Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

November 30, 2017

Why “Russian Troll” is NOT a Useful Category/Class

Filed under: Government,Politics,Rhetoric — Patrick Durusau @ 4:39 pm

Caitlin Johnstone makes a great case in Accusing someone of being a ‘Russian troll’ is admitting you have no argument.

From the post:


Bottom line: when a stranger on the internet accuses you of being a Kremlin agent, of being a “useful idiot”, of “regurgitating Kremlin talking points”, this is simply their way of informing you that they have no argument for the actual thing that you are saying. If you’re using hard facts to point out the gaping plot holes in the Russiagate narrative, for example, and all they can do is call your argument Russian propaganda, this means that they have no counter-argument for the hard facts that you are presenting. They are deliberately shutting down the possibility of any dialogue with you because the cognitive dissonance you are causing them is making them uncomfortable.

Yes, paid shills for governments all over the world do indeed exist. But the odds are much greater that the stranger you are interacting with online is simply a normal person who isn’t convinced by the arguments that have been presented by the position you espouse. If your position is defensible you should be able to argue for it normally, regardless of whom you are speaking to.
… (emphasis in original)

Johnstone’s: Russian Troll accusation = No meaningful argument, postulate is a compelling one.

However, as the examples in Johnstone’s post also demonstrate, there is no common set of attributes that trigger its use.

“Russian Troll” is a brimful container of arbitrary whims, caprices and prejudices, which vary from user to user.

Arbitrary usage means it is unsuitable for use as a category or class, since any use is one off and unique.

I would not treat “Russian Troll” as a topic subject to merging but only as a string. Hopefully the 434K instances of it as a string (today, with quotes) will put users on notice of its lack of meaningful usage.

November 27, 2017

eXist-db v3.6.0 [Prediction for 2018: Multiple data/document leak tsunamis. Are You Ready?]

Filed under: eXist,Government,Government Data,XML,XPath,XQuery — Patrick Durusau @ 9:28 pm

eXist-db v3.6.0

From the post:

Features

  • Switched Collation support to use ICU4j.
  • Implemented XQuery 3.1 UCA (Unicode Collation Algorithm).
  • Implemented map type parameters for XQuery F&O 3.1 fn:serialize.
  • Implemented declare context item for XQuery 3.0.
  • Implemented XQuery 3.0 Regular Expression’s support for non-capturing groups.
  • Implemented a type-safe DSL for describing and testing transactional operations upon the database.
  • Implemented missing node kind tests in the XQuery parser when using @ on an AbbrevForwardStep.
  • Added AspectJ support to the IntelliJ project files (IntelliJ Ultimate only).
  • Repaired the dependencies in the NetBeans project files.
  • Added support for Travis macOS CI.
  • Added support for AppVeyor Windows CI.
  • Updated third-party dependencies:
    • Apache Commons Codec 1.11
    • Apache Commons Compress 1.15
    • Apache Commons Lang 3.7
    • Eclipse AspectJ 1.9.0.RC1
    • Eclipse Jetty 9.4.7.v20170914
    • EXPath HTTP Client 20171116
    • Java 8 Functional Utilities 1.11
    • JCTools 2.1.1
    • XML Unit 2.4.0

Performance Improvements

  • Compiled XQuery cache is now multi-threaded; concurrency is now per-source.
  • RESTXQ compiled XQuery cache is now multi-threaded; concurrency is now per-query URI.
  • STX Templates Cache is now multithreaded.
  • XML-RPC Server will now use Streaming and GZip compression if supported by the client; enabled in eXist’s Java Admin Client.
  • Reduced object creation overhead in the XML-RPC Server.

Apps

The bundled applications of the Documentation, eXide, and Monex have all been updated to the latest versions.

Prediction for 2018: Multiple data/document leak tsunamis.

Are you prepared?

How are your XQuery skills and tools?

Or do you plan on regurgitating news wire summaries?

November 17, 2017

DHS Algorithms – Putting Discrimination Beyond Discussion

Filed under: Algorithms,Government,Politics — Patrick Durusau @ 10:35 am

Coalition of 100+ tech groups and leaders warn the DHS that “extreme vetting” software will be a worse-than-useless, discriminatory nightmare by Cory Doctorow.

From the post:

In a pair of open letters to Letter to The Honorable Elaine C. Duke, Acting Secretary of Homeland, a coalition of more than 100 tech liberties groups and leading technology experts urged the DHS to abandon its plan to develop a black-box algorithmic system for predicting whether foreigners coming to the USA to visit or live are likely to be positive contributors or risks to the nation.

The letters warn that algorithmic assessment tools will be prone to religious and racial bias, in which programmers get to decide, without evidence, debate or transparency, what kind of person should be an American — which jobs, attitudes, skills and family types are “American” and which ones are “undesirable.”

Further, the system for predicting terrorist proclivities will draw from an infinitesimal data-set of known terrorists, whose common characteristics will be impossible to divide between correlative and coincidental.

If the Department of Homeland Security (DHS) needed confirmation it’s on the right track, then Doctorow and “the 100 tech liberties groups and leading technology experts” have provided that confirmation.


The letters warn that algorithmic assessment tools will be prone to religious and racial bias, in which programmers get to decide, without evidence, debate or transparency, what kind of person should be an American — which jobs, attitudes, skills and family types are “American” and which ones are “undesirable.”

To discriminate “…without evidence, debate or transparency…” is an obvious, if unstated, goal of the DHS “black-box algorithmic system.”

The claim by Doctorow and others the system will be ineffectual:

…the system for predicting terrorist proclivities will draw from an infinitesimal data-set of known terrorists, whose common characteristics will be impossible to divide between correlative and coincidental

imposes a requirement of effectiveness that has never been applied to the DHS.

Examples aren’t hard to find but consider that since late 2001, the Transportation Safety Administration (TSA) has not caught a single terrorist. Let me repeat that: Since late 2001, the Transportation Safety Administration (TSA) has not caught a single terrorist. But visit any airport and the non-terrorist catching TSA is in full force.

Since the Naturalization Act of 1790 forward, granting naturalization to “…free white person[s]…,” US immigration policy has been, is and likely will always be, a seething cauldron of discrimination.

That the DNS wants to formalize whim, caprice and discrimination into algorithms “…without evidence, debate or transparency…” comes as no surprise.

That Doctorow and others think pointing out discrimination to those with a history, habit and intent to discriminate is meaningful is surprising.

I’m doubtful that educating present members of Congress about the ineffective and discriminatory impact of the DHS plan will be useful as well. Congress is the source of the current discriminatory laws governing travel and immigration so I don’t sense a favorable reception there either.

Perhaps new members of Congress or glitches in DHS algorithms/operations that lead to unforeseen consequences?

November 16, 2017

Why You Should Follow Caitlin Johnstone

Filed under: Government,Politics — Patrick Durusau @ 11:55 am

Why Everyone Should Do What WikiLeaks Did

From the post:


WikiLeaks did exactly what I would do, and so should you. We should all be shamelessly attacking the unelected power structure which keeps our planet locked in endless war while promoting ecocidal corporate interests which threaten the very ecosystemic context in which our species evolved. And we should be willing to use any tools at our disposal to do that.

I’ve been quite shameless about the fact that I’m happy to have my ideas advanced by people all across the political spectrum, from far left to far right. I will never have the ear of the US President’s eldest son, but if I did I wouldn’t hesitate to try and use that advantage if I thought I could get him to put our stuff out there. This wouldn’t mean that I support the US president, it would mean that I saw an opening to throw an anti-establishment idea over the censorship fence into mainstream consciousness, and I exploited the partisan self-interest of a mainstream figure to do that.

We should all be willing to do this. We should all get very clear that America’s unelected power establishment is the enemy, and we should shamelessly attack it with any weapons we’ve got. I took a lot of heat for expressing my willingness to have my ideas shared by high profile individuals on the far right, and I see the same outrage converging upon Assange. Assange isn’t going to stop attacking the establishment death machine with every tool at his disposal because of this outrage, though, and neither am I. The more people we have attacking the elites free from any burden of partisan or ideological nonsense, the better.

What she said.

Tools you suggest I should cover?

Caitlin Johnstone at:

Facebook

Medium

Twitter

November 15, 2017

How-Keep A Secret, Well, Secret (Brill)

Filed under: Government,Government Data,Politics — Patrick Durusau @ 4:51 pm

Weapons of Mass Destruction: The Top Secret History of America’s Nuclear, Chemical and Biological Warfare Programs and Their Deployment Overseas, edited by Matthew M. Aid, is described as:

At its peak in 1967, the U.S. nuclear arsenal consisted of 31,255 nuclear weapons with an aggregate destructive power of 12,786 megatons – more than sufficient to wipe out all of humanity several hundred times over. Much less known is that hidden away in earth-covered bunkers spread throughout the U.S., Europe and Japan, over 40,000 tons of American chemical weapons were stored, as well as thousands of specially designed bombs that could be filled with even deadlier biological warfare agents.

The American WMD programs remain cloaked in secrecy, yet a substantial number of revealing documents have been quietly declassified since the late 1970s. Put together, they tell the story of how America secretly built up the world’s largest stockpile of nuclear, chemical, and biological weapons. The documents explain the role these weapons played in a series of world crises, how they shaped U.S. and NATO defense and foreign policy during the Cold War, and what incidents and nearly averted disasters happened. Moreover, they shed a light on the dreadful human and ecological legacy left by decades of nuclear, chemical and biological weapons manufacturing and testing in the U.S. and overseas.

This collection contains more than 2,300 formerly classified U.S. government documents, most of them classified Top Secret or higher. Covering the period from the end of World War II to the present day, it provides unique access to previously unpublished reports, memoranda, cables, intelligence briefs, classified articles, PowerPoint presentations, military manuals and directives, and other declassified documents. Following years of archival research and careful selection, they were brought together from the U.S. National Archives, ten U.S. presidential libraries, the NATO Archives in Brussels, the National Archives of the UK, the National Archives of Canada, and the National Archives of the Netherlands. In addition, a sizeable number of documents in this collection were obtained from the U.S. government and the Pentagon using the Freedom of Information Act (FOIA) and Mandatory Declassification Review (MDR) requests.

This collection comes with several auxiliary aids, including a chronology and a historiographical essay with links to the documents themselves, providing context and allowing for easy navigation for both students and scholars.

It’s an online resource of about 21,212 pages.

Although the editor, Aid and/or Brill did a considerable amount of work assembling these document, the outright purchase price: €4.066,00, $4,886.00 or the daily access price: $39.95/day, effectively keeps these once secret documents secret.

Of particular interest to historians and arms control experts, I expect those identifying recurrent patterns of criminal misconduct in governments will find the data of interest as well.

It does occur to me that when you look at the Contents tab, http://primarysources.brillonline.com/browse/weapons-of-mass-destruction#content-tab, each year lists the documents in the archive. Lists that could be parsed for recovery of the documents from other sources on the Internet.

You would still have to index (did I hear someone say topic map?) the documents, etc., but as a long term asset for the research community, it would be quite nice.

If you doubt the need for such a project, toss “USAF, Cable, CINCUSAFE to CSAF, May 6, 1954, Top Secret, NARA” into your nearest search engine.

How do you feel about Brill being the arbiter of 20th century history, for a price?

Me too.

November 14, 2017

Hackers! 90% of Federal IT Managers Aiming for Their Own Feet!

Filed under: Artificial Intelligence,Cybersecurity,Government,Machine Learning,Security — Patrick Durusau @ 2:58 pm

The Federal Cyber AI IQ Test November 14, 2017 reports:


Most Powerful Applications:

  • 90% of Feds say AI could help prepare agencies for real-world cyber attack scenarios and 87% say it would improve the efficiency of the Federal cyber security workforce
  • 91% say their agency could utilize AI to monitor human activity and deter insider threats, including detecting suspicious elements and large amounts of data being downloaded, and analyzing risky user behavior

    • (emphasis in original)

One sure conclusion from this report, 90% of Feds don’t know AIs mistake turtles for rifles, 90% of the time. The adversarial example literature is full of such cases and getting more robust by the day.

The trap federal IT managers have fallen into is a familiar one. To solve an entirely human problem, a shortage of qualified labor, they want mechanize the required task, even if it means a lower qualify end result. Human problems are solved poorly, if at all, by mechanized solutions.

Opposed by lowest common denominator AI systems, hackers will be all but running the mints as cybersecurity AI systems spread across the federal government. “Ghost” federal installations will appear on agency records for confirmation of FedEx/UPS shipments. The possibilities are endless.

If you are a state or local government or even a federal IT manager, letting hackers run wild isn’t a foregone conclusion.

You could pattern your compensation packages after West Coast start-ups, along with similar perks. Expensive but do you want an OMB type data leak on your record?

November 10, 2017

Who Has More Government Censorship of Social Media, Canada or US?

Filed under: Censorship,Government,Social Media — Patrick Durusau @ 5:31 pm

Federal government blocking social media users, deleting posts by Elizabeth Thompson.

From the post:

Canadian government departments have quietly blocked nearly 22,000 Facebook and Twitter users, with Global Affairs Canada accounting for nearly 20,000 of the blocked accounts, CBC News has learned.

Moreover, nearly 1,500 posts — a combination of official messages and comments from readers — have been deleted from various government social media accounts since January 2016.

However, there could be even more blocked accounts and deleted posts. In answer to questions tabled by Opposition MPs in the House of Commons, several departments said they don’t keep track of how often they block users or delete posts.

It is not known how many of the affected people are Canadian.

It’s also not known how many posts were deleted or users were blocked prior to the arrival of Prime Minister Justin Trudeau’s government.

But the numbers shed new light on how Ottawa navigates the world of social media — where it can be difficult to strike a balance between reaching out to Canadians while preventing government accounts from becoming a destination for porn, hate speech and abuse.

US Legal Issues

Davison v. Loudoun County Board of Supervisors

Meanwhile, south of the Canadian border, last July (2017), a US district court decision carried the headline: Federal Court: Public Officials Cannot Block Social Media Users Because of Their Criticism.


Davison v. Loudoun County Board of Supervisors (Davidson) involved the chair of the Loudoun County Board of Supervisors, Phyllis J. Randall. In her capacity as a government official, Randall runs a Facebook page to keep in touch with her constituents. In one post to the page, Randall wrote, “I really want to hear from ANY Loudoun citizen on ANY issues, request, criticism, compliment, or just your thoughts.” She explicitly encouraged Loudoun residents to reach out to her through her “county Facebook page.”

Brian C. Davidson, a Loudon denizen, took Randall up on her offer and posted a comment to a post on her page alleging corruption on the part of Loudoun County’s School Board. Randall, who said she “had no idea” whether Davidson’s allegations were true, deleted the entire post (thereby erasing his comment) and blocked him. The next morning, she decided to unblock him. During the intervening 12 hours, Davidson could view or share content on Randall’s page but couldn’t comment on its posts or send it private messages.

Davidson sued, alleging a violation of his free speech rights. As U.S. District Judge James C. Cacheris explained in his decision, Randall essentially conceded in court that she had blocked Davidson “because she was offended by his criticism of her colleagues in the County government.” In other words, she “engaged in viewpoint discrimination,” which is generally prohibited under the First Amendment.

Blocking Twitter users by President Trump has lead to other litigation.

Knight First Amendment Institute at Columbia University v. Trump (1:17-cv-05205)

You can track filings in Knight First Amendment Institute at Columbia University v. Trump courtesy of the Court Listener Project. Please put the Court Listener project on your year end donation list.

US Factual Issues

The complaint outlines the basis for the case, both legal and factual, but does not recite any data on blocking of social media accounts by federal agencies. Would not have to, it’s not really relevant to the issue at hand but it would be useful to know the standard practice among US government agencies.

I can suggest where to start looking for that answer: U.S. Digital Registry, which as of today, lists 10877 social media accounts.

You could ask the agencies in question, FOIA requests for lists of blocked accounts.

Twitter won’t allow you to see the list of blocked users for accounts other than your own. Of course, that rule depends on your level of access. You’ll find similar situations for other social media providers.

Assuming you have blocked users by official or self-help means, comparing blocked users across agencies, by their demographics, etc., would make a nice data-driven journalism project. Yes?

November 6, 2017

Scope and Bracketing Public Officials – Schedules for Heads of Agencies

Filed under: Government,Politics — Patrick Durusau @ 5:45 pm

Detailed Calendars/Schedules for Heads of Agencies by Russ Kirk

From the post:

One of the most important things we can know about high-level officials is their detailed scheduled. Who is the head of the EPA meeting with? Who’s been calling the chair of the Federal Reserve? Where has the Secretary of Education been traveling? What groups has the Attorney General been making speeches to?

Problem is, these crucial documents are almost never readily available. They’re released only due to FOIA requests, and sometimes not even then. I’ve filed requests with dozens of agencies for the daily schedules of their leaders covering the first half of 2017. I’ll be posting all the results here, as well as collecting the few calendars (usually from previous administrations) that are posted in the FOIA sections of some agencies’ websites. Keep checking back.

For an example of the important things that these calendars tell us, check out “E.P.A. Chief’s Calendar: A Stream of Industry Meetings and Trips Home” from the NYTimes.

Agency time servers will waive the “scope and bracketing” language in the title as justification for their secrecy but that’s not why they meet in secret.

Their secrets and alliances are too trivial for anyone to care about, save for the fact they are non-democratic and corrupt. No sane person spends $millions for a public office that has a starting salary less than a New York law firm.

Not without expecting non-salary compensation in the form of influencing federal agencies.

The information that Russ Kirk is gathering here is one clue in a larger puzzle of influence.

Enjoy!

October 26, 2017

What’s New in the JFK Files? [A Topic Map Could Help Answer That Question]

Filed under: Government,Government Data,History,Topic Maps — Patrick Durusau @ 9:07 pm

The JFK Files: Calling On Citizen Reporters

From the webpage:

The government has released long-secret files on John F. Kennedy’s assassination, and we want your help.

The files are among the last to be released by the National Archives under a 1992 law that ordered the government to make public all remaining documents pertaining to the assassination. Other files are being withheld because of what the White House says are national security, law enforcement and foreign policy concerns.

There has long been a trove of conspiracy theories surrounding Kennedy’s murder in Dallas on Nov. 22, 1963, including doubts about whether Lee Harvey Oswald acted alone, as the Warren Commission determined in its report the following year.

Here’s where you come in. Read the documents linked here. If you find news or noteworthy nuggets among the pages, share them with us on the document below. If we use what you find, we’ll be sure to give you a shoutout!

Given the linear feet of existing files, finding new nuggets or aligning them with old nuggets in the original files, is going to be a slow process.

What more, you or I may find the exact nugget needed to connect dots for someone else, but since we all read, search, and maintain our searches separately, effective sharing of those nuggets won’t happen.

Depending on the granularity of a topic map over those same materials, confirmation of Oswald’s known whereabouts and who reported those could be easily examined and compared to new (if any) whereabouts information in these files. If new files confirm what is known, researchers could skip that material and move to subjects unknown in the original files.

A non-trivial encoding task but full details have been delayed pending another round of hiding professional incompetence. A topic map will help you ferret out the incompetents seeking to hide in the last releases of documents. Interested?

October 24, 2017

Targeting Government Websites

Filed under: Cybersecurity,Government,Security — Patrick Durusau @ 8:05 pm

With only 379 days until congressional mid-terms, you should not waste time hardening or attacking seldom used or obscure government webpages.

If that sounds like a difficult question, then you don’t know about analytics.usa.gov!

This data provides a window into how people are interacting with the government online. The data comes from a unified Google Analytics account for U.S. federal government agencies known as the Digital Analytics Program. This program helps government agencies understand how people find, access, and use government services online. The program does not track individuals, and anonymizes the IP addresses of visitors.

Not every government website is represented in this data. Currently, the Digital Analytics Program collects web traffic from around 400 executive branch government domains, across about 4500 total websites, including every cabinet department. We continue to pursue and add more sites frequently; to add your site, email the Digital Analytics Program.

This open source project is in the public domain, which means that this website and its data are free for you to use without restriction. You can find the code for this website and the code behind the data collection on GitHub.

We plan to expand the data made available here. If you have any suggestions, or spot any issues or bugs, please open an issue on GitHub or contact the Digital Analytics Program.

Download the data

You can download the data here. Available in JSON and CSV format.

Whether you imagine yourself carrying out or defending against a Putin/FSB/KGB five-year cyberattack plan, analytics.usa.gov can bring some grounding to your defense/attack plans.

Sorry, but government web data won’t help with your delusions about Putin. For assistance in maintaining those, check with the Democratic National Committee and/or the New York Times.

October 23, 2017

US Senate Vermin List

Filed under: Government,Politics — Patrick Durusau @ 8:18 pm

The US Senate recently voted to approve a budget granting large tax cuts, paid for by cuts to Medicaid and Medicare.

On the Concurrent Resolution: H. Con. Res. 71 As Amended; A concurrent resolution establishing the congressional budget for the United States Government for fiscal year 2018 and setting forth the appropriate budgetary levels for fiscal years 2019 through 2027.

The “US Senate” is an identity concealing and accountability avoiding fiction.

H. Con. Res. 71 As Amended was approved by fifty-one (51) members of the Senate, all of who have names and websites.

You may find the following list helpful:

  1. Alexander (R-TN)
  2. Barrasso (R-WY)
  3. Blunt (R-MO)
  4. Boozman (R-AR)
  5. Burr (R-NC)
  6. Capito (R-WV)
  7. Cassidy (R-LA)
  8. Cochran (R-MS)
  9. Collins (R-ME)
  10. Corker (R-TN)
  11. Cornyn (R-TX)
  12. Cotton (R-AR)
  13. Crapo (R-ID)
  14. Cruz (R-TX)
  15. Daines (R-MT)
  16. Enzi (R-WY)
  17. Ernst (R-IA)
  18. Fischer (R-NE)
  19. Flake (R-AZ)
  20. Gardner (R-CO)
  21. Graham (R-SC)
  22. Grassley (R-IA)
  23. Hatch (R-UT)
  24. Heller (R-NV)
  25. Hoeven (R-ND)
  26. Inhofe (R-OK)
  27. Isakson (R-GA)
  28. Johnson (R-WI)
  29. Kennedy (R-LA)
  30. Lankford (R-OK)
  31. Lee (R-UT)
  32. McCain (R-AZ)
  33. McConnell (R-KY)
  34. Moran (R-KS)
  35. Murkowski (R-AK)
  36. Perdue (R-GA)
  37. Portman (R-OH)
  38. Risch (R-ID)
  39. Roberts (R-KS)
  40. Rounds (R-SD)
  41. Rubio (R-FL)
  42. Sasse (R-NE)
  43. Scott (R-SC)
  44. Shelby (R-AL)
  45. Strange (R-AL)
  46. Sullivan (R-AK)
  47. Thune (R-SD)
  48. Tillis (R-NC)
  49. Toomey (R-PA)
  50. Wicker (R-MS)
  51. Young (R-IN)

Where would you take this list from here?

October 22, 2017

Router Games While Waiting in Congressional Rep’s Parking Lot

Filed under: Cybersecurity,Government,Security — Patrick Durusau @ 8:00 pm

With the US congressional mid-term election only 381 days away (2018-11-06), I can only imagine the boredom from sitting in your representative’s branch office parking lot.

Watching for your representative and his/her visitors is a thankless task. The public always being interested in such details.

One amusing and potentially skill building exercise is described in Man-in-the-middle Router.

From the post:

Turn any linux computer into a public Wi-Fi network that silently mitms all http traffic. Runs inside a Docker container using hostapd, dnsmasq, and mitmproxy to create a open honeypot wireless network named “Public”. For added fun, change the network name to “xfinitywifi” to autoconnect anyone who has ever connected to those networks… they are everywhere.

The suggestion of using popular network names, which you can discover by cruising about with your Linux laptop, seems especially interesting.

Brush up on your cyberskills!

2018 is brimming with promise!

Comparative Presidential Corruption

Filed under: Government,History,Politics — Patrick Durusau @ 7:48 pm

Reporters wanting to add a historical flavor to their accounts of corruption and investigations of corruption in the Trump regime, will be glad to see: Papers of Ulysses S. Grant Now Online.

From the post:

The Library of Congress has put the papers of Ulysses S. Grant online for the first time in their original format at https://www.loc.gov/collections/ulysses-s-grant-papers/about-this-collection/.

The Library holds a treasure trove of documents from the Civil War commander and 18th president of the United States, including personal correspondence, “headquarters records” created during the Civil War and the original handwritten manuscript of Grant’s memoir— regarded as one of the best in history—among other items. The collection totals approximately 50,000 items dating from 1819-1974, with the bulk falling in the period 1843-1885.

The collection includes general and family correspondence, speeches, reports, messages, military records, financial and legal records, newspaper clippings, scrapbooks, memorabilia and other papers. The collection relates to Grant’s service in the Mexican War and Civil War, his pre-Civil War career, and his postwar service as U.S. secretary of war ad interim under President Andrew Johnson, his 1868 presidential campaign and two-term presidency, his unsuccessful 1880 presidential bid, his extensive international travels and the financial difficulties late in life that spurred the writing of his memoir, which he completed just days before his death from tongue cancer in July 1885.

If you think the IRS has an unsavory reputation now, one tax collector (liquor taxes) was hired with a 50% commission on his collections. The Sanborn incident.

There have been a number of deeply corrupt American presidencies but this collection crossed my desk recently.

Enjoy!

October 9, 2017

Euromyths A-Z index

Filed under: EU,Government,Humor — Patrick Durusau @ 2:51 pm

Euromyths A-Z index an index of foolish acts by the EU that are false.

See the EU site for foolish acts that are true.

Enjoy!

PS: There are Snopes and Politifact for US politics, should there be a more legislation/regulation oriented resource?

The IRS hiring Equifax after its data breach for security, for example (true). I don’t find that surprising, compared to government security practices, Equifax is the former KGB.

October 8, 2017

OnionShare – Safely Sharing Email Leaks – 394 Days To Mid-terms

Filed under: Cybersecurity,Email,Government,Journalism,Leaks,News,Reporting — Patrick Durusau @ 4:43 pm

FiveThirtyEight concludes Clinton’s leaked emails had some impact on the 2016 presidential election, but can’t say how much. How Much Did WikiLeaks Hurt Hillary Clinton?

Had leaked emails been less boring and non-consequential, “smoking gun” sort of emails, their impact could have been substantial.

The lesson being the impact of campaign/candidate/party emails is impossible to judge until they have been leaked. Even then the impact may be uncertain.

“Leaked emails” presumes someone has leaked the emails, which in light of the 2016 presidential election, is a near certainty for the 2018 congressional mid-term elections.

Should you find yourself in possession of leaked emails, you may want a way to share them with others. My preference for public posting without edits or deletions, but not everyone shares my confidence in the public.

One way to share files securely and anonymously with specific people is OnionShare.

From the wiki page:

What is OnionShare?

OnionShare lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files. It doesn’t require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor onion service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you.

How to Use

http://asxmi4q6i7pajg2b.onion/egg-cain. This is the secret URL that can be used to download the file you’re sharing.

Send this URL to the person you’re sending the files to. If the files you’re sending aren’t secret, you can use normal means of sending the URL, like by emailing it, or sending it in a Facebook or Twitter private message. If you’re sending secret files then it’s important to send this URL securely.

The person who is receiving the files doesn’t need OnionShare. All they need is to open the URL you send them in Tor Browser to be able to download the file.
(emphasis in original)

Download OnionShare 1.1. Versions are available for Windows, Mac OS X, with instructions for Ubuntu, Fedora and other flavors of Linux.

Caveat: If you are sending a secret URL to leaked emails or other leaked data, use ordinary mail, no return address, standard envelope from a package of them you discard, on the back of a blank counter deposit slip, with letters from a newspaper, taped in the correct order, sent to the intended recipient. (No licking, it leaves trace DNA.)

Those are the obvious security points about delivering a secret URL. Take that as a starting point.

PS: I would never contact the person chosen for sharing about shared emails. They can be verified separate and apart from you as the source. Every additional contact puts you in increased danger of becoming part of a public story. What they don’t know, they can’t tell.

October 6, 2017

Lauren Duca Declares War!

Filed under: Cybersecurity,Government,Politics,Security — Patrick Durusau @ 3:49 pm

The latest assault on women’s health, which impacts women, men and children, is covered by Jessie Hellmann in: Trump officials roll back birth-control mandate.

Lauren is right, this is war. It is a war on behalf of women, men and children. Women are more physically impacted by reproduction issues but there are direct impacts on men and children as well. When the reproductive health of women suffers, the women, men in their lives and children suffer as well. The reproductive health of women is everyone’s concern.

For OpSec reasons, don’t post your answer, but have you picked a specific target for this war?

I ask because diffuse targets, Congress for example, leads to diffuse results.

Specific targets, now former representative Tim Murphy for example, can have specific results.

PS: Follow and support Lauren Duca, @laurenduca!

September 28, 2017

EU Humps Own Leg – Demands More Censorship From Tech Companies

Filed under: Censorship,EU,Free Speech,Government — Patrick Durusau @ 8:09 pm

In its mindless pursuit of the marginal and irrelevant, the EU is ramping up pressure on tech companies censor more speech.

Security Union: Commission steps up efforts to tackle illegal content online

Brussels, 28 September 2017

The Commission is presenting today guidelines and principles for online platforms to increase the proactive prevention, detection and removal of illegal content inciting hatred, violence and terrorism online.

As a first step to effectively fight illegal content online, the Commission is proposing common tools to swiftly and proactively detect, remove and prevent the reappearance of such content:

  • Detection and notification: Online platforms should cooperate more closely with competent national authorities, by appointing points of contact to ensure they can be contacted rapidly to remove illegal content. To speed up detection, online platforms are encouraged to work closely with trusted flaggers, i.e. specialised entities with expert knowledge on what constitutes illegal content. Additionally, they should establish easily accessible mechanisms to allow users to flag illegal content and to invest in automatic detection technologies.
  • Effective removal: Illegal content should be removed as fast as possible, and can be subject to specific timeframes, where serious harm is at stake, for instance in cases of incitement to terrorist acts. The issue of fixed timeframes will be further analysed by the Commission. Platforms should clearly explain to their users their content policy and issue transparency reports detailing the number and types of notices received. Internet companies should also introduce safeguards to prevent the risk of over-removal.
  • Prevention of re-appearance: Platforms should take measures to dissuade users from repeatedly uploading illegal content. The Commission strongly encourages the further use and development of automatic tools to prevent the re-appearance of previously removed content.

… (emphasis in original)

Taking Twitter as an example, EU terrorism concerns are generously described as coke-fueled fantasies.

Twitter Terrorism By The Numbers

Don’t take my claims about Twitter as true without evidence! Such as statistics gathered on Twitter and Twitter’s own reports.

Twitter Statistics:

Total Number of Monthly Active Twitter Users: 328 million (as of 8/12/17)

Total Number of Tweets sent per Day: 500 million (as of 1/24/17)

Number of Twitter Daily Active Users: 100 million (as of 1/24/17)

Government terms of service reports Jan – Jun 30, 2017

Reports 338 reports on 1200 accounts suspended for promotion of terrorism.

Got that? From Twitter’s official report, 1200 accounts suspended for promotion of terrorism.

I read that to say 1200 accounts out of 328 million monthly users.

Aren’t you just shaking in your boots?

But it gets better, Twitter has a note on promotion of terrorism:

During the reporting period of January 1, 2017 through June 30, 2017, a total of 299,649 accounts were suspended for violations related to promotion of terrorism, which is down 20% from the volume shared in the previous reporting period. Of those suspensions, 95% consisted of accounts flagged by internal, proprietary spam-fighting tools, while 75% of those accounts were suspended before their first tweet. The Government TOS reports included in the table above represent less than 1% of all suspensions in the reported time period and reflect an 80% reduction in accounts reported compared to the previous reporting period.

We have suspended a total of 935,897 accounts in the period of August 1, 2015 through June 30, 2017.

That’s more than the 1200 reported by governments, but comparing 935,897 accounts total, against 328 million monthly users, assuming all those suspensions were warranted (more on that in a minute), “terrorism” accounts were less than 1/3 of 1% of all Twitter accounts.

The EU is urging more pro-active censorship over less than 1/3 of 1% of all Twitter accounts.

Please help the EU find something more trivial and less dangerous to harp on.

The Dangers of Twitter Censorship

Known Unknowns: An Analysis of Twitter Censorship in Turkey by Rima S. Tanash, et. al, studies Twitter censorship in Turkey:

Twitter, widely used around the world, has a standard interface for government agencies to request that individual tweets or even whole accounts be censored. Twitter, in turn, discloses country-by-country statistics about this censorship in its transparency reports as well as reporting specific incidents of censorship to the Chilling Effects web site. Twitter identifies Turkey as the country issuing the largest number of censorship requests, so we focused our attention there. Collecting over 20 million Turkish tweets from late 2014 to early 2015, we discovered over a quarter million censored tweets—two orders of magnitude larger than what Twitter itself reports. We applied standard machine learning / clustering techniques, and found the vast bulk of censored tweets contained political content, often critical of the Turkish government. Our work establishes that Twitter radically under-reports censored tweets in Turkey, raising the possibility that similar trends hold for censored tweets from other countries as well. We also discuss the relative ease of working around Twitter’s censorship mechanisms, although we can not easily measure how many users take such steps.

Are you surprised that:

  1. Censors lie about the amount of censoring done, or
  2. Censors censor material critical of governments?

It’s not only users in Turkey who have been victimized by Twitter censorship. Alfons López Tena has great examples of unacceptable Twitter censorship in: Twitter has gone from bastion of free speech to global censor.

You won’t notice Twitter censorship if you don’t care about Arab world news or Catalan independence. And, after all, you really weren’t interested in those topics anyway. (sarcasm)

Next Steps

The EU wants an opaque, private party to play censor for content on a worldwide basis. In pursuit of a gnat in the flood of social media content.

What could possibly go wrong? Well, as long as you don’t care about the Arab world, Catalan independence, or well, criticism of government in general. You don’t care about those things, right? Otherwise you might be a terrorist in the eyes of the EU and Twitter.

The EU needs to be distracted from humping its own leg and promoting censorship of social media.

Suggestions?

PS: Other examples of inappropriate Twitter censorship abound but the answer to all forms of censorship is NO. Clear, clean, easy to implement. Don’t want to see content? Filter your own feed, not mine.

September 26, 2017

571 threats to press freedom in first half of 2017 [Hiding the Perpetrators?]

Filed under: Censorship,Free Speech,Government,Journalism,News,Reporting — Patrick Durusau @ 6:09 pm

Mapping Media Freedom verifies 571 threats to press freedom in first half of 2017

First Limit on Coverage

When reading this report, which is excellent coverage of assaults on press freedom, bear in mind the following limitation:

Mapping Media Freedom identifies threats, violations and limitations faced by members of the press throughout European Union member states, candidates for entry and neighbouring countries.

You will not read about US-based and other threats to press freedom that fall outside the purview of Mapping Media Freedom.

From the post:

Index on Censorship’s database tracking violations of press freedom recorded 571 verified threats and limitations to media freedom during the first two quarters of 2017.

During the first six months of the year: three journalists were murdered in Russia; 155 media workers were detained or arrested; 78 journalists were assaulted; 188 incidents of intimidation, which includes psychological abuse, sexual harassment, trolling/cyberbullying and defamation, were documented; 91 criminal charges and civil lawsuits were filed; journalists and media outlets were blocked from reporting 91 times; 55 legal measures were passed that could curtail press freedom; and 43 pieces of content were censored or altered.

“The incidents reported to the Mapping Media Freedom in the first half of 2017 tell us that the task of keeping the public informed is becoming much harder and more dangerous for journalists. Even in countries with a tradition of press freedom journalists have been harassed and targeted by actors from across the political spectrum. Governments and law enforcement must redouble efforts to battle impunity and ensure fair treatment of journalists,” Hannah Machlin, Mapping Media Freedom project manager, said.

This is a study of threats, violations and limitations to media freedom throughout Europe as submitted to Index on Censorship’s Mapping Media Freedom platform. It is made up of two reports, one focusing on Q1 2017 and the other on Q2 2017.

You can obtain the report in PDF format.

Second Limit on Coverage

As I read about incident after incident, following the links, I only see “the prosecutor,” “the police,” “traffic police,” “its publisher,” “the publisher of the channel,” and similar opaque prose.

Surely “the prosecutor” and “the publisher” was known to the person reporting the incident. If that is the case, then why hide the perpetrators? What does that gain for freedom of the press?

Am I missing some unwritten rule that requires members of the press to be perpetual victims?

Exposing the perpetrators to the bright light of public scrutiny, enables local and remote defenders of press freedom to join in defense of the press.

Yes?

September 25, 2017

Evidence of Government Surveillance in Mexico Continues to Mount [Is This News?]

Filed under: Cybersecurity,Government,Journalism,News,Privacy,Reporting,Security — Patrick Durusau @ 4:19 pm

Evidence of Government Surveillance in Mexico Continues to Mount by Giovanna Salazar, translated by Omar Ocampo.

From the post:

In early September, further attempts to spy on activists in Mexico were confirmed. The president of Mexicans Against Corruption and Impunity (MCCI), an organization dedicated to investigative journalism, received several SMS messages that were intended to infect his mobile device with malicious software.

According to The New York Times, Claudio X. González Guajardo was threatened with Pegasus, a sophisticated espionage tool or “spyware” sold exclusively to governments that was acquired by the Mexican government in 2014 and 2015, with the alleged intention of combating organized crime. Once installed, Pegasus spyware allows the sender or attacker to access files on the targeted device, such as text messages, emails, passwords, contacts list, calendars, videos and photographs. It even allows the microphone and camera to activate at any time, inadvertently, on the infected device.

Salazar’s careful analysis of the evidence leaves little doubt:

these intrusive technologies are being used to intimidate and silence dissent.

But is this news?

I ask because my starting assumption is that governments buy surveillance technologies to invade the privacy of their citizens. The other reason would be?

You may think some targets merit surveillance, such as drug dealers, corrupt officials, but once you put surveillance tools in the hands of government, all citizens are living in the same goldfish bowl. Whether we are guilty of any crime or not.

The use of surveillance “to intimidate and silence dissent” is as natural to government as corruption.

The saddest part of Salazar’s report is that Pegasus is sold exclusively to governments.

Citizens need a free, open source edition of Pegasus Next Generation with which to spy on governments, businesses, banks, etc.

A way to invite them into the goldfish bowl in which ordinary citizens already live.

The ordinary citizen has no privacy left to lose.

The question is when current spy masters will lose theirs as well?

If You Are Keeping A Public Enemies List…

Filed under: Government,Intellectual Property (IP) — Patrick Durusau @ 2:53 pm

Not everyone keeps a “public enemies” list and fewer still actively work against those on the list.

If you do more than grumble against your list members on Buttbook, I have important information for you.

Bell Calls for CRTC-Backed Website Blocking System and Complete Criminalization of Copyright in NAFTA

From the post:

Bell, Canada’s largest telecom company, has called on the government to support radical copyright and broadcast distribution reforms as part of the NAFTA renegotiation. Their proposals include the creation of a mandated website blocking system without judicial review overseen by the CRTC and the complete criminalization of copyright with criminal provisions attached to all commercial infringement. Bell also supports an overhaul of the current retransmission system for broadcasters, supporting a “consent model” that would either keep U.S. channels out of the Canadian market or dramatically increase their cost of access while maintaining simultaneous substitution.

There may be clearer declarations against the public good but I haven’t seen them. But, I haven’t read all the secret documents at the Office of the US Trade Representative (USTR). Judging from the Trans-Pacific Partnership (TPP) documents, the USTR advances only the interest of business, not the public.

You can picket the offices of Bell in Canada, collect arrest/citations while mugging for TV cameras at protests that disrupt traffic, etc., all the while Bell labors 24 x 7 to damage, irrevocably, the public good.

Bell and numerous others have openly declared war on the rights of the public (that includes you).

Just for your information.

September 22, 2017

Warrantless Stingray Unconstitutional – Ho-Hum

Filed under: Government,Privacy — Patrick Durusau @ 2:33 pm

Tracking phones without a warrant ruled unconstitutional by Lisa Vaas.

From the post:

A Washington DC Court of Appeals said on Thursday that law enforcement’s warrantless use of stingrays—suitcase-sized cell site simulators that mimic a cell tower and that trick nearby phones into connecting and giving up their identifying information and location—violates the Constitution’s Fourth Amendment protection against unreasonable search.

The ruling (PDF) overturned the conviction of a robbery and sexual assault suspect. In its decision, the DC Court of Appeals determined the use of the cell-site simulator “to locate a person through his or her cellphone invades the person’s actual, legitimate and reasonable expectation of privacy in his or her location information and is a search.”

Civil libertarians will be celebrating this decision! But the requirements of Jones vs. US are:

  1. You MUST commit a crime.
  2. You MUST be arrested for the crime in #1.
  3. You MUST be prosecuted for the crime in #1.
  4. The prosecutor MUST rely evidence from use of a warrentless stingray.
  5. The evidence in #4 MUST be crucial to proving your guilt, otherwise you are convicted on other evidence.

If any of those five requirements are missing, you don’t profit from Jones vs. US.

The exclusionary rule, the rule that excludes unconstitutionally obtained evidence sounds great, but unless you meet all its requirements, you are SOL.

For example, what if your phone and the phones of other protesters are subject to warrantless surveillance at a pro-environment rally? Or at a classic political rally? Or at a music concert? The government is just gathering data on who attended.

The exclusionary rule doesn’t do anything for you in those cases. Your identity has been unlawfully obtained, unconstitutionally as constitutional lawyers are fond of saying, but there no relief for you in Jones vs. US.

Glad the DC Circuit took that position but it has little bearing on your privacy in the streets of the United States.

Torrent Sites: Preserving “terrorist propaganda” and “evil material”

Filed under: Censorship,Cybersecurity,Free Speech,Government,Security — Patrick Durusau @ 1:37 pm

I mentioned torrent sites in Responding to Theresa May on Free Speech as a way to help preserve and spread “terrorist propaganda” and “evil material.”

My bad, I forgot to post a list of torrent sites for you to use!

Top 15 Most Popular Torrent Sites 2017 reads in part:

The list of the worlds most popular torrent sites has seen a lot of changes in recent months. While several torrent sites have shut down, some newcomers joined the list. With the shutdown of Torrentz.eu and Kickass Torrents, two of the largest sites in the torrenting scene disappeared. Since then, Torrentz2 became a popular successor of Torrentz.eu and Katcr.co is the community driven version of the former Kickass Torrents.

Finding torrents can be stressful as most of the top torrent sites are blocked in various countries. A torrent proxy let you unblock your favorite site in a few seconds.

While browsing the movies, music or tv torrents sites list you can find some good alternatives to The Pirate Bay, Extratorrent, RARBG and other commonly known sites. This list features the most popular torrent download sites:

The list changes over time so check back at Torrents.me.

As a distributed hash storage system, torrent preserves content across all the computers that downloaded the content.

Working towards the mention of torrent sites making Theresa May‘s sphincter eat her underpants. (HT, Dilbert)

September 20, 2017

Testing Next-Gen Onions!

Filed under: Cybersecurity,Government,Security,Tor — Patrick Durusau @ 9:53 pm

Please help us test next-gen onions! by George Kadianakis.

From the webpage:

this is an email for technical people who want to help us test next-gen onion services.

The current status of next-gen onion services (aka prop224) is that they have been fully merged into upstream tor and have also been released as part of tor-0.3.2.1-alpha: https://blog.torproject.org/tor-0321-alpha-released-support-next-gen-onion-services-and-kist-scheduler

Unfortunately, there is still no tor browser with tor-0.3.2.1-alpha so these instructions are for technical users who have no trouble building tor on their own.

We are still in a alpha testing phase and when we get more confident about the code we plan to release a blog post (probs during October).

Until then we hope that people can help us test them. To do so, we have setup a *testing hub* in a prop224 IRC server that you can and should join (ideally using a VPS so that you stick around).

Too late for me to test the instructions today but will tomorrow!

The security you help preserve may be your own!

Enjoy!

September 17, 2017

Tax Phishing

Filed under: Cybersecurity,Government,Phishing for Leaks,Security — Patrick Durusau @ 7:57 pm

The standard security mantra is to avoid phishing emails.

That assumes your employer’s security interests coincide with your own. Yes?

If you are being sexually harassed at work, were passed over for a job position, your boss has found a younger “friend” to mentor, etc., there are an unlimited number of reasons for a differing view on your employer’s cybersecurity.

The cybersecurity training that enables you to recognize and avoid a phishing email, also enables you to recognize and accept a phishing email from “digital Somali pirates” (HT, Dilbert).

Acceptance of phishing emails in tax practices could result in recovery of tax returns for public officials (Trump?), financial documents similar to those in the Panama Papers, and other data (Google’s salary data?).

If you don’t know how to recognize phishing emails in the tax business, Jeff Simpson has adapted tips from the IRS in: 10 tips for tax pros to avoid phishing scams.

Just quickly (see Simpson’s post for the details):

  1. Spear itself.
  2. Hostile takeovers.
  3. Day at the breach.
  4. Ransom devil.
  5. Remote control.
  6. BEC to the wall.
  7. EFIN headache.
  8. Protect clients.
  9. Priority No. 1. (Are you the “…least informed employee…?)
  10. Speak up.

Popular terminology for phishing attacks varies by industry so the terminology for your area may differ from Simpson’s.

Acceptance of phishing emails may be the industrial action tool of the 21st century.

Thoughts?

Rewarding UK Censorship Demands

Filed under: Censorship,Free Speech,Government — Patrick Durusau @ 4:13 pm

Image of the Daily Mail from Twitter:

No link to the online version. It’s easy enough to find on your own. Besides, regular reading of the Daily Mail increases your risk of rumored appointment by the accidental president of the United States. As your mother often said, “you are what you read.”

The story claims:


Theresa May will order internet giants to clamp down on extremism following yesterday’s Tube terror attack.

Where “extremism” doesn’t include the daily bombing runs and other atrocities committed by the West.

I don’t expect better from the Daily Mail but the government’s hysteria over online content is clearly misplaced.

The inability of a group to make a successful “fairy light” bomb, speaks volumes about the threat posted by online bomb making plans.

Bomb making plans are great wannabe reading, tough guy talk for cell meetings, evidence for the police when discovered in your possession, but in and of themselves, are hardly worthy of notice. The same can be said for “radical” literature of all stripes.

Still, it seems a shame for the UK’s paranoid delusions to go unrewarded, especially in light of the harm it intends to free speech for all Internet users.

Suggestions?

September 5, 2017

DACA: 180 Days to Save 800,000 : Whose Begging Bowl to Choose? (Alternative)

Filed under: Cybersecurity,Government,Politics,Security — Patrick Durusau @ 3:47 pm

Trump administration ending DACA program, which protected 800,000 children of immigrants by Jacob Pramuk | @jacobpramuk.

From the post:

  • President Trump is ending DACA, the Obama-era program that protects hundreds of thousands of “dreamers.”
  • Attorney General Jeff Sessions says there will be a six-month delay in terminating it to give Congress time to act.
  • Sessions says the immigration program was an unlawful overreach by Obama that cannot be defended.

Check out Pramuk’s post if you are interested in Attorney General Sessions’ “reasoning” on this issue. I refuse to repeat it from fear of making anyone who reads it dumber.

Numerous groups have whipped out their begging bowls and more are on the way. All promising opposition, not success, but opposition to ending Deferred Action for Childhood Arrivals (DACA).

Every group has its own expenses, lobbyists, etc., before any of your money goes to persuading Congress to save all 800,000 children of immigrants protected by the DACA.

Why not create:

  • low-over head fund
  • separate funds for house and senate
  • divided and contributed to the campaigns* of all representatives and senators who vote for replacement to DACA within 180 days
  • where replacement for DACA protects everyone now protected
  • and where replacement DACA becomes law (may have to override veto)

*The contribution to a campaign, as opposed to the senator or representative themselves, is important as it avoids the contributions being a “gratuity” for passage of the legislation, which is illegal. 2041. Bribery Of Public Officials.

Such funds would avoid the overhead of ongoing organizations and enable donors to see the results of their donations more directly.

I’m not qualified to setup such funds but would contribute to both.

You?

PS: You do the math. If some wealthy donor contributed 6 $million to the Senate fund, then sixty (60) senatorial campaigns would each get $600,000 in cash. Nothing to sneeze at.

September 3, 2017

Charity Based CyberSecurity For Mercenaries?

Filed under: Cybersecurity,Government,Protests,Security — Patrick Durusau @ 4:54 pm

That was my question when I read: Insecure: How A Private Military Contractor’s Hiring Files Leaked by Dan O’Sullivan.

The UpGuard Cyber Risk Team can now disclose that a publicly accessible cloud-based data repository of resumes and applications for employment submitted for positions with TigerSwan, a North Carolina-based private security firm, were exposed to the public internet, revealing the sensitive personal details of thousands of job applicants, including hundreds claiming “Top Secret” US government security clearances. TigerSwan has recently told UpGuard that the resumes were left unsecured by a recruiting vendor that TigerSwan terminated in February 2017. If that vendor was responsible for storing the resumes on an unsecured cloud repository, the incident again underscores the importance of qualifying the security practices of vendors who are handling sensitive information.

The exposed documents belong almost exclusively to US military veterans, providing a high level of detail about their past duties, including elite or sensitive defense and intelligence roles. They include information typically found on resumes, such as applicants’ home addresses, phone numbers, work history, and email addresses. Many, however, also list more sensitive information, such as security clearances, driver’s license numbers, passport numbers and at least partial Social Security numbers. Most troubling is the presence of resumes from Iraqi and Afghan nationals who cooperated with US forces, contractors, and government agencies in their home countries, and who may be endangered by the disclosure of their personal details.

While the process errors and vendor practices that result in such cloud exposures are all too common in the digital landscape of 2017, the month-long period during which the files remained unsecured after UpGuard’s Cyber Risk Team notified TigerSwan is troubling.

Amazing story isn’t it? Even more amazing is that UpGuard sat on the data for a month, waiting for TigerSwan to secure it. Not to mention UpGuard not publicly posting the data upon discovery.

In case you don’t recognize “TigerSwan,” let me refresh your memory:

UpGuard finds 9,402 resumes, applicants seeking employment with TigerSwan/Blackwater type employers.

Did they expose these resumes to the public?

Did they expose these resumes to the press?

Did they expose these resumes to prosecutors?

None of the above.

UpGuard spends a month trying to keep the data hidden from the public, the press and potential prosecutors!

Unpaid charity work so far as I know.

Thousands of mercenaries benefit from this charity work by UpGuard. Their kind can continue to violate the rights of protesters, murder civilians, etc., all the while being watched over by UpGuard. For free.

Would you shield torturers and murderers from their past or future victims?

Don’t be UpGuard, choose no.

September 1, 2017

US Labor Day (sic) Security Reading

Filed under: Cybersecurity,Government,Privacy,Security — Patrick Durusau @ 9:16 pm

I know, for the US to have a “labor day” holiday is a jest too cruel for laughter.

But, many people will have a long weekend, starting tomorrow, so suggested reading is in order.

Surveillance Self-Defense, a project of the EFF, has security “playlists” for:

Academic researcher? Learn the best ways to minimize harm in the conduct of your research.

Activist or protester? How to keep you and your communications safe wherever your campaigning takes you.

Human rights defender? Recipes for organizations who need to keep safe from government eavesdroppers.

Journalism student? Lessons in security they might not teach at your j-school.

Journalist on the move? How to stay safe online anywhere without sacrificing access to information.

LGBTQ Youth Tips and tools to help you more safely access LGBTQ resources, navigate social networks, and avoid snoopers.

Mac user? Tips and tools to help you protect your data and communications.

Online security veteran? Advanced guides to enhance your surveillance self-defense skill set.

Want a security starter pack? Start from the beginning with a selection of simple steps.

Have a great weekend!

August 28, 2017

Hacking For Government Transparency

Filed under: Cybersecurity,Government,Journalism,News,Reporting,Security — Patrick Durusau @ 3:37 pm

The 2017 U.S. State and Federal Government Cybersecurity Report by SecurityScorecard lacks details of specific vulnerabilities for identified government units, but paints an encouraging picture for hackers seeking government transparency.

Coverage of the report:


In August 2017, SecurityScorecard leveraged its proprietary platform to analyze and grade the current security postures of 552 local, state, and federal government organizations, each with more than 100 public-facing IP addresses, to determine the strongest and weakest security standards based on security hygiene and security reaction time compared to their peers.

Security Rankings by Industry

Out of eighteen (18) ranked industries, best to worst security, government comes in at a tempting number sixteen (16):

Financial services, with the fifth (5th) best security, is routinely breached, making it curious the government (#16) has any secrets at all.

Why Any Government Has Secrets

Possible reasons any government has secrets:

  • 1. Lack of interest?
  • 2. Lack of effort by the news media?
  • 3. Habituation to press conferences?
  • 4. Habituation to “leaks?”
  • N. Cybersecurity?

You can wait for governments to embarrass themselves (FOIA and its equivalents), wait for leakers to take a risk for your benefit, or, you could take the initiative in obtaining government secrets.

The SecurityScorecard report makes it clear the odds are in your favor. Your call.

August 25, 2017

Good News For Transparency Phishers

Filed under: Cybersecurity,Government,Phishing for Leaks,Security,Transparency — Patrick Durusau @ 4:45 pm

If you are a transparency phisher, Shaun Waterman has encouraging news for you in: Most large companies don’t use standard email security to combat spoofing.

From the post:

Only a third of Fortune 500 companies deploy DMARC, a widely-backed best-practice security measure to defeat spoofing — forged emails sent by hackers — and fewer than one-in-10 switch it on, according to a new survey.

The survey, carried out by email security company Agari via an exhaustive search of public Internet records, measured the use of Domain-based Message Authentication, Reporting and Conformance, or DMARC.

“It is unconscionable that only eight percent of the Fortune 500, and even fewer [U.S.] government organizations, are protecting the public against email domain spoofing,” said Patrick Peterson, founder and executive chairman, Agari. A similar survey of federal government agencies earlier this month, by the Global Cyber Alliance, found fewer than five percent of federal domains were protected by switched-on DMARC.

The Agari survey found adoption rates similarly low among companies in the United Kingdom’s FTSE and Australia’s ASX 100.

DMARC is the industry standard measure to prevent hackers from spoofing emails — making their messages appear as if they’re sent by someone else. Spoofing is the basis of phishing, a major form of both cybercrime and cyber-espionage, in which an email appearing to a come from a trusted company like a bank or government agency contains malicious links, directing readers to a fake site which will steal their login and password when they sign on.

Only eight (8) percent of the Fortune 500 and less than five (5) percent of federal (US) domains have DMARC protection.

I expect DMARC protection rates fall rapidly outside the Fortune 500 and non-federal government domains.

If you are interested in transparency, for private companies or government agencies, the lack of DMARC adoption and use presents a golden opportunity to obtain otherwise hidden information.

As always, who you are and who you are working for, determines the legality of any phishing effort. Consult with an attorney concerning your legal rights and obligations.

« Newer PostsOlder Posts »

Powered by WordPress