Recent Comments


Note: new comments may take a few minutes to appear on this page.

April 3, 2020 1:10 PM

Bob Paddock on Security and Privacy Implications of Zoom:


How does one do end-to-end encryption for N-incoming sources to K-outgoing clients with no noticeable lag to all clients? Where N and/or K can be in the tens of thousands.

Real world bandwidths would prevent every point in this setup from connecting to every other point directly, beyond some small numbers for N and/or K.


April 3, 2020 12:58 PM

Clive Robinson on Bug Bounty Programs Are Being Used to Buy Silence:

@ Tatütata, Bruce,

what would prevent a bug-finder from claiming more than once the bounty through a third-party?

Because they "only pay once"...

Now flip thatcon it's head...

As a genuine researcher you send in a bug only to be told "it's already been found".

What happens in the background at the "agency" is that often many involved with the agency are hackers as well. So they take advantage of the secrecy. You as a genuine research send in a bug, the person receiving it at the agency "deep sixes it" and finds some reason...

Read More →

April 3, 2020 12:58 PM

Nathan Buuck on Security and Privacy Implications of Zoom:

I found it troubling that their calendar integration with Exchange Online requires the "EWS.AccessAsUser.All" permission, allowing their app to read all contents of a user's mailbox, rather than a more constrained and in my opinion appropriate permission like "Calendar.ReadWrite". I asked them about this recently on Twitter but not surprisingly haven't received a response yet because of all the other interest in Zoom.

April 3, 2020 12:40 PM

Clive Robinson on Marriott Was Hacked -- Again:

@ Phaete,

We were hit by a nation state malware assault, we were targeted because we are such a successful company

There is a smidgen of truth in this for most companies that get hit.

There is a story about Willy Sutton being asked why he robbed banks. Hi reply applies equally as well for it security and it was,

    That's where the money is

In this case it's "that's where the data is" that the attackers might have plans for monetizing, or turn into other perceived value (think Office of Personnel Managment for a non money...

Read More →

April 3, 2020 12:37 PM

James on Security and Privacy Implications of Zoom:

* On April 4 last year (2019) I wrote to Zoom:

I downloaded Zoom to my Mac. I notice that there is a Company Contacts with 453 names. I added NONE of those, and I assume that I know none of them.

The ones that I have looked at are all with "telusplanet.net", which is an ISP and is NOT a company.

This reveals their names and their emails to me, which is an utterly unacceptable invasion of THEIR privacy.

It also implies that if anyone else from "telusplanet.net" downloads your app, MY name and email will be distributed to them. This is also utterly...

Read More →

April 3, 2020 12:23 PM

La Abeja on Security and Privacy Implications of Zoom:

Zoom's iPhone app was sending user data to Facebook, even if the user didn't have a Facebook account. Zoom removed the feature, but its response should worry you about its sloppy coding practices in general:

"We originally implemented the 'Login with Facebook' feature using the Facebook SDK in order to provide our users with another convenient way to access our platform.

These issues are primarily business decisions. You can't expect some company to go in business making and selling cameras without somehow connecting to...

Read More →

April 3, 2020 11:31 AM

Tatütata on Bug Bounty Programs Are Being Used to Buy Silence:

If bugs are kept secret, what would prevent a bug-finder from claiming more than once the bounty through a third-party?

Or are the bugs actually corrected but kept under wraps?

April 3, 2020 11:25 AM

Clive Robinson on Marriott Was Hacked -- Again:

@ ThatGuy,

however, when are we going to acknowledge that almost no one has a grasp on securing their systems and networks?

Let me think, well over a decade ago for me and quite a few of the regulars back then, most of whom have drifted away from this blog for one reason or another.

My thinking started more or less as yours does now,

This is a critical problem that will only be getting worse. It's out of control. I don't have a solution in mind, aside from a complete redesign from the ground up on protocols, chips, operating...

Read More →

April 3, 2020 11:17 AM

Tatütata on Security and Privacy Implications of Zoom:

I learned of the existence of Zoom and Zoombombing this week as I was helping an old friend to look into teaching undergraduate courses from home for the upcoming summer semester. I was going to prepare a small side dish for today's serving of squid, but this topic beat me to it.

Right now, I'm looking into lighting and sound, but with zero budget and most stores being closed anyway, it requires a bit of imagination. I'll try I backlit bed sheet for providing diffuse lighting, and I have a good desk microphone somewhere. I realized the importance of providing good conditions when...

Read More →

April 3, 2020 10:57 AM

Cheetah on Security and Privacy Implications of Zoom:

While Jitsi's open source nature is great for privacy and whatnot, having used it for the better part of a year at my employer before abandoning it, I can say that its functionality and reliability is among the worst of any video conferencing solution I've used.

That said, given everything that's been coming out, I'm glad we're moving away from Zoom too.

Of course, who knows if the next solution we're moving to is actually any better *sigh

April 3, 2020 10:52 AM

myliit on Bug Bounty Programs Are Being Used to Buy Silence:

The plot thickens, see start ofOP link above about Zoom

https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/

“[headline skipped; tired of the Intercept using all caps

Zoom
Zoom-yes again]

MEETINGS ON ZOOM, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known...

Read More →

April 3, 2020 10:47 AM

"Mr William" on Bug Bounty Programs Are Being Used to Buy Silence:

@yoshi oh I read it, then I spell checked it and sent the CSO a bill for minimum wage under AB5 because I wouldn't want CSO thinking they could abuse internet grammar police without compensating them as professional editors. :)

April 3, 2020 10:37 AM

yoshi on Bug Bounty Programs Are Being Used to Buy Silence:

Unlike anyone else here I actually read the article and it makes a ton of dodgy claims. Including stating that bug bounty programs are a violation of GDPR and Labor laws like California's AB5. I also take issue with the elitists quoted in the article that bug bounty programs some how insult what ever ethics they pretend to have. Lets just cut to the chase:

Are bug bounty programs helping company close security issues?

The answer is yes.

If you have a problem with signing an NDA - that's your problem. That's standard business practices. Get off your high...

Read More →

April 3, 2020 9:56 AM

"Mr William" on Bug Bounty Programs Are Being Used to Buy Silence:

Meh... Headline is mostly a continuation of the vuln dev ideology and agenda. Researchers would like the publicity in addition to the cash, and perhaps a chance to monetize their findings again. Any "protecting the public" is just the sales pitch for that.

Infosec news likes to pretend that these researchers are white knights helping defend the realm, and while that view of a researchers motivation is sometimes (perhaps usually) true; there is representation in these programs from researchers who are greyhat mercenaries and thug like blackhats who view the program as one way...

Read More →

April 3, 2020 9:54 AM

myliit on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@JonKnowsNothing

“re: Captain [ former, of the nuclear aircraft carrier Theodore Roosevelt] Crozier

Captain Crozier's biggest problem is that someone leaked his request. Claims that he had too many names on his TO/CC/BCC/ list were the reasons given for his removal. ...

The biggest question is: Why did he have to write this memo in the first place? Clearly someone had already said NO.”

Thank you for your thoughtful and informative response.

It’s sad that Trump might think of those sailors as pawns in his march toward re-election at any cost: war...

Read More →

April 3, 2020 9:13 AM

myliit on Friday Squid Blogging: Squid Can Edit Their Own Genome:

Zoom
Zoom- more on. From the original post at https://www.schneier.com/blog/archives/2020/04/bug_bounty_prog.html

“ When Jonathan Leitschuh found a catastrophic security vulnerability in Zoom, the popular videoconferencing platform, the company offered him money to keep quiet in the form of a bug bounty and a non-disclosure agreement (NDA) through Bugcrowd.

The security flaw affected millions of Zoom users on Mac, and Leitschuh wanted to see the issue fixed. He declined the bounty...

Read More →

April 3, 2020 9:02 AM

myliit on Bug Bounty Programs Are Being Used to Buy Silence:

Ps. Continuing from above, I think the analogy holds

“When regulatory capture occurs, a special interest is prioritized over the general interests of the public, leading to a net loss for society. Government agencies suffering regulatory capture are called "captured agencies." The theory of client politics is related to that of rent-seeking and political failure; client politics "occurs when most or all of the benefits of a program go to some single, reasonably small interest (e.g., industry, profession, or locality) but most or all of the costs will be borne by a large number of...

Read More →

April 3, 2020 8:58 AM

JonKnowsNothing on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@myliit

re: Captain Crozier

Captain Crozier's biggest problem is that someone leaked his request. Claims that he had too many names on his TO/CC/BCC/ list were the reasons given for his removal.

Of course that's not why he was removed.

He was removed because the US Military Brass needs to be seen as Invincible Warriors (in their own minds) and the leaked memo asking for "help", exposed that COVID19 doesn't stop at Rank Badges embarrassing the Top Dogs and maybe even President Trump with his self-appointed title of "War President".

Having a major...

Read More →

April 3, 2020 8:26 AM

FrostySoldier on Marriott Was Hacked -- Again:

@Thatguy

Whilst the idea of a "from the ground up" redesign of everything from our chips to our protocols and operating systems may seem superficially attractive, it's not practical. The cost is prohibitive, it would either breaks backwards compatibility(requiring everything to be rewritten) or fail to achieve it's security goals because it leaves the "continue as you were" option open, and it takes a load of stuff that's been pounded on for decades by researchers and replaces it with brand new untested stuff that will likely be just a full of bugs.

Instead I'd encourage...

Read More →

April 3, 2020 6:08 AM

Phaete on Marriott Was Hacked -- Again:

But it does call into question whether Marriott is taking security seriously at all.

It's not needed to take security seriously nowadays.
You just need to look like you are taking it serious, make empty statement about "Our Goal" "Our Dedication" or "We Focus on" etc.
There is very little to no chance someone can disprove those.

Furthermore, The average now is one breach per X years, so most companies can afford a leak, it almost has become the new norm that it is allowed as long as it is properly spun.

No surely not, it was not one of our...

Read More →

April 3, 2020 6:05 AM

myliit on Privacy vs. Surveillance in the Age of COVID-19:

The below is possible, but unlikely. For example, Politicians tend to think: don’t let any disaster go to waste (like pushing through the carefully, previously?, constructed Patriot Act immediately after 911.

https://theintercept.com/2020/04/02/coronavirus-covid-19-surveillance-privacy/

Privacy experts say responsible coronavirus surveillance is possible ...

Health Officials Must Drive Data Decisions ...

Coronavirus-Related Surveillance Must Be Clearly Justified...

Read More →

April 3, 2020 5:29 AM

Thatguy on Marriott Was Hacked -- Again:

In my honest opinion as a millennial working in the cybersecurity field, and having a good idea regarding the sophistication, relentlessness and creativity of attackers. Enough is enough. Maybe it's just the stress of quarantine taking its toll on me, however, when are we going to acknowledge that almost no one has a grasp on securing their systems and networks? We are trying to create ingenious workarounds and new ways to mitigate and layer defensive measures and automate incident response, on top of an inherently non-secure protocols. Whether a network intrusion originates from a...

Read More →

April 3, 2020 12:56 AM

Gremlin on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@Sed Contra @Clive Robinson
Thank you for that Gerson Therapy, it was new to me, i just got to write about something related to this diet thing when we are at it..

Such sayings as: You are what you eat comes to mind, there are these pre/pro biotics that are told to make your bio in the stomach more diverse, not sure if its that simple, but i guess there is something here that needs to be looked at seriously if not allready done.

There is also an intresting connection here between your brain and the stomach via the vagus nerve, and i find that very intresting and also...

Read More →

April 3, 2020 12:19 AM

Sed Contra on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@Clive Robinson @Gremlin @@al

The Gerson diet in the strictest form is meant to address chronic conditions and also has a modified form for daily continuing healrh. The gerson.org website has details on the program of diet and detoxification. It’s a nearly entirely natural food based approach. The main issue with the diet is the requirement for large quantities of organic food for juicing, and the labor of the juicing itself. The only other major compinents are possibly B-12 injections and possibly natural thyroid supplement. Gerson devised the therapy for chronic conditions in...

Read More →

April 2, 2020 11:53 PM

Globaltel on Clarifying the Computer Fraud and Abuse Act:

Thanks for the clarification regarding the violating a website's terms of service is not "hacking" under the Computer Fraud and Abuse Act. I always thought that kind of case is under the computer fraud act. Thanks for sharing this helpful information.

April 2, 2020 10:18 PM

lurker on Privacy vs. Surveillance in the Age of COVID-19:

Opt-in Tracking Epic Fail
The Police sent a text with a link in it: many had learned this is a Bad Idea, and did not click. Those who blithely clicked brought up a web page so crude and scripty that many of them thought whoah, this is a scam, and didn't follow the instruction to leave the page open so you could be tracked. The real savvy went to Dr G. and found out how to disable it. Even the Police had to admit that leaving the phone at home when you went out would have screwed the system......

Read More →

April 2, 2020 9:14 PM

Clive Robinson on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ Sed Contra,

The real trick is to boost the immune response. Regimes of diet and detox can do that,

Put simply for most people the best advice is,

1, Take a multi vitimin supplement to up both Vit D and zinc[1].

2, Cut out carbohydrates from your food intake (so protien, fat and above ground vegtables and plain water, not fruits, grains/seeds, root vegtables[2]).

3, Eat nothing every other day that is fasting[3] (gets blood sugars down, scavenges out dead cells etc increases growth hormone, reduces "torso flab" ups stamina and...

Read More →

April 2, 2020 8:34 PM

gordo on Privacy vs. Surveillance in the Age of COVID-19:

This article talks about Canada and brings up issues shared by other countries . . .

Why cellphone tracking is the wrong way to try and contain COVID-19 at this point
Scarce resources are better allocated to address this public health crisis directly
By Christian Leuprecht, March 28

By contrast, Taiwan harnessed the combination of metadata, data analytics and machine learning to defy doomsday epidemic scenarios.


In the aftermath of SARS, Taiwan integrated three separate databases – border control, national identity card and national...

Read More →

April 2, 2020 7:48 PM

Mayra Cortes on Marriott Was Hacked -- Again:

Hey, Well that is too much of the personal information hacked from a 5-star hotel chain. I don't know how these people are going to fix the problem of a security breach. why don't they take the help of some government organization and catch the culprits or these hidden organizations who hack want to spy on us?

April 2, 2020 7:17 PM

Clive Robinson on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ Anders, SpaceLifeForm,

so CFR is already 5.14%

It might be, because you are not comparing time intervals correctly.

The alledged mean time for incubation to symptomatic is about a week. You remain symptomatic for about two weeks and if you are going to die it's another week or three.

So very approximately,

Infected to surviving 2.5-3.5
Infected to succumbed 3.0-6.0

So you need to take todays total dead and compare it to recorded cases about 10days prior.

Which is going to make it a lot more than 5%....

Read More →

April 2, 2020 4:25 PM

eggs over easy on Marriott Was Hacked -- Again:

I'm currently laid off from a Marriott property because of "you know what". My secondary job at our hotel is all things tech and IT related. When I started over 10 years ago pretty much everything was in house.

The reservation system system we use is what I call a multi moat system and to do most anything requires privileged access, security and firewall apps, alligators, calls to tech support again, so I doubt that is the source of the breach. Other initiatives such as encrypted cc machines were in well before say the Home Depot issues, and on the whole I think Marriott does...

Read More →

April 2, 2020 4:13 PM

A dubious person on Marriott Was Hacked -- Again:

> It would be nice if there were a government regulatory body that could
> investigate and hold the company accountable.

Yeah, that sure would be nice, wouldn't it? Unfortunately the obvious candidate for that is the FTC, so I figure I'll be flying around in my third-generation personal aircar before we proles see any progress made against the big data cargo cultists.

(Thanks much for using the subjunctive there, btw. It's those little things that so many people just can't seem to be bothered with that make all the difference to me.)

April 2, 2020 3:00 PM

James on Privacy vs. Surveillance in the Age of COVID-19:

We all know that once opened, Pandora's box can't be closed. What was the last government program that was shut down? Especially a surveillance program.

Now that we have data flowing to the government from cell providers and others, that will never get turned off. There will always be a new threat on the horizon that "requires" us to continue the illegal surveillance state. Since we now know that the seasonal flu is far more deadly than COVID-19, that could easily be used as an excuse to continue monitoring every person in the country.

There's no purpose to TSA nor the...

Read More →

April 2, 2020 2:27 PM

La Abeja on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@SpaceLifeForm

Make sure you run water down drains periodically for those you may not use every week.

For drains used for emergency purposes only, some people suggest using mineral oil to fill the traps, or at least to form a protective layer of oil over the water to prevent it from evaporating and releasing sewer gas and other noxious fumes into the dwelling.

I'm not real sure in cold weather areas drain water in the traps can freeze and crack the pipes, whether they are cast iron, ABS, or DWV copper.

Some of the plumbing...

Read More →

April 2, 2020 2:18 PM

myliit on Privacy vs. Surveillance in the Age of COVID-19:

From in the United States of Amnesia (“‘USA’”)

https://www.theguardian.com/world/2020/apr/01/dr-fauci-security-reportedly-expanded-as-infectious-disease-expert-faces-threats

“Dr Fauci: security reportedly expanded as infectious disease expert faces threats

Reports say immunologist who has become celebrity amid coronavirus has received unwelcome messages from critics and supporters

Security for Dr Anthony Fauci, the...

Read More →

April 2, 2020 1:34 PM

Sed Contra on Friday Squid Blogging: Squid Can Edit Their Own Genome:

It's the body that overcomes the viruses in the end anyway no matter what else is going on.

The real trick is to boost the immune response. Regimes of diet and detox can do that, e.g., Gerson therapy.

It would be nice to have some way to gauge susceptibility to the virus. Most people who are infected don't get very sick. Only the susceptible need any special protocols, eg isolation, in this case so they don't get exposed.

This would allow normality for most.

April 2, 2020 1:26 PM

Tim Bradshaw on Marriott Was Hacked -- Again:

Here in the UK we have a government who think it's just fine to use Zoom for cabinet meetings, when Zoom turns out not to be end-to-end encrypted at all. I fully suspect that the UK's nuclear launch codes are kept in a world-writable Google docs file entitled 'super-secret nuclear launch codes!!!', because what could go wrong with that?

I wouldn't trust them to organise a body competent to regulate the security of a cat.

Perhaps the US government are vastly more competent. Perhaps.

April 2, 2020 1:11 PM

gordo on Privacy vs. Surveillance in the Age of COVID-19:

Chomsky: Ventilator Shortage Exposes the Cruelty of Neoliberal Capitalism
April 1, 2020

The current administration had ample warning about a likely pandemic. In fact, a high-level simulation was run as recently as last October.


[ . . . ]

The U.S. is now the global epicenter of the crisis.

[ . . . ]

The distinguishing feature in responses seems not to be democracies vs. autocracies, but functioning vs. dysfunctional societies.

...

Read More →

April 2, 2020 12:33 PM

uh, Mike on Marriott Was Hacked -- Again:

Bruce, asking the government to enforce security is preposterous.
One, they're bad at security.
Two, they want to spy on us.

April 2, 2020 11:50 AM

SpaceLifeForm on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ name.*.*.*.*

Another possible transmission route, not so much on the ground, but in the ground.

Traps, Water, Aerosol

Make sure your drains at home do not dry out.

You may have traps that are dry. Usually, you would smell them, but not always. Make sure you run water down drains periodically for those you may not use every week.

If you have a basement with floor drains, water them too.

hxxps://armscontrolcenter.org/wp-content/uploads/2016/02/Escaped-Viruses-final-2-17-14-copy.pdf

SARS is particularly dangerous to handle in the...

Read More →

April 2, 2020 9:08 AM

Clive Robinson on Privacy vs. Surveillance in the Age of COVID-19:

@ name.withheld...,

How many rocket scientists does it take to screw in a programmer, none. The programmer is already screwed. -me 2020

Are you saying programmers are "light bulbs"?

That is,

    put up way up out of sight, with a lot of light emitted from their nether regions and screwed in real tight, lest they descend on others...

If you are I expect a "Scarlet Letter" or two to be "incoming" ;-)

As the old saying has it,

    Recant now or forever hold your pieces.

April 2, 2020 7:49 AM

Clive Robinson on Friday Squid Blogging: Squid Can Edit Their Own Genome:

Opps,

Should have read twice...

In my above it's not 9.4 days but 13.4 days, not that the extra four days makes any real difference unless it's your number...

If I sound indifferent it's not that I am, it's just that like most of us I can not realy imagine a million people. I've only had a handfull of frieds and maybe a couple of hundred aquaintances[1] in my time, heck I doubt if I've ever actually walked past a million individuals in my life, and I've done a lot of walking in my time.

Thus whilst a million has a solid abstract meaning for me, and as a...

Read More →

April 2, 2020 7:23 AM

Clive Robinson on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ MarkH,

However, given that this pandemic is likely to kill more than a million people (possibly many millions),

Rather sooner than many might think or hope...

If you look at yesterdays and todays WorldOmeter figures you can see that at some point today the number of recorded cases will pass a million and the number of recorded deaths 50,000.

If you look a little lower down you will see on the logrithmic presentations that the death rate is rising faster than the infection rate.

You will also see that in the "closed cases" section...

Read More →

April 2, 2020 6:19 AM

Clive Robinson on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ SpaceLifeForm, name.withheld...,

I'm thinking as a rule, that if one goes out in public, they probably should treat the bottoms of their shoes as possibly carrying the virus.

From what they are saying look at it this way,

1, Virus survives on surface for upto 9days.
2, Virus is heavy and droplet bound thus drops to the ground both localised (within 2M) and quickly (within 30min).
3, Non symptomatic people shed virus.
4, Major symptom is coughing, both dry and productive.
5, Virus is also transmitted in mucous, urine and...

Read More →

April 2, 2020 6:14 AM

name.withheld.for.obvious.reasons on Privacy vs. Surveillance in the Age of COVID-19:

@ myliit
It was 18 December that Imperial London College produced a paper on case modeling. That was two days BEFORE the wet market had been identified and nearly two weeks BEFORE the close of the market. I find it interesting that the pathogenic behavior had been identified prior to understanding the source, as the source often controls propagation.

Me thinks something fishy, but it could just be that the market is open again.

It was on 8 Jan that official notice from the Chinese CDC announce the pathogen outbreak. If you consider that China shared the reagent...

Read More →

April 2, 2020 5:59 AM

name.withheld.for.obvious.reasons on Privacy vs. Surveillance in the Age of COVID-19:

OT, but I forgot my obligatory snarky pun...

Given the relationship to the recent animal culling, would it be safe to say that we got "porked"? Or, am I too coy and flapping about the topic?

April 2, 2020 5:54 AM

name.withheld.for.obvious.reasons on Privacy vs. Surveillance in the Age of COVID-19:

@ RealFakeNews
SARS-CoV-2 BACKGROUND
SARS-CoV-2 is a CoV variant of the genus betacoronavirus in the coronaviridae family that only shares about 76% of the Bat SARS and 62% of the human SARS phenotype. Identified as a variant all its own from CoV, the cousin CoV-2 has some simple codon/amino bases that deal with HA and NA protein segments that differ. There is a relatively small sequencing space genetically from CoV making it a somewhat unique strain--but not that unique.

INTERESTING RESEARCH
At the University of Arizona, Michael Worobey, Professor,...

Read More →

April 2, 2020 5:52 AM

MarkH on Friday Squid Blogging: Squid Can Edit Their Own Genome:

I saw a brief but interesting interview (from yesterday) of Robert Gallo, a distinguished elder scientist with notable accomplishments in virology.

He made two statements which particularly caught my attention.
____________________________

More than a year ago, researchers in China predicted that:

• a new coronavirus infecting humans would emerge from bats
• this eruption would occur in China
• it would likely happen within the next year

The actual time between the publication of...

Read More →

April 2, 2020 3:00 AM

lurker on Privacy vs. Surveillance in the Age of COVID-19:

You must be doing it wrong. New Zealand has opt-in tracking. The borders are closed, except NZ citizens escaping the pandemic are still allowed in. Border control advise them that they must "self-isolate" for 14 days, and give them a printout of the official instructions. Those unable or unwilling to comply are taken into government quarantine places. The others have details passed to police, who allow them to get home and comfortable. Then the police send a text to the self-isolater "inviting" them to turn on location services on their device to "assist" the police in assuring that...

Read More →

April 2, 2020 2:33 AM

RealFakeNews on Privacy vs. Surveillance in the Age of COVID-19:

COVID19 is the pretty name given to the symptoms.

SARS-CoV-2 is the virus. It's SARS.

The media are collectively abusing "COVID" to hide the truth.

I think people are in denial (still) and can't accept calling it what it is.

A similar thing happened with HIV when it first appeared.

Running away will not help fix it.

Being informed is the greatest tool we can possess.

Stay safe out there! Stay home. You don't want even the "mild" symptoms.

April 2, 2020 2:18 AM

MarkH on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@Clive:

As of today, nobody's been vaccinated, and the numbers of people who've already been infected is probably too small to make a measurable difference.

Very Attentive Readers will have noticed that I wrote about the eventual end of the pandemic.

Those who follow the news will be aware that it's not ending today, or even within 100 days.

Its end is in the future, when enough people have acquired immunity, by some combination of vaccination and infection.

Unless some awesome medical innovation comes into play (a possibility I don't exclude), herd...

Read More →

April 1, 2020 11:57 PM

A dubious person on Clarifying the Computer Fraud and Abuse Act:

Bruce, why didn't you link to the actual opinion? All by itself it's far more informative (and MUCH better written) than the Ars article. (One link, from El Reg: hxxps://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2016cv1368-67)

The opinion notes that the federal circuits are split on their interpretations of the vague wording in the relevant CFAA sections. Unless I'm greatly mistaken, it doesn't bind any of the dissenting circuits - I'm pretty sure only a Supreme Court opinion can do that - so it would only apply to this particular case (Sandvig v Barr). That makes it nothing...

Read More →

April 1, 2020 11:18 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ SpaceLifeForm

I understand what you suspect is to be accurate, a doctor in Wuhan said that they went to two layers of full foot coverage, three gloves, and two goggles. And mucus is a cellular plasma that is probably just right for stasis beyond free microbial or cellular mobility.

If I ponder for a moment (less than 500 milliseconds), a sticky or statically attracted microbial with a charge (-/0) surface. Or, not unlike some nano-particles, specific molecular capillary phenomena. Or both...kinda like velcro with a twist.

April 1, 2020 10:05 PM

SpaceLifeForm on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ name.*.*.*.*

This possible transmission route that I have been thinking about lately is bugging me. I can not rule it out no matter how much I try to dismiss it.

Sidewalks and streets are a surface.

I'm thinking as a rule, that if one goes out in public, they probably should treat the bottoms of their shoes as possibly carrying the virus.

So, that means one should definitely wash hands after putting shoes on and after removing shoes, especially if one must grasp shoe from bottom for removal....

Read More →

April 1, 2020 8:56 PM

Clive Robinson on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ MarkH,

>>

Not the way Wikipedia looks at it,

    Herd immunity is a form of indirect protection from infectious disease that occurs when a large percentage of a population has become immune to an infection, whether through previous infections or vaccination, thereby providing a measure of protection for individuals who are not immune

As with all "novel" viruses, neither,

    previous infections or vaccination

Apply, that's why talking about "Herd Immunity" with respect to COVID-19 is a "nonsense" and why believing in it as a...

Read More →

April 1, 2020 7:58 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ SpaceLifeForm

I have a bad hunch that none of the models are really that close to what is happening on the ground.
It may well be difficult to attribute transmissive mechanisms without experimental developments, and since replicating the pathogen in vivo is not a good option; tests using cellular plasmas and suspended tissue (has to be susceptible to multiple states of known pathogen migration) must be performed.

And, I understand your hunch, and bad feeling, those are two distinct elements that may point to several different factors.

One...

Read More →

April 1, 2020 7:58 PM

MarkH on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@Clive,

Sometimes English words have different meanings in different countries.

I am no expert on U.K. English.

In America, however, "herd immunity" is used by public health officials to refer to a population prevalence of immunity, sufficiently large to reduce the spread of infection to a meaningful degree.

It has NOTHING WHATEVER to do with whether the disease is old, or endemic, or the means by which immunity was acquired.

Here, "herd immunity" us most often used in reference to immunity conferred by vaccination.

It's real.

It...

Read More →

April 1, 2020 7:22 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ myliit

The company stated that the SDK was only collecting information on the user's device specifications (such as model names and operating system versions), and was not collecting personal information.

This is so disingenuous, how if the device, probably SN, and model information sent to Facebook not collecting personal information. Of course it is, just that the data/event component of your activity is being transmitted. Good thing your IP address and network level ID's don't provided any "tagging" data such that your event data can be tied to...

Read More →

April 1, 2020 7:07 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Squid Can Edit Their Own Genome:

The Spanish Flu pandemic, should be the Kansas flu, had a varied effect relative to known pandemic epidemiology respecting the populations resistance to new viral components. The risk profile for the flu centered on persons aged 24-29 years of age. It was that a previous outbreak of a horse flu in 1873 and a subsequent (chicken) bird flu had immunized portions of the population older than 29. In fact, the most immune demographic, based on age, during the 1918 event was aged 75 and over.

Some interesting epidemiological forensics was completed in 2014 to document the Kansas Flu of...

Read More →

April 1, 2020 6:49 PM

Petre Peter on Friday Squid Blogging: Squid Can Edit Their Own Genome:

My Doctor wanted to use a Google application for chatting and video conference. Being afraid of voice recognition turned into subtitles, then into keywords, then into advertisements, I refused.

April 1, 2020 6:14 PM

Clive Robinson on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ MarkH, Lurker,

At least two members of our learned commentariat have assured us that herd immunity is a myth.

Herd immunity is a nonsense, it's believing it's a panacea or easy solution is where it becomes a myth.

The general idea behind herd immunity is for "endemic" pathogens that have been in existance longer than any member of the herd has been alive.

The idea is that every one in the herd has been exposed to the pathogen whilst young with a fully functioning immune system, thus have only suffered minimally on aquiring their...

Read More →

April 1, 2020 5:22 PM

Clive Robinson on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ Lurker,

Descibe the meaning of the formula

It's the normalisation of "closed cases" that have ended in death.

It's a highly inacurate measure not least because the infection to survived time is 3-4weeks whilst for infection to death is 2-5weeks or longer.

To see how bad the current Worldmeter page shows under closed cases,

193,770 (81%) Recovered / Discharged

46,782 (19%) Deaths

So,

46782/(46782+193770) = 0.194478

April 1, 2020 5:08 PM

Clive Robinson on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ MarkH,

But unless all seven billion of us participate -- and succeed in becoming free of SARS-Cov-2 at exactly the same time -- this won't stop the pandemic.

Yes, I originally worked out it would take just one month (30 days) to make SARS-CoV-2 extinct this way, however due to tests that showed it could remain viable on surfaces for upto nine days and that one person had been asymptomatic for twice the mean time I revised that upwards to 35days.

But as I pointed out this was never going to happen because of "vested interests" with "very short...

Read More →

April 1, 2020 4:09 PM

Gretchen Stone on Hiring Hackers:

Hey guys,
HURRY and contact (privatehacker247 AT gmail DOT com) for your credit score fix, they are giving a 30% discount on their services due to
the global crisis going on at the moment. I just paid an affordable amount for my credit repair. They are 100% genuine and reliable.
They removed all the negatives impacting my credit like, collections , evictions , school loan , late payments etc and also increased my score up to 790. This process took only one week for them to finish up.

April 1, 2020 3:24 PM

MarkH on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@lurker:

Your observations are too balanced and rational. I must protest!

At least two members of our learned commentariat have assured us that herd immunity is a myth. As a New Yorker might say, "herd immunity, schmerd immunity!"

Who are you or I, to question such august authority?

BTW, "huddling over the abacus" is delicious imagery ... wish I'd written that.
________________________________

I've done my best, to explain why the count of case recoveries is a practically useless statistic for assessing this pandemic at its early stage of...

Read More →

April 1, 2020 3:00 PM

lurker on Friday Squid Blogging: Squid Can Edit Their Own Genome:

Isn't all this huddling over the abacus a bit futile? Comparing deaths vs. recovered ignores current active cases, which will either die or recover depending on factors which may or not be under control of the relevant national health authorities. At this stage of the pandemic the number of active cases in many places still exceeds the combined number of dead and recovered. And of course the number of active cases is only those cases which have reported to a medical facitility to be treated and counted. The asymptomatic, and those who self treat mild cases as a flu, are quietly...

Read More →

April 1, 2020 2:57 PM

MarkH on Friday Squid Blogging: Squid Can Edit Their Own Genome:

.
Extinguishing Oil Well Fires

Tho' this may seem absurdly off-topic, I'll make reference to it just below ...

When the head of an oil well becomes an inferno, a standard method for extinguishing the powerful fire is to suspend a high explosive charge as near to the base of the flame as is manageable.

When the charge detonates, its shock wave momentarily displaces both the hot gases of the flame, and the oxygen required to sustain combustion. As spectacularly macho as this technique may be, it's actually the easy part (comparatively speaking, of...

Read More →

April 1, 2020 2:06 PM

SpaceLifeForm on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ Clive, Anders, Myliit, MarkH, ALL

Why the China numbers are completely devoid of reality.

For this exercise, I will use the numbers from

hxxps://www.worldometers.info/coronavirus/

as of this writing.

The numbers from hxxps://hgis.uw.edu/virus/
or hxxps://coronavirus.jhu.edu/map.html
could be used also. They are all close, but just not necessarily updated in sync.

Let P = (deaths) / (deaths + recovered)

P is a rough CFR, but I don't want to call it that.

It's more like a CFR for known serious cases. We know...

Read More →

April 1, 2020 1:00 PM

Clive Robinson on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ SpaceLifeForm, ALL,

China Concealed Extent of Virus Outbreak, U.S. Intelligence Says

I've warned before that what comes from Bloomberg should be treated as a steaming great pile of fresh bovine fertilizer.

They have presented no evidence that the Chinese figures are wrong. All they have said is,

1, Three unamed people say there is a report but have not said what the report says "because it's secret".

2, Some people are claiming their are urns stacked outside of undertakers.

Bloomberg have a history of inventing not just...

Read More →

April 1, 2020 11:50 AM

Wael on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@SpaceLifeForm,

it is obvious that the China numbers are BS.

Beyond BS. My El Turdo meter got pegged then went off scale, got cracked and exploded. The contaminated shrapnel traveled all the way to Europe, the US and the rest of the world.

April 1, 2020 11:27 AM

SpaceLifeForm on Friday Squid Blogging: Squid Can Edit Their Own Genome:

@ Clive, Anders, Myliit, MarkH, ALL

Doh! This has been obvious for some time.

I found my notes on the leaked numbers, which I said were horrible. They are from 2020-01-26, and 2020-02-04. But, you do not even need those numbers to conclude that the China numbers are worthless.

I will put together another post, explaining why it is obvious that the China numbers are BS.


China Concealed Extent of Virus Outbreak, U.S. Intelligence Says...

Read More →

April 1, 2020 9:59 AM

myliit on Privacy vs. Surveillance in the Age of COVID-19:

@Curious

From your reddit link

https://www.wsj.com/articles/washington-state-oks-facial-recognition-law-seen-as-national-model-11585686897

“ Washington State OKs Facial Recognition Law Seen as National Model

Microsoft-backed bill sets limits but doesn’t ban the technology

Washington state Gov. Jay Inslee said the new law balanced ‘the interests of law-enforcement, the business community and individuals’ right to privacy.’...

Read More →

April 1, 2020 6:26 AM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Squid Can Edit Their Own Genome:

Lot of people have been looking for advice, here is just a small set of things people can investigate.

EDUCATE YOURSELVES WHILE YOU HAVE SOME DOWN TIME:

CPR, medical assistant, medical equipment, medical record[ing] management
facility maintenance, identification/labeling systems, data operations
fabric and production techniques, distribution systems and techniques

VOLUNTEERING OPPORTUNITIES:

Your local Red Cross and the Y[W/M]CA, local government offices, officials
Organize your communities, build ad-hoc in community response systems...

Read More →

April 1, 2020 6:18 AM

Curious on Clarifying the Computer Fraud and Abuse Act:

Hrm, I thought I had already posted here last night:

I wonder, are US "acts" typically just pieces of text strung togehter by various parties, and is interpreted "as is", or, it is common, or even possible, that such "acts" are subject to pre existing studies, analysis, or other forms of elaboration and consideration as separate documents?

Now that I think about it, if an "act" is a bi partisan thing, then perhaps there is no analysis done on a text beforehand because the resulting text is by design maybe always meant to be a political document (as opposed to something...

Read More →

Sidebar photo of Bruce Schneier by Joe MacInnis.