Sleaze follows Trump like stink around road kill

❝ The U.S. Secret Service is the hot, new “amenity” at Trump Tower, where desperate brokers are trying to lure well-heeled clients into the building on Fifth Avenue that has served as President-elect Donald Trump’s home as well as his campaign and transition headquarters.

Less than a week after Trump was elected, prominent New York real estate agency Douglas Elliman blasted out an email with the subject: “Fifth Avenue Buyers Interested in Secret Service Protection?” to advertise a $2.1 million, 1,052-square-foot condo in the tower on 721 Fifth Avenue…

“The Best Value in the Most Secure Building in Manhattan,” it stated.

❝ Trump was the developer and sponsor of Trump Tower when it was built 33 years ago, but most of the 263 units are individually owned. Trump Tower does not retain a portion of the sales but since the building is managed by Trump Corporation, it retains a processing fee for unit sales which is about $2,000 per application plus $250 per additional adult dweller, as part of its service as manager of the building.

The condominium collects the common charge, but Trump manages the garage and vendors like the bar and restaurant in the building…

Not exactly a plus for the reputation of realtors, eh?

Teen busted trying hire a clown to assassinate her teacher

❝ Police in Virginia have arrested a 13-year-old girl in connection with a social media threat involving a clown.

The investigation revealed that the girl made contact with someone via social media, and asked the person to murder one of her teachers at Davis Middle School…

The person she contacted was using a clown photo as a profile picture as well as an alias.

❝ The 13-year-old girl from Hampton was arrested and charged with one count of threatening to kill by electronic message. She remains in custody.

❝ Hampton police detectives made contact with the victim to ensure her safety and make her aware of the situation. At this time, there is no evidence to indicate a threat against any others.

There was increased police presence Monday at Davis Middle School and Hampton police officers are working with school security to ensure student safety.

❝ This incident comes just two days after schools in Hampton and Newport News tightened security because of threats from social media accounts of people posing as clowns…

The Hampton Police Division is collaborating with Hampton City Schools, the Newport News Police Division, and the FBI Joint Terrorism Task Force to investigate each of these threats and social media pages.

None of the security hustlers are going to miss out on an opportunity to increase fun and profits from fear. I’m surprised the NRA hasn’t shown up selling handguns outside the school. Yet.

Spy chiefs briefed 8 Congress-drones a year ago on hacking of Democrats — didn’t tell DNC “because it was a secret”

U.S. intelligence officials told top congressional leaders a year ago that Russian hackers were attacking the Democratic Party, three sources familiar with the matter said on Thursday, but the lawmakers were unable to tell the targets about the hacking because the information was so secret…

The material was marked with additional restrictions and assigned a unique codeword, limiting access to a small number of officials who needed to know that U.S. spy agencies had concluded that two Russian intelligence agencies or their proxies were targeting the Democratic National Committee, the central organizing body of the Democratic Party…

Our spy professionals decided the DNC didn’t need to know.

The alleged hacking of the Democrats and the Russian connection did not become public until late last month when the FBI said it was investigating a cyber attack at the DNC…

The congressional briefing was given last summer in a secure room called a Sensitive Compartmented Information Facility, or SCIF, to a group of congressional leaders informally known as the “Gang of Eight,” the sources said.

The group at the time included four Republicans: Senate Majority leader Mitch McConnell and House of Representatives Speaker John Boehner, and Senator Richard Burr and Representative Devin Nunes, the House and Senate intelligence committee chairs. Their Democratic counterparts were: Senator Harry Reid and Representative Nancy Pelosi, and Senator Dianne Feinstein and Representative Adam Schiff of the intelligence committees…

A bipartisan group of professional politicians who couldn’t care less about transparency, security.

The attack on the DNC later led the hackers to other party organizations, including the Democratic Congressional Campaign Committee, which raises funds for House candidates, Hillary Clinton’s presidential campaign, and other groups…

One of the sources said the Clinton campaign first detected attacks on its data system in early March, and was given what the source described as a “general briefing” about it by the FBI later that month. The source said the FBI made no mention of a Russian connection in that briefing and did not say when the penetration first took place.

According to a memo obtained by Reuters, interim DNC Chair Donna Brazile said on Thursday she was creating a Cybersecurity Advisory Board “to ensure prevent future attacks and ensure that the DNC’s cybersecurity capabilities are best-in-class.”

Better update security on your own. Obviously you can’t count on our bought-and-paid-for government spies to offer any help.

Steadily growing, the entire Web is being encrypted


Shutterstock

Apple’s move to encrypt your iPhone and WhatsApp’s rollout of end-to-end encrypted messaging have generated plenty of privacy applause and law enforcement controversy. But more quietly, a small non-profit project has enacted a plan to encrypt the entire global web. And it’s working.

Earlier this week, the San Francisco-based Internet Security Research Group announced that the initiative it calls Let’s Encrypt is coming out of beta — and that it’s making serious headway toward helping tens of millions of unencrypted sites around the world switch from the insecure web standard HTTP to HTTPS, which encrypts your web browsing to protect it from surveillance.

Since launching less than six months ago, Let’s Encrypt has helped 3.8 million websites switch to HTTPS encryption, taking a significant chunk out of the unprotected web data that’s available to those eavesdroppers…

Let’s Encrypt has tried to make it easier for websites to switch from HTTP to HTTPS by flattening one of the biggest hurdles in the process: certificates. Let’s Encrypt functions as a certificate authority, one of the dozen or so organizations like Comodo, Symantec, Godaddy and Globalsign that verify that servers running HTTPS web sites are who they claim to be…Once verified, these authorities issue those computers a “certificate” they need to make their HTTPS encryption work with your browser. The certificate is designed to be an unforgeable signature that’s cryptographically checked by your browser so that you can be sure your communications are decrypted only by the intended site and not an impostor.

Unlike commercial certificate authorities, however, Let’s Encrypt is free, thanks to corporation sponsorship from companies including Cisco, Google and Akamai. It’s available to websites anywhere in the world—even far-flung countries like Cuba and Iran that sometimes aren’t served by other major certificate authorities. And it’s automatically configured with a piece of code that runs on any server that wants to switch on HTTPS.

Guaranteed to piss off the official snoops as well as the erratically-malicious creeps on the civilian side of snooping. This doesn’t give you an invisible shield like some of the serious end-to-end encryption systems; but, it certainly makes eavesdropping a bit harder for Big Brother.

FBI attack on Apple will accelerate development of government-proof devices


Reuters/Carlo Allegri

The legal showdown between Apple and U.S. law enforcement over encryption, no matter the outcome, will likely accelerate tech company efforts to engineer safeguards against government intrusion, tech industry executives say.

Already, an emerging industry is marketing super-secure phones and mobile applications…

If Apple loses the court case, the legal precedent could give the U.S. government broad authority to order companies to assist in breaking into encrypted products.

But even a government victory could have unintended consequences for law enforcement, potentially prompting a wave of investment by U.S. tech companies in security systems that even their own engineers can’t access, said Jonathan Zittrain, co-founder of…Berkman Center for Internet & Society…

The fast-growing online storage provider Box has already made it a priority to give customers sole custody of data, said Joel De la Garza, chief information security officer at the company. The intent is to make it impossible for the company to access its customers’ data – even under a government order, he said.

Our goal is to achieve a `zero-knowledge’ state for the company, he said, “where our customers have total control over their data…”

In the more than two years since former U.S. intelligence contractor Edward Snowden revealed widespread spying via U.S. companies, a handful of companies have released secure phones…that trumpet security as a prime selling point…

Those businesses could surge if the Apple fight drags on…The fight between Apple and the government could give such security efforts a new urgency.

Keep on rocking in the Free World.

An encryption backdoor is a lousy idea

The recent column by veteran tech journalist Walt Mossberg…executive editor at The Verge and editor at large of Re/code.

Protecting the security of the United States and of Americans abroad is no easy task, especially against terrorists. I got a lesson in this before I became a tech columnist, when I served stretches as the chief Pentagon correspondent and the National Security correspondent for The Wall Street Journal, including coverage of the intelligence agencies.

So, I’m somewhat sympathetic with the frustrations expressed over the past year or so by national security officials — especially FBI Director James Comey — over fears that encryption of digital devices and services is making it harder for their agencies to spot and stop terrorists in the digital age…

I understand their exasperation, but not their proposed solution: Forcing American companies, notably Apple and Google, to build “backdoors” into their encrypted smartphones that would allow the government access. This would be a huge change, because both companies have introduced whole-device encryption that even they can’t decrypt. It would also be a huge mistake.

Over the past year or so, Mr. Comey and his colleagues have complained that this encryption of smartphones by Apple and Google is causing a problem they call “going dark” — making it harder for them to conduct surveillance of smartphones, messaging services and more.

The problem is that, even if the FBI served the companies with a legal court-approved search warrant for particular encrypted phones, they couldn’t comply. The lawmen would have to serve the warrant on the phones’ owners, and try and force them to unlock the devices with a password, fingerprint or some other authentication method…

But now, following the horrific terror attack in Paris, the issue is showing signs of coming back to life…Add in the massacre in San Bernadino, California, and we all know what we can expect from the amalgamation of security hawks and craven politicians.

Apple CEO Tim Cook posted a statement on a special privacy section of Apple’s web site, saying, in part: “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”

He followed that up recently. In October, he told a tech conference that “I don’t know a way to protect people without encrypting” and “you can’t have a backdoor that’s only for the good guys…”

It’s fair to note that, in addition to protecting their customers, Apple and Google get business benefits from strong and secure encryption. They gain the ability to remove themselves from delicate law enforcement actions. And they gain protection against charges overseas that buying their products will give the U.S. government access to foreign users’ data.

They also have plenty of support for their views from people with no such business interests…

For another, Mr. Comey’s complaints are overblown. Even without a backdoor, there are still many avenues that authorities can use to track terrorists…

I sincerely hope that the U.S. government, working with tech companies, can come up with some solution that helps catch terrorists and criminals who use smartphones and messaging services to disguise their plans and identities. I wish I could say what that might be. But I do know that it shouldn’t be one that weakens or destroys user-controlled smartphone encryption.

Walt Mossberg is someone I appreciate and often agree with on technology. Not so often on politics. It’s a pleasure to say he’s nailed both this time.

Companies won’t learn from the T-Mobile/Experian hack — Om Malik

Last Thursday, John Legere, the C.E.O. of T-Mobile, joined the ranks of the dozens of chief executives who, in the past few years, have had to inform their customers that their personal information has been stolen. “One of our vendors, Experian, experienced a data breach,” Legere tweeted, referring to a Dublin-based credit bureau that his company uses to collect, store, and secure customers’ personal information. Experian explained the details on its Web site:

The unauthorized access was in an isolated incident over a limited period of time. It included access to a server that contained personal information for consumers who applied for T-Mobile USA postpaid services or products, which require a credit check, from Sept. 1, 2013 through Sept. 16, 2015. Records containing a name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T-Mobile’s own credit assessment were accessed. No payment card or banking information was obtained.

As one of the fifteen million people who applied for T-Mobile USA’s post-paid services during that period, I was particularly aghast to learn about this breach. T-Mobile USA has, in the past two and a half years, been selling itself as an “uncarrier,” dedicated to upending the telecom industry’s status quo by offering simpler, cheaper, and more intelligible plans. I’d bought into this spin, and believed that it was the way forward for the industry.

Although no financial information was stolen in the T-Mobile breach, the completeness of the data that was acquired is akin to a Lego set for an identity thief. The fraudsters can set up new lines of credit or file for phony tax refunds in our names, and there isn’t much we can do about it. The cybersecurity consultant Bryan Seely told the Seattle Times that, on a scale of one to ten, this breach rates a seven, because it included fifteen million Social Security numbers, along with names and addresses. “When Target had a breach, people were reissued cards. You can’t reissue Socials that easily,” he said. Over the weekend, the e-commerce security firm Trustev claimed that it had found data sets from the Experian hack for sale on the dark Web…

By now, we’re familiar with this pattern: a company discloses a data theft, executives express grave concern, and customers are left to reset their passwords and sign up for free data protection, feeling all the while like data piñatas…

An offer of a credit-watching service in the wake of a hack is sort of like getting an alert after a fire has burned down your house. Moreover, in a recent blog post, Brian Krebs, of Krebs on Security, wrote, “Identity protection services like those offered by CSID, Experian and others do little to block identity theft: The most you can hope for from these services is that they will notify you after crooks have opened a new line of credit in your name.

RTFA for more details and Om’s analysis including the political problems with trying to get business security into the 21st Century. As Om says, 800 data breaches in one year proves the status quo isn’t working.

Pentagon’s views on the Free Press in wartime


Credit Brian Stauffer

The Defense Department earlier this summer released a comprehensive manual outlining its interpretation of the law of war. The 1,176-page document, the first of its kind, includes guidelines on the treatment of journalists covering armed conflicts that would make their work more dangerous, cumbersome and subject to censorship. Those should be repealed immediately.

Journalists, the manual says, are generally regarded as civilians, but may in some instances be deemed “unprivileged belligerents,” a legal term that applies to fighters that are afforded fewer protections than the declared combatants in a war. In some instances, the document says, “the relaying of information (such as providing information of immediate use in combat operations) could constitute taking a direct part in hostilities.”

The manual warns that “Reporting on military operations can be very similar to collecting intelligence or even spying,” so it calls on journalists to “act openly and with the permission of relevant authorities.” It says that governments “may need to censor journalists’ work or take other security measures so that journalists do not reveal sensitive information to the enemy.”

Allowing this document to stand as guidance for commanders, government lawyers and officials of other nations would do severe damage to press freedoms. Authoritarian leaders around the world could point to it to show that their despotic treatment of journalists — including Americans — is broadly in line with the standards set by the United States government.

Nice to see the NY TIMES stand up for a Free Press. Even in wartime. Finally.

RTFA for a more detailed albeit brief exposition. The editorial originally had a link to a .pdf of the relevant portion of the manual. That seems to have disappeared. But, we all know nothing ever really disappears from the Web.

Hee, hee, hee!

Germany halts treason charges against journalists – for the present


Andre Meister and Markus Beckedahl

A treason investigation into two journalists who reported that the German state planned to increase online surveillance has been suspended by the country’s prosecutor general following protests by leading voices across politics and media.

Harald Range, Germany’s prosecutor general, said on Friday he was halting the investigation “for the good of press and media freedom”. It was the first time in more than half a century that journalists in Germany had faced charges of treason.

Speaking to the Frankfurter Allgemeine Zeitung, Range said he would await the results of an internal investigation into whether the journalists from the news platform netzpolitik.org had quoted from a classified intelligence report before deciding how to proceed.

His announcement followed a deluge of criticism and accusations that Germany’s prosecutor had “misplaced priorities”, having failed to investigate with any conviction the NSA spying scandal revealed by whistleblower Edward Snowden, and targeting instead the two investigative journalists, Markus Beckedahl and Andre Meister.

In a scathing attack, the leading Green MP Renate Künast, who is also chair of the Bundestag’s legal affairs committee, called the investigation a “humiliation to the rule of law”. She accused Range of disproportionately targeting the two journalists, whilse ignoring the “massive spying and eavesdropping [conducted] by the NSA in Germany”.

Künast told the Kölner Stadt-Anzeiger: “Nothing happened with that. If it wasn’t for investigative journalism, we would know nothing.”…

In articles that appeared on netzpolitik.org in February and April, the two reporters made reference to what is believed to be a genuine intelligence report that had been classified as confidential, which proposed establishing a new intelligence department to monitor the internet, in particular social media networks.

The federal prosecutor’s investigation was triggered by a complaint made by Germany’s domestic intelligence agency, the Office for the Protection of the Constitution (BfV) over the articles, which it said had been based on leaked documents…

In an act of solidarity, the research website Correctiv reported itself to the general prosecutor’s office on Friday, saying that it too was “guilty of treason”, at the same time as republishing the controversial documents originally published by netzpolitik.org.

“They should be investigating the whole lot of us!” said Correctiv’s editor-in-chief, Markus Grill. Meanwhile, German lawyers called for the abolition of the offence “journalistic treason”.

The uproar against NSA-style security measures seems to have had the desired effect for now. German justice minister, Heiko Maas, is requesting the dismissal and retirement of the chief federal prosecutor, Harald Range, who initiated the charges against the journalists.

Of course, I wouldn’t expect the same to happen here in the GOUSA. And it hasn’t. Much of our Free Press is owned by entertainment media corporations. They aren’t about the rock the boat. The Democratic Party couldn’t turn out a united demonstration for Free Speech if it threatened the military-industrial complex. Republicans would start wearing armbands if requested. And American Greens don’t seem able to generate a grassroots movement with the energy and smarts to grow into a national party.

Yup. Still a cynic. Mail me a penny postcard when Obama invites Ed Snowden to return home.

Time to allow banks to be part of the marijuana economy

The Senate introduced a bipartisan bill on Thursday that would prevent criminal prosecution as well as liability and asset forfeiture for banks that do business with a state-sanctioned marijuana business.

Sen. Michael Bennet, a Democrat, and Sen. Cory Gardner, a Republican, both of Colorado, announced the bill in a joint statement.

Joint statement. Har.

Last year, the Treasury Department said banks could serve the marijuana industry under certain conditions. Many banks call the guidelines too onerous, resulting in a marijuana industry that still relies heavily on cash. That reliance on cash rather than traditional banking methods has made marijuana dispensary operators robbery targets.

Marijuana advocacy groups lauded the new bill, citing safety issues involved with cash-rich businesses…

Gov. John Hickenlooper of Colorado, a state that legalized marijuana in 2012, praised the Senate bill, saying the federal government has a duty to ensure the safety of people as the marijuana legalization experiment expands in states across the country.

At the community level, banks considered the Treasury statement last year to be nothing more than window dressing. Unless laws and regulations are officially changed no bank executive is going to consider arrest or closure of their bank at the whim of some pissed-off bureaucrat. Laws to protect folks who aren’t breaking reasonable laws should be easy as pie.

The problem, as usual, is Congress. Federal laws passed from sheer stupidity, obstinate sophistry, decades ago.