Winter, & @vas pup:
@lurker & @JonKnowsNothing:
Holding social media posts for any arbitrary number of days before visibility has two problems in the U.S.:
— If that would be the social media website owner’s choice, virtually all posting would end. (If the number of days is 1 or a fraction thereof, maybe more posting would continue, but not a majority of today’s.) That would make social media more like blogs and static websites, strip most of their value, slash most of the readership because of the stasis, and lose most of the ad revenue, with a predictable effect on the website owner’s desire to hold posts invisible for a day or more.
— If that would be required by a statute or regulation purporting to impose a duty on the website owner, it almost certainly would violate the First Amendment, and I don’t know how it wouldn’t.
When it took a long time for news to travel, we got antics like this one: A couple of centuries or so ago, in the U.S. or a colony forming it, just before an election, some people on horseback arrived in town with the sad news of a candidate’s very recent demise. Of course, this affected the votes cast. The lie was discovered too late.
@Winter, @vas pup, & @JonKnowsNothing:
Electoral mandates in the U.S. have some meaning, but not as much as some people may think. The mandate is informal and is strongest soon after election.
— Weight is given to a policy issue that is essentially the winning candidate’s cornerstone when it is likely the reason most voters for that candidate voted for that candidate. It may even have influenced the Supreme Court in upholding the Affordable Care Act (Obamacare), through the judicially-supported principle of comity. Opposition tends to be weak relative to its numbers for a while after the election and the inauguration, although it is not impotent. Eisenhower had a national security mandate, so his word on that issue could be highly persuasive.
— Appointments to jobs that can help or impede the winner in fulfilling promises almost always favor the winner; and this applies to most of the important jobs.
Lincoln may have been unusual among Presidents. He was largely the second choice for the Republican nomination, and won after the party was splitting on two first choices, who didn’t win. I don’t know how often that happens even among gubernatorial candidates, and it could explain his choices for the cabinet.
I think Mario Cuomo, Democratic governor for 3 terms in New York (not the Cuomo who quit), allowed a category of judgeships to be filled by Republicans. He probably had gotten some kind of support from the Republican party, maybe (a guess) a decision to nominate someone who wouldn’t take votes away from Mario or foprce him to campaign harder.
lurker • June 6, 2022 11:38 PM
@Nick Levinson
What are the advantages of believing a Constitution is carved in stone so hard it cannot be amended? The First & Second &c. Amendments are just that, amendments to overcome deficiencies in the original. Some of these are showing distress under the changed circumstances of modern times.
As somebody else posted earlier, free speech used to mean as loud as you could shout with your voice. Including writings, included handbills, which were literally carried by hand to the place they were fixed for display.
Social media has turned free speech into a weapon of mass deception.
Leon Theremin • June 7, 2022 12:29 AM
Engineer Who Fled “Charges of Stealing Chip Technology in US” Now Thrives, in China
hxxps://finance.yahoo.com/news/engineer-fled-charges-stealing-chip-040117005.html
ResearcherZero • June 7, 2022 1:32 AM
Links to third-party websites should be properly validated and checked before opening in the Electron JS applications. If the protocol of the link is not whitelist to http:// or https:// only, an Electron application becomes vulnerable to 1-click RCE attacks. This kind of attack exploits the Electron model and user’s navigation mechanism which redirects a user from the Electron app to the browser.
https://sec.ud64.com/1-click-rce-in-electron-applications-57751.html
Word is set up to load content downloaded from the Internet in what’s known as protected view, a mode that disables macros and other potentially harmful functions. …if the document is loaded as a Rich Text Format file, it “runs without even opening the document (via the preview tab in Explorer) let alone Protected View.
…this can “trigger the invocation of this exploit with just the Preview Pane within Windows Explorer.” …”this extends the severity of this threat by not just ‘single-click’ to exploit, but potentially with a ‘zero-click’ trigger.”
At the time of this story’s publication, Microsoft had yet to issue a patch. Instead, it was advising customers to disable the MSDT URL Protocol by:
Run Command Prompt as Administrator.
To back up the registry key, execute the command "reg export HKEY_CLASSES_ROOT\ms-msdt filename"
Execute the command "reg delete HKEY_CLASSES_ROOT\ms-msdt /f"
…if the command line string is leading padded with 4096+ bytes of nonsense characters, it will invalidate the password protection mechanism built in to ms-msdt UI protocol handler.
https://www.youtube.com/watch?v=dGCOhORNKRk
https://benjamin-altpeter.de/doc/thesis-electron.pdf
Microsoft are now classifying it as a zero day within Microsoft Defender Vulnerability Management.
lurker • June 7, 2022 1:06 PM
@Researcher Zero re sec[dot]ud64[dot]com
sec.ud64.com uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is not valid for the name sec.ud64.com.
The certificate expired on 04/11/20 07:37. The current time is 08/06/22 06:03.
(Error code: SEC_ERROR_UNKNOWN_ISSUER)
vas pup • June 7, 2022 4:29 PM
EU sets date for common phone charge cable
https://www.bbc.com/news/technology-61720276
“The new rule will cover a range of “small and medium-sized portable electronics”, according the EU, including:
mobile phones
tablets
headphones and headsets
handheld videogame consoles
portable speakers
Any of these charged using a wired cable will have to have a USB Type-C port, regardless of who makes the devices.
Laptops will also have to abide by the ruling but manufacturers will have 40 months after it comes into effect to make changes.
The agreement also includes a plan to let customers choose whether or not they want a charging cable with their new electronics.
“This law is a part of a broader EU effort to make products in the EU more sustainable, to reduce electronic waste, and make consumers’ lives easier,” the EU said in its announcement.”
Clive Robinson • June 7, 2022 5:16 PM
@ vas pup,
Re : EU and USB C charging.
It is already being called into question for a couple of big reasons,
1, USB is a comms protocol onto which power has been badly grafted.
2, USB C has limited power/time transfer capability not upto some of the new battery technologies comming through.
From a “security” aspect having power and comms integrated in the way it is in USB is a very very bad idea.
They should be kept as two entirely seperate functions. The way they are integrated is just begging for a myriad of security vulnerabilities. Some of which have already been seen with USB in the past, and effectively can not be reliably fixed only partially mitigated.
As such it get a very definate “thumbs down” from not just those who are security minded but quite a few others. In fact I give it a thumbs down on several other points as well, one of which is the connector for USB C is not exactly designed for “Reliability (MTBF) or Replacability (MTTR)” thus is anti-availability as well.
Jens Schauder • June 8, 2022 2:20 AM
MongoDb supports database queries without decrypting
https://www.wired.com/story/mongodb-queryable-encryption-databases/
Nick Levinson • June 8, 2022 7:57 AM
@lurker:
I have not seen a claim that the U.S. Constitution cannot be amended. It is hard to amend.
Probably the argument in favor of being hard to amend is predictability: You can more easily know what’s allowed and what isn’t. If what’s allowed and what isn’t should change, that should be by amendment, which can be publicly discussed before ratification.
The argument the other way is that amendment is too hard for the pace of advances of modern life. E.g., the Constitution talks about an army and a navy but not about an air force, but I don’t know of anyone arguing that the existence and funding of the air force are unconstitutional.
vas pup • June 8, 2022 2:02 PM
@Clive Robinson • June 7, 2022 5:16 PM
Thank you for very informative input on the subject.
vas pup • June 8, 2022 2:27 PM
Revolutionizing how digital experience data is collected, enriched and delivered
https://www.timesofisrael.com/spotlight/revolutionizing-how-digital-experience-data-is-collected-enriched-and-delivered/
Clive Robinson • June 9, 2022 3:57 AM
@ SpaceLifeForm, ALL,
Tried replying to you and it’s not posted after 10min so “do it in bits time…
Part 1,
There is a lot riding on this, and in theory the Twitter Board has midled in their SEC fillings so a fine or so could be heading in their direction.
If Musk can show there has been deceit by the Twitter Board, then he can walk away with the 1B still in his pocket
The simple fact is even if their has not been deliberate deceit by the Twitter Board, their behaviour makes it look like there has been.
Clive Robinson • June 9, 2022 4:02 AM
@ SpaceLifeForm, ALL,
Tried replying to you and it’s not posted after 10min so “do it in bits time…
Part 2,
It’s made worse by the fact that back in 2021 former CEO Jack Dorsey was involved in a messy shareholder Class Action lawsuit and stumped up 809.5m to make it go away. The reason for the Class Action it was argued that Dorsey and the Board had deliberatly concealed information regarding Twitter’s slow to non existant user growth.
Hence Musk’s letter sent to Twitter chief legal officer Vijaya Gadde, effectively accusing them of a “material breach” concerning the previously agreed deal…
With Twitter shares below 40d well away from the offer at 52.20 and the last time I looked a couple of days ago the price had dropped another 1.6%…
Clive Robinson • June 9, 2022 4:07 AM
@ SpaceLifeForm, ALL,
Part 3,
So the board may be trying to “drown Musk” with a “firehose” of triviality and irrelevance, yet claim they are “complying”.
But that may not work, Musk’s information requests have not been answered by offering the “fire hose” of user posts.
I have a feeling Musk is going to walk the Twitter Board into a corner showing that either they made deliberatly false claims in SEC filings or, that the claims they made they can not actually support nor could have done at any time in the past in their filings etc. Especially as they do not match other Social Media figures.
Twitter thus has a problem, the board has a quite visable history of “bad faith” behaviour, so only a fool would now trust what they say. So a sensible stratagem for them would be to re-negotiate whilst they can…
Clive Robinson • June 9, 2022 4:11 AM
@ SpaceLifeForm, ALL,
Part 4,
The general trend in Tech Stocks appears to have very recently taken a down turn.
So the longer the board delays the lower their share price is going to sink and the less likely they are to get their hands within sniffing distance of that 1b exit penalty.
It would appear others think Musk has already decided to “pull the plug”,
https://www.theguardian.com/technology/2022/jun/07/elon-musk-twitter-timeline-deal
I guess time will tell but I think that 52.20 offer has gone not just cold but in reality off the table.
Lets see what happens over the next week… I have a feeling more people will sell their Twitter shares so that they “get something” back at close to “break even” rather than potentially substantially less on a renegotiation etc.
Clive Robinson • June 9, 2022 4:14 AM
@ SpaceLifeForm, ALL,
Part 5,
So if I allign the Twitter share price with other current Tech Stock devaluations, I would say that the real value of Twitter shares is now down at 36-37 or below and it’s only the “windfall hopers” that are keeping it up at 40 currently.
If Musk walks even with handing over the 1b I suspect Twitter share price would plumet and 32 might be optimistic…
Winter • June 9, 2022 4:18 AM
@Nick Levinson
Probably the argument in favor of being hard to amend is predictability: You can more easily know what’s allowed and what isn’t.
It seems predictability is rather low in US court outcomes. The first thing you hear about any court case in the US is that it’s outcome is unpredictable. I was once told (sorry, just hearsay, no link) that an international investigation on how well citizens could predict court outcomes put the USA at the bottom. Nothing I have seen suggests this is not still true.
And the same US constitution allowed and forbid abortion, segregation, and unlimited private gun ownership.
SpaceLifeForm • June 9, 2022 4:56 PM
@ Clive, ALL
Twitter may have thrown a curveball at Paxton. Note that he is on FBI Radar.
hxtps://www.texastribune.org/2022/06/06/texas-ken-paxton-twitter-fake-bots/
It may very well be true that 20 percent of Twiiter accounts are not real actual, non malicious users. But, they are not all bots. For some reason, both Musk and Paxton want to conflate an actual bot account with accounts that actually are spam or troll accounts, mostly paid for. See GMT+3 for example.
An individual can clearly spot the difference when they see one, but there is no way one can process 500M tweets per day and figure it out.
There just is no AI that good that can conclude that 20 percent of the daily tweets are malicious even it is true.
I can agree with 5 percent bot, and 15 percent malicious (human spammers or trolls that are paid).
Clive Robinson • June 9, 2022 10:14 PM
@ SpaceLifeForm,
Re Twitter bots, trolls, dorks and log rollers.
I can agree with 5 percent bot, and 15 percent malicious (human spammers or trolls that are paid).
I’ve yet to read a non trivial Twitter thread where less than 30% are suspect in some way.
Whilst bots are definitely there, it’s the log rollers, that are the curiosity. Basically they go around cross posting etc basically bigging each other up in oh so many ways.
At the moment ZZZ nonsense stands out, in that you will get an english language thread with random Russian etc posts in the middle. After a “Google Translate” or three you get a feeling for the general slogans and key words. They are out of place, but smell automated.
So I suspect Elon has enough evidence to walk away or renegotiate if he wants.
As for Texas AG, Paxton his motives are far less transparent than Musk’s and I suspect we will see more on it in the very near future.
Either way Twitter’s Board is probably going to discover shifting sands beneth their feet of clay real soon. And that will no doubt be follwed up by an even greater drop in share price beyond their ability to halt.
lurker • June 10, 2022 2:01 AM
@SLF, Clive
Twitter looked like something useful back when it first started, then people started posting pics of their lunch, and it all went downhill from there
SpaceLifeForm • June 10, 2022 2:41 AM
@ lurker, Clive, ALL
re: Twitter
It’s not really that bad. You just have to “follow” the good sources. I check on nearly 50 every day or so. Others less frequently, depends upon events and knowing what they pay attention to. But, the people I “follow” obviously block the idiots, so I do not even see the nonsense.
They are filtering the nonsense out for me.
Seriously, I do not encounter a bunch of nonsense just reading people on twitter (or, nitter). Maybe it is because I do not read random accounts, but maybe check from those that I trust that maybe re-tweeted.
But, yes, 50 to 60 accounts I check, and I rarely see nonsense.
There are excellent Blue Birds out there. Do not believe the BS that Twitter is bad. The fascists would love that you believe that.
Clive Robinson • June 10, 2022 6:30 AM
@ SpaceLifeForm, lurker,
Do not believe the BS that Twitter is bad.
To mis quote the old philosophical saying,
“Twitter is what Twitter does”
Whilst that for the majority is not an issue, for some for legal reasons it is.
And for a few “hinky thinkers” like myself, how it can be used for covert channels and the like
Not just for intentional communications, but unintended leaking of information.
For instance the monitoring of time can give an indication as to the point of origin with trolls and other humans, but surprisingly some not well thought out bots as well… Likewise trying to hide by sending alk the time or even randomly is a tell that it is a bot…
Similar can be deduced from where they post or don’t post and so on.
In a way it’s like watching a chess game between two very bad or inexperienced chess players.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
lurker • June 3, 2022 4:41 PM
Obligatory reference to Cthulhu