Posts

Three Things: Day 7, Get Carter, SLAPP-ish Defense

/2 Comments/in , /by

Busy, busy, busy here, now running very late. Only have time for three quick things.

DAY 7 and counting
U.S. income tax filings are due by midnight local time next Tuesday, April 18, the day before we ask where Trump’s 2016 tax returns are in addition to previous years’ returns.

Coincidentally, scientists may have gotten a snapshot of a black hole for the first time, though we won’t know for a few months. We may have better luck looking to that void for Trump’s tax returns.

Get Carter
Carter Page, that is, not to be confused with the 1971 film character Jack Carter. You’ve surely heard since Tuesday night’s reports that a FISA warrant was issued mid-2016 to allow the FBI to monitor Page’s communications. You’ll recall that Page was identified as U.S. contact “Male-1” in the 2015 Buryakov complaint. Russian spy Victor Podobnyy tried to recruit Page, who was intent on doing business with state-controlled energy company Gazprom. It was Page’s relationship with both Gazprom and Russia which were touted as strengths when he joined the Trump campaign in March 2016 as an adviser. Page had been both an investor and an adviser to Gazprom; with Gazprom being majority owned by the Russian government since 2005, Page’s status under the Foreign Agents Registration Act has been fuzzy, though not as clear as Evgeny Buryakov or Victor Podobnyy. As of mid-2015, things did not look good for Gazprom — rough because of U.S. sanctions from 2014, and worse because of cannibalization of the domestic energy business by Rosneft. If Page was still invested in or committed to Gazprom, it’s hard to see how he would not have been influenced by this Russian state-controlled business. He has said he sold his Gazprom stock, but details about timing aren’t readily available.

And now, Get Paul — sorry, no movie of that name, but things are definitely heating up about the former Trump campaign manager Paul Manafort. He’s registering as a foreign agent — a wee bit after the fact — conveniently after AP reported money received by his business linked with a black ledger produced last year. Do watch sourcing; not many names attached to the content. Are they leaked materials or are the sources unwilling to go public given how many Russians have suddenly taken to keeping on their backs, pining for the fjords?

Anthem SLAPPs breach victims
I’m not a lawyer, but looks to me like Anthem is using strategic lawsuits against public participation (SLAPP) against customers who whose private health care data was exposed by a breach of Anthem’s security. The health care insurer won court orders demanding examination of customers’ computers to determine if any exposure was due not to Anthem’s breach but to the customers’ information security prior to the breach. Customers withdrew their suits against Anthem rather than subject their machines to examination. This sets a hideous precedent allowing greater sloppiness with information security which may only be reined in by shareholder suits and government intervention if HIPAA regulations were violated.

Nearly Day 6 o’clock. Do you know where your deductions are?

Monday: Skate Away

/2 Comments/in , , /by

Monday means it’s movie day, and I think this charming little documentary fills the bill. Valley Of A Thousand Hills from Jess Colquhoun looks at Zulu youth participating in a skate camp and the impact on their lives. They’re quite optimistic in spite of limited resources and opportunities. The film left the feeling they’re on the verge of a breakthrough — like these kids could really change global culture if they wanted to. They appear more self-aware and energized than most adults I run into of late.

Wrath of Gods kind of weather

Might be time to brush off that copy of J. G. Ballard’s The Drowned World and ponder a post-apocalyptic future under water. We’ve likely passed the 1.5C degree global warming threshold without any sense of urgency to act on climate change which fuels this wave of flooding.

Sigh-ber

  • Hotels across ten states breached (Reuters) — Hey, now you philanderers have an excuse for that bizarre charge to your room at the Starwood, Marriott, Hyatt, or InterContinental hotel for strawberries, whip cream, and a leather flogger during your last business trip. “It’s just a hacker, honey, that’s all, really…” HEI Hotels & Resorts, the operator of the affected hotels, found the malware in its systems handling payment card data. The malware had been present in the system for roughly 18 months while 20,000 transactions were exposed.
  • Google ‘secretly’ developing a new OS (TechnoBuffalo) — A well-known Linux blogger wrote Google references “Pink + Purple == Fuschia (a new Operating System)” in its Git repository. The two colors are believed to refer to Magenta and LK kernels which Google is using to build a wholly new operating system. Magenta does not have a Wikipedia entry at the time of this post but Googlesource has a brief explainer for Magenta and LK. The two kernels serve different purposes but combined they may be able to operate any device whether small Internet of Things single purpose devices or multi-purpose devices like personal computers. This may be the direction Google has chosen to go rather than fully merge its Chrome OS with Android. The new operating system could also resolve some annoying problems with antitrust regulators if Android is cut loose and managed by an open source consortium, perhaps one established by and aligned with the Open Handset Alliance.
  • Banking malware attacks Android users browsing sites using Google AdSense (SecureList) — The thieves pay for a listing on AdSense, put their malicious ad in the system, and it downloads to an Android device whenever the user reads a website featuring the contaminated ad. Yuck. Use your antivirus app regularly on your Android devices as this nasty thing may pick up your financial information.

Longread: Manners matter?
At Aeon.com, Professor Eleanor Dickey of University of Reading-UK discusses the ‘magic word’ and its use in early democratic society, and its decline with the rise of a hierarchical system in the fourth century BCE. Are we a more or less democratic society based on our current level of societal manners?

Catch you tomorrow if the creek doesn’t rise!

Thursday Morning: Mostly Cloudy with a Chance of Trouble

/13 Comments/in , /by

This video came from a random browse for new artists. I don’t know yet if I have an opinion; first minute is rocky, but improves. Think I need to sample some more by this artist. You can find Unknown Mortal Orchestra on SoundCloud.com if you want to sample more without the video — I do like the cover of Sitting on the Dock of the Bay. Verdict still out on the more experimental atmospheric stuff.

Looking for more trouble…

House passed Email Privacy Act (H.R. 699) 419-0
Sampling of reports: Phys.org | Reuters  |  Forbes

A few opinions: ACLU | EFF  |  Americans for Tax Reform

Wow. An issue everybody could love. Do read the Forbes bit as they had the most objections. Caveat: You may have to see John Stossel’s mug if you read the ATR’s opinion.

Next up: Senate, which is waffling thanks to Grassley

But it was unclear if Senate Judiciary Committee Chairman Chuck Grassley, who holds jurisdiction over the legislation, intends to move it forward during an election year.

The Iowa Republican will review the House bill, consult with stakeholders and his committee “and decide where to go from there,” a spokeswoman told Reuters in an email.

Apple crisp

  • Apple’s stock tanked yesterday falling 7% in response to a drop in demand for iPhones; Apple suppliers likewise took a hit. Come on, there’s a finite number of smartphone users, and the limit must be reached some time. Shouldn’t have rattled the market so much — not like the market didn’t notice China’s market woes and subsequent retrenchment of purchasing over the last 6 months, too.
  • FBI said it wouldn’t disclose the means by which a “grey hat hacker” cracked the San Bernardino shooter’s work-issued iPhone 5c. Wouldn’t, as in couldn’t, since the FBI didn’t acquire intellectual property rights to the method. Hmm.
  • coincidentally, FBI notified Apple of a vulnerability in older iPhones and Macs, though an unnamed source said the problem had already been fixed in iOS9 and in Mac OS C El Capitan. Nice of FBI to make an empty gesture validate the problem.
  • And because I mentioned it, Apple Crisp. I prefer to use Jonathans and Paula Reds in mine.

Malware everywhere

  • The Gundremmingen nuclear power plant in Bavaria found malware in computers added in 2008, connected to the fuel loading system. Reports say the malware has not posed any threat, though an investigation is under way to determine how the plant was infected. Not many details in German media about this situation — timing and method of discovery aren’t included in news reports.
  • A report by Reuters says the malware was identified and includes “W32.Ramnit” and “Conficker” strains. The same report implies the malware may have been injected by devices like USB sticks found in the plant, though the report does not directly attribute the infection to them.
  • BONUS: Reuters quoted cybersecurity expert Mikko Hypponen of F-Secure about the nuclear plant’s infection — but Hypponen elaborated on the spread of viruses, saying that

    he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit.

    Because the plane runs a different operating system, nothing would befall it. But it would pass the virus on to other devices that plugged into the charger.

    Pretty sure Reuters hadn’t counted on that tidbit.

  • Give their report on Gundremmingen’s infection, it’s odd that Reuters’ op-ed on the state of nuclear safety post-Chernobyl made zero reference to cybersecurity of nuclear facilities.

Miscellania

  • Online gaming community Minecraft “Lifeboat” breach exposed 7 million accounts (NetworkWorld) — Minecraft took its tell notifying users because it says it didn’t want to tip off hackers. Wonder how many of these accounts belonged to minors?
  • On the topic of games, feckless Sony leaks like a sieve again, tipping off new game (Forbes) — Jeebus. Sony Group’s entire holding company bleeds out information all the time. This latest leak is about the next version of Call of Duty. Not certain which is more annoying: yet another Sony leak, or that “Infinite Warfare” is the name of the game.
  • Open source AI consortium OpenAI shows a bit of its future direction (MIT Technology Review) — Looks like the near term will be dedicated to machine learing.
  • Just another pretty face on Cruz’ ticket may bring conflict on H-1B visas (Computerworld) — Seems Cruz wants to limit low-cost H-1B labor, and new VP choice Fiorina is really into offshoring jobs. Commence headbutting. (By the way, I’m being snarky about ‘another pretty face.’ They deserve each other.)

I may have to quit calling these morning roundups given all the scheduling issues I have on my hands right now. At least it’s still morning in Alaska and Hawaii. Catch you here tomorrow!

Thursday Morning: A Little Green Around The Gills

/44 Comments/in , , /by

Happy St. Patrick’s Day to those of you who observe this opportunity to drink beer (tinted green or otherwise) and eat boiled dinner and wear green! We’ll know the hardcore among you tomorrow by your hangovers.

Folks overseas don’t understand how St. Patrick’s Day blew up to the same proportions as other holidays like Halloween, blaming it on American commercialization. But the holiday as observed in the U.S., like Halloween, has roots in immigration. Four to five million Irish immigrated to the U.S.; their descendants here are nearly 40 million today, roughly seven times the number of actual Irish in Ireland now. With this many Irish-Americans, even a tepid observation of St. Patrick’s Day here would be visible abroad.

In addition to all things green, we’ll be watching this week’s second #FlintWaterCrisis hearing. Representatives Chaffetz and Cummings can go all shouty on Michigan’s OneLawyeredUpNerd Governor Rick Snyder and EPA’s Gina McCarthy though I have my doubts anything new will emerge. (And you’ll see me get really angry if Rep. SlackerForMichigan Tim Walberg shows up to merely make face on camera. Useless helicoptering.)

Unlike Tuesday, I hope like hell somebody brings up Legionnaire’s cases and deaths in Flint after the cut-over of Flint’s water to Flint River. Thousands of children may have been permanently poisoned by lead, but people sickened and died because of this complete failure of government-as-a-business.

I can’t stress this enough: There were fatalities in Flint because of the water.

Hearing details – set a reminder now:

Thursday 17-MAR — 9:00 AM — Gov. Snyder (R-MI) & EPA Head McCarthy: House Hearing on Flint, MI Water Crisis (est 3 hours, on C-SPAN3)   Link to House Oversight Committee calendar entry

You can find my timeline on Flint’s water here — as noted Tuesday, it’s a work in progress and still needs more entries.

Moving on…

Apple leaves Amazon for Google’s cloud service
Wait, what?! File under ‘Wow, I didn’t know!’ because I really though Apple housed all its cloud services under its own roof. I mean, I’ve written about data farms before, pointed to a new Apple location. I didn’t know Apple had outsourced some of its iCloud to Amazon.

Which makes Senator Ron Wyden’s remarks about asking the NSA with regard to the San Bernardino shooter’s iPhone even more interesting.

No wonder Apple is moving to Google, considering Amazon’s relationship with certain government agencies as a cloud service provider. Some of Apple’s data will remain with Amazon for now; we might wonder if this is content like iTunes versus users’ data. Keep your eyes open for future Apple cloud migrations.

US Navy sailors’ electronic devices combed for data by Iran
Gee, encrypted devices and communications sure are handy when members of the military are taken into custody by other countries. Too bad the Navy’s devices weren’t as secure as desired when Iran’s navy detained an American vessel in January this year. To be fair, we don’t know what all was obtained, if any of the data was usable. But if the devices were fully encrypted, Iran probably wouldn’t have said anything.

American Express’ customers’ data breached — in 2013
Looks like a select number of AmEx customers will receive a data breach notice with this explanation:

We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.

The breach happened on December 7, 2013, well into the Christmas shopping season, but we’re just finding out now? “Third party service” means “not our fault” — which may explain why AmEx shareholders (NASDAQ:AXP) haven’t been notified of a potential risk to stock value as yet. Who/what was the third party service? Where’s their notification to public and shareholders?

I need to brew some coffee and limber up before the hearing on Flint, track down my foam footballs and baseballs to throw at the TV while Gov. Snyder goes on about how sorry he is and how he’s going to fix Flint’s water crisis. Oh, and find an emesis basin. See you here tomorrow morning!

Monday Morning: Swivel, Heads

/2 Comments/in , /by

Somebody out there knows what this tune means in my household. For our purposes this Monday morning, it’s a reminder to take a look around — all the way around. Something might be gaining on you.

Let’s look…

Android users: Be more vigilant about apps from Google Play
Better check your data usage and outbound traffic. Seems +300 “porn clicker” apps worked their way around Google Play’s app checking process. The apps rack up traffic, fraudulently earning advertising income; they persist because of users’ negligence in vetting and monitoring downloaded apps (because Pr0N!) and weakness in Google’s vetting. If this stuff gets on your Android device, what else is on it?

IRS’ data breach bigger than first reported
This may also depend on when first reporting occurred. The number of taxpayers affected is now ~700,000 according to the IRS this past Friday, which is considerably larger than the ~464,000 estimated in January this year. But the number of taxpayers affected has grown steadily since May 15th last year and earlier.

Did we miss the ‘push for exotic new weapons’?
Nope. Those of us paying attention haven’t missed the Defense Department’s long-running efforts developing new tools and weapons based on robotics and artificial intelligence. If anything, folks paying attention notice how little the investment in DARPA has yielded in payoff, noting non-defense development moving faster, further, cheaper — a la SuitX’s $40K exoskeleton, versus decades-plus investment by DARPA in exoskeleton vaporware. But apparently last Tuesday’s op-ed by David Ignatius in WaPo on the development of “new exotic weapons” that may be deployed against China and Russia spawned fresh discussion to draw our attention to this work. THAT is the new development — not the weapons, but the chatter, beginning with the Pentagon and eager beaver reporter-repeaters. This bit here, emphasis mine:

Pentagon officials have started talking openly about using the latest tools of artificial intelligence and machine learning to create robot weapons, “human-machine teams” and enhanced, super-powered soldiers. It may sound like science fiction, but Pentagon officials say they have concluded that such high-tech systems are the best way to combat rapid improvements by the Russian and Chinese militaries.

Breathless, much? Come the feck on. We’ve been waiting decades for these tools and weapons after throwing billions of dollars down this dark rathole called DARPA, and we’ve yet to see anything commercially viable in the way of an exoskeleton in the field. And don’t point to SKYNET and ask us to marvel at machine learning, because the targeting failure rate is so high, it’s proven humans behind it aren’t learning more and faster than the machines are.

Speaking of faster development outside DARPA: Disney deploying anti-drones?
The Star Wars franchise represents huge bank — multiple billions — to its owner Disney. Control of intellectual property during production is paramount, to ensure fan interest remains high until the next film is released. It’s rumored Disney has taken measures to reduce IP poaching by fan drones, possibly including anti-drones managed by a security firm protecting the current production location in Croatia. I give this rumor more weight than the Pentagon’s buzz about exoskeletons on the battlefield.

Lickety-split quickies

That’s a wrap — keep your eyes peeled. To quote Ferris Bueller, “Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.”

Friday Morning: Looks Like We Made It!

/24 Comments/in , /by

Looks like we survived the first business week of the year, made it through floods and fire and other apocalyptic events. Can’t imagine what next week will bring at this rate.

Saudi Arabia may sell shares in oil producer Aramco
Listing Aramco could create the most valuable company in the world, worth over a trillion in U.S. dollars. The move may raise cash to pay down some of the Saudi government’s debt, but it opens the oil producer to public scrutiny. Would it be worth the hassle?

With Russia increasingly eating into Aramco’s market share of China, and OECD countries’ oil consumption falling, selling shares in Aramco may not raise enough cash as its revenues may remain flat. Prices for utilities have already been raised within Saudi Arabia, shifting a portion of expenses to the public. What other cash-producing moves might Saudi Arabia make in the next year?

Detroit’s annual Autoshow brings VW’s CEO for more than a visit to tradeshow booth
Looks like Volkswagen’s Matthias Mueller will be tap dancing a lot next week — first at the 2016 North American International Auto Show, which unofficially opens Sunday, and then with the Environmental Protection Agency.

What’s the German word for “mea culpa”? Might be a nice name for a true “clean diesel” vehicle.

Data breaches now so common, court throws out suit
You’re going to have to show more than your privacy was lost if you sue a company for a data breach. Judge Joanna Seybert for U.S. District Court for the Eastern District of New York dismissed a class action suit against craft supplies retailer Michael’s last week, writing that lead plaintiff “has not asserted any injuries that are ‘certainly impending’ or based on a ‘substantial risk that the harm will occur.” Whalen’s credit card had been used fraudulently, but she wasn’t liable for the charges.

Annoyingly, Clapper v Amnesty International USA was used as precedent, much as it had been in last summer’s suit against Home Depot for a data breach. At this rate, retailers will continue to thumb their noses at protecting their customers’ data, though identity theft-related losses amount to more than all other property theft losses combined [pdf].

Don’t forget China: DOJ raids Chinese hoverboard company’s stall at CES 2016
I can’t find any previous examples of law enforcement conducting a raid at a trade show — if you know of one, please share in comments. The Department of Justice’s raid yesterday on Changzhou First International Trade Co.’s booth at CES 2016 doesn’t appear to have precedent. Changzhou’s hoverboard product looks an awful lot like Future Motion’s Onewheel, which had been the subject of a Kickstarter project. The Chinese hoverboard was expected to market for $500, versus the Onewheel at $1500.

Makes me wonder if there are other examples of internet-mediated crowd-funded technology at risk of intellectual property theft.

Pass the Patron. I’m declaring it tequila-thirty early today.