Suspicions confirmed.
I’m
teaching email security to Democratic campaigns. It’s as bad as
2016.
… On one recent trip, I asked a Democratic
campaign manager how he was keeping track of his personal passwords.
When he hung his head, I knew what was coming.
“I use the same password for every site,” he
confessed. He told me about a moment of panic when a college friend
who shared his password on a sports site logged in to his Gmail
account as a joke. Google noticed the out-of-state login and sent
him a security alert. In the minutes before the friend admitted to
the prank, he saw his career flash before his eyes.
… One problem is that campaign
security isn’t anyone’s job. The Department of
Homeland Security offers training through its National
Cybersecurity and Communications Information Center (NCCIC)
in theory, but it has shown little appetite for the topic in
practice. The NCCIC’s
audit and assessment services are targeted at large federal agencies,
not small groups of people driving around Iowa. Campaigns that reach
out to NCCIC get an email outlining options like a “six-week
phishing vulnerability assessment” or an “audit of internal
network security,” neither of which is much help to a campaign
working off personal devices, seven weeks before an election.
… The Democratic Congressional Campaign
Committee, deeply anxious about campaign security, distributes a
nonpartisan tech
playbook developed in conjunction with the Harvard Belfer
Center. The playbook is meant to be a basic guide that any campaign
can follow, and from a technical point of view, it is unimpeachable.
But it focuses almost entirely on protecting
campaign data, such as financial reports or opposition research.
When it comes to safeguarding staffers’ personal accounts, the
handbook only suggests that they “enlist professional input from
credentialed IT and cybersecurity professionals as needed.”
(Related)
This Group
Posed As Russian Trolls And Bought Political Ads On Google. It Was
Easy.
In the summer of 2018, after months of public and
legislator outcry over election interference, you might think it
would be difficult for a Russian troll farm to purchase — with
Russian currency, from a Russian ZIP code — racially and
politically divisive ads through Google. And you might reasonably
assume that if such a troll farm were able to do this, Google —
which
has said "no amount of interference that is acceptable"
— would prevent it from successfully targeting those ads toward
thousands of Americans on major news sites and YouTube channels.
But you’d be wrong.
If I had purchased a copy to demonstrate to my
Ethical Hacking students, would I be in violation of any law? (I’m
not really worried because I used the name and address of a certain
lawyer friend.)
Google
Notifies People Targeted by Secret FBI Investigation
“At least dozens of people have received an
email from Google informing them that the internet giant responded to
a request from the FBI demanding the release of user data, according
to several people who claimed to have received the email. The email
did not specify whether Google released the requested data to the
FBI. The unusual notice appears to be related to the case of Colton
Grubbs, one of the creators of LuminosityLink, a $40 remote access
tool (or RAT), that was marketed to hack and control computers
remotely. Grubs pleaded
guilty last year to creating and distributing the hacking tool to
hundreds of people. Several people on Reddit,
Twitter,
and on HackForums,
a popular forum where criminals and cybersecurity enthusiast discuss
and sometimes share hacking tools, reported receiving the email…”
“Google received and responded to legal process issue by Federal Bureau of Investigation (Eastern District of Kentucky) compelling the release of information related to your Google account,” the email read, according to multiple reports from people who claimed to have received it. The email included a legal process number. When Motherboard searched for it within PACER, the US government’s database for court cases documents, it showed that it was part of a case that’s still under seal…”
Security tools for my students.
Google
Introduces Open Source Cross-Platform Crypto Library
Google
last week took the wraps off Tink, an open source, multi-language,
cross-platform cryptographic library designed to help simplify common
encryption operations.
Under
development for the past two years, the cryptographic library has
been available on GitHub since its early days and has already
attracted a few external contributors.
… Tink
can simplify many common cryptographic operations. Data encryption,
digital signatures, and more would only require a few lines of code,
the Internet giant claims.
The
library is providing cryptographic APIs that Google says are secure,
as well as easy to use correctly, but harder to misuse.
Is it bigness or controlling the market that
causes problems. (What is their market and what percentage do they
control?)
It’s time
to break up Facebook
Best known for coining the
phrase “net neutrality” and his book The Master Switch: The
Rise and Fall of Information Empires, Wu has a new book coming
out in November called The
Curse of Bigness: Antitrust in the New Gilded
Age. In it, he argues compellingly for a return to aggressive
antitrust enforcement in the style of Teddy Roosevelt, saying that
Google, Facebook, Amazon, and other huge tech companies are a threat
to democracy as they get bigger and bigger.
(Related)
Snap AV:
Facebook antitrust fears
Research shop MoffettNathanson downgraded Facebook
this morning to neutral, cutting its price target from $200 to $175.
Among the reasons: fears over antitrust due to
Facebook's exceptional market power in the social media space, neatly
encapsulated by this chart:
[Curiously,
the chart shows Apps downloaded, not market share.]
Perspective. The post-Gutenberg revolution is:
You can publish your book/magazine/newspaper without a
printing press.
GPO
grapples with ‘Keeping America Informed’ in the digital
information age
fedscoop:
“The Government
Publishing Office (GPO) is tasked with “Keeping America
Informed,” which practically means that the agency, through various
channels, provides free public access to all the official
publications of the federal government. In the days before the
internet, this mandate was a lot easier to keep track of. In a
recently released report, the Library of Congress’ Federal Research
Division (FRD) explores how federal agencies tend to publish
information these days (spoiler alert: online) and how the GPO can do
a better job keeping tabs on official government documents in the
information age. “The
identification and acquisition of content are substantially more
complex undertakings in the digital age as compared to the
ink-on-paper era,” the report states. Before the web,
agencies often approached GPO for publishing services, which made it
easy for the agency’s Federal Depository Library Program (FDLP) to
collect information on publications. More recently, however, “the
onset of direct-to-web publishing, together with the diminishing
share of publications in print, weakened the link between Federal
publishing and the deposit of documents for FDLP distribution.”
This situation leads to the existence of so-called “fugitive
documents” — documents that fall within the FDLP’s purview but
have not been collected or documented. “Digital fugitives,” the
report states, “result from the tremendous volume of digital
content being produced, the diversity of formats being used to create
information products, the inconsistency of website designs across the
Government, and Federal agencies’ failure to notify the
Superintendent of Documents of newly released information products…”
Perspective. The new normal? What percentage of
smartphones will stream this?
CBS will
stream Super Bowl LIII on mobile devices without a sign-in
CBS is determined to make
the most of the NFL's loosened streaming rules. The broadcaster
has revealed
its streaming plans for Super Bowl LIII, and you'll finally have the
option to watch on mobile devices without a sign-in through CBS
Sports' website and mobile apps. You'll also have mobile access
through authenticated apps from CBS' cable, satellite, telecom and
streaming TV partners. To no one's surprise, you can watch through
All Access on mobile if you're a subscriber.
Perspective. I had no idea that Uber (et al) had
impacted taxi service so much already. Have they already become this
century’s buggy whip industry?
With nearly
half of Chicago cabs in foreclosure or idled, cabbies' hopes riding
on New York-style ride-share limits
… Nearly half of the city’s 6,999 licensed
cabs are in foreclosure or idled, leading to an increasingly
desperate call for regulatory intervention — including a newly
floated idea to cap the number of ride-sharing licenses in Chicago —
to keep taxi fleets on the streets.
No comments:
Post a Comment