Wednesday, September 05, 2018

Suspicions confirmed.
I’m teaching email security to Democratic campaigns. It’s as bad as 2016.
… On one recent trip, I asked a Democratic campaign manager how he was keeping track of his personal passwords. When he hung his head, I knew what was coming.
“I use the same password for every site,” he confessed. He told me about a moment of panic when a college friend who shared his password on a sports site logged in to his Gmail account as a joke. Google noticed the out-of-state login and sent him a security alert. In the minutes before the friend admitted to the prank, he saw his career flash before his eyes.
… One problem is that campaign security isn’t anyone’s job. The Department of Homeland Security offers training through its National Cybersecurity and Communications Information Center (NCCIC) in theory, but it has shown little appetite for the topic in practice. The NCCIC’s audit and assessment services are targeted at large federal agencies, not small groups of people driving around Iowa. Campaigns that reach out to NCCIC get an email outlining options like a “six-week phishing vulnerability assessment” or an “audit of internal network security,” neither of which is much help to a campaign working off personal devices, seven weeks before an election.
… The Democratic Congressional Campaign Committee, deeply anxious about campaign security, distributes a nonpartisan tech playbook developed in conjunction with the Harvard Belfer Center. The playbook is meant to be a basic guide that any campaign can follow, and from a technical point of view, it is unimpeachable.
But it focuses almost entirely on protecting campaign data, such as financial reports or opposition research. When it comes to safeguarding staffers’ personal accounts, the handbook only suggests that they “enlist professional input from credentialed IT and cybersecurity professionals as needed.”


(Related)
This Group Posed As Russian Trolls And Bought Political Ads On Google. It Was Easy.
In the summer of 2018, after months of public and legislator outcry over election interference, you might think it would be difficult for a Russian troll farm to purchase — with Russian currency, from a Russian ZIP code — racially and politically divisive ads through Google. And you might reasonably assume that if such a troll farm were able to do this, Google — which has said "no amount of interference that is acceptable" — would prevent it from successfully targeting those ads toward thousands of Americans on major news sites and YouTube channels.
But you’d be wrong.




If I had purchased a copy to demonstrate to my Ethical Hacking students, would I be in violation of any law? (I’m not really worried because I used the name and address of a certain lawyer friend.)
Google Notifies People Targeted by Secret FBI Investigation
“At least dozens of people have received an email from Google informing them that the internet giant responded to a request from the FBI demanding the release of user data, according to several people who claimed to have received the email. The email did not specify whether Google released the requested data to the FBI. The unusual notice appears to be related to the case of Colton Grubbs, one of the creators of LuminosityLink, a $40 remote access tool (or RAT), that was marketed to hack and control computers remotely. Grubs pleaded guilty last year to creating and distributing the hacking tool to hundreds of people. Several people on Reddit, Twitter, and on HackForums, a popular forum where criminals and cybersecurity enthusiast discuss and sometimes share hacking tools, reported receiving the email…”
“Google received and responded to legal process issue by Federal Bureau of Investigation (Eastern District of Kentucky) compelling the release of information related to your Google account,” the email read, according to multiple reports from people who claimed to have received it. The email included a legal process number. When Motherboard searched for it within PACER, the US government’s database for court cases documents, it showed that it was part of a case that’s still under seal…”




Security tools for my students.
Google Introduces Open Source Cross-Platform Crypto Library
Google last week took the wraps off Tink, an open source, multi-language, cross-platform cryptographic library designed to help simplify common encryption operations.
Under development for the past two years, the cryptographic library has been available on GitHub since its early days and has already attracted a few external contributors.
Tink can simplify many common cryptographic operations. Data encryption, digital signatures, and more would only require a few lines of code, the Internet giant claims.
The library is providing cryptographic APIs that Google says are secure, as well as easy to use correctly, but harder to misuse.




Is it bigness or controlling the market that causes problems. (What is their market and what percentage do they control?)
It’s time to break up Facebook
Tim Wu thinks it’s time to break up Facebook.
Best known for coining the phrase “net neutrality” and his book The Master Switch: The Rise and Fall of Information Empires, Wu has a new book coming out in November called The Curse of Bigness: Antitrust in the New Gilded Age. In it, he argues compellingly for a return to aggressive antitrust enforcement in the style of Teddy Roosevelt, saying that Google, Facebook, Amazon, and other huge tech companies are a threat to democracy as they get bigger and bigger.


(Related)
Snap AV: Facebook antitrust fears
Research shop MoffettNathanson downgraded Facebook this morning to neutral, cutting its price target from $200 to $175.
Among the reasons: fears over antitrust due to Facebook's exceptional market power in the social media space, neatly encapsulated by this chart:
[Curiously, the chart shows Apps downloaded, not market share.]




Perspective. The post-Gutenberg revolution is: You can publish your book/magazine/newspaper without a printing press.
GPO grapples with ‘Keeping America Informed’ in the digital information age
fedscoop: “The Government Publishing Office (GPO) is tasked with “Keeping America Informed,” which practically means that the agency, through various channels, provides free public access to all the official publications of the federal government. In the days before the internet, this mandate was a lot easier to keep track of. In a recently released report, the Library of Congress’ Federal Research Division (FRD) explores how federal agencies tend to publish information these days (spoiler alert: online) and how the GPO can do a better job keeping tabs on official government documents in the information age. “The identification and acquisition of content are substantially more complex undertakings in the digital age as compared to the ink-on-paper era,” the report states. Before the web, agencies often approached GPO for publishing services, which made it easy for the agency’s Federal Depository Library Program (FDLP) to collect information on publications. More recently, however, “the onset of direct-to-web publishing, together with the diminishing share of publications in print, weakened the link between Federal publishing and the deposit of documents for FDLP distribution.” This situation leads to the existence of so-called “fugitive documents” — documents that fall within the FDLP’s purview but have not been collected or documented. “Digital fugitives,” the report states, “result from the tremendous volume of digital content being produced, the diversity of formats being used to create information products, the inconsistency of website designs across the Government, and Federal agencies’ failure to notify the Superintendent of Documents of newly released information products…”




Perspective. The new normal? What percentage of smartphones will stream this?
CBS will stream Super Bowl LIII on mobile devices without a sign-in
CBS is determined to make the most of the NFL's loosened streaming rules. The broadcaster has revealed its streaming plans for Super Bowl LIII, and you'll finally have the option to watch on mobile devices without a sign-in through CBS Sports' website and mobile apps. You'll also have mobile access through authenticated apps from CBS' cable, satellite, telecom and streaming TV partners. To no one's surprise, you can watch through All Access on mobile if you're a subscriber.




Perspective. I had no idea that Uber (et al) had impacted taxi service so much already. Have they already become this century’s buggy whip industry?
With nearly half of Chicago cabs in foreclosure or idled, cabbies' hopes riding on New York-style ride-share limits
… Nearly half of the city’s 6,999 licensed cabs are in foreclosure or idled, leading to an increasingly desperate call for regulatory intervention — including a newly floated idea to cap the number of ride-sharing licenses in Chicago — to keep taxi fleets on the streets.


No comments: