IRS Hands Equifax $7.25 Million No-Bid Contract to Help “Verify Taxpayer Identities”

❝ With no apparent sense of irony, the nation’s tax collectors have awarded embattled credit-reporting agency Equifax a contract to assist the IRS in verifying “taxpayer identities” as well as assist in “ongoing identity verification and validations,” according to contract award posted to the Federal Business Opportunities database.

The no-bid contract, which pays $7.25 million, is listed as a “sole source” acquisition, meaning the IRS has determined Equifax is the only business capable of providing this service — despite its involvement in potentially one of the most damaging data breaches in recent memory…

❝ Equifax, of course, is facing intense criticism over a cybersecurity incident which reportedly compromised the personal information of roughly 145 million Americans. The company’s former CEO, Richard Smith, was taken to task on Tuesday while testifying before the House Energy and Commerce subcommittee. Smith resigned last week amid backlash over the company’s handling of the breach.

Republicans and Democrats alike lambasted the former chief executive over Equifax’s response. Representative Greg Walden was perhaps the harshest in his criticism: “I don’t think we can pass a law that fixes stupid…”

Not a case I would say of “The blind leading the blind” — more like “Stupid leading the incompetent”.

Ad industry whines Apple Safari update is against tracking

❝ Six ad industry organizations have crafted an open letter complaining about changes coming to Apple’s Safari browser, claiming that a new feature — “Intelligent Tracking Prevention” — will hurt both them — and the public.

Har!

❝ The technology’s restrictions on cookies blah, blah, blah!…Some of the groups behind the statement include the Interactive Advertising Bureau, the American Advertising Federation, and the Data and Marketing Association…

❝ Intelligent Tracking Prevention will be present in both iOS 11 and macOS High Sierra, launching Sept. 19 and 25, respectively. Apple has argued for the technology as an essential privacy measure, since people may not want their data captured for purposes they don’t consent to.

NSS. Mail me a penny postcard when someone discovers an honest and legitimate concern for public interests somewhere hidden in the bowels of ad agencies.

U.S. Military Marches Toward Energy Independence


Hill AFBOfficial White House Photo by Lawrence Jackson

The U.S. is at a transformative moment in electricity. And the military is helping us move toward a new era of independence.

❝ The U.S. electrical grid was ranked by the National Academy of Engineering as the greatest achievement of the 20th century, and it was this vast infrastructure that helped to power our economy, enhance our communities and light up our lives. But the centralized power grid is not perfect, and it faces an array of risks from natural disasters to human and cyber attacks.

As electricity becomes more and more critical in our lives, wide-ranging blackouts won’t just be a personal annoyance — they could cripple our economy. A diversified energy portfolio that includes renewable generation creates a more resilient grid. A recent draft of a report from the Department of Energy also concluded that wind and solar energy create a more reliable grid.

❝ The added security provided by renewables is why everyone — from the military to Fortune 100 companies — is finding ways to use clean reliable distributed power systems to support their operations.

RTFA to learn how this understanding makes sense. Moving forward.

BS’er-in-Chief

No comment about the latest legal/political problems faced by our phony president. Pick your favorite news source among the many evidence-based, fact-based, journalists. Obviously, that leaves out Trump favorites; but, then, that never bothered anyone fool enough to vote for him.

Thanks, gocomics.org

Sleaze follows Trump like stink around road kill

❝ The U.S. Secret Service is the hot, new “amenity” at Trump Tower, where desperate brokers are trying to lure well-heeled clients into the building on Fifth Avenue that has served as President-elect Donald Trump’s home as well as his campaign and transition headquarters.

Less than a week after Trump was elected, prominent New York real estate agency Douglas Elliman blasted out an email with the subject: “Fifth Avenue Buyers Interested in Secret Service Protection?” to advertise a $2.1 million, 1,052-square-foot condo in the tower on 721 Fifth Avenue…

“The Best Value in the Most Secure Building in Manhattan,” it stated.

❝ Trump was the developer and sponsor of Trump Tower when it was built 33 years ago, but most of the 263 units are individually owned. Trump Tower does not retain a portion of the sales but since the building is managed by Trump Corporation, it retains a processing fee for unit sales which is about $2,000 per application plus $250 per additional adult dweller, as part of its service as manager of the building.

The condominium collects the common charge, but Trump manages the garage and vendors like the bar and restaurant in the building…

Not exactly a plus for the reputation of realtors, eh?

Teen busted trying hire a clown to assassinate her teacher

❝ Police in Virginia have arrested a 13-year-old girl in connection with a social media threat involving a clown.

The investigation revealed that the girl made contact with someone via social media, and asked the person to murder one of her teachers at Davis Middle School…

The person she contacted was using a clown photo as a profile picture as well as an alias.

❝ The 13-year-old girl from Hampton was arrested and charged with one count of threatening to kill by electronic message. She remains in custody.

❝ Hampton police detectives made contact with the victim to ensure her safety and make her aware of the situation. At this time, there is no evidence to indicate a threat against any others.

There was increased police presence Monday at Davis Middle School and Hampton police officers are working with school security to ensure student safety.

❝ This incident comes just two days after schools in Hampton and Newport News tightened security because of threats from social media accounts of people posing as clowns…

The Hampton Police Division is collaborating with Hampton City Schools, the Newport News Police Division, and the FBI Joint Terrorism Task Force to investigate each of these threats and social media pages.

None of the security hustlers are going to miss out on an opportunity to increase fun and profits from fear. I’m surprised the NRA hasn’t shown up selling handguns outside the school. Yet.

Spy chiefs briefed 8 Congress-drones a year ago on hacking of Democrats — didn’t tell DNC “because it was a secret”

U.S. intelligence officials told top congressional leaders a year ago that Russian hackers were attacking the Democratic Party, three sources familiar with the matter said on Thursday, but the lawmakers were unable to tell the targets about the hacking because the information was so secret…

The material was marked with additional restrictions and assigned a unique codeword, limiting access to a small number of officials who needed to know that U.S. spy agencies had concluded that two Russian intelligence agencies or their proxies were targeting the Democratic National Committee, the central organizing body of the Democratic Party…

Our spy professionals decided the DNC didn’t need to know.

The alleged hacking of the Democrats and the Russian connection did not become public until late last month when the FBI said it was investigating a cyber attack at the DNC…

The congressional briefing was given last summer in a secure room called a Sensitive Compartmented Information Facility, or SCIF, to a group of congressional leaders informally known as the “Gang of Eight,” the sources said.

The group at the time included four Republicans: Senate Majority leader Mitch McConnell and House of Representatives Speaker John Boehner, and Senator Richard Burr and Representative Devin Nunes, the House and Senate intelligence committee chairs. Their Democratic counterparts were: Senator Harry Reid and Representative Nancy Pelosi, and Senator Dianne Feinstein and Representative Adam Schiff of the intelligence committees…

A bipartisan group of professional politicians who couldn’t care less about transparency, security.

The attack on the DNC later led the hackers to other party organizations, including the Democratic Congressional Campaign Committee, which raises funds for House candidates, Hillary Clinton’s presidential campaign, and other groups…

One of the sources said the Clinton campaign first detected attacks on its data system in early March, and was given what the source described as a “general briefing” about it by the FBI later that month. The source said the FBI made no mention of a Russian connection in that briefing and did not say when the penetration first took place.

According to a memo obtained by Reuters, interim DNC Chair Donna Brazile said on Thursday she was creating a Cybersecurity Advisory Board “to ensure prevent future attacks and ensure that the DNC’s cybersecurity capabilities are best-in-class.”

Better update security on your own. Obviously you can’t count on our bought-and-paid-for government spies to offer any help.

Steadily growing, the entire Web is being encrypted


Shutterstock

Apple’s move to encrypt your iPhone and WhatsApp’s rollout of end-to-end encrypted messaging have generated plenty of privacy applause and law enforcement controversy. But more quietly, a small non-profit project has enacted a plan to encrypt the entire global web. And it’s working.

Earlier this week, the San Francisco-based Internet Security Research Group announced that the initiative it calls Let’s Encrypt is coming out of beta — and that it’s making serious headway toward helping tens of millions of unencrypted sites around the world switch from the insecure web standard HTTP to HTTPS, which encrypts your web browsing to protect it from surveillance.

Since launching less than six months ago, Let’s Encrypt has helped 3.8 million websites switch to HTTPS encryption, taking a significant chunk out of the unprotected web data that’s available to those eavesdroppers…

Let’s Encrypt has tried to make it easier for websites to switch from HTTP to HTTPS by flattening one of the biggest hurdles in the process: certificates. Let’s Encrypt functions as a certificate authority, one of the dozen or so organizations like Comodo, Symantec, Godaddy and Globalsign that verify that servers running HTTPS web sites are who they claim to be…Once verified, these authorities issue those computers a “certificate” they need to make their HTTPS encryption work with your browser. The certificate is designed to be an unforgeable signature that’s cryptographically checked by your browser so that you can be sure your communications are decrypted only by the intended site and not an impostor.

Unlike commercial certificate authorities, however, Let’s Encrypt is free, thanks to corporation sponsorship from companies including Cisco, Google and Akamai. It’s available to websites anywhere in the world—even far-flung countries like Cuba and Iran that sometimes aren’t served by other major certificate authorities. And it’s automatically configured with a piece of code that runs on any server that wants to switch on HTTPS.

Guaranteed to piss off the official snoops as well as the erratically-malicious creeps on the civilian side of snooping. This doesn’t give you an invisible shield like some of the serious end-to-end encryption systems; but, it certainly makes eavesdropping a bit harder for Big Brother.

FBI attack on Apple will accelerate development of government-proof devices


Reuters/Carlo Allegri

The legal showdown between Apple and U.S. law enforcement over encryption, no matter the outcome, will likely accelerate tech company efforts to engineer safeguards against government intrusion, tech industry executives say.

Already, an emerging industry is marketing super-secure phones and mobile applications…

If Apple loses the court case, the legal precedent could give the U.S. government broad authority to order companies to assist in breaking into encrypted products.

But even a government victory could have unintended consequences for law enforcement, potentially prompting a wave of investment by U.S. tech companies in security systems that even their own engineers can’t access, said Jonathan Zittrain, co-founder of…Berkman Center for Internet & Society…

The fast-growing online storage provider Box has already made it a priority to give customers sole custody of data, said Joel De la Garza, chief information security officer at the company. The intent is to make it impossible for the company to access its customers’ data – even under a government order, he said.

Our goal is to achieve a `zero-knowledge’ state for the company, he said, “where our customers have total control over their data…”

In the more than two years since former U.S. intelligence contractor Edward Snowden revealed widespread spying via U.S. companies, a handful of companies have released secure phones…that trumpet security as a prime selling point…

Those businesses could surge if the Apple fight drags on…The fight between Apple and the government could give such security efforts a new urgency.

Keep on rocking in the Free World.

An encryption backdoor is a lousy idea

The recent column by veteran tech journalist Walt Mossberg…executive editor at The Verge and editor at large of Re/code.

Protecting the security of the United States and of Americans abroad is no easy task, especially against terrorists. I got a lesson in this before I became a tech columnist, when I served stretches as the chief Pentagon correspondent and the National Security correspondent for The Wall Street Journal, including coverage of the intelligence agencies.

So, I’m somewhat sympathetic with the frustrations expressed over the past year or so by national security officials — especially FBI Director James Comey — over fears that encryption of digital devices and services is making it harder for their agencies to spot and stop terrorists in the digital age…

I understand their exasperation, but not their proposed solution: Forcing American companies, notably Apple and Google, to build “backdoors” into their encrypted smartphones that would allow the government access. This would be a huge change, because both companies have introduced whole-device encryption that even they can’t decrypt. It would also be a huge mistake.

Over the past year or so, Mr. Comey and his colleagues have complained that this encryption of smartphones by Apple and Google is causing a problem they call “going dark” — making it harder for them to conduct surveillance of smartphones, messaging services and more.

The problem is that, even if the FBI served the companies with a legal court-approved search warrant for particular encrypted phones, they couldn’t comply. The lawmen would have to serve the warrant on the phones’ owners, and try and force them to unlock the devices with a password, fingerprint or some other authentication method…

But now, following the horrific terror attack in Paris, the issue is showing signs of coming back to life…Add in the massacre in San Bernadino, California, and we all know what we can expect from the amalgamation of security hawks and craven politicians.

Apple CEO Tim Cook posted a statement on a special privacy section of Apple’s web site, saying, in part: “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”

He followed that up recently. In October, he told a tech conference that “I don’t know a way to protect people without encrypting” and “you can’t have a backdoor that’s only for the good guys…”

It’s fair to note that, in addition to protecting their customers, Apple and Google get business benefits from strong and secure encryption. They gain the ability to remove themselves from delicate law enforcement actions. And they gain protection against charges overseas that buying their products will give the U.S. government access to foreign users’ data.

They also have plenty of support for their views from people with no such business interests…

For another, Mr. Comey’s complaints are overblown. Even without a backdoor, there are still many avenues that authorities can use to track terrorists…

I sincerely hope that the U.S. government, working with tech companies, can come up with some solution that helps catch terrorists and criminals who use smartphones and messaging services to disguise their plans and identities. I wish I could say what that might be. But I do know that it shouldn’t be one that weakens or destroys user-controlled smartphone encryption.

Walt Mossberg is someone I appreciate and often agree with on technology. Not so often on politics. It’s a pleasure to say he’s nailed both this time.