Technology

Discussions and information about technology - news, ideas, tech events in Wisconsin.

Crypto-Gram - Aug. 15, 2017

Bruce Schneier

        CTO, IBM Resilient
       [email protected]
      https://www.schneier.com


A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit <https://www.schneier.com/crypto-gram.html>.

You can read this issue on the web at <https://www.schneier.com/crypto-gram/archives/2017/0815.html>. These same essays and news items appear in the "Schneier on Security" blog at <https://www.schneier.com/>, along with a lively and intelligent comment section. An RSS feed is available.


** *** ***** ******* *********** *************

In this issue:
     Ethereum Hack
     News
     Zero-Day Vulnerabilities against Windows in the NSA Tools
       Released by the Shadow Brokers
     Schneier News
     Measuring Vulnerability Rediscovery

Justice Department demands user information on Trump inauguration protesters

This in from The Hill. The Justice Department is embroiled in a fight with Dreamhost (a West Coast large web hosting provider) over the private information of as many as 1.3 million people who were engaged on a website to plan protests of Trump's inauguration. On the face of it this appears to be a terrible invasion of privacy.  Protesting is not a crime, though it appears the Justice Department is working on that. Note that due to the completely irritating self-playing video you need to click on the title here to actually see the video in all its ad-laden glory.

Note that this suit seeks the IP addresses of everyone who has visited the http://www.disruptj20.org website. This very well may include you if you were interested in the protests at the Trump inauguration. A hearing on this is scheduled for Aug. 18 in Superior Court in Washington DC.

About Daily Stormer and their search for a domain registrar

Update - Aug. 15.  The site has disappeared. Surprisingly they still have a whois record with Google as the registrar, but DNS lookups fail.  They're gone.

You may have seen some of the news about the Daily Stormer website and their quest for a domain registrar. Yesterday their long-term domain registrar GoDaddy terminated their domain registration and gave them 24 hours to go elsewhere. They registered their domain with Google Domains today, and within a few hours Google announced they were booting them out as well (though currently a whois search indicates that they are still registered through 2020 with Google). 

UW and WARF awarded $500 million from Apple

WARF foundation was awarded a large settlement recently due to Apple appropriating a WARF patent on speculative instruction execution.  I'll let The Register carry it from here -

Another Massive Cyberattack hits

Reports are coming in of a massive cyberattack happening throughout the Ukraine and other countries. Recent reports indicate that it has spread to England and may well be ready to wander across the ocean to the US.  This is reportedly a new ransomware attack, and appears to be a variant of the previously-known Petya ransomware. Take care.

People with up-to-date Windows updates should be fine on home systems, but there are some indications that the virus can spread through company-managed systems using Windows System Administration tools, so company-based computers may be more vulnerable.

The Costs Of Taking Broadband The Extra Mile In Wisconsin

As Wisconsin struggles to grow private-sector jobs, there is potential to expand telecommuting work outside urbanized areas of the state by improving broadband connections. As it stands, about 13 percent of Wisconsin's population lacks access to high-speed internet connections, according to a 2016 progress report from the Federal Communications Commission.

Facebook is abusive - it's time to get a divorce

The Register is one of my favorite IT blogs. In an editorial today they have, I think, nailed PART of the reason I believe we should just start saying no to Facebook - there are others, but the question is, how much of your soul are you willing to let Facebook own?

It seemed innocuous, almost trivial: What are you doing? Who are you seeing? What are your favourite things? Sharing the trivia of life and was fun.

But only because we were yet to understand that everything we entered was recorded by Facebook, all of it analysed, all of it compared against everyone else sharing all of their personal trivialities. Too late we realised that everything we shared was more useful to Facebook than it was to our friends. So while we revelled in the joy of finding new friends, Facebook got the deeper satisfaction of building a complete portrait of an individual, inside and out.

RIP Microsoft Vista

As of yesterday, Microsoft Vista is no longer supported.  In any way. At all. So if you're running Vista on something it is well past time to upgrade. Vista was always pretty much a bad idea - I know I ran it for a while on one of my desktop computers.  It was  at the time the only Windows machine in the home office, and I felt I needed it to recreate client problems in Windows. And there were problems galore.

Windows 10 is actually pretty nice, other than the glaring privacy and advertising-against-your-will issues (though I upgraded a machine yesterday to the new Creator Edition and it seems to have suddenly become unstable). I'm really glad that I don't depend on Windows for my everyday work. But if you're running Vista, it's really past time to move on to something else. 

My cord-cutting story part 2

So, a while back I wrote a little about our attempt to cut the cord on our TV. The ever-increasing price of cable (even on our wonderful telephone co-op service) had been becoming hard to bear, not to mention the fact that the company providing the cable service to the co-op seems to be a tad on the sloppy side.  We have often found our local PBS channel only has one channel of stereo sound, and some other anomalies. So between the cost, paying for a gazillion channels we would never watch, and the general feeling that we could do better ourselves, we finally decided to move toward dropping our cable service.

Five things your ISP can do if Congress Repeals the FCC's Privacy Protections

Interesting article from the Electronic Frontier Foundation:

1.  Selling your data to marketers

2. Hijacking your searches

3. Snooping through your traffic and inserting ads

4. Pre-installing software on your phone and recording every URL you visit

5. Injecting undetectable, undeletable tracking cookies in all of your HTTP traffic

How do they know this? Because all of these things were done previously by ISP's until they were stopped. 

Upcoming Events