hacking Archives - Page 2 of 5

Posts

Thursday: Creep

August 18, 2016/6 Comments/in Climate Change, Culture, Cybersecurity /by Rayne

Covers are often treated like poor relations in hand-me-downs. It’s not the performer’s own work, how can they possibly do the original justice?

Yeah…and then this. I think it’s an example of an exceptional cover. It’s one of my favorites. There are a number of other fine covers of this same piece — some are sweet, some have better production values, and some are very close to Radiohead’s original recording. But this one has something extra. Carrie Manolakos, a Broadway performer known for her role as Elphaba in Wicked, takes a breath at 2:19 and watch out. Her second album will release next month if you enjoy her work.

In Sickness and Health
Here, read these two stories and compare them:

Now we know the real reason Aetna bailed on Obamacare (Business Insider)
Aetna CEO Threatened Obamacare Pullout If Feds Opposed Humana Merger (HuffPo)

Leaving you with the actual heds on these articles. How isn’t this simple extortion? You know, like, “Nice national health care system you’ve got there. It’d be a shame if anything happened to it.”

Cry me a river about corporate losses. Last I checked Aetna’s been paying out dividends regularly, which means they still have beaucoup cash.

If only we’d had a debate about offering single payer health care for everyone back in 2009 so we could say Fuck You to these vampiric corporate blackmailers.

Still in Shadow
A timeline of articles, analysis, commentary on the hacking of NSA malware staging servers by Shadow Brokers — no window dressing, just links:

15-AUG-2016 8:48 AM — https://twitter.com/mikko/status/765168232454037504 (Mikko Hypponen–Kaspersky tweeting discovery of Shadow Brokers’ auction of Equation Group code)

16-AUG-2016 7:22 AM — http://cybersecpolitics.blogspot.com/2016/08/why-eqgrp-leak-is-russia.html (Info sec expert Dave Aitel’s assessment on hackers responsible)

16-AUG-2016 7:40 AM — https://twitter.com/Snowden/status/765513662597623808 (Edward Snowden’s tweet thread [NB: don’t be an idiot and click on any other links in that thread])

16-AUG-2016 7:22 PM — https://securelist.com/blog/incidents/75812/the-equation-giveaway/ (time zone unclear)

16-AUG-2016 ?:?? — http://xorcat.net/2016/08/16/equationgroup-tool-leak-extrabacon-demo/

17-AUG-2016 8:05 AM EST — https://motherboard.vice.com/read/what-we-know-about-the-exploits-dumped-in-nsa-linked-shadow-brokers-hack

17-AUG-2016 ?:?? — https://www.cs.uic.edu/~s/musings/equation-group/ (University of Illinois’ Stephen Checkoway’s initial impressions)

17-AUG-2016 7:23 PM EST — https://www.washingtonpost.com/world/national-security/nsas-use-of-software-flaws-to-hack-foreign-targets-posed-risks-to-cybersecurity/2016/08/17/657d837a-6487-11e6-96c0-37533479f3f5_story.html

18-AUG-2016 6:59 AM EST — https://twitter.com/RidT/status/766228082160242688 (Thomas Rid suggests Shadow Brokers’ auction may be “retaliation” — note at this embedded tweet the use of “retaliation” and the embedded, highlighted image in which the words “Panama Papers” appear in red. Make of that what you will.[1])

18-AUG-2016 2:35 PM EST — https://motherboard.vice.com/read/the-shadow-brokers-nsa-leakers-linguistic-analysis (Two linguists suggest Shadow Brokers’ primary language is English distorted to mimic Russian ESL)

You know what this reminds me of? Sony Pictures’ email hacking. Back and forth with Russia-did-it-maybe-not-probably, not unlike the blame game pointing to North Korea in Sony’s case. And the linguistic analysis then suggesting something doesn’t quite fit.

[Today’s front pages from USA Today, The New York Times, Wall Street Journal, Los Angeles Times, shared here under Fair Use.]

American Refugees
I read in one of my timelines today a complaint by a journalist about Louisiana flooding news coverage. Wish I’d captured the thread at the time; they were put out that the public was unhappy about the media’s reporting — or lack thereof. They noted all the links to articles, videos, photos being shared in social media, noting this content came from journalists.

Except there really is a problem. The embedded image here is the front page of each of the four largest newspapers in the U.S. based on circulation, total combined circulation roughly six million readers. NONE OF THEM have a story on the front page about the flooding in Louisiana, though three of them covered the California Blue Cut Fire. Naturally, one would expect the Los Angeles Times to cover a fire in their own backyard, and they do have a nice photo-dense piece online. But nothing on the front page about flooding.

The Livingston Parish, Louisiana sheriff noted more than 100,000 parish residents had lost everything in the flood. There are only 137,000 total residents in that parish.

Between the +80,000 Blue Cut Fire evacuees and more than 100,000 left temporarily homeless in Louisiana, the U.S. now has more than a couple hundred thousand climate change refugees for which we are utterly unprepared. The weather forecast this week is not good for the Gulf Coast as unusually warm Gulf water continues to pump moisture into the atmosphere. We are so not ready.

Longread: The last really big American flood
Seven Scribes’ Vann R. Newkirk II looks at the last time a long bout of flooding inundated low-lying areas in the south, setting in motion the Great Migration. This is the history lesson we’ve forgotten. We need to prepare for even worse because like the Blue Cut Fire in California and Hurricane Sandy in New Jersey and New York, disaster won’t be confined to a place too easily written off the front page.

One more day. Hope to make it through.
_________
[1] Edited for clarity. Kind of.

Monday: Skate Away

August 15, 2016/2 Comments/in Climate Change, Culture, Cybersecurity /by Rayne

Monday means it’s movie day, and I think this charming little documentary fills the bill. Valley Of A Thousand Hills from Jess Colquhoun looks at Zulu youth participating in a skate camp and the impact on their lives. They’re quite optimistic in spite of limited resources and opportunities. The film left the feeling they’re on the verge of a breakthrough — like these kids could really change global culture if they wanted to. They appear more self-aware and energized than most adults I run into of late.

Wrath of Gods kind of weather

Catastrophic flooding displaced more than 20,000 Baton Rouge area residents (NOLA.com) — Damn it, the news coverage on this flooding was so thin this morning save for local papers. Flood victims include the governor and his family who had to be rescued from their home; actor Wendell Pierce lost everything in his Baton Rouge area home. Four parishes had already been declared a disaster including Tangipahoa, St. Helena, East Baton Rouge and Livingston.
Aerial photos show massive damage to more than 10,000 homes (TheAdvocate.com) — Follow Maya Lau on Twitter for more photos; LSU campus is inundated and many homes are beneath water to their rooflines.
Severe monsoon flooding displaced 50,500 around Manila, Philippines (Floodlist) — There have been a handful of deaths reported with more persons unaccounted for. Worst rainfall amount in 24-hour period 14-15 August was 6 inches over the Dagupan area. More rain is expected.
Half a month’s rain in short time period floods Moscow (euronews) — Flooding is worst Moscow has seen in 130 years. Reporting is extremely thin about this event which ocurred over the last 24-48 hours.
Massive flash flood killed 20 last weekend in Skojpe, Macedonia (video, France24) — There’s quite a bit of video from other outlets in YouTube about the flooding; ironic that Russian aide workers went to help Macedonia just before flooding began in Moscow.
Nearly 3000 homes swamped in Thailand (Bangkok Post) — Flooding near Phayao was the worst in seven years; at least one person is missing.
Sudanese states Kassala, Sennar, South Kordofan, West Kordofan and North Darfur flooded, killing 100 (Deccan Chronicle) — Heavy rains since June worsening two weeks ago led to a late night flash flood that swept away villages. More than 100,000 have been displaced. Clean drinking water is now a serious problem.

Might be time to brush off that copy of J. G. Ballard’s The Drowned World and ponder a post-apocalyptic future under water. We’ve likely passed the 1.5C degree global warming threshold without any sense of urgency to act on climate change which fuels this wave of flooding.

Sigh-ber

Hotels across ten states breached (Reuters) — Hey, now you philanderers have an excuse for that bizarre charge to your room at the Starwood, Marriott, Hyatt, or InterContinental hotel for strawberries, whip cream, and a leather flogger during your last business trip. “It’s just a hacker, honey, that’s all, really…” HEI Hotels & Resorts, the operator of the affected hotels, found the malware in its systems handling payment card data. The malware had been present in the system for roughly 18 months while 20,000 transactions were exposed.
Google ‘secretly’ developing a new OS (TechnoBuffalo) — A well-known Linux blogger wrote Google references “Pink + Purple == Fuschia (a new Operating System)” in its Git repository. The two colors are believed to refer to Magenta and LK kernels which Google is using to build a wholly new operating system. Magenta does not have a Wikipedia entry at the time of this post but Googlesource has a brief explainer for Magenta and LK. The two kernels serve different purposes but combined they may be able to operate any device whether small Internet of Things single purpose devices or multi-purpose devices like personal computers. This may be the direction Google has chosen to go rather than fully merge its Chrome OS with Android. The new operating system could also resolve some annoying problems with antitrust regulators if Android is cut loose and managed by an open source consortium, perhaps one established by and aligned with the Open Handset Alliance.
Banking malware attacks Android users browsing sites using Google AdSense (SecureList) — The thieves pay for a listing on AdSense, put their malicious ad in the system, and it downloads to an Android device whenever the user reads a website featuring the contaminated ad. Yuck. Use your antivirus app regularly on your Android devices as this nasty thing may pick up your financial information.

Longread: Manners matter?
At Aeon.com, Professor Eleanor Dickey of University of Reading-UK discusses the ‘magic word’ and its use in early democratic society, and its decline with the rise of a hierarchical system in the fourth century BCE. Are we a more or less democratic society based on our current level of societal manners?

Catch you tomorrow if the creek doesn’t rise!

Friday: The Immoral Minority

August 13, 2016/10 Comments/in automobiles, Culture, Cybersecurity /by Rayne

While philosopher Slavoj Žižek isn’t everybody’s cup of quirky tea, he’s got a valid point in this video.

The right-wing has abandoned its claim to be the Moral Majority.

Don’t mistake this as a validation of the Democratic Party here in the U.S.; they are only earning a majority in terms of politics, and in no small part by being the “Not GOP” party. With its leadership cozying up to war criminals, climate denialists and fossil fuel-based polluters, and general denigrators both of human rights and the public commons, they are not the Moral Majority by default.

But an unorganized left in this country rejects the right-wing’s ethical decay implicitly underpinning the Republican Party. The left rejects those values which undermine democracy — misogyny, racism and marginalization of other minorities, the ongoing subversion of individuals’ rights to promote the interests of corporations.

A true Moral Majority won’t support a social contract undermining democracy by limiting life, liberty, and happiness’ pursuit to a narrow few. It’s well past time for the broader left to coalesce into an organized entity based upon the belief that all humans are created equal and deserving a more perfect union.

Zapped by Zika

“ZIKA VIRUS | Days since White House funding request: 186 | Funding response from Congress: $0 | Zika cases in US and territories: 8,580” (Tweet, Dan Diamond/Politico)
Peter robbed to pay Paul: DHHS pulls money from other projects to fund Zika vaccine research (Reuters) — Lacking new dedicated funding from Congress, U.S. Department of Health and Human Services squeezed out $81 million and spread it into Zika vaccine research, with $34 million of that to the National Institutes of Health and $47 million to the Biomedical Advanced Research and Development Authority (BARDA). The white House had asked for $1.9 billion last fall for Zika, but that amount was pared down by 42%; Republicans then objected to any of the remaining portion going to Planned Parenthood, putting Democrats in a bind. Access to birth control is critically important to preventing Zika’s spread; access to abortion could prevent the birth of severely deformed infants who will live short, utterly miserable, and expensive lives.
Arthrogryposis — congenital joint defects — associated with Zika during pregnancy (The BMJ) — Dislocated and or misshaped knees, ankles, elbows, hips appeared in children born with other neurological defects found in Zika-infected fetuses. Further research is necessary to prove both the virus is causal and learn the mechanism by which the virus inflicts this damage in utero. The patients had been tested for other known causes of arthrogryposis — toxoplasmosis, cytomegalovirus, rubella, syphilis, and HIV. All were negative.
First infant death due to Zika reported in Texas (KHOU) — The infant’s mother traveled to El Salvador during pregnancy where it is believed she contracted the virus.
Zika virus case confirmed in Monroe County, Michigan (Detroit Free Press) — But the method of infection is not clear (what?!). County health and state officials are working toward mosquito surveillance.

Wheels and steals

Millions of vehicles made from 1995 on vulnerable to keyless-remote hacking (USENIX) — Researchers at University of Birmingham and Kasper & Oswald GmbH presented a paper at the USENIX 2016 conference, showing more than 20 years’ worth of VW Group vehicles are hackable using inexpensive Arduino-based RF transceiver technology. Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, Ford and other makes relying on the Hitag2 access security method are similarly at risk. Researchers also looked at after-market keyless entry remotes for these and other vehicles; the cars for which these worked were also vulnerable. All vehicles tested appear to be those made for the European market, but the research noted the radio frequency differences — 315 MHz band in North America and the 433 MHz or 868 MHz band in Europe — used in remotes. The paper’s research team notified VW in November 2015 of their results; NXP Semiconductor, a manufacturer of Hitag2 remote technology, was also notified. NXP had already informed customers of the vulnerability in 2012 and has already improved device security.
Volkswagen suppressed news about keyless remote insecurity since 2013 (Bloomberg) — The same researchers from University of Birmingham and Kasper & Oswald GmbH had originally approached NXP Semiconductor and VW with their work in 2012 and 2013, respectively. VW sued and blocked release of their work; the paper was released this past week at USENIX only “after lengthy negotiations” and the removal of a single sentence which car thieves could use to easily crack the keyless remotes. A number of suspicious automobile thefts over the years may have relied on hacking remotes; will insurance companies look into these thefts and demand recovery from VW?
DOE grants Ford $6M for fuel cell research (Detroit Free Press) — Existing fuel cell technology has been too expensive for successful commercialization; the grant will be used to develop cheaper technology competitive with battery and internal combustion engines.

Longread: Geopolitics
FiveBooks.com interviewed former state department official and senior fellow at the Council on Foreign Relations, Jennifer M. Harris, about geopolitics. She discusses the topic and offers five book recommendations about the same. Harris is the co-author of recently released War by Other Means: Geoeconomics and Statecraft. Given her work as U.S. National Intelligence Council staff followed by work on economics under then-Secretary of State Hillary Clinton, this interview might offer a preview to future statecraft.

Friday Jazz
It’s still Friday somewhere according to my clock. Try French performer Zaz, stage name for Isabelle Geffroy. If you like this ditty, preview more of her work on her channel on SoundCloud.

It’s been a hectic week here; next week doesn’t look any better, but I’ll aim to be here on Monday. Have a relaxing weekend!

Friday: Little Fly

August 5, 2016/12 Comments/in automobiles, Culture, Cybersecurity /by Rayne

Friday jazz comes to us from vocalist and bassist Esperanza Spalding, one of my personal favorites. She’s the first jazz musician to ever win the Grammy Award for Best New Artist, awarded only a handful of months after this featured performance from 2010.

My favorite tune of the three she performs here is Apple Blossom — it never fails to make me sniffle. Spalding plays more than just the double bass; sample her more progressive work on electric bass here. Want something a bit more traditional? Try her upbeat bluesy rendition of On the Sunny Side of the Street. Or maybe a little pop rock slice with her tribute to Stevie Wonder, Overjoyed.

Wheels and steals
Volkswagen:

Whiny op-ed complains about poor, poor Volkswagen (WSJ) — Aw, poor fraudulent enterprise lied and ripped off the American public for a decade while other automakers in the U.S. complied with emissions laws. Murdoch-NewsCorp outlet Wall Street Journal wants us to take pity on the bastards who did not care one whit they were literally poisoning U.S. citizens while lying to customers and dealers, let alone poisoning and lying to tens of millions of customers abroad. Look, they broke U.S. laws for nearly ten years. They made interest and capital gains on the money they gained from their illegal efforts. They can make the customers they defrauded whole and they can do something to fix the damage they wreaked on our environment. And they should be punished for breaking laws on top of reparations. Anything less is a neoliberal blowjob to a company which cannot compete fairly inside the U.S.
VW passenger diesel owners need additional protections (Reuters) — The current settlement offered by VW in federal court does not provide a secondary level of protection to consumers says the consumer advocacy journal, needed if the proposed fix to the emissions cheating diesel vehicles does not work. These vehicle owners should be able to opt for buy-back. The amount offered also undervalues retail prices on alternative replacement vehicles, Consumer Reports said in its submission during the public comment period which ended today.

Consumer Reports said it generally supported the settlement, but urged “regulators to wield robust oversight of Volkswagen to ensure that the company implements its recall, investment, and mitigation programs appropriately” and it called on “federal and state officials to assess tough civil penalties and any appropriate criminal penalties against the company in order to hold it fully accountable.”
South Korea halts sales of 80 VW vehicle models (NBCNews) — This is what the U.S. could have done to VW given the scale of fraud, emissions cheating, and the lack of actual “clean diesel” passenger technology available to remedy both 2.0L and 3.0L engine vehicles. The 80 models now banned for non-compliance with emissions and noise pollution laws as well as document forgery include VW, Audi and Bentley vehicles. VW has also been slapped with $16.06 million fine, which is extremely light considering VW broke not only emissions laws while fraudulently misrepresenting the vehicles’ attributes.
West Virginia’s suit against VW amended (Hastings Tribune) — WVa Attorney General expanded the suit to include VW parent group as well as Audi and Porsche brands. Bosch, the manufacturer of VW’s electronic control units which were programmed to defeat emissions controls, is included in the lawsuit.
Fewer Americans buying VW vehicles (Business Insider) — No surprise, given the emissions controls cheating scandal, the pricey labels, iffy reliability, and a product lineup that doesn’t match the U.S.’ market demand. It may be a long time before VW digs itself out of its hole here.

NOT Volkswagen:

Two Houston thieves hack Jeep and Dodge cars (Phys.org) — Hacking pirated computer software used by auto technicians and dealers, two men tweaked Fiat Chrylser model vehicles’ security codes so their key worked. The thieves were picked up driving a stolen Jeep Grand Cherokee after police focused on an area where a high number of vehicle thefts occured.
White hat hackers proved Chrysler’s anti-hack update breachable (The Register) — Last year Charlie Miller and Chris Valasek showed Fiat Chrysler’s wireless feature could be hacked remotely to take control of a car. At Black Hat 2016 this week the same duo showed how they could defeat Fiat Chrysler’s firmware update which the automaker pushed to patch the vulnerability. But in terms of ease and speed, the two thieves in Houston might actually have a faster approach to taking control of a vehicle.
28-year-old cracks up his brother’s car while playing Pokémon GO (The Guardian) — Dude. Really? You’re lucky to be alive or that you didn’t kill someone else. This is the kind of generational stupid old-man-yelling-at-clouds Clint Eastwood should take a poke at instead of doubling down on his closeted racism.
Self-driving feature in Tesla X may have saved its driver (CNBC) — Driver suffered a pulmonary embolism while on the road; the vehicle took him to the hospital. Article says the driver “was able to steer the car the last few meters” suggesting he was conscious and in control if limited in capacity. No further details were included to describe how the vehicle switched from its original route to the hospital.

Because opening ceremonies begin tonight at the Rio Olympics, I’ll leave you here. Catch you Monday — have a safe and restful weekend!

Thursday: Move

August 4, 2016/10 Comments/in Anthrax, Climate Change, Culture, Cybersecurity /by Rayne

Need something easy on the nerves today, something mellow, and yet something that won’t let a listener off too lightly. Guess for today that’s John Legend’s Tiny Desk Concert.

I promised reindeer tales today, haven’t forgotten.

From Anthrax to Zombies

First outbreak in 75 years forces evacuation of reindeer herders (The Siberian Times) — The last outbreak in the Siberian tundra was in 1941; news of this outbreak broke across mainstream media this past week, with some outlets referring to it as a “zombie” infection since it came back from dormancy, likely rising from a long-dead human or animal corpse.
Infected reindeer corpses to be collected and destroyed (The Barent Observer) — A lot of odd details about anthrax and its history pop up as the outbreak evolves. Like the mortality rate for skin anthrax (24%) and the alleged leak of anthrax from a Soviet bio-warfare lab in 1979. Reindeer deaths were blamed initially on unusually warm weather (~30C); the same unusually warm weather may have encouraged the release of long-dormant anthrax from the tundra.
Siberian outbreak may have started five weeks earlier (The Siberian Times) — Russia’s Federal Service for Veterinary and Phytosanitary Surveillance senior official is angry about the slow response to the first diagnosis; the affected region does not have strong veterinary service, and it took a herder four days’ walk across the tundra to inform authorities about an infection due to a lack of communications technology. The situation must be serious as the Health Minister Veronika Skvortsova has now been vaccinated against anthrax. Reports as of yesterday indicate 90 people have been hospitalized, 23 of which have been diagnosed with anthrax, and one child died. The form most appear infected with is intestinal; its mortality rate is a little over 50%. Infection is blamed on anthrax-contaminated meat; shipment of meat from the area is now banned. Russian bio-warfare troops have established a clean camp for the evacuated herder families until the reindeer corpses have been disposed of and inoculations distributed across the area’s population.
Important: keep in mind this Siberian outbreak may be unusual for its location, but not across the globe. In the last quarter there have been small anthrax outbreaks in Indonesia, Kazakhstan, Kenya, Bangladesh, and Bulgaria. Just search under Google News for “anthrax” stories over the last year.
Coincidentally, anthrax drug maker filed and received FDA’s ‘orphan status’ (GlobeNewsWire) — There have been so few orders for anthrax prophylaxis vaccine BioThrax that specialty biopharmaceutical company Emergent BioSolutions requested ‘orphan status’ from the FDA, granted to special therapies for rare conditions affecting less than 200,000 persons in the U.S. The status was awarded mid-June.
Investor sues anthrax drug maker for misleading expectations (Washington Business Journal) — Suit filed against the company and executives claims Emergent BioSolutions mislead investors into thinking the company would sell as many doses of BioThrax to the U.S. government during the next five years as the preceding five years. On the face of it, investor appears to expect Emergent BioSolutions to predict both actual vaccine demand in advance along with government funding (hello, GOP-led Congress?) and other new competitors in the same marketspace. Seems a bit much to me, like the investor feels entitled to profits without risk. Maybe they’ll get lucky and climate change will increase likelihood of anthrax infections — cha-ching.
Another coincidence: Last Friday marked 8 years since anthrax researcher Bruce Ivin’s death (Tulsa World) — And this coming Saturday marks six years since the FBI released its report on the anthrax attacks it blamed on Ivins.

Cybernia

Facebook let police shut down feed from negotiations resulting in another civilian-death-by-cop (The Mary Sue) –Yeah, we wouldn’t want to let the public see the police use deadly force against an African American mother and her five-year-old child instead of talking and waiting them out of the situation as they do so many white men in armed confrontations. And now police blame Instagram for her death. Since when does using Instagram come with an automatic death warrant?
Can GPS location signals be spoofed? Yep. (IEEE) — It’s possible the U.S. Navy patrol boats caught in Iran’s waters may have relied on spoofed GPS; we don’t know yet as the “misnavigating” incident is still under investigation. This article does a nice job explaining GPS spoofing, but it leaves us with a mystery. GPS signals are generated in civilian and military formats, the first is unencrypted and the second encrypted. If the “misnavigated” patrol boats captured by Iran in January were sent spoofed GPS location data, does this mean U.S. military encryption was broken? The piece also ask about reliability of GPS given spoofing when it comes to self-driving, self-navigating cars. Oh hell no.
Security firm F-Secure releases paper on trojan targeting entities involved in South China Sea dispute (F-Secure) — The Remote Access Trojan (RAT) has been called NanHaiShu, which means South China Sea Rat. The RAT, containing a VBA macro that executes an embedded JScript file, was spread via email messages using industry-specific terms. The targets were deliberately selected for spearfishing as the senders knew the users did not lock down Microsoft Office’s default security setting to prevent macro execution. The malware had been in the wild for about two years, but its activity synced with events related to the South China Sea dispute.

Tomorrow’s Friday, which means jazz. Guess I’d better start poking around in my files for something good. Catch you later!

Tuesday: Tilted

July 26, 2016/14 Comments/in Culture, Cybersecurity /by Rayne

I miss prosthesis and mended souls
Trample over beauty while singing their thoughts
I match them with my euphoria
When they said “Je suis plus folle que toi”

— excerpt, Tilted by Christine And The Queens

We’ve spent (and will spend) a lot of time looking at Americans this month, given the two major parties’ political conventions back to back. Yeah, we’ll look at Russia with a gimlet eye directed by media. But we could use a look away.

The artist in this video is actually Héloïse Letissier; Christine and the Queens is the stage name she and a group of transgender supporting artists use, though many of her works are solo performances. Letissier’s work isn’t confined to music alone as she also works in graphic arts. Her work frequently combines French and English lyrics with strong synthpop beat, making for wide appeal outside of France. If you like Tilted, try the mournful but earworm-y Paradis Perdus and the more hip-hoppy No Harm Is Done.

Allons-y!

Eat more cyber

Hullabaloo about hacking of DNC continues, now with more Russian (The Daily Beast) — Another security firm, ThreatConnect, says it’s definitely the Russians. Okay. Right, then.
The question,”Is the DNC Hack an Act of War?” put to Jack Goldsmith (Slate) — Assuming it’s Russian in origin, Goldsmith said the hack is “not an act of war, at least not by traditional standards. It is closer to an intelligence operation with the twist of a damaging publication of the stolen information.” But Goldsmith didn’t think there was enough evidence to say for certain this was Russia’s work in this interview published last evening.
Goldsmith on U.S. involvement in cyberwarfare and hacking preparedness (Twitter) — He included a link to his related blogpost in his tweet-storm recap. In short, we’re in it up to our eyeballs, we shouldn’t be surprised at returned fire.
President Obama issued a Presidential Policy Directive addressing U.S. Cyber Incident Coordination (WhiteHouse.gov) — Surely just a coincidence PPD-41 was issued today on the heels of alleged hacking by Russians. Note there’s an annex to this PPD with more details (which I did not see online), and sub-section V. A. “supersedes NSPD54/HSPD-23, paragraph 13, concerning the National Cyber Response Coordination Group.”

Motor mayhem

Tesla driver ‘speeding’ before Florida crash (Reuters) — IMO, the truck driver still bears some responsibility here, failed to yield to oncoming vehicle in spite of their speed. But I don’t have all the data, can’t be certain. One thing I can be more sure of: Tesla’s ‘driving-assist software’ should NOT be perceived as autopilot. If this was true autopilot, the software would have adjusted the vehicle’s speed to meet and not exceed the posted limit.
U.S. District court gives prelim approval to Volkswagen’s $15B settlement (LAT) — Settlement covers consumers’ and EPA’s suit on passenger diesels with emissions cheat devices. The deal offers car owners to choose a vehicle buy-back on 2.0L passenger diesel models. VW Group’s 3.0L models are not included in this preliminary offer.
Volkswagen owners in EU get an apology, not a check (Politico.EU) — They are NOT happy with the disparity between the $15B initial settlement offered to US passenger diesel owners and the lip service offered to EU vehicle owners.

“For the same car, in the U.S., you get a compensation, while in Europe you get an apology,” said Maroš Šefčovič, a Commission vice president overseeing energy and climate policy. “I don’t think it is fair.”

Yeah, it’s not fair, and VW’s head engineer Ulrich Eichhorn is wrong when he says EU customers aren’t damaged. Baloney–the entire EU is damaged by higher NOX and other pollutants generated by these fraudulent cars. People are sick and dying because EU’s biggest automaker is poisoning the air.

Science-y schtuff

WHO: Antibiotic resistance a bigger threat than cancer within ~30 years (Euronews) — The rise of superbugs and inadequate research is already costing tens of thousands lives each year and beaucoup money. It will only get worse if the use of antibiotics remains excessive and research doesn’t increase.
Plasma technology may extend storage life of fruits (ScienceDaily) — Plasma technology — using energy applied to a gas — can zap bacteria on surface of fruit to prevent deterioration the bacteria cause. Except it’s expensive compared to simply washing fruit with known natural antibacterial agents. Like vinegar and water. Plasma tech might be best used on soft fruits like berries which don’t handle washing very well. But still, more energy required, and any heat generated might cook the fruit. ~smh~
Better beer through yeast (Nature) — Soon-to-be-published paper will detail 150 yeast strains’ genomes in an effort to help beermakers find the perfect yeast. What happens when they find The One, though? Will we lose our excuse for sampling widely and deeply?

Longread for your next commute
Belt magazine offers a four-part series, Walking to Cleveland by Drew Philps. It’s a travelogue of sorts, documenting Philp’s journey on foot from Dearborn to Cleveland in time for the Republican National Convention. Visit the Midwest with read.

Catch you later!

Thursday: Bad Girls

July 14, 2016/14 Comments/in Culture, Cybersecurity /by Rayne

One thing before I go any further…look just above these words, below this post’s title and to the right of the date of publication. See the name ‘Rayne’? That’s me, that’s my byline. Please note there are multiple contributors here at emptywheel. The entire site is eponymously named for its owner, Marcy Wheeler, whose online name and byline is the same as this blog. Check the byline on our posts if you haven’t done so in the past. You’ll note we have different voices and opinions, different writing styles. I tend to be the most open about my dislike for what the Republican Party has become since 1978, when I last toyed with being Republican. Marcy and the rest of the crew tend to be more generous or less open in their vituperation. Take note of the byline when when you read and comment, thanks.

Still indulging in female artist K-pop, choosing this video for a very specific reason…

TWO DAYS
That’s it, what’s left of today and all day tomorrow — that’s all the U.S. House will be in session for July. Outstanding job this week trashing the EPA with bullshit riders, GOP members. Way to fucking go with extending your run serving corporations ahead of the people.

Tick-tock.

BAD GIRL (UK edition)
After today’s wash list of badness, I can hardly wait to hear what comes of May’s visit on Friday to Scotland.

New UK PM Theresa May doubles down on the stupid naming Priti Patel to Dept of International Development (The Independent) — In spite (or because) of Priti Patel’s 2013 opinion that the DofID should be eliminated and focus aimed solely on trade. Patel’s been referred to as a “Tory ‘robot’.”
David Davis, named ‘Brexit Czar’, already beating drums for trade negotiations now () — taking an offensive stance on Article 50, wanting deals BEFORE executing the article, in essence extending the two-year period for negotiations. That’s not what the Lisbon Treaty specifies, though. And European Commission President Jean-Claude Juncker has already warned the UK the EU won’t negotiate at all before Article 50 has been filed.
May abolished the Department for Energy and Climate Change, absorbing it into the new Department for Business, Energy & Industrial Strategy (The Independent) — Wow. Pure climate denialism combined with fascism. Stunning level of stupidity.
Anna Leadsom, new Environment Secretary, advocates burning everything down (The Independent) — Not really, but bloody close to that given her support for fox hunting, selling national forests, and climate change denialism.

BAD GIRL (domestic edition)

Michigan Gov. Snyder appoints former BP external affairs pro to Environmental Quality (Detroit Free Press) — In a move mimicking UK PM Theresa May’s oppositional defiance and idiocy on the environment and climate change, Snyder does the exact opposite of what’s needed to save the environment and picks someone with background in environmental damage. Keep in mind there’s an ongoing conflict about an ruptured Enbridge Energy oil pipeline* running beneath the Mackinaw Straits between two of the largest bodies of fresh water in the world. [* not ruptured but at risk of rupture, and very little accountability on its operation in spite of its age and sensitivity of the water and land it travels. Enbridge is responsible for the largest inland oil leak in the U.S., near Kalamazoo MI.]

PokéGone
The list of accidents resulting from distraction by Pokémon GO grows by leaps and bounds. These are among the worst so far. Just a matter of time before a fatality occurs.

Two guys fall over a 90-foot oceanfront bluff chasing Pokémon characters (LAT) — How do you miss a cliff that high, let alone the roar of the ocean below?
Guy glances at his phone to check for Pokémon, wraps his car around a tree (Consumerist) — Wakes up in hospital, lucky to be alive. Just look at the car.
Guy falls into Prospect Park pond while chasing a Pokémon (Cosmopolitan) — Hey, do you see a pattern here, besides Pokémon?

Wheels

California regulator nixes Volkswagen’s 3.0L passenger diesel fix (Ars Technica) — No surprise to me whatsoever. I’ve said repeatedly there’s no clean diesel technology. Still isn’t. Just buy the cars back and tell consumers to buy a hybrid instead if they want clean passenger transportation.
Consumers Reports tells Tesla to eliminate “Autopilot” label on self-driving technology (Phys.org) — Too confusing to so-called drivers in spite of warnings they should pay attention to driving at all times.
New bug bounty offered by Fiat Chrysler (Naked Security) — First of its kind offered by any Detroit automakers, the bounty comes after Chrysler vehicles featuring the wireless UConnect entertainment system were hacked by white hats last year.

Keep an eye on this topic

U.S. SDNY’s Judge William Pauley ruled evidence collected by DEA using Stingrays is inadmissible (New York Law Journal) — Pauley wrote,

Absent a search warrant, the Government may not turn a citizen’s cell phone into a tracking device. Perhaps recognizing this, the Department of Justice changed its internal policies, and now requires government agents to obtain a warrant before utilizing a cellsite simulator.

I’m sure there will be more on this case in the near future.

Catch you tomorrow for the last in-session day in U.S. House.

Wednesday: Dumb Dumb [UPDATE]

July 13, 2016/23 Comments/in Culture, Cybersecurity /by Rayne

Let’s change the pace today with some K-pop — a little hyper-upbeat Korean pop music influenced by hip hop. You may already be familiar with K-pop if you are familiar with insanely popular tune Gagnam Style by the artist Psy, released in 2012. But K-pop isn’t just male artists like GOT7, Shinhwa, and BIGBANG. There are quite a few all-female groups like Red Velvet featured here, Girls’ Generation, Orange Caramel, and Girls’ Day. Americans may find a retro feel to female K-pop artists’ work, not only in content and performance, but production and presentation. They make hard work look like joy. For all the visual and audio effects, there are simple, unifying messages — love is everything, and girls just want to have fun.

So much that. We could really use some love and some fun.

THREE DAYS
*head-desk* Including today, that’s all the House will spend in session this month. Flint’s 8000 lead-poisoned kids still wait.

Carla Hayden, nominee for Librarian of Congress also waits. Some chickenshit anonymous Republican senator(s) have placed a hold on her confirmation. Why? Because she’s black. Swear to gods the GOP wants to become an irrelevant footnote in history; they certainly won’t win over minority voters this way, and they’re pissing off the publishing industry at the same time. UPDATE 5:00 P.M. EST — HAYDEN CONFIRMED Huh. Wonder what clued in the chickenshit anonymous Republican senator(s) who’d placed her on hold? Whatever, now the GOP can go back to focusing their normal obstructive intransigence on SCOTUS’ nominee Merrick Garland.

Don’t forget about China

The Hague ruled in Philippines’ favor yesterday on South China Sea territorial dispute (video, SCMP) — China said it will ignore the ruling (0:30 in video).
Economic boycotts of Philippine products called for by Chinese social media (BBC) — Mangoes in particular could be affected.
But anti-ruling protests haven’t manifested in the streets (Bloomberg View) — Unlike 2012, China’s leadership may be tamping down nationalism due to recent economic volatility.
Taiwanese patrol ship sets sail for disputed territory (IndiaTVNews) — Taiwan isn’t happy about the ruling, claiming its opinion wasn’t solicited on the matter.
US bank regulator says China hacked FDIC’s computers, including chairwoman’s (Reuters) — Digital territorial waters encroached upon in 2010, 2011, 2013 according to Congressional report. Odd how 2012 is missing. Equally odd the timing of this report. (Hi blueba!)

Civil rights wronged

Cruel and unusual punishment continues on Rikers Island after four extensions granted for reforms (Village Voice) — Youths 18-21-years-old including some who are mentally ill remain locked up in solitary confinement. The glacial pace of reforms is repugnant, maintaining worse than third-world treatment. Fix this horror and quit dragging your feet, New York. You’re making this entire country look bad and worse.
Black ex-cop offers detailed analysis of race and policing (Vox) — One key problem is the propensity for 70% of police to cave into pressure from the 15% of cops who are outrageous racists — like the Milgram experiment run amok. Racists should be identified and removed from leadership positions; police departments must have open dialog about social pressure and expectations of ethical behavior in policing.

Breakit

Theresa May now UK’s prime minister (Press Association) — Kissed Hands and all, but without a true democratic mandate. Thank goodness we fought a revolution for a representative democracy (that’s snark, son).
May’s new role greeted with muted welcome and skepticism (Reuters) — Like the response from Lithuania, something-something-lemons-lemonade.
May names Boris Johnson UK’s foreign secretary (Press Association) — Oh. My. God. What. The. Fudge. Skepticism was more than warranted.
Lengthy wash list of topics to be negotiated should new PM trigger Article 50 to effect Brexit (OpenEurope) — And she’ll have to allow immigrant negotiators to work through this list because the UK doesn’t have enough of their own negotiators. Certainly can’t leave it all to that chucklehead Boris Johnson.

Cyber-oddments

Bird drone dropped out of the sky over Somalia (Atlas Obscura) — Probably not one of ours, more likely belongs to Somalia’s intelligence agency.
FCC evaluating expansion of mobile phone service into weather service bandwidth (Nature) — This has awful written all over it. Read the article; telecom signal has already interfered with critical weather information. Just, no. Telecoms can either develop new technology to work around this, or they can buy bandwidth which won’t conflict with the public’s need for timely and accurate weather information.
Self-driving feature will not be shut off on Tesla cars says Musk (InformationWeek) — In spite of several accidents known so far, self-driving application will remain on Tesla vehicles. The company will increase education outreach (which I think means teaching drivers, “Don’t trust the robot driver all the damned time.”)
Sheep doing the heavy lifting for Google on Faroe Islands (Guardian) — The Faroese were unhappy with the lack of vehicle-based scanning for Google Street View. They slapped the requisite equipment on sheep to fill the gap, proving where there’s a wool, there’s a way. Baaad joke.

Okay, that’s quite enough self-abuse for one day. It’s downhill from here, see you tomorrow!

Wednesday: Mend

July 6, 2016/11 Comments/in Culture, Cybersecurity, Surveillance, Terrorism /by Rayne

Repair Day here, can’t spend much time reading or writing as I’ll be tied up mending things. Enjoy a little mellow Foo Fighters’ tune — can’t handle metal rock today or I’ll end up HULK SMASHing things I’m supposed to fix.

Here’s a range of topics which deserve more attention:

• UK’s Chilcot report released today (Guardian-UK) — [Insert lengthy string of epithets here, circa 2003] I’m sure one of the other team members here at emptywheel will elaborate more effectively on the ugliness in the report and on former Prime Minister Tony Blair‘s continued lies rationalizations for military intervention in Iraq over alleged 9/11 terrorists and non-existent nuclear weapons. His self-flagellation and tepid mea culpa are pathetic, like watching a wee gnat flailing on an elephant’s ass. Thirteen years later, Iraq has become a training ground for terrorists. Self-fulfilling prophecy, much?

The full Chilcot report can be found here. The Guardian is working on a collaborative evaluation of the same.

• Hookup site Ashley Madison under investigation by FTC (Reuters) — Not clear exactly what FTC’s focus is, whether they are looking primarily at the data breach or if they are looking into the misleading use of “fembot” AI to chat up potential customers. Though the article’s characterization of the business as a “discreet dating site” cracks me up, I’m still concerned about the potential risks involved with a breach, especially since other breached data make Ashley Madison’s data more valuable. Like in this Venn diagram; if you were a foreign agent, which breached data would you mine most carefully?

• French Parliament released its inquiry into November terrorist attacks (20 Minutes) — Six months after the attack at the Bataclan and in the streets of Paris, representatives of the Parliamentary inquiry spoke yesterday about the inquiry’s findings:

Poor cooperation between intelligence functions — In spite of consolidation of General Intelligence and Directorate of Territorial Surveillance under the Central Directorate of Internal Intelligence in 2008 and then the Directorate General of Internal Security (ISB) in 2014, there were gaps in hand-offs between functions.
Ineffective collection and sharing of prison intelligence — The ISB did not have information from Justice (the prison service) about the relationships between incarcerated radical Islamists nor information about targets’ release from custody.
Poor cooperation between EU members and EU system gaps — Fake Syrian passports should have been caught by the EU’s Frontex at external borders to EU, and Frontex has no access to data collected by police and intelligence services internal to the EU.
Gaps in jurisdiction — Not all law enforcement was engaged as they should have been during the November attack, and when engaged, not where they should have been.
Victims and families treated inadequately — Some families were told they were “ineligible” to be notified of their relatives’ deaths. Forensic Institute was swamped by the volume of work. At least one victim tried to call the police; they hung up on the victim because she whispered on the phone.

It’s not clear what steps the French will take next to fix these problems identified after looking at 2015’s January and November terrorist attacks, though it is reassuring to see a relatively detailed evaluation. Some of the suspects involved in both the November attacks in Paris and in Brussels are still being rounded up and bound over for prosecution; two were handed over by Belgium to France just this week. The full Parliamentary inquiry report will be released next week.

• NHTSA informed by Tesla of self-driving car accident 9 days later (Reuters) — The delay in reporting may have misled investors in advance of Tesla’s offer for SolarCity suggest reports, including one by Fortune magazine. To be fair, I don’t think all the details about the accident were fully known immediately. Look at the condition of the vehicle in the Reuters’ report and the Florida Highway Patrol report; the FHP’s sketch of the accident site doesn’t automatically lead one to think the accident was induced by distracted driving or by auto-pilot. Can’t find the report now, but a DVD player was found much later; it was this device which revealed the driver’s last activities. How did the FHP’s report make its way to Tesla? And as Tesla responded, with one million auto accidents a year, not every accident is reported to the NHTSA. Begs the question: should all self-driving car accidents be automatically reported to the NHTSA and their automakers, and why?

• ‘Zero Days’ documentary on Stuxnet out this Friday (Flavorwire) — If director Alex Gibney can make this subject exciting to the average non-technical schmoe, hats off. It’s a challenge to make the tedium of coding exciting to non-coders, let alone fluff process control equipment. This is a really important story with a very long tail; hope Gibney was able to do it justice.

EIGHT DAYS in session left in U.S. House of Representatives’ July calendar. Hearing about EPA scheduled this morning, but I don’t think it had anything to do whatsoever with Flint Water Crisis.

Okay, that’s enough to get you over the hump, just don’t break anything on the way down. I’m off to go fix stuff.

Wednesday: Wandering

June 29, 2016/9 Comments/in Culture, Cybersecurity, Economics /by Rayne

All that is gold does not glitter; not all those who wander are lost.

— excerpt, The Lord of the Rings by J. R. R. Tolkien

It’s a lovely summer day here, cool and dry. Perfect to go walkabout, which I will do straight away after this post.

Hackety-hack-hack, Jack

Spearphishing method used on HRC and DNC revealed by security firm (SecureWorks) — Here’s their report, but read this Twitter thread if you don’t think you can handle the more detailed version. In short, best practice: DON’T CLICK ON SHORTENED LINKS using services like Bitly, which mask the underlying URL.
Researchers show speakerless computers can be hacked by listening to fans (arXiv.org) — Air-gapping a computer may not be enough if hackers can listen to fan operation to obtain information. I’ll have to check, but this may be the second such study.
Another massive U.S. voter database breached (Naked Security) — This time 154 million voters’ data exposed, revealing all manner of details. 154M is larger than the number of voters in the 2012 general election, though smaller than the 191M voters’ records breached in December. At least this time the database owner slammed the breach shut once they were notified of the hole by researcher Chris Vickery. Nobody’s fessed up to owning the database involved in the the December breach yet.
Speaking of Vickery: Terrorism databased leaked (Reddit) — Thomson-Reuters’ database used by governments and banks to identify and monitor terrorism suspects was leaked (left open?) by a third party. Vickery contacted Thomson-Reuters which responded promptly and closed the leak. Maybe some folks need to put Vickery on retainer…
Different kind of hack: Trump campaign hitting up overseas MPs for cash? Or is he? (Scotsman) — There are reports that Trump’s campaign sent fundraising emails received by elected representatives in the UK and Iceland. Based on what we know now about the spearphishing of HRC and DNC, has anybody thought to do forensics on these emails, especially since government officials are so willing to share them widely? Using these kinds of emails would be a particularly productive method to spearphish government and media at the same time, as well as map relationships. Oh, and sow dissension inside the Trump family, urm, campaign. On the other hand, lack of response from Trump and team suggests it’s all Trump.

Makers making, takers taking

Apple granted a patent to block photo-taking (9to5Mac) — The technology relies on detecting infrared signals emitted when cameras are used. There’s another use for the technology: content can be triggered to play when infrared signal is detected.
Government suppressing inventions as military secrets (Bloomberg) — There’s merit to this, preventing development of products which may undermine national security. But like bug bounties, it might be worth paying folks who identify methods to breach security; it’s a lot cheaper than an actual breach, and a bargain compared to research detecting the same.
Google wants to make its own smartphone (Telegraph-UK) — This is an effort apart from development of the modular Ara device, and an odd move after ditching Motorola. Some tech industry folks say this doesn’t make sense. IMO, there’s one big reason why it’d be worth building a new smartphone from the ground up: security. Google can’t buy an existing manufacturer without a security risk.
Phonemaker ZTE’s spanking for Iran sanction violations deferred (Reuters) — This seems kind of odd; U.S. Commerce department agreed to a reprieve if ZTE cooperated with the government. But then think about the issue of security in phone manufacturing and it makes some sense.

A-brisket, a Brexit

EU health commissioner Andriukaitis’ response to Nigel Farage’s insulting remarks (European Commission) — Farage prefaced his speech to European Commissioners yesterday by saying “Most of you have never done a proper day’s work in your life.” Nice way to win friends and influence people, huh? Dr. Vytenis Andriukaitis is kinder than racist wanker Farage deserves.
Analysis of next couple years post-Brexit (Twitter) — Alex White, Director of Country Analysis at the Economist Intelligence Unit, offers what he says is “a moderate/constructive call” with “Risks definitely to the downside not to the upside.” It’s very ugly, hate to see what a more extreme view would look like. A pity so many Leave voters will never read him.

Follow-up: Facebook effery
Looks like Facebook’s thrown in the towel on users’ privacy altogether, opening personal profiles in a way that precludes anonymous browsing. Makes the flip-flop on users’ location look even more sketchy. (I can’t tell you anymore about this from personal experience because I gave up on Facebook several years ago.)

Happy hump day!