USA Tax dollars — and other stuff

Click to get to a website about all of this and more…

Advertisements

Either Microsoft is on their toes – or the stuff hackers steal from the NSA really is past its sell by-date

❝ Just as the Shadow Brokers hacker group started crowing about a dump of never-seen-before flaws in Windows, Microsoft announced it already had fixed most of the exploits.

“Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers,” Microsoft Principal Security Group Manager Phillip Misner wrote in a Friday post.

“Our engineers have investigated the disclosed exploits, and most of the exploits are already patched,” he added.

Three of the dozen zero day vulnerabilities aired by the hackers, which they claimed were part of a large cache of data leaked from the U.S. National Security Agency, did not work at all on Windows 7 and above…

❝ As of the most recent patch cycle, no supported versions of Windows were vulnerable to the Shadow Brokers exploits, said Bobby Kuzma, a system engineer at Core Security.

“In other words,” he told TechNewsWorld, “for the love of God get XP, Vista and 2003 Server off of your networks.”

Har.

I know Microsoft users aren’t the most diligent of users of contemporary computing software and hardware. It was true through the 22 years I functioned within that milieu. I left over a decade ago and from what I read and hear – ain’t anything improved.

Basic security procedures still require regular backups and keeping your patches up-to-date. There’s more; but, too many folks don’t make it to the minimum.

The latest dump of NSA tools means – get up-to-date with Microsoft Patches, folks!

❝ UPDATE: Microsoft has patched the majority of the exploits released by The Shadow Brokers. More details can be found here, and the company recommends updating to a supported version of Windows and downloading security fixes.

The original story follows below:

❝ On Friday, the group known as The Shadow Brokers dropped the hacking equivalent of a bomb, or perhaps several bombs, giving hackers all over the world the tools to easily break into millions of Windows computers

This is bad news not just for the NSA, but for the internet as a whole, according to security researchers who are poring through the dump. As someone called it, this is “cyber chaos.”

❝ Perhaps the worst tool released by the hackers is called “FUZZBUNCH.” This is a hacking suite or toolkit that contains several plug-and-play exploits to attack several versions of Windows operating system. Some researchers described it as something akin to Metasploit, a popular open source hacking framework…

In fact, the latest Shadow Brokers dump contains several working Windows zero-days in executable (.exe) binaries with “step-by-step logs laying out how they’re used and the commands to run”…

That means that pretty much anyone, from low-level cybercriminals to so-called “script kiddies” — hackers who are only good at reusing other hackers’ tools — could repurpose them to attack Windows computers…

❝ In the meantime, you can either shut down your Windows machine or block incoming connections to port 445 and 139 with the firewall to prevent some of the attacks, according to security researchers.

❝ The leaked tools are dated around 2013, so they don’t affect modern Windows operating systems such as Windows 10. But according to Hacker Fantastic, the FUZZBUNCH framework supports all kinds of Windows systems: server versions from NT, 2000, 2003, 2008 and up to 2012, as well as the consumer versions XP, Vista, 7 and Windows 8.

I worked within the Microsoft/IBM framework for 22 years before moving to Apple’s OSX [and following mobile OS’] over a decade ago. Yeah, anything can be hacked; but, ain’t much need to make it easy.

When US closes its door to talented immigrants, start a cutting-edge AI research institute in Canada

❝ Canadian researchers have been behind some recent major breakthroughs in artificial intelligence. Now, the country is betting on becoming a big player in one of the hottest fields in technology, with help from the likes of Google and RBC…

❝ Money from big tech is coming north, along with investments by domestic corporations like banking multinational RBC and auto parts giant Magna, and millions of dollars in government funding.

Toronto will soon get the Vector Institute for Artificial Intelligence, geared to fuelling “Canada’s amazing AI momentum”…

The founders also want it to serve as a magnet and retention tool for top talent aggressively head-hunted by US firms…

Google invested C$4.5 million last November in the University of Montreal’s Montreal Institute for Learning Algorithms.

Microsoft is funding a Montreal startup, Element AI. The Seattle-based company also announced it would acquire Montreal-based Maluuba and help fund AI research at the University of Montreal and McGill University.

Thomson Reuters and General Motors both recently moved AI labs to Toronto.

Earlier this month, the federal government announced C$125m for a “pan-Canadian AI strategy”…

❝ Those trying to build Canada’s AI scene admit places like Silicon Valley will always be attractive to tech talent. But they hope strategic investments like these will allow Canada to fuel the growth of domestic startups.

Canadian tech also sees the travel uncertainty created by the Trump administration in the US as making Canada more attractive to foreign talent.

Yeah, a global economy is a real shame. For folks who often can’t figure out how to find a better job in a city in the American Midwest 25 miles away from the neighborhood they grew up in. For the rest of us — no big deal.

What’s so difficult about considering moving North for a good job, a bright future? Yes, the cold is a hangup for some. Counter that with diverse demographics, tolerant social policies, a national health service that works for all – and some damned good schools.

Feds Drop a Child Porn Case Rather Than Give Up a Hack


FBI Headquarters

❝ The Department of Justice filed a motion in Washington State federal court…to dismiss its indictment against a child porn site. It wasn’t for lack of evidence; it was because the FBI didn’t want to disclose details of a hacking tool to the defense as part of discovery. Evidence in United States v. Jay Michaud hinged at least in part on information federal investigators had gathered by exploiting a vulnerability in the Tor anonymity network.

In other words, the feds are letting an alleged child pornographer free so that officials can potentially catch other dark-web using criminals in the future…

❝ For years now, federal investigators have used hacking tools to undermine the Tor anonymity network and identify suspects attempting to conceal their identities and actions. These Tor exploits help federal law enforcement agencies investigate serious crimes, particularly child porn rings on the dark web, that would otherwise be difficult to prosecute. But the DOJ will apparently go to extreme lengths to protect the disclosure of those exploits, raising new questions about the boundaries of investigative hacking…

❝ All that’s certain is that the feds have dropped a case against an alleged child pornographer, with some unknowable trade-off down the road.

Actually a tough question for law enforcement. Beyond the boundaries of the usual prosecutor. Interesting to see where this leads. If anywhere.

A couple of big [unnamed] US tech companies were scammed out of $100 million

The Department of Justice just unsealed an indictment against a Lithuanian scammer who managed to trick two American tech companies into wiring him $100 million. The scammer, 48-year-old Evaldas Rimasauskas, did so by masquerading as a prominent Asian hardware manufacturer, according to court documents, and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries. Rimasauskas was first indicted back in December, but the DOJ only unsealed the documents after arresting the man last week.

What makes this remarkable is not Rimasauskas’ particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it’s the amount of money he managed to score and the industry from which he stole it.

The indictment specifically describes the companies in vague terms. The first company is “multinational technology company, specializing in internet-related services and products, with headquarters in the United States,” the documents read. The second company is a “multinational corporation providing online social media and networking services.” Both apparently worked with the same “Asia-based manufacturer of computer hardware,” a supplier that the documents indicate was founded some time in the late ‘80s…

What’s more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money.

Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft…

I can’t believe someone as detail-oriented as this dude appears to be didn’t plan on leaving home and establishing another identity on a planet in a galaxy far, far away. Did he think no one would come looking for the $100 million? At least move someplace without an extradition agreement with the USofA.

Thanks, Barry Ritholtz

AT&T, Verizon join UK firms pulling ads from Google, YouTube over hate-group, terrorist content

❝ The U.K. advertising backlash against Google is spreading to the United States. Mobile carriers AT&T and Verizon, Enterprise car rental and pharmaceutical giant GlaxoSmithKline are among the major ad buyers acting to distance their brands from the offensive and extremist content that saturates YouTube.

Following an eruption of brand association concerns in the U.K. that prompted the Guardian newspaper, European mobile carrier O2, British Royal Mail, Royal Navy, the Royal Air Force, Transport For London, the BBC, Domino’s Pizza, Hyundai Kia, McDonald’s, L’Oreal, Toyota and Volkswagen to pull ads from Google and/or YouTube specifically, a series of global brands have also jumped to pull their ads in America.


Do your online shopping with Aryan purity

❝ AT&T is pulling all advertisement from Google apart from paid search placement, a move that affects not only YouTube but millions of other websites that participate in Google’s ad network…

A spokesperson for Verizon said it was also pulling ads, noting that “Verizon is one of the largest advertisers in the world, and one of the most respected brands. We…blah, blah, blah.”

❝ Google declined to comment on the pulled ads, but offered a statement “we’ve begun an extensive review of our advertising policies and have made a public commitment to put in place changes that give brands more control over where their ads appear…”…

❝ The original investigation by The Times detailed why brands are concerned, noting that Google’s algorithms placed ads for Mercedes E-Class “next to an ISIL video praising jihad that has been viewed more than 115,000 times.”…

Hey. Google’s coders are at least as talented as the geeks working for the Russian GRU and the US NSA. They can come up with algorithms that search folks out by the color of their pubic hair and how many toes they wish they had. I find it unlikely or even difficult for Google to be put-off by the size of the task needed to change the situation they’ve wandered into.

No doubt profit-optimization got them there. It had better work to motivate solutions, now.

The Feds have no idea how to grow decent pot

❝ The only marijuana researchers can legally obtain for studies looks like something you would scrape off the bottom of your shoe after walking on a grassy field.

This is not an exaggeration. Take a look at this photo, courtesy of the Multidisciplinary Association for Psychedelic Studies:

This is the marijuana that researchers were sent for a study looking at whether pot can help treat post-traumatic stress disorder.

❝ Due to federal prohibition and regulations, all of the marijuana used for US research is provided by one facility at the University of Mississippi through the National Institute on Drug Abuse (NIDA). But researchers have complained for years that the quality of marijuana that NIDA supplies is terrible — typically far below what you can get from state-legal medical or recreational marijuana markets or even the black market.

The photo above exemplifies this. The marijuana looks like it’s made up more of leaves and stems than the actual bud you’re supposed to smoke. As anyone who’s ever smoked pot can tell you, you’re typically supposed to throw out the leaves and stems — meaning what you see in the photo is basically garbage to the typical user. Usable pot is supposed to look chunkier and laced with crystals that are high in THC (which is what gets you high).

❝ Here’s an example of higher-quality pot, taken before the stems are fully removed:

It ain’t just aesthetics, folks. The questions of usability, effectiveness, say, as a product to be used to wean Americans off opioids – are relevant.

RTFA for all the details and discussion.

Resistbot helps tell your Congress-critter how you feel


Don’t ever let our so-called president off the hook!

❝ In the weeks following the election of President Donald Trump, tips for how people can voice their concerns to public officials circulated on social media and on Google docs.

Now a group of techies wants to make reaching officials in Congress even easier. All you have to do is text. Called “Resistbot,” you’d be right to assume this app is meant to be a thorn in Trump’s side.

❝ “We will faithfully deliver any message our users send in, but the voice of the product is for the liberals and conservatives in opposition to the Trump administration,” wrote co-creator Jason Putorti, a designer for AngelList…

❝ This is a nonprofit side-project for those involved. Volunteering on the project in addition to Putorti is Eric Ries, CEO of startup Long-Term Stock Exchange…More than a dozen others, including about half a dozen employees of Twilio, are also helping out…

❝ …Resistbot faxes users’ texted messages to officials. Just type “resist” and hit send to 50409, and the automated bot will ask your name and your zip code. The zip code is used to determine who your public officials are. Then you type in your message.

The first message you send will go, by default, to your Senators. The bot is supposed to also help users send messages to Representatives after interacting more with the user, according to the app website.

The site says Resistbot creators have confirmed messages are actually received by congressional staffers.

I don’t care if I have to resort to semaphore flags. The point remains the same. Communicate your feelings to the official who is supposed to be representing the folks who elected her or him. As often required. Easily.