Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

June 6, 2017

Verifying Burn Of Source – Who You Gonna Call?

Filed under: Journalism,News,Reporting — Patrick Durusau @ 4:30 pm

WikiLeaks offers $10,000 to get Intercept reporter fired by Joe Uchill.

From the post:

WikiLeaks offered a $10,000 bounty Monday aimed at getting a reporter for The Intercept fired, following the arrest of a government contractor who allegedly leaked an NSA report to the site.

The Justice Department announced earlier Monday that it had arrested Reality Leigh Winner, a 25-year-old government contractor, for leaking classified documents to a news organization. It has been widely reported that Winner allegedly leaked documents from the NSA to The Intercept about Russian attempts to hack U.S. elections officials.

Investigators were able to find Winner in part, according to a government court filings, because of clues gained when an Intercept reporter showed the leaked report to the government.

The Intercept article lists four reporters:

From the affidavit for Reality Leigh Winner’s arrest:


12. On June I, 2017, the FBI was notified by the U.S. Government Agency that the U.S. Government Agency had been contacted by the News Outlet on May 30, 2017, regarding an upcoming story. The News Outlet informed the U.S. Government Agency that it was in possession of what it believed to be a classified document authored by the U.S. Government Agency. The News Outlet provided the U.S. Government Agency with a copy of this document. Subsequent analysis by the U.S. Government Agency confirmed that the document in the News Outlet’s possession is the intelligence reporting. The intelligence reporting is classified at the Top Secret level, indicating that its unauthorized disclosure could reasonably result in exceptionally grave damage to the national security, and is marked as such. The U.S. Government Agency has since confirmed that the reporting contains information that was classified at that level at the time that the reporting was published on or about May 5, 2017, and that such information currently remains classified at that level.

13. The U.S. Government Agency examined the document shared by the News Outlet and determined the pages of the intelligence reporting appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space.

Why on earth?:

The News Outlet provided the U.S. Government Agency with a copy of this document.

How sloppy is that?

Do you trust the “U.S. Government Agency” given a copy of the document to out the reporter in question?

Or does this give them a free shot at a good reporter and blackmail evidence on the real culprit?

Suggestions?

How NOT To Leak! (Educational Materials on Leaking?)

Filed under: Cybersecurity,Journalism,News,Reporting — Patrick Durusau @ 4:01 pm

The Intercept’s Russian hacking report also seems to be a good example of how not to handle leaks by Laura Hazard Owen.

From the post:

On Monday afternoon, The Intercept published a bombshell story: “Top-secret NSA report details Russian hacking effort days before 2016 election.” The story — later confirmed by CBS — reveals that “Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept,” and includes PDFs of the NSA’s report.

The story is a potentially huge one, providing the most evidence we’ve seen thus far that the Russian government attempted to influence the outcome of the U.S. election in ways beyond just spreading misinformation (and Russian president Vladimir Putin had even denied his government’s role in that). But another story is emerging around The Intercept’s story as well: By Monday evening, a 25-year-old federal contractor, Reality Leigh Winner, was charged with leaking the documents (the first criminal leak case under Trump). If Winner was indeed The Intercept’s source, there are questions about whether The Intercept could have done more to protect her — starting with those PDFs it published as part of its story.

FYI, the Intercept has a huffy denial at the end of Owen’s post. Huffy enough to confirm they screwed up.

In the rush to publication, the Intercept failed to observe basic information hygiene with regard to the leaked PDFs. Leaked PDFs included printer steganography that enables tracing the printer.

Numerous other failures, such as the alleged source using their work computer to leak the documents, etc., were also present.

Enough errors, between the Intercept and its alleged source, to make you think dead pages advising on how to leak properly aren’t enough.

Suggestions on how to effectively educate people on proper leaking techniques?

June 5, 2017

Theresa May (UK) Out Dumbs Donald Trump (USA)

Filed under: Government,Humor,Terrorism — Patrick Durusau @ 8:50 pm

Theresa May (UK) has made a dumber proposal than Donald Trump (USA), at least this week. But it is only Monday.

The Independent reports Theresa May is calling for regulation of the internet, after a van and knife on London Bridge.

From the story:


“We cannot allow this ideology the safe space it needs to breed – yet that is precisely what the internet, and the big companies that provide internet-based services provide,” Ms May said.

“We need to work with allied democratic governments to reach international agreements to regulate cyberspace to prevent the spread of extremist and terrorism planning.”

She warned there was “a new trend in the threat we face” and that while the three recent terror attacks in the UK were not linked by “common networks”, they were “bound together by the single evil ideology of Islamic extremism”.

Completely unhinged.

Do take the threats of regulation seriously.

Search for and publish 0Days upon discovery. Computers are breached may belong to governments attempting to regulate the internet. Any diminishing of their capabilities and/or secrecy, is a win for everyone.

Google Capture the Flag 2017

Filed under: Cybersecurity,Security — Patrick Durusau @ 8:34 pm

Google Capture the Flag 2017 by Josh Armour.

From the post:

On 00:00:01 UTC of June 17th and 18th, 2017 we’ll be hosting the online qualification round of our second annual Capture The Flag (CTF) competition. In a ‘Capture the Flag’ competition we create security challenges and puzzles in which contestants can earn points for solving them. We will be inviting the top 10 finalist teams to a secret undisclosed location (spoiler alert: it’s Google) to compete onsite for a prize pool of over USD$31,337 and we’ll help subsidize travel to the venue for the finals to four participants for each of the ten finalist teams. In addition to grand prizes given at the finals, we’ll be rewarding some of the best and creative write-ups that we receive during the qualifying round. We want to give you an opportunity to share with the world the clever way you solve challenges.

Sounds cool!

You playing?

June 2, 2017

Unknown Buyers + Unknown Sellers ~= Closed Source Software

Filed under: Cybersecurity,NSA,Security,Uncategorized — Patrick Durusau @ 4:29 pm

TurkuSec Community reports another collaborative effort to buy into the Shadow Brokers malware-of-the-month club:



“What Could Go Wrong?” is a valid question.

On the other hand, you are already spending $billions on insecure software every year.

Most of which is closed-source, meaning it may contain CIA/NSA backdoors.

A few hires in the right places and unbeknownst to the vendor, they would be distributing CIA/NSA malware.

If you credit denials of such activities by the CIA/NSA or any other government spy agency, you should stop using computers. You are a security risk to your employer.

A Shadow Brokers subscription, where 2,500 people risk $100 each for each release, on the other hand, is far safer than commercial software. If the the first release prove bogus, don’t buy a second one.

Contrast that with insecure closed source software for an OS or database that may contain CIA/NSA/etc. backdoors. You don’t get to avoid the second purchase. (You bought the maintenance package too. Am I right?)

I can’t and won’t counsel anyone to risk more than $100, but shared risk is the fundamental principle of insurance. Losses can and will happen. That’s why we distribute the risk.

That link again: https://t.co/wjMn3DjzQp.

PS: Shadow Brokers: Even a list of the names with brief descriptions might help attract people who want to share the risk of subscribing. The “big” corporations are likely too arrogant to think they need the release.

June 1, 2017

IPLD (Interplanetary Linked Data)

Filed under: Linked Data,Semantic Web — Patrick Durusau @ 7:33 pm

IPLD (Interplanetary Linked Data)

IPLD is the data model of the content-addressable web. It allows us to treat all hash-linked data structures as subsets of a unified information space, unifying all data models that link data with hashes as instances of IPLD.

WHY IPLD?

A data model for interoperable protocols.

Content addressing through hashes has become a widely-used means of connecting data in distributed systems, from the blockchains that run your favorite cryptocurrencies, to the commits that back your code, to the web’s content at large. Yet, whilst all of these tools rely on some common primitives, their specific underlying data structures are not interoperable.

Enter IPLD: IPLD is a single namespace for all hash-inspired protocols. Through IPLD, links can be traversed across protocols, allowing you explore data regardless of the underlying protocol.

The webpage is annoyingly vague so you will need to visit the IPLD spec Github page and consider this whitepaper: IPFS – Content Addressed, Versioned, P2P File System (DRAFT 3) by Juan Benet.

As you read, can annotation of “links” avoid confusing of addresses with identifiers?

We’ve seen that before and the inability to acknowledge/correct the mistake was deadly.

Digitised Manuscripts hyperlinks Spring 2017

Filed under: Books,Manuscripts,Museums — Patrick Durusau @ 3:35 pm

Digitised Manuscripts hyperlinks Spring 2017

From the post:

From ancient papyri to a manuscript given by the future Queen Elizabeth I to King Henry VIII for New Year’s Day, from books written entirely in gold to Leonardo da Vinci’s notebook, there is a wealth of material on the British Library’s Digitised Manuscripts site. At the time of writing, you can view on Digitised Manuscripts no fewer than 1,783 manuscripts made in Europe before 1600, and more are being added all the time. For a full list of what is currently available, please see this file: Download PDF of Digitised MSS Spring 2017. This is also available in the form of a spreadsheet (although this format can not be downloaded on all web browsers): Download Spreadsheet of Digitised MSS Spring 2017.

The post is replete with guidance on use of the Digitised Manuscripts and other aids for the reader.

These works won’t interest Washington illiterati, but I don’t read to please others, only myself.

So should you.

30,000 Getty Museum Images Published Online as IIIF

Filed under: Art,Museums — Patrick Durusau @ 3:18 pm

30,000 Getty Museum Images Published Online as IIIF by Rob Sanderson.

From the post:

Today we published more than 30,000 images from the Getty Museum’s collection on Getty.edu using IIIF. You can see and click on the red-and-blue logo underneath the main image of any of the Museum collections, such as Van Gogh’s Irises, to explore our content through any IIIF-compatible viewer.

We’re happy to join another IIIF partner, the Yale Center for British Art, which is also releasing images as IIIF today—you can read their announcement here and browse their collection here.

About IIIF

IIIF (pronounced “triple eye eff”) is the acronym for the International Image Interoperability Framework. This framework comes from a broad community of primarily cultural heritage organizations that are working together to come to practical consensus around the publishing of digital images. By adopting the framework, the public as well as scholars can bring together images from any of the participating organizations for comparison, manipulation, and annotation in a single user interface. This community has agreed upon, published, and implemented two major specifications. Representing the Getty in this community, and working toward implementation of IIIF here, has been one of my major roles since joining the Getty as semantic architect.

The images now available via IIIF are from the Open Content Program. These were selected as the first tranche of content, as the rights have already been cleared to make them openly available. Any new images added to the Open Content set will automatically be available via IIIF, and images from Getty Research Institute collections are expected to be available before the end of the year.

I could attempt to describe the visualization capabilities of IIIF, but it’s best that you explore Van Gogh’s Irises on your own.

Impressive!

Another Patriarchy Triumph – Crowd Funding Shadow Brokers Fails

Filed under: Cybersecurity,Funding,Security — Patrick Durusau @ 2:18 pm

Hackers shelve crowdfunding drive for Shadow Brokers exploits by Bill Brenner.

From the post:

To some, it was a terrible idea akin to paying bad people to do harm. To others, it was a chance to build more powerful defenses against the next WannaCry.

It’s now a moot point.

Forty-eight hours after they started a crowdsourcing effort on Patreon to raise $25,000 a month for a monthly Shadow Brokers subscription service, security researchers Matthew Hickey – perhaps better known as Hacker Fantastic – and x0rz, announced the fund’s cancellation. Thursday morning, the page was empty:

Brenner covers alleged reasons for the cancellation and concludes with poor advice:

Better to not go there.

As I pointed out yesterday, if 2500 people each contributed %100, the goal of raising $25,000 would be met without significant risk to anyone. Cable bills, to say nothing of mobile phone charges, easily exceed $100 for a month.

If a subscription were purchased for one month and either the Shadow Brokers don’t release new malware or what they release was cobbled up from standard malware sites, don’t buy a second one. At $100 each, isn’t that a risk you would take?

Assuming Shadow Brokers are serious about their malware-by-the-month club, a crowd funded subscription, premised on the immediate and public release of each installment, damages existing systems of patriarchy among/at:

  • Blackhat hackers
  • Governments (all levels)
  • Software vendors
  • Spy agencies (worldwide)
  • Whitehat advisors/hackers

Whitehat-only distribution follows that old saw of patriarchy, “we know what is best for you to know, etc.”

Some innocent people will be hurt by future malware releases. That’s a fact. But it’s an odd complaint for governments, spy agencies and their whitehat and vendor allies to raise.

Governments, spy agencies, whitehats and vendors have jointly participated in the slaughter of millions of people and the oppression of millions more.

Now facing some sharing of their cyberpower, they are concerned about potential injuries?

Looking forward to a deeply concealed entity stepping forward to purchase or crowd fund a release on delivery copy of the first Shadow Brokers malware-by-the-month, month 1.

Take a chance on damaging those patriarchies? Sure, that’s worth $100.

You?

Skype/Microsoft – Invasion of Privacy

Filed under: Microsoft,Privacy — Patrick Durusau @ 1:07 pm

I first noticed this latest invasion of privacy by Skype/Microsoft yesterday.

A friend tried to share an image via Skype and when I went to look at it, I saw a screen similar to this one:

I say “similar to this one” because yesterday I closed the window and got the image via email.

Today, I had a voice message on Skype, which I cannot access without supplying my birthday!

The

“We need just a little more info to set up your account.”

is a factual lie. My account is already set up. Has been (past tense) for years.

This information is required” is that color in the original, no editing.

Anyone else experiencing a similar invasion of privacy courtesy of Skype/Microsoft?

New York Times Mutes Public Editor (And Effective Criticism)

Filed under: Journalism,News,Reporting — Patrick Durusau @ 10:21 am

New York Times public editor Liz Spayd on decision to eliminate her position by Pete Vernon.

From the post:

THE DECISION THIS MORNING BY THE NEW YORK TIMES to eliminate the position of public editor touched off a debate over the value of a position established in the wake of the Jayson Blair fabrication scandal to hold the paper’s editors and reporters accountable to industry standards and reader concerns.

Times Publisher Arthur Sulzberger, Jr. explained the move in a memo to staff: “The responsibility of the public editor—to serve as the reader’s representative—has outgrown that one office.”

According to Sulzberger, “When our audience has questions or concerns, whether about current events or our coverage decisions, we must answer them ourselves.” To that end, the paper will rely on an expanded comment section and social media feedback, as well as a new “reader center,” which was announced yesterday.

Relying on social media critiques and angry voices in the comment sections is a curious way of replacing an experienced journalist who could offer nuance and perspective while writing with the institutional backing of the nation’s most influential newspaper. The move comes at a moment when public confidence in the media is at an all-time low. In a time when the value of introspection and transparency is at a premium, cutting a position designed to provide both smacks of self-satisfaction and a misreading of the current media landscape.
… (emphasis in original)

Vernon’s post deserves your attention but the adage:

Everyone’s Responsibility Is No One’s Responsibility

answers Sulzberger the best.

Can you name a single reader of the New York Times for who holding reporters and the editorial process of the New York Times (NYT) accountable is their day job??

That’s the trick isn’t it?

If it’s not your day job, with resources commensurate to the task and access, how will you “hold” the New York Times accountable?

Will you post to Facebook or Twitter? Exactly how many people do you think will see/consider your “speaking truth to power?”

The public editor, publishing in the NYT, had a voice at least as loud as the editors and reporters.

That was Sulzberger’s real problem with the public editor. He wants the appearance of accountability but not its reality. Critics should be unfunded, isolated, powerless voices that can be easily ignored.

Sulzberger needs to go down on your list of enemies of journalism and the public in general.

Data journalists, start tracking NYT contents for your degradation of journalism stories two or three years hence. (I not presuming an outcome of silencing the public editor, that’s a forecast.)

« Newer Posts

Powered by WordPress