Given my blog is being constantly attacked and throwing alerts to my monitoring system, I just thought I’d put this visual out there in case anyone thought it was “fake” news.
Yes, yes, I have backups and backups of backups and backups of backups of backups offline, etc…. Plus redundant logging with IAM “write / not read” permissions, encrypted and pushed to accounts I don’t even have access to.
Recent security alerts on my blog (all blocked, but recorded) for your viewing pleasure.
Note the security legend on the lower right.
And yes I am omitting the time-frame and cropped out other specifics because that is common sense. But you get the point.
This is a continuous attack. And this is how brazen people become when you don’t defend yourself. We need to defend ourselves.
This is a a hassle. And not a good use of American minds, or anyone’s for that matter.
Trickle down economics might not work, but trickle down inventions sure as hell do (Edison? Tesla? Einstein? The kid next door? What could she be inventing if not being distracted bs?)
FC: A lot of people were really blindsided by the level of misinformation on social media in 2016 and the scope of the campaign. I hope that people are at least a little more skeptical now, a little more ready for what they might see leading up to 2020.
SK: I think now we’re a little more savvy as Americans, about how we deal with this and how to spot bad actors, but not as much as we should. There are other countries like Estonia, for example, that have been dealing with this for a long time, and they’re much better on cybersecurity, better at educating the public about propaganda. When I went to Germany shortly after the  election, I was speaking with college students. You know, they have a very good understanding of this propaganda because they know their own country’s history, and they know how you can get lured down this slope. And I’m not saying either of these countries is perfect and that everybody had amazing grasp of it. But at least it’s emphasized that this is a civic problem. This is something we have to actively get on top of and be proactive about in order to solve it—in the U.S. it took us forever to even admit that these troll and bot networks were there.
“What prison program can turn a 50 percent recidivism rate into a 4 percent rate? That would be college courses for people behind bars, an underfunded and politically unpopular move in American politics. PBS’s four-part documentary this week, College Behind Bars, persuasively makes a case for corrections departments to save money by expanding this opportunity. What’s more corrective than learning? (Washington Post)”
We all know what cyrpto currency assets are at this point, but to correlate current events with the role of International Central Banks and International Trade is indeed complex. This presentation was for the Luxembourg American Chamber of Commerce in New York City. It does assume a baseline understanding of international finance and the role of Central Banks, Securities and International Trade.
Some highlight slides followed by the embedded presentation from slideshare. Note: these are NOT all of the slides from the presentation, so be sure to view the embedded presentation on cryptocurrency on linkedin.
The following slide is CRITICAL to understand the differences between how Central Banks functions versus how Cryptocurrency functions. Although people are working on options that reduce the all-or-nothing nature of the change. (see slidedeck for more)
OK, WHAT IS CRYPTOCURRENCY?! Speak English Please!? This is the way I try to explain cryptocurrency in plain language so that normal people can understand it. This is the simplified explanation of cryptocurrency:
Where does cryptocurrency come from and why should I care anyway? Let’s start with the “who makes this stuff?” question. Because that is the important part. It’s all about CONTROL.
From the article: “Bitcoin is a slow burn, one that will take another five or ten years to really explode. And when it does it won’t be visible like Facebook or Netflix. It won’t be one level removed from our browsers, hiding just out of sight, like Linux. It will be ingrained in our lives, in the interaction between our money and the world. It will be the currency used between humans and robots and between robots and robots. It will become so useful that it will disappear.”
From the article, and this applies to our country and *both* political parties in my opinion:
….imagine the impact of the next great recession on these already stark social and economic divisions within American society.
Finally, political institutions in fragile states either erode or are captured by the governing elite to advance their personal interests. Typically, fragile states arbitrarily apply the rule of law against political opponents, delegitimize and undermine normal state bureaucratic functions that fail to align with elite interests, and leverage external political agents and foreign states to intervene in domestic matters.
Overall, VC investment in software is trending well according to CB Insights as well as Pitchbook. However, one of my observations while living in SF during and after the 2016 election was an immediate drop in seed level investment right before and after the election. The data:
“It’s these last six seconds (of the video) that underscore the danger posed by the vulnerability, which according to Internet scan results posted eight days ago remains unpatched on almost 1 million computers. The flaw, which is indexed as CVE-2019-0708 but is better known by the name BlueKeep, resides in earlier versions of the Remote Desktop Services, which help provide a graphical interface for connecting to Windows computers over the Internet. A much more detailed blow-by-blow is here.”
(It) Only takes one unpatched system to spread
Last Friday, members of the Microsoft Security Response Team practically begged organizations that hadn’t patched vulnerable machines to do so without delay, lest another WannaCry scenario play out. “It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread… officials with the National Security Agency on Tuesday echoed Microsoft’s warning. The video posted by Dillon, particularly in the last six seconds, demonstrates that the danger is in no way exaggerated.
If the intermingling of Mimikatz and a critical Windows vulnerability to devastating effect sounds familiar, it’s probably because that’s how another paralyzing worm, dubbed NotPetya, managed to wipe out entire networks. According to an analysis from Kaspersky, NotPetya, which is regarded as the most expensive malware attack in history, used the Eternal Blue exploit developed by and later stolen from the NSA to exploit one or more vulnerable machines. NotPetya,
In the NotPetya analysis, Kaspersky researchers wrote, “IMPORTANT: A single infected system on the network possessing administrative credentials is capable of spreading this infection to all the other computers through WMI or PSEXEC.”
My Thoughts on EternalBlue, BlueKeep and Why These Are Human Problems
Closing thoughts: NOT all countries can realistically afford the cost of the Windows Operating System in their schools. But without that experience they can’t compete, so they use hacked versions. If you lived in Indonesia or Mongolia, what would you do?
Those companies, with employees using hacked system in countries of different economic status, are possible subcontractors for international global leaders (like Maersk for example). They are the weak leak, because a hacked Windows system can’t be patched.
To be clear: I do *NOT* agree with software theft. But I also don’t agree with sloppy work on the part of our security agencies that have the resources to secure the nuclear weapons of the cyberwar that are being unleashed against not just the US, but the world.
We all need to stop and think about the overall situation. I believe the existential threat of EternalBlue, a gift that keeps on giving, is that it was an American agency funded by the US tax payers that did not report the vulnerabilities to an American software company. For years.
Unintended Consequences of Huawei and Google Android Patch Ban (possible)
If people don’t realize cryptocurrency “payment channels” (basically like a purchase order between merchants – settled up later but pre-approved) is a threat to the petrodollar, they are mistaken. The USD is nothing more than what we would call “proof of stake” in the crypto world. The Fed is the issuer, the stake.
Energy traded based on a proof of stake crypto currency pinned to the future value of a fiat currency in, say 30 days, via a smart contract could replace the influence of the US at a global level – I believe you are mistaken.
A programmer starts a company in Houston, because why not? Expanded to Mountain View maybe 2011 ish? Along the way took up photography in 2006. I know the exact photo. It’s on flickr. I’m on flickr because it was talked about at Etech. That’s the backstory.
Economics of Data (including Photos)
Let’s forget ethics, the value of community, the historical role of a site, the role of O’Reilly and Etech growing their brand, and let’s just talk about PROFIT. Smugmug’s CEO is currently making a HUGE error by blocking new uploads to flickr for long time users. I know this because not only am I holding out, despite having been a Pro paying user for many of the last 13 years.
As a long time flickr user I can point out the fact that many of my photos are on wikipedia, despite the fact I have NEVER uploaded a photo to wikipedia. How? Because I frequently share my photos creative commons attribution. Other people can legally use them and upload them with attribution (e.g. “Photo by Ed Schipul”) and nothing more. They found these photos on Flickr because the taxonomy allowed us to specify the CC license.
But first, the email I received today looks this:
Text from their email:
We’ve made some big changes to free Flickr accounts over the past year, and our community has made it clear that they’d like more time to decide on a home for their photos.
Because we know how important that decision is, we’re giving free Flickr accounts with 1,000+ photos and videos another month to make a decision, whether it means upgrading to Flickr Pro (with unlimited storage) or downloading your photos onto a computer. On March 12, 2019, any photos and videos over 1,000 on free Flickr accounts will be at risk for deletion.
Having spent years traveling, and one year living full time in San Francisco, I can say with the advent of AI and machine learning, there are startups that offer FREE security cameras. Why? Because of the value of the XIF data and to feed into algorithms.
And on the Internet there are numerous currencies; attention, cash, link-backs are three primary currencies.
Riddle me this. Why would you block someone from uploading high value content to your site that creates attention and links back to your site? It’s not like they bought any of my cameras or paid me. But I’m blocked from uploading and the smugmug CEO is sending out emails pointing out that their “storage” is cheaper than “other people’s storage.” Baroo? Did you seriously just call my photography “storage”? WTF?
As I type this, this is what flickr looks like so I can’t “link you” to any of the ridiculously rich content and photos I have uploaded over the last 13 years.
Because flickr is down. Me thinks they are in over their heads.
I’ll end on a positive note. Flickr/Smugmug’s CEO may not understand their actions, that they are killing photography on the Internet, because they weren’t there back in the day. Naive, yet at least they did provide a download link. The community is being destroyed, and we will rebuild. Ethically I have to say THANK YOU for providing our data.
Any other open source developers out there who want to provide a Python/Django based gallery option that includes OG community? Because we are apparently on our own folks.
Why does the Internet seem broken lately? Let’s start with the obvious – the government shut down is a horrific occurrence far beyond what people realize.
Why is the Internet slow right “now”? Because DNS is under attack and the government is shut down and incapable of responding. Seriously. We, the InfoSec community, are flying blind. For the average person – you are kind of hosed. (kidding, not kidding….)
What is DNS? “DNS” means “domain name resolution.” and it tells your computer how to find a web site. The thing is, *most* sites pull content from numerous places (think twitter feeds on your page, or a FB badge, or a font, etc.) If *ANY* of these items are slowed down, so is your site.
Not surprisingly, criminals look for opportunities and our politicians gave them a big giant gift by shutting down the government.
The DNS attacks, among others, haven’t made the news because the government has been shut down.
Recovery from one month of nobody managing CyberSecurity for the US Government will take months if not years. Some damage is permanent. (I’m just the messenger.)
If the Internet and cybersecurity are put in the category of “non-essential” then we have a serious problem. And we have a serious problem far larger than the drop in home buying. Hackers are patient. Very patient. Recon conducted over the last month will be used far into 2020. The RATs will persist in silence and nobody will know until they are activated.
One federal agent with more than 20 years on the job told KrebsOnSecurity the shutdown “is crushing our ability to take the fight to cyber criminals.”
“The talent drain after this is finally resolved will cost us five years,” said the source, who asked to remain anonymous because he was not authorized to speak to the news media. “Literally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.”
The source said his agency can’t even get agents and analysts the higher clearances needed for sensitive cases because everyone who does the clearance processing is furloughed.
December 16 at 4:29 PM – A report prepared for the Senate that provides the most sweeping analysis yet of Russia’s disinformation campaign around the 2016 election found the operation used every major social media platform to deliver words, images and videos tailored to voters’ interests to help elect President Trump — and worked even harder to support him while in office.
The research — by Oxford University’sComputational Propaganda ProjectandGraphika, a network analysis firm — offers new details of how Russians working at theInternet Research Agency, which U.S. officials have charged withcriminal offensesfor interfering in the 2016 campaign, sliced Americans into key interest groups for targeted messaging. These efforts shifted over time, peaking at key political moments, such as presidential debates or party conventions, the report found.
IMHO – Our security community as well as the media unfortunately are not using common sense and logic. They still underestimate the scope and significance of ongoing issues and attacks AMS vendors must defend against.
Associations were targeted as early as 2010 according to our logs. If memory serves me correctly. (It’s expensive to do computer forensics.)
Attacks on associations, non-profits, NGOs/NPOs skyrocketed, I’d say, in 2014.
International trade wars are difficult. I get it. Yes it is complicated. Then there is data:
American farmers are titans of international commerce. From 2000 to 2017 the value of agricultural exports nearly tripled. Exports comprise more than a fifth of farm output. Grain gushes abroad in the highest volumes. As the world eats more meat, livestock producers need more animal feed, raising demand for soyabeans. Exports last year reached $21.6bn, more than double the value of corn, the next largest export.
These successes are due in part to government subsidies that incentivise production, such as farm payments that rise when commodity prices fall. These mainly support big operations: farms with incomes of $167,000 or more received nearly 70% of commodity payments in 2016, according to the Heritage Foundation, a think-tank.
Productivity-boosting measures have helped, too. Mr Sims, for instance, now uses data on yields to fine-tune the application of fertiliser. He flies drones to inspect crops for insect damage.
Farmers often coat seeds before planting to fend off rot and pests. Environmentalists worry about the impact on water and biodiversity. But production has boomed.
This has helped depress prices for corn and soyabeans in recent years, even as land, fertiliser and seed have remained relatively expensive.
So a trade war is particularly ill-timed.
Mr Trump announced tariffs on steel and aluminium imports in March, and extended them to Mexico, Canada and Europe in May. In retaliation Mexico, the second-largest importer of American pork by value, raised tariffs to 20%. China’s tariffs of up to 70% on pork, and 25% on soyabeans, hurt even more.
Mr Trump is due to meet Xi Jinping, China’s president, at theG20summit later this month,
“I’ve given a lot of thought to this, and have reached the conclusion that building walls isn’t such a bad idea. I’m not talking about walls that keep people out, I mean walls that bring people in, walls that create a home.” – Vicente Fox, NOV 20, 2018
… Juba’s boruboru (dodgeball) league has more than 50 teams and about 825 players, ranging in age from 10 to about 18. (Smaller girls tend to be ace dodgers, while the older girls have the stronger arms for throwing.)
When you see the “real deal”, the person who can withstand damn near anything, and still do the “right thing” under fire.
It is humbling. Thank you Sir.
Under the wide and starry sky, Dig the grave and let me lie. Glad did I live and gladly die, And I laid me down with a will. This be the verse you grave for me: Here he lies where he longed to be; Home is the sailor, home from sea, And the hunter home from the hill.