Daily Archives: July 17, 2018

The SIM Hijackers

Lorenzo Franceschi-Bicchierai of Motherboard has a chilling story on how hackers flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victim's weakness? Phone numbers. He writes: First, criminals call a cell phone carrier's tech support number pretending to be their target. They explain to the company's employee that they "lost" their SIM card, requesting their phone number be transferred, or ported, to a new SIM card that the hackers themselves already own. With a bit of social engineering -- perhaps by providing the victim's Social Security Number or home address (which is often available from one of the many data breaches that have happened in the last few years) -- the criminals convince the employee that they really are who they claim to be, at which point the employee ports the phone number to the new SIM card. Game over.

Read more of this story at Slashdot.

CVE-2018-14379

MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion.

As laqueaduras de emergência dispararam no Brasil – e ninguém sabe por que

A esterilização involuntária de Janaína Aparecida Quirino ainda não tinha ganhado os noticiários quando, fazendo um levantamento inédito de dados do SUS sobre laqueaduras, me ocorreu a suspeita: será que as mulheres estão sendo esterilizadas à força? Eu havia acabado de descobrir que existem laqueaduras de emergência e que em 2017, pela primeira vez, elas foram mais comuns do que as eletivas. Comparando o primeiro trimestre deste ano com o de 2008, o número de esterilizações urgentes duplicou. E ninguém sabe explicar por que isso está acontecendo – nem o que, afinal, é uma laqueadura de urgência.

A laqueadura, popularmente conhecida como “ligadura de trompas”, é uma cirurgia de esterilização feminina – ou seja, um método anticoncepcional permanente, destinado a mulheres que desejam nunca engravidar. Como a finalidade do procedimento é evitar uma gestação, é muito estranho pensar em uma laqueadura feita em caráter de urgência.

Falei com pesquisadoras, médicas, funcionárias da SES, a Secretaria Estadual de Saúde do Rio de Janeiro, e uma enfermeira. À primeira vista, a maioria estranhou o termo. “Não existe laqueadura de urgência”, escreveu Sandra Garcia, doutora em Demografia, uma frase que foi repetida pela enfermeira Edineia Lazzari, que trabalha em uma clínica da família na Rocinha, favela do Rio. Há 20 anos atuando no Programa de Atenção Integral à Saúde da Mulher, Criança e Adolescente da SES, a especialista em saúde pública Tizuko Shiraiwa também afirmou desconhecer essa classificação para laqueaduras.

De forma vaga, o Ministério da Saúde afirmou que, de fato, não são feitas laqueaduras de urgência. Mas, às vezes, a cirurgia pode ser registrada no código de atendimento urgente “por, provavelmente, ter-se identificado risco à saúde da mulher em futura gestação”. Seria, portanto, uma forma de indicar que a laqueadura foi feita por razões médicas, e não como método contraceptivo. Pelo menos na teoria.

Para uma mulher fazer uma laqueadura no Brasil, a Lei de Planejamento Familiar determina desde 1997 que ela tenha mais de 25 anos ou pelo menos dois filhos vivos. Quem é casada precisa ainda da autorização do marido. Uma hipótese para o mistério das laqueaduras urgentes é que elas sejam uma versão de um clichê brasileiro: o jeitinho. Sem acesso ao método contraceptivo que desejam por não atenderem a requisitos pensados há mais de 20 anos, é possível que as mulheres, em acordo com os médicos, tenham encontrado uma brecha no sistema. “A urgência pode ser uma estratégia para elas conseguirem a laqueadura sem atender esses critérios. Por exemplo, sem pedir permissão ao marido”, arriscou Carmen Lucia Luiz, coordenadora da Comissão Interdisciplinar de Saúde da Mulher do Conselho Nacional de Saúde.

É apenas um palpite. Porém, outras pessoas da área, como a enfermeira Edineia, igualmente surpresas com os dados, também apostam nele. Embora a laqueadura tenha sido legalizada com a lei de 1997, ainda são poucos os serviços que podem fazer o procedimento. Como essa é uma cirurgia “mutilatória, de difícil reversão”, segundo Carmen, as mulheres precisam passar por 60 dias de aconselhamento, recebendo informações sobre outros métodos contraceptivos.

Também por isso, a demanda pela cirurgia é muito maior do que a oferta, explicou André Junqueira Caetano professor da PUC Minas, especialista em Demografia. “Você detectou uma consequência dos critérios restritivos da lei“, avaliou. “Dá mais trabalho ir ao serviço credenciado do que fazer uma combinação com o médico.”

Não é coincidência que, em 2017, as laqueaduras em cesarianas também tenham ultrapassado as esterilizações feitas em outros momentos da vida. É um acontecimento inédito desde a aprovação da Lei de Planejamento Familiar, que proibiu as laqueaduras no parto para evitar cesarianas desnecessárias. Antes dela, médicos e pacientes combinavam cesáreas para encobrir as laqueaduras, ainda não legalizadas. Assim, os custos do hospital com a cirurgia eram reembolsados pelo SUS, e os profissionais, muitas vezes, recebiam pelo procedimento extra por fora.

A lei permite uma exceção para laqueaduras no parto: quando o médico julgar que o número de cesarianas anteriores da mulher pode colocar sua vida em risco caso ela engravide novamente. “A conversa que rola no ouvido das mulheres, ainda que possa não haver base científica para isso, é que depois de duas cesarianas não tem mais que ter filho. Quantas fizeram laqueadura na cesárea como urgência por causa de cesarianas anteriores?”, questiona Carmen.

O Ministério da Saúde não soube responder. Em 5 de junho, solicitei ao órgão o número de laqueaduras de urgências feitas no SUS, de acordo com a quantidade de cesáreas anteriores das pacientes. Fui informada de que a ficha de autorização de internações não tem um campo para preenchimento de histórico obstétrico e, por isso, o ministério não tem como indicar as cesarianas anteriores das mulheres laqueadas.

Uma segunda hipótese

Há dez anos, seis a cada dez laqueaduras de urgência aconteciam no parto. Hoje, já são quase 90% – a maioria em mulheres negras. Em 2017, elas foram submetidas ao procedimento 2,5 mais vezes do que em 2008, segundo dados obtidos via Lei de Acesso à Informação.

Levando em conta que é o profissional de saúde quem define os casos em que cesáreas anteriores justificariam uma esterilização, me questiono a possibilidade de estarem mais dispostos a recomendar o procedimento às negras do que às brancas. Em 2008, 32,7% de todas as laqueaduras eram feitas em negras, e 32,8% em brancas. Hoje, são 43,5% em negras, e 29,9% em brancas.

A ginecologista da UFRJ Michele Pedrosa, que trabalhou dez anos anos na Secretaria Estadual de Saúde do Rio, tem outra hipótese para explicar as urgências: o aumento das gestações de alto risco. Em 2002, só 5,8% das cesáreas feitas no SUS eram em gestações arriscadas. Ano passado, já eram quase 20%. Para ela, o aumento desse tipo de gravidez tem a ver com uma piora da saúde pré-natal nos últimos anos, que pode levar às laqueaduras no parto.

“A gente sabe que acontecem combinados entre o médico e a paciente. Na Baixada Fluminense, é comum as mulheres fazerem cesariana pelo SUS e pagarem por fora para serem laqueadas. Isso acontece Brasil afora, mas só com esses dados [do levantamento do The Intercept Brasil] não dá para afirmar que é isso”, ponderou Pedrosa. O único consenso entre as profissionais e pesquisadoras é que as urgências não indicam a possibilidade de os médicos estarem fazendo esterilização forçada nas mulheres. Ainda assim, é curioso que, dias após nossas conversas, tenha vindo a público um caso como o de Janaína, mulher em situação de rua esterilizada à força por ordem da Justiça. E que, duas décadas depois da CPI que investigou laqueaduras compulsórias no Brasil, elas tenham voltado a ser alvo de discussão no parlamento. Na última quarta-feira, duas comissões da Câmara dos Deputados se reuniram para discutir o caso de Janaína.

O paradoxo do acesso

O acesso à laqueadura no Brasil é um paradoxo complexo. E não poderia deixar de ser, em um país que não permite às mulheres terem autonomia sobre seus corpos e insiste em lutar por retrocessos nos direitos sexuais e reprodutivos. Por um lado, critérios de uma lei ultrapassada podem estar incentivando mulheres e médicos a fazer cirurgias ilegais; por outro, muitas mulheres que atendem aos requisitos da lei têm o direito à laqueadura negado por profissionais que se recusam a fazer o procedimento, acreditando que elas irão se arrepender. A situação é tão comum que mulheres sem filhos, mas com mais de 25 anos, criam grupos para recomendar os médicos que fazem a laqueadura legal.

Ainda assim, a esterilização feminina é a forma de contracepção mais comum no Brasil, que tem a décima maior taxa desse método no mundo, de acordo com estudo de 2015 da Organização Mundial da Saúde. “Os americanos chegavam aqui nos anos 70 distribuindo equipamento para os médicos fazerem laqueaduras na população de baixa renda”, lembra Pedrosa, referindo-se ao investimento estrangeiro no controle populacional no Brasil, que também foi alvo da CPMI das laqueaduras.

A laqueadura é um direito das mulheres. Mas o histórico brasileiro, combinado à ausência de informações e à dificuldade de acesso a outros métodos anticoncepcionais de longo prazo, como o DIU, faz com que a opção nem sempre seja consciente. “Como as pessoas falam ‘ligar as trompas’ para se referir às laqueaduras, muitas mulheres vão ao nosso laboratório pedindo para ‘desligar’ depois da cirurgia. Elas não estavam cientes de como funcionava o método quando o escolheram”, contou Pedrosa.


Laqueaduras-de-emergencia-comentario5-1531852397

Comentário em um post de Facebook do Senado Federal sobre os critérios para mulheres e homens fazerem uma esterilização.

Imagem: Reprodução/Facebook

Você já passou por uma laqueadura de urgência? É profissional de saúde e já praticou o procedimento? É pesquisador(a) e está por dentro do aumento desse tipo de cirurgia? Conta para a gente.

The post As laqueaduras de emergência dispararam no Brasil – e ninguém sabe por que appeared first on The Intercept.

‘O caso Janaína me lembrou que o Brasil já fez esterilização em massa – com apoio dos EUA’

Há pouco mais de um mês, assisti perplexa ao caso da esterilização forçada de Janaína Aparecida Querino, uma mulher em situação de rua. Por uma decisão liminar do juiz Djalma Moreira Gomes Júnior, concedida em 2017, após pedido do promotor Frederico Liserre Barruffini, Janaína passou pela operação de laqueadura – um procedimento que está em alta no Brasil e ninguém sabe dizer por quê. Em maio deste ano, a administração municipal recorreu, e o Tribunal de Justiça de São Paulo anulou a decisão. Tarde demais. Janaína, que tem 36 anos e vive na cidade paulista de Mococa, havia sido esterilizada há três meses. O ocorrido me lembrou de imediato a um fato pouco lembrado: a Comissão Parlamentar Mista de Inquérito da laqueadura involuntária dos anos 1990.

Janaína foi submetida à cirurgia no dia 14 de fevereiro, logo depois do parto do oitavo filho, quando estava na Penitenciária Feminina de Mogi Guaçu. Logo se instalou uma polêmica. Ela havia consentido ou não ao procedimento? Aos prantos no maior programa jornalístico domingueiro da TV nacional, ela afirmou que jamais desejou a operação, e o ofício da Assistência Social de Mococa indicou “desinteresse em passar pelo procedimento”. O que grande parte dos brasileiros parece não se dar conta é que, neste caso, isso não é o mais relevante.

Deliberações relativas ao planejamento familiar de qualquer cidadão jamais podem partir do Ministério Público, pois são de livre decisão das mulheres e dos homens deste país. São direitos individuais e devem partir unicamente dos cidadãos e cidadãs. Mas vamos ao que está no cerne de todo esse imbróglio: no Brasil do “somos todos iguais”, uns são mais iguais que outros.

A CPI dos anos 1990 não foi instaurada por acaso. Ela foi fruto de denúncias e estudos de que o escasso acesso aos métodos contraceptivos, principalmente nas áreas mais carentes do país, era campo fértil para que ligaduras de trompas (como também são chamadas as laqueaduras) fossem oferecidas como escambo eleitoral e sem qualquer critério.

A Pesquisa Nacional de Demografia em Saúde, feita pelo Ministério da Saúde em 1996, mostrava que 45% das brasileiras em uniões estáveis estavam laqueadas e um quinto delas com menos de 25 anos. A CPI, presidida pela então senadora petista Benedita da Silva, do Rio, com relatoria do senador pefelista de Tocantins Carlos Patrocínio, comprovou a prática indiscriminada da laqueadura e o uso eleitoreiro da cirurgia. Na ocasião, um depoimento sem rodeios de Antônio Pedroso Neto, do Conselho Federal de Medicina, deixava clara a indiferença do governo perante o problema.

A redução da violência evitando que o pobre “se reproduza”

O descaso vinha de mais tempo. As leis que favoreceram a imigração no Brasil revelam um projeto de nação que excluía negros e indígenas. Os imigrantes europeus receberam benesses jamais sonhadas pelos descendentes de escravos que construíram o país. Em 1911, em Londres, no Congresso Universal das Raças, o médico e antropólogo João Batista de Lacerda expôs ao mundo a tese do embranquecimento com o artigo “Sobre os mestiços do Brasil” (Sur les métis au Brésil). Nele, fazia uma defesa da miscigenação porque acreditava que a raça branca acabaria por sobrepor a negra e a indígena. Ficou famoso o quadro usado por Lacerda para exemplificar sua teoria. Em “A redenção de Cam”, uma avó negra agradece aos céus o neto branco nos braços de sua filha mestiça casada com um homem branco.

A redenção de Cam, de Modesto Brocos, 1895.

A Redenção de Cam, de Modesto Brocos, 1895.

Imagem: Reprodução

João Batista Lacerda parece ter feito escola – Getúlio Vargas, 34 anos depois, no artigo 2º do decreto-lei nº 7.967, dispôs: “Atender-se-á, na admissão dos imigrantes, à necessidade de preservar e desenvolver, na composição étnica da população, as características mais convenientes da sua ascendência europeia (…)”.

Esterilizações forçadas em pobres (que, na sua maioria, são negros) em um povo com este histórico não parece nada fora dos padrões. Mas para sair do terreno do empirismo foi criada uma CPI para averiguar a “incidência de esterilização em massa de mulheres no Brasil.” Movimentos sociais, entidades e a Igreja apontavam os programas de controle da natalidade e planejamento familiar, muitos financiados com capital estrangeiro, como focos da prática que deixou estéreis milhares de mulheres involuntariamente.

Esses programas eram capitaneados por entidades que, segundo diversos depoimentos, seguiam orientações que constam no chamado Relatório Kissinger, documento norte-americano classificado como sigiloso, mas que pesquisadores tiveram acesso nos anos 90. Era o Memorando de Estudo de Segurança Nacional 200, que tratava do crescimento da população mundial e a segurança dos Estados Unidos. Ganhou o nome de Henry Kissinger porque foi concluído em dezembro de 1974, sob sua direção.

Programas de laqueaduras forçadas no Brasil seguiam orientações que constam no chamado Relatório Kissinger.

O Relatório Kissinger foi adotado como política oficial pelo presidente Gerald Ford em 1975 e defendia que o crescimento populacional dos países menos desenvolvidos era uma ameaça para a segurança nacional americana, pois geraria riscos de distúrbios civis e instabilidade política. Para conter o avanço demográfico, o relatório defendia a promoção da contracepção. Treze países estavam na mira desta política: Índia, Bangladesh, Paquistão, Indonésia, Tailândia, Filipinas, Turquia, Nigéria, Egito, Etiópia, México, Colômbia e Brasil. Assim, a vontade histórica da elite brasileira ganhou um aliado de peso e com dólares no bolso.

A CPMI ouviu gente poderosa dos movimentos feministas, movimentos negros, deputados, médicos e juristas. Em 144 páginas, o documento desfila depoimentos impressionantes de ativistas históricas como Luiza Barrios, que se tornaria ministra-chefe da Secretaria de Políticas de Promoção da Igualdade Racial de 2011 a 2014; de Jurema Werneck, atualmente presidente da Anistia Internacional no Brasil; de Edna Rolland, do Instituto Geledés para Mulheres Negras, que viria ser a relatora da Conferência Mundial contra o Racismo, em 2011. E ainda traz falas de Adib Jatene, então ministro da Saúde; do embaixador Luiz Felipe de Seixas Corrêa, da deputada Jandira Feghali; do então presidente da Conferência Nacional dos Bispos do Brasil Dom Luciano Mendes de Almeida, entre outros.

Dom Luciano, por exemplo, foi taxativo ao afirmar que em um país com 16 habitantes por quilômetro quadrado não se deveria estar falando em controle da natalidade, mas o fazia porque havia uma intenção genocida por trás, dentro de uma perspectiva racista.

Também falaram os médicos que consideravam tudo um grande exagero, como Elsimar Coutinho. Coutinho, então presidente da Associação Brasileira de Entidades de Planejamento Familiar, era tido como porta-voz da política de esterilização no país. A associação era uma entidade civil que congregava as entidades de planejamento familiar. Seu orçamento entre 1988-90 foi de 8,3 milhões de dólares.

Segundo o relatório da CPI, um de seus objetivos era treinar médicos, enfermeiras e paramédicos em técnicas de esterilização. O texto da relatoria apresentou dados de instituições no Brasil e no exterior comprovando que a prática da laqueadura era muito alta, fora dos padrões mundiais. Fato confirmado no depoimento de Jatene.

Vinte anos passaram e, em 2011, Elsimar concedeu uma entrevista ao jornal A Tarde afirmando que as ações do programa de planejamento familiar desenvolvidas há 20 anos pelo Centro de Pesquisa e Assistência em Reprodução Humana, instituto que dirigia, auxiliaram na diminuição da violência entre os jovens da Bahia. Para justificar seu ponto, usou o número de esterilizações não em mulheres, mas em homens, pois o número de vasectomias feitas pelo centro saltou de zero em 1984 para 489 em 1991: “O planejamento familiar diminui as desigualdades sociais porque diminui o abandono e a mortalidade infantil, diminui a violência entre os jovens. (…) Uma única vasectomia protege de uma gravidez indesejada um número enorme de mulheres”.

Na mesma matéria, Edna Rolland rebate: “Os pobres têm muitos filhos porque são pobres, e não o contrário. A causa que tem que ser atacada é a pobreza, a expropriação de condições dignas de vida. O planejamento familiar é um direito de todos e não devemos pensar em um programa para pobres e um para não pobres, da mesma forma que não existe educação para pobres ou saúde para esse grupo”.

O Estado brasileiro permanece ausente e incapaz de estabelecer ações voltadas à reprodução enquanto questão de saúde pública.

A discussão está muito longe de ter um fim no Brasil e no mundo. A CPI da laqueadura resultou no projeto de lei sobre planejamento familiar aprovado pelo Congresso Nacional em 1996, sancionado, após muitas pressões, sem vetos pelo então presidente Fernando Henrique Cardoso. Está lá: “É condição para que se realize a esterilização o registro de expressa manifestação da vontade em documento escrito e firmado após a informação dos riscos da cirurgia”. Mas, embora algum avanço tenha sido verificado, o Estado brasileiro permanece ausente, incapaz de estabelecer ações voltadas ao tema da reprodução enquanto questão de saúde pública.

Thais Machado Dias, do Coletivo Feminista de Saúde e Sexualidade, mencionou o perigo de que o caso de Janaína, a mulher que foi esterilizada a mando da Justiça, abra um precedente para uma reedição das medidas racistas do passado: “Fazer com que pessoas que não cabem numa dita norma social não se reproduzam é um processo eugênico que se repetiu em vários momento da história. Se a gente trabalha com laqueadura involuntária para pobres, mulheres negras e usuários de substâncias, vamos retroceder anos de história e de direitos humanos”, declarou a veículos após a repercussão do caso.

A crise migratória recente e as medidas protecionistas do governo norte-americano, com as crueldades da separação de pais e filhos e o ódio a imigrantes, nos faz pensar que o Relatório Kissinger e a CPI da esterilização em massa não aconteceram há três décadas, mas ontem.

Janaína Aparecida Querino está aí para provar.

The post ‘O caso Janaína me lembrou que o Brasil já fez esterilização em massa – com apoio dos EUA’ appeared first on The Intercept.

STF é cúmplice da impunidade dos assassinos de Vladimir Herzog

Vladimir Herzog tinha 38 anos e, como jornalista, dedicava-se a informar e contar histórias. Dirigia o jornalismo da TV Cultura, canal 2 de São Paulo. Lá, era responsável pelo jornal “Hora da Notícia”, que entrou no ar às 21h da sexta-feira 24 de outubro de 1975. Se mantiveram o padrão das edições de 11 a 20 de setembro, esquadrinhadas mais tarde pelas pesquisadoras Jemima Bispo e Iluska Coutinho, a cobertura internacional ocupou 40% do tempo, e a de política nacional, 9%. Sob a ditadura, era mais temerário falar sobre o Brasil.

Naquela noite, agentes do Destacamento de Operações de Informações do 2º Exército procuraram Herzog na emissora. Averiguavam a suspeita de vínculos dele com o clandestino Partido Comunista Brasileiro. Vlado comprometeu-se a se apresentar ao DOI na manhã seguinte. Cumpriu a promessa e, no interrogatório, torturaram-no até matá-lo. Em seguida forjaram grosseiramente seu suicídio por enforcamento. De contador da história, Herzog passou a personagem histórico.

Ao noticiar neste mês a sentença da Corte Interamericana de Direitos Humanos, os colegas de ofício de Herzog enfatizaram a condenação do Brasil por não investigar o assassinato e não julgar e punir os assassinos do jornalista. A abordagem dominante foi de que se tratava de caso encerrado, uma página miserável do passado.

Minimizou-se ou calou-se sobre a determinação da corte: o Estado tem que apurar o episódio, “identificar, processar” e “punir os responsáveis pela tortura e pela morte de Vladimir Herzog”. O Brasil reconhece a competência do tribunal desde 1998. Em 1992, aderiu à Convenção Interamericana sobre Direitos Humanos. Mesmo sob o ângulo judicial, o assassinato não pertence somente à história; é pauta do presente.

Dos generais e delegados mais poderosos aos soldados e tiras mais chinfrins, ninguém pagou pelas atrocidades. Nem os seus financiadores.

Permanecem impunes os carrascos de Herzog, os algozes de centenas de outros oposicionistas, os torturadores de milhares de pessoas e os encarregados de mais de uma centena de sumiços de corpos. Tudo no período 1964-1985. A Comissão Nacional da Verdade enumerou 421 mortes e desaparecimentos nos anos da ditadura. Dos generais e delegados mais poderosos aos soldados e tiras mais chinfrins, ninguém pagou pelas atrocidades. Nem os seus financiadores.

O "suicídio" forjado de Vladimir Herzog.

O “suicídio” forjado de Vladimir Herzog.

Foto: acervo do Instituto Vladimir Herzog

Injeção de matar cavalo

Quando seu crepúsculo se avizinhava, a ditadura maquinou a perpetuação da impunidade de seus chefes, chefetes e chefiados. A lei 6.683, de 1979, anistiou os autores de “crimes políticos ou conexos com estes”. Conhecida como Lei da Anistia, enunciou de maneira obscura que “crimes conexos” eram os “de qualquer natureza relacionados com crimes políticos ou praticados por motivação política” de 1961 a 1979. O governo anunciou que não apenas seus adversários estariam protegidos de novas sanções, mas os agentes do Estado também.

No entanto, nunca foi escrito em lei ou qualquer diploma que estupros, empalações, cadeira do dragão, pau-de-arara, eletrochoques, afogamentos, tiros em cidadãos desarmados e outras modalidades de suplício e matança poderiam receber a classificação de crimes políticos ou a eles serem associados.

Crimes políticos, de acordo com a legislação da própria ditadura, cometiam aqueles que a combatiam. E não o militar que executava prisioneiro com injeção de sacrificar cavalo – sim, isso aconteceu; ou os agentes que abalroaram o Karmann Ghia de Zuzu Angel, matando-a, porque a estilista cobrava no Brasil e nos Estados Unidos o paradeiro do filho; os sicários da Aeronáutica que trucidaram Stuart Angel, o filho de Zuzu, forçando-o a inalar o gás tóxico emitido pelo cano de descarga de um automóvel; os beleguins da Operação Bandeirante que espancaram Virgílio Gomes da Silva até fragmentos do cérebro do guerrilheiro agonizante grudarem nas paredes da sala de tortura.

Ao pé da letra, a lei não arriscou escancarar a que se destinava, a autoanistia. O Congresso a aprovara, porém o Legislativo estava asfixiado em poderes e autonomia por regras liberticidas, como a que permitia ao governo nomear senadores sem eleição popular.

Boa parte das vítimas foi morta quando se encontrava sob custódia do Estado. Nem a Constituição imposta pelo regime autorizava tortura e homicídio. Todavia, as iniciativas de condenar criminalmente torturadores e carniceiros da ditadura costumam ser rechaçadas pelo Judiciário – o coronel Carlos Alberto Brilhante Ustra foi sentenciado como torturador em ação declaratória. Ele deixou o comando do DOI de São Paulo em 1974, mas em 1975 seus métodos perduravam, como descobriu Herzog.

Dez anos atrás, a Ordem dos Advogados do Brasil se dirigiu ao Supremo Tribunal Federal em busca de um caminho para punir os autores de crimes de lesa-humanidade, como a tortura – portanto imprescritíveis. Argumentou que “não houve conexão entre os crimes políticos, cometidos pelos opositores do regime militar, e os crimes comuns contra eles praticados pelos agentes da repressão e seus mandantes no governo”. Evocou a Corte Interamericana de Direitos Humanos, para a qual “é nula e de nenhum efeito a autoanistia criminal decretada por governantes”.

Pediu para o Supremo declarar que “a anistia concedida pela citada lei [de 1979] aos crimes políticos ou conexos não se estende aos crimes comuns praticados pelos agentes da repressão contra opositores políticos, durante o regime militar”.

Vladimir Herzog dirigia o setor de jornalismo da TV Cultura quando foi torturado até a morte pelo DOI do 2º Exército, em 1975.

Vladimir Herzog dirigia o setor de jornalismo da TV Cultura quando foi torturado até a morte pelo DOI do 2º Exército, em 1975.

Foto: acervo do Instituto Vladimir Herzog

Firulas retóricas

Em 2010, por sete votos a dois, o tribunal frustrou a OAB. Endossou a interpretação de que a Lei da Anistia preserva os criminosos da ditadura. Foram parceiros no voto pró-impunidade os ministros Cármen Lúcia, Gilmar Mendes, Marco Aurélio Mello, Celso de Mello, Ellen Gracie, Eros Grau e Cezar Peluso.

Recusaram a bênção aos violadores dos direitos humanos os ministros Ricardo Lewandowski e Ayres Britto. Contabilizando os ministros que continuam no STF em 2018, o placar seria de quatro a um. Com a atual composição, é possível que o desfecho fosse diferente ou o resultado mais apertado.

Foram parceiros no voto pró-impunidade os ministros Cármen Lúcia, Gilmar Mendes, Marco Aurélio Mello, Celso de Mello, Ellen Gracie, Eros Grau e Cezar Peluso.

Então presidente do tribunal, Peluso filosofou: “Só o homem perdoa, só uma sociedade superior qualificada pela consciência dos mais elevados sentimentos de humanidade é capaz de perdoar. Porque só uma sociedade que, por ter grandeza, é maior do que os seus inimigos é capaz de sobreviver”.

No limite, tais firulas retóricas redundariam na extinção do Poder Judiciário. Se o perdão deve sempre prevalecer, para que julgar quem afronta a lei? Castigar criminosos de guerra seria perversidade de almas destituídas de “elevados sentimentos de humanidade”?

Ocorre o inverso: a impunidade estimula a barbárie. No Brasil, há quem desfile com o rosto do torturador Ustra estampado na camisa. Na Argentina e na Alemanha, que processaram e condenaram seus verdugos, se alguém reverenciar publicamente um Hermann Göring, pioneiro da Gestapo, ou um Jorge Rafael Videla, ditador sanguinário, irá em cana ou passará por apuros. Sem apenar os torcionários da ditadura, novas gerações se sentirão menos constrangidas para reeditar a barbárie –afinal, antes fizeram o que fizeram e escaparam da Justiça.

Alegando que em 2010 o STF estabeleceu jurisprudência, juízes têm rejeitado ações contra os muitíssimos repressores ainda vivos. O Supremo não é cúmplice dos assassinos, mas da impunidade dos assassinos de Vladimir Herzog e de todos os matadores e torturadores que obraram para a ditadura. Desserviços à democracia e aos direitos humanos não são estranhos à corte.

Em 1936, ela se coligou ao presidente Getúlio Vargas para entregar às autoridades nazistas a militante alemã, judia e comunista Olga Benário, que estava grávida. Em 1964, chancelou o golpe de Estado. Foram escolhas tanto jurídicas quanto políticas, como a que favoreceu os corifeus e serviçais da ditadura.

Contra a impunidade patrocinada pelo tribunal, ergue-se agora a corte interamericana. Como o Brasil está sob sua jurisdição, deveria cumprir a sentença. Mas é improvável que puna os matadores de Vladimir Herzog sem que o Supremo reveja sua decisão.

Investigações oficiais empreendidas durante os governos Fernando Henrique Cardoso (Comissão Especial sobre Mortos e Desaparecidos Políticos) e Dilma Rousseff (Comissão Nacional da Verdade) elucidaram a morte, responsabilizaram a União pelo homicídio e identificaram assassinos. O STF os resguarda.

Ressabiadas com o espectro da justiça, mesmo tardia, viúvas da ditadura ameaçam com eventual revanche, a punição dos antigos opositores. Omitem que eles já foram castigados com prisão, tortura, morte, banimento, exílio, demissões, expulsões, perseguições infindas. Afirmam que os agentes “só” matavam guerrilheiros; acontece que até as leis de guerra vetam execução sumária de inimigos aprisionados. No caso de Herzog, a patacoada é maior: militante de esquerda, ele discordava da luta armada como expediente para enfrentar o regime.

Os facínoras da ditadura receiam prestar contas dos seus crimes. No que depender do STF, eles não têm por que se inquietar.

The post STF é cúmplice da impunidade dos assassinos de Vladimir Herzog appeared first on The Intercept.

Is the Earth’s Mantle Full of Diamonds?

An anonymous reader quotes a report from Gizmodo: Scientists' models show that sound waves seem to travel too quickly through the old, stable cores of continents, called "cratons," which extend deep into the mantle at depths around 120 to 150 kilometers (75 to 93 miles). Through observations, experiments, and modeling, one team figured that a potential way to explain the sound speed anomaly would be the presence of a lot of diamonds, a medium that allows for a faster speed of sound than other crystals. Perhaps the Earth is as much as 2 percent diamonds by volume, they found. Scientists have modeled the rock beneath continents through tomography, which you can think of as like an x-ray image, but using sound waves. But sound-wave velocities of around 4.7 kilometers per second (about 10,513 mph) are faster than sound-wave velocities in other kinds of minerals beneath the crust, according to the paper in the journal Geochemistry, Geophysics, Geosystems. The researchers realized that if the regions had either 3 percent diamonds by volume or 50 percent of a rock formed at high pressure and temperature called eclogite, it would enable the sound speeds they observed. But both of those numbers seemed too high, based on observations of the minerals that end up on the Earth's surface: diamond-containing rocks called kimberlites. The researchers compromised and figured that 20 percent eclogite and 2 percent diamonds could explain the high velocities. The diamonds could be sprinkled as crystals found uniformly throughout the cratons.

Read more of this story at Slashdot.

Crypto Update: Bitcoin Blows Through $7000 but Altcoins Still Lag Behind

The relief rally in the cryptocurrency segment continued in earnest today, as Bitcoin still lead the way higher posting its best daily performance since April. The most valuable coin stole the show, although the whole market blasted higher, with the total value of the coins getting close to $300 billion, up by around 20% in […]

The post Crypto Update: Bitcoin Blows Through $7000 but Altcoins Still Lag Behind appeared first on Hacked: Hacking Finance.

The State of Security: Taking the First Steps Down the Security Posture Path with AWWA

What does a human need to survive? Typically, the first two items are food and water followed by a place live. Most of us take for granted that our water supply is always safe and drinkable. As such a vital resource, one would think that the critical infrastructure that purifies and monitors water must be […]… Read More

The post Taking the First Steps Down the Security Posture Path with AWWA appeared first on The State of Security.



The State of Security

Taking the First Steps Down the Security Posture Path with AWWA

What does a human need to survive? Typically, the first two items are food and water followed by a place live. Most of us take for granted that our water supply is always safe and drinkable. As such a vital resource, one would think that the critical infrastructure that purifies and monitors water must be […]… Read More

The post Taking the First Steps Down the Security Posture Path with AWWA appeared first on The State of Security.

The State of Security: BSidesLV Preview: Your Taxes are Being Leaked

Even if you don’t store your tax data in financial software yourself, chances are your CPA or tax preparer does. Have you ever wondered what kind of software or security procedures your trusted advisor has in place to protect your name, address, W-2, tax filings, or Social Security Number? Better yet, have you audited them? […]… Read More

The post BSidesLV Preview: Your Taxes are Being Leaked appeared first on The State of Security.



The State of Security

BSidesLV Preview: Your Taxes are Being Leaked

Even if you don’t store your tax data in financial software yourself, chances are your CPA or tax preparer does. Have you ever wondered what kind of software or security procedures your trusted advisor has in place to protect your name, address, W-2, tax filings, or Social Security Number? Better yet, have you audited them? […]… Read More

The post BSidesLV Preview: Your Taxes are Being Leaked appeared first on The State of Security.

How ICOs Changed the Way Companies Are Built

With cryptocurrencies now becoming a household name, investors are starting to look into plays they can make that are more off the beaten path. The market for initial coin offerings (ICO) offers just that, albeit with a dash of risk that traditional initial public offerings (IPOs) do not offer.  Restrictions on Venture Capital If you […]

The post How ICOs Changed the Way Companies Are Built appeared first on Hacked: Hacking Finance.

Owning SAML – Anitian

anitian.com - Exploiting a SAML Implementation During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation o…


Tweeted by @ArbazKiraak https://twitter.com/ArbazKiraak/status/1019416274114207746

NSA and Cyber Command to coordinate actions to counter Russian election interference in 2018 amid absence of White House guidance

washingtonpost.com - The head of the nation’s largest electronic spy agency and the military’s cyberwarfare arm has directed the two organizations to coordinate actions to counter potential Russian interference in the 20…


Tweeted by @SouthPoint1000 https://twitter.com/SouthPoint1000/status/1019406045003726848

Google services suffer outage, taking down major websites and services, including Spotify and Snapchat – Cyberwar Liveuamap – cyber crimes, cyber attacks, informational warfare, desinformation – top technology stories and breaking IT news on live map – cyberwar.liveuamap.com

cyberwar.liveuamap.com - Google services suffer outage, taking down major websites and services, including Spotify and Snapchat Trump: "My administration has and will continue to move aggressively to repeal any efforts, and …


Tweeted by @Zero_Cult https://twitter.com/Zero_Cult/status/1019392452791324672

Alexandria Ocasio-Cortez and Bernie Sanders are Trying to Prove Their Case in Kansas

After defying the odds in the Bronx and Queens, Alexandria Ocasio-Cortez is hitting the road. In her first campaign trip to another congressional district since her June 26 primary victory, Ocasio-Cortez will join Bernie Sanders for rallies this Friday in …

Kansas?

Despite expectations that the Sunflower State is rigidly conservative, growing diversity and revulsion at the disastrous tenure of Gov. Sam Brownback has made Kansas a battleground in the fight for Democrats to win back the House. James Thompson, from the Koch brothers’ home district in Wichita, almost won a surprisingly close special election there last year. He’s running again, and Ocasio-Cortez and Sanders will promote him at one event on Friday.

The nearby 3rd Congressional District, which includes the Kansas side of Kansas City and its suburbs, sits atop Democratic target lists. The district was in Democratic hands as recently as 2010, and Hillary Clinton won it in 2016. Vice President Mike Pence was there last week, amid protests from LGBT activists, hosting a $1,000-a-plate fundraiser for endangered incumbent Rep. Kevin Yoder. A picture with Pence would set you back $5,400.

But Ocasio-Cortez and Sanders have more expansive aims than turning the 3rd blue. They want to prove their theory of the progressive case.

On Friday, they will rally for Brent Welder, a former labor lawyer running on a platform of “Medicare for All,” a $15 an hour minimum wage, tuition-free public college, and reducing big money’s influence in politics. “Brent can win, he can win,” Ocasio-Cortez said on The Dig, a podcast from Jacobin magazine. “And he can not only win his primary, but he can win in a red-to-blue district on a progressive vision. And I think that’s so exciting.”

Indeed, a February poll of the district gave Welder a 7-point lead against Yoder, with broad support for many of Welder’s ideas. “People say, ‘How can you win in Kansas on progressive policies?’” Welder told The Intercept in an interview. “I’ve learned that the only way to win in Kansas is on progressive policies.”

Through June, Welder has raised just shy of $700,000. A little more than a third comes from contributions under $200.

“People say, ‘How can you win in Kansas on progressive policies?’ I’ve learned that the only way to win in Kansas is on progressive policies.”

Kansas holds a special place in the hearts of progressives, and running and winning there on an unapologetic platform has long been a goal. The love affair goes back to “bleeding Kansas,” when abolitionists such as John Brown moved west to Kansas to do battle with slave owners in an effort to turn Kansas into a free state. The bloodshed there was a forerunner to the Civil War. Later, Democrats running as prairie populists dominated the state. Modern progressivism could be said to date to a speech delivered by Teddy Roosevelt in 1910 in Osawatomie, Kansas. Just over a century later, Barack Obama returned there at the height of the Occupy Wall Street protests to deliver his own version.

The 2005 book “What’s the Matter With Kansas? cemented the state’s proxy status.

Adam Green of the Progressive Change Campaign Committee put Welder’s race among the small group of seats they’ve focused on this year, like Kara Eastman in Nebraska and Katie Porter in California, where a progressive challenger defeated a moderate rival in the primary. PCCC members nationwide have given over $15,000 to Welder. “We want to prove this proposition, from Nebraska to Kansas to Orange County, that the way to attract votes is with a bold populist economic message,” Green said. “It’s not a liability, it’s an asset.”

That sentiment stands in contrast to Illinois Sen. Tammy Duckworth’s recent rebuffing of the appeal of democratic socialism outside of the coasts. “I don’t think that you can go too far to the left and still win the Midwest,” she told CNN. By boosting Welder, Sanders and Ocasio-Cortez hope to offer a rebuttal.

To make their case, however, they’ll have to get past EMILY’s List first. Last week, the group’s Super PAC Women Vote! dropped $400,000 on an ad to support Sharice Davids, a lesbian, Native American, amateur mixed martial arts fighter who was a fellow in the Obama administration. The ad plays on Davids’s MMA background: “She never backs down; not in the ring, not to the NRA, or Trump and the Republicans in Washington. … She’s fierce, she’s progressive, and she’s a fighter.”

“That’s a huge ad buy for this district,” said Chris Reeves, a Democratic National Committee member from Kansas City, who is staying neutral in the race. As of the end of June, Davids had only raised $299,000; the Women Vote! ad more than doubles her resources.

Both Welder and Davids are competing for a similar slice of the electorate, with the Super PAC narrowing the fundraising gap. A more moderate candidate could benefit from the split, like Tom Niermann, a teacher at the wealthiest private school in the area.

It sets up a dynamic similar to a recent congressional race in Pennsylvania, when a last-minute barrage of ads from Women Vote! carried Susan Wild, whose fundraising had been anemic, to victory over Sanders-backed Greg Edwards and Trump-supporting conservative district attorney John Morganelli. (Sanders and Ocasio-Cortez have company. “I unequivocally endorse Brent for Congress,” Edwards told The Intercept.)

Will outside money or outside energy play a deciding role in Kansas’s 3rd, or will the center exploit an opportunity?

Asked if he considers himself a democratic socialist like his supporters Ocasio-Cortez and Sanders, Welder said, “I call myself a Democrat, as I have my entire life.” Indeed, Welder, 37, has a familiar profile for a congressional hopeful. He was an organizer on the Kerry and Obama campaigns; his campaign graphics resemble the Obama logo and his slogan is “Yes We Kansas,” as seen in his first campaign ad.

Welder also worked in the House office of Pennsylvania Rep. Patrick Murphy, an Iraq War veteran who was instrumental in the repeal of “don’t ask, don’t tell.”

But Welder’s worldview was honed through a hardscrabble Iowa upbringing (his room as a child was in a basement closet) and his years as a lawyer and national field director for the Teamsters union, organizing on workplace safety and better wages. “Our government is completely corrupted by greedy billionaires and executives at giant corporations that do not care about the rest of us,” Welder said. “I’m not saying they hate us, but they don’t care as long as their profit margin ticks up one-tenth of 1 percent.”

He ties a rigged economic system to a rigged political system, where corporations break off a piece of their excess profits to bankroll politicians who grant them favorable rules to continue earning their fortunes.

It’s a vicious cycle that Welder was specifically tasked to stop. After Welder worked for Sanders during the 2016 presidential election campaign, Sanders nominated him to the Democratic National Platform Committee. He successfully passed an amendment encouraging a ban on corporate money in elections. Welder has followed that belief by rejecting corporate PAC dollars in his campaign, a stance taken up by presumed presidential candidates like Sen. Kirsten Gillibrand and over 140 other Democrats.

This lack of corporate cash hasn’t stopped Welder from earning the support of over 13,000 donors nationwide and an average online contribution of $30. Endorsements from Sanders and groups like Brand New Congress, Our Revolution, the Progressive Change Campaign Committee, and Justice Democrats have helped him build up a strong grassroots field team over the past year. The shoutout from Ocasio-Cortez brought a flood of volunteers and $50,000 in small-dollar donations in a week. By the end of June, he had more small-dollar donations and more cash on hand than any Democrat in the race.

Welder said his agenda, freed from the shackles of corporate money, seeks to tangibly improve people’s lives. “I want to make sure that every person has health care in America,” he said, expressing support for a single-payer “Medicare for All” system. His endorsement of a $15 an hour minimum wage would almost double the current level of $7.25 in Kansas, and he believes increased wages would cycle through the local economy, rather than “sending it to a Wall Street bank or offshore account.” And his pitch for debt-free college winks at his own experience: “My wife and I went to law school, and it wasn’t cheap. And we still haven’t paid the loans off.”

The populist pitch has brought in more than just Bernie acolytes. Jason Kander, former Missouri secretary of state, voting rights champion, resistance hero, and dark horse presidential prospect, endorsed Welder last December. He’s now running for mayor of Kansas City, Missouri, just on the other side of the district.

Though the district was almost evenly split between Clinton and Trump in 2016, Welder believes that the voters who will swing the election are yearning for a populist message. Though Clinton won the general election there, Sanders won the primary — one of only five Republican-held seats with that profile. “The swing voters are the people who voted for Obama twice and then Trump,” Welder said. “When you talk to them about raising wages and benefits and protecting pensions, they will vote for the Democratic Party.”

Brent-Welder-at-a-rally-in-2018-1531855636

Brent Welder, left, speaks with voters at a rally in Missouri in 2018.

Photo: Courtesy of Brent Welder campaign

 

When EMILY’s List first started looking at Kansas’s 3rd District, they found a candidate, a business executive named Andrea Ramsey. EMILY’s List endorsed her, and Ramsey was on the verge of coalescing national support, when she was forced out of the race over allegations of sexually harassing a junior staffer while in the corporate world and then firing him when he rejected her. (Ramsey, who denies the allegations, ended up endorsing Welder.)

Mike McCamon, a Ramsey adviser, jumped into the race with the this-is-not-a-joke campaign slogan “Leading from the Center – the Courage to Compromise.” But EMILY’s List supports pro-choice women, so they looked elsewhere for their candidate.

The organization turned to Davids, a 37-year-old woman with a compelling life story. A member of the Ho-Chunk Nation, Davids would join New Mexico’s Deb Haaland as the only Native American women ever to be elected to Congress. She would also be the first openly gay member of the Kansas delegation. Raised by a single mother and Army veteran, Davids graduated from Johnson County Community College (one of the nation’s best) and then law school at Cornell. She worked as an attorney on the Pine Ridge Indian Reservation in South Dakota and then as a White House fellow under Obama and during the transition to the Trump administration. EMILY’s List endorsed Davids in May.

In an interview, Davids noted that “at the time I got in, there was no woman in the race.” (Former bank executive Sylvia Williams announced in March.) “I was born into circumstances that until recently would not have been an indicator of running for Congress.”

While the district is less than 2 percent Native American, it is much more diverse than folks would think for Kansas. Wyandotte County, Kansas, where Kansas City is located, is the most urban county in the state, with a large African-American population and a growing Hispanic contingent that has moved there to work in nearby meatpacking plants. There’s a Mexican consulate in Kansas City. It also has a large Hmong and Croatian community.

Two-thirds of the Democratic primary vote comes from Johnson County, home to several affluent suburbs like Overland Park and Olathe. Public education is a point of pride there, and the decimation of Kansas’s education budget in favor of Sam Brownback’s tax cuts has triggered a significant backlash. The state Supreme Court has ruled repeatedly, including just a month ago, that Kansas’s low education spending violates the state Constitution. Republicans rebelled and reversed some of Brownback’s tax cuts to fund education before he left for the Trump administration.

“In Johnson County, they regret Brownback,” said Reeves, the DNC member. “It worked out bad for that area.” The district doesn’t have to be told about the effects of the Trump tax cuts; they lived through a state-level version of them.

Davids leads with the Trump tax cuts on her issues page, assailing it as a “corporate giveaway and a handout to the wealthiest 1 percent of Americans.” When asked if she would reverse them, Davids said, “That’s an interesting word, reverse. … I definitely feel like if we’re doing tax cuts, there’s a way to make sure the very wealthy are not the only people benefiting,” citing possible tax breaks for small businesses that provide health care to their employees.

The response was typical for a candidate with ideas that resonate on the left — including support for clean energy, voting rights, LGBT protections, and comprehensive immigration reform — while still keeping a toe in the technocratic center.

Davids told me that she would vote for a single-payer health care bill if it were presented to her, but added that it would take a while to get there and that increasing access and affordability were also important. She expressed support for a “K-14” concept of free community college (which Obama endorsed late in his presidency), citing her own experience, but not full debt-free or tuition-free college. She rightly called out how money in politics restricts “folks like myself who don’t come from a family with money,” with the perspective of a first-generation college student who had to work their way through school. And yet, she’s benefiting from a giant Super PAC buy. (The spending is done independently of her campaign.)

“Sharice has firsthand experience of the challenges that Kansas’s working families face every day,” said Julie McClain Downey of EMILY’s List about their endorsement. “EMILY’s List is proud to stand with Sharice and knows that with her diverse experience, unique perspective, and deep ties to her community that she can and will win.”

That last statement was a gentle prod at Welder, who only last year moved to the district, where his wife is from.

Davids downplayed the ad, citing EMILY’s List’s support as more important for granting legitimacy to a first-time candidate. “Lots of people know that EMILY’s List only endorses people who are working hard and can win their races,” she said. She added that they’ve given the campaign technical assistance.

Sharice Davids, a Democrat running for Congress in Kansas, talks to supporters at a July 4 event in Prairie Village. (Photo by David Weigel/The Washington Post via Getty Images)

Sharice Davids, right, a Democrat running for Congress in Kansas, talks to supporters at a July 4 event in Prairie Village.

Photo: David Weigel/The Washington Post/Getty Images

There’s been no primary polling, but based on fundraising and in-district engagement, insiders believe Davids, Welder, and Tom Niermann have the best chance, with McCamon and Williams (who got in the race late) and 2016 nominee Jay Sidie (who’s raised almost no money) further back.

Niermann teaches at the prestigious Pembroke Hills School, located in the “Country Club” section of Kansas City, on the Missouri side. Access to a network of movers and shakers with children at that school staked Niermann to a fundraising lead among Democrats through June. (Though 34.7 percent of Welder’s money comes from small donors; only 11.2 percent of Niermann’s money does. Factoring in the Super PAC spending, 11 percent of the money backing Davids comes from small donors.)

Niermann just released a powerful ad about having to teach his students about safety procedures during a mass shooting. It’s an example of how all candidates in the 3rd District race have shifted well to the left of Dennis Moore, the Blue Dog who once held this seat for six terms. But relative to Welder and Davids, Niermann is carving out a more moderate space. “He says I’m more moderate, that’s his thing,” said Chris Reeves, “making the argument that the progressives are too far to the left.” Niermann’s campaign didn’t respond to multiple requests to comment for this story.

“I don’t buy the idea that a certain kind of politics won’t work in the district. Voters don’t like people who are phony. They’ll disagree with you, but if they think you’re genuine, they will give you the benefit of the doubt.”

Welder balks at the idea that the district cannot support a progressive message. “I reject any notion that the way to win is with a center-right slant,” he said. “Other candidates against Yoder tried that; it doesn’t work.”

All involved have said that the Democratic Congressional Campaign Committee, after considering Andrea Ramsey’s candidacy before she dropped out, has largely steered clear of the race. Green credits the poll his organization conducted, showing Welder in front of Yoder, with keeping the DCCC on the sidelines.

Ocasio-Cortez’s entry into the race makes the fight more nakedly ideological. “I don’t buy the idea that a certain kind of politics won’t work in the district,” Reeves said. “Voters don’t like people who are phony. They’ll disagree with you, but if they think you’re genuine, they will give you the benefit of the doubt.”

The big money in the race is all with Yoder, the top recipient of payday lender money in all of Congress. He has in the past pretended to be a moderate but has voted with Trump 91.7 percent of the time. Yoder has far outraised his Democratic challengers; of the $2.7 million he’s raised, only $13,631 of it has come from individual donations under $200, and over half comes from corporate PACs.

But the Super PAC ad for Davids does add a big-money element to the primary, and big money has been one of the major flash points in the ongoing debate over the future of the Democratic Party. Welder is trying to combat the Super PAC with a small-dollar and volunteer army, but a skirmish among two candidates presenting as progressive could create the opening the more moderate Niermann needs. That outcome, say backers of Welder, would set Democrats back, as the volunteer network he has built needs to be galvanized to juice the turnout needed to turn the seat blue. If money and moderation were enough to do it, the seat would have been taken back by now, they argue.

It would also deprive the insurgent movement the opportunity to prove the case being made by progressive leaders and writers that a bold agenda can play in a swing seat. And the stakes are high. “We’re gonna prove to everyone in the country that bold progressive stances are not just good policy, will not just help people, but it is the way to win, even in Kansas,” Welder said during an interview with the Young Turks, which has been promoting his campaign. “We’ll be able to point to my race and say, ‘This is how we can win in any district in the entire country.'”

Top photos: Sen. Bernie Sanders, left, is interviewed during the South by Southwest Conference in Austin, Texas, in 2018; Alexandria Ocasio-Cortez, right, campaigning in the Bronx, New York, in 2018.

The post Alexandria Ocasio-Cortez and Bernie Sanders are Trying to Prove Their Case in Kansas appeared first on The Intercept.

Egypt’s New Law Targets Social Media, Journalists For ‘Fake News’

Egypt's parliament passed a law Monday giving the state powers to block social media users and penalize journalists for publishing fake news. "Under the law passed on Monday social media accounts and blogs with more than 5,000 followers on sites such as Twitter and Facebook will be treated as media outlets, which makes them subject to prosecution for publishing false news or incitement to break the law," reports Reuters. From the report: The Supreme Council for the Administration of the Media, headed by an official appointed by President Abdel Fattah al-Sisi, will supervise the law and take action against violations. The bill prohibits the establishment of websites without obtaining a license from the Supreme Council and allows it to suspend or block existing websites, or impose fines on editors. The law, which takes effect after it is ratified by Sisi, also states that journalists can only film in places that are not prohibited, but does not explain further. Supporters of Sisi say the law is intended to safeguard freedom of expression and it was approved after consultations with judicial experts and journalists. But critics say it will give legal basis to measures the government has been taking to crack down on dissent and extend its control over social media.

Read more of this story at Slashdot.

Amazon’s Website Crashed Within Minutes of Prime Day Sale





The e-commerce giant Amazon stated its 36-hour sales holiday, Prime Day, with technical glitches on both its website as well as on app.

The users were unable to login to the site as well as an app, once if they logged in successfully, it showed them dog images, or in some cases, there was a link that just keeps users redirecting to the same page, and stating that "Sorry something went wrong on our end."

According to a web trouble monitors DownDetector.com, shoppers started facing trouble just immediately after Prime Day officially began at 3PM Eastern Time.


Initially, it wasn't clear how widespread the problem was. The DownDetector team clarified that outage is restricted to the US, mostly affecting large parts of California and the New York.  Some of the users were reportedly seeing the “dogs of Amazon” notification, while others complained that the Prime Day discount price wasn’t reflected. For some, clicking anywhere redirected them to the same page. And for some, there was no trouble.

Users vented their frustration on Amazon's Facebook as well as on their Twitter accounts.
“Way to go, Amazon.com. People might actually buy prime day stuff if your site wouldn’t crash. Great planning. Can’t get the app to load at all,” Jessica Henning, a user wrote on Amazon’s Facebook page.

Amazon spokesperson responded to the queries by the BleepingComputer team regarding the outages, “Some customers are having difficulty shopping, and we’re working to resolve this issue quickly. Many are shopping successfully – in the first hour of Prime Day in the U.S., customers have ordered more items compared to the first hour last year. There are hundreds of thousands of deals to come and more than 34 hours to shop Prime Day.”



Risky Biz Soap Box: Cylance: Driving machine learning model development with threat research

There’s no weekly show this week, I’m on a beach somewhere tropical right now and I prepared this one so we’d have something to run while I’m away. The Soap Box is one of our wholly sponsored podcasts here at Risky Biz HQ – vendors pay to come on to talk about what’s on their mind.

And this week we’ve got Cylance’s very own Chris Sestito joining us. He heads threat research for Cylance, the AV company.

Cylance is a relatively new company – they’ve been around about six years now – and regular listeners would have heard me credit them for almost singlehandedly shaking up the AV industry.

They built a machine learning model for detecting malware that was effective enough to actually challenge the incumbents, who until then, had a stranglehold on the market. Cylance’s fortunes rose further when it played an instrumental part in detecting and cleaning up malware used against the US office of personnel management, or OPM.

That was a big moment, because from there it seemed like all of a sudden EVERYONE was a machine learning company. I’m sure a lot of people listening to this podcast are so sick to death of hearing pitches from vendors about machine learning.

But the thing is, Cylance was built on machine learning and they are still 100%, 24-carat true believers. Chris Sestito joined me to talk about driving machine learning model development with threat research, dodgy machine learning marketing and more.

Rolls-Royce Is Developing Tiny ‘Cockroach’ Robots To Fix Airplane Engines

Rolls-Royce announced today that it is teaming up with robotics experts at Harvard University and University of Nottingham to develop tiny "cockroach" robots that can crawl inside aircraft engines to spot and fix problems. These robots will be able to speed up inspections and eliminate the need to remove an engine from an aircraft for repair work to take place. CNBC reports: Sebastian de Rivaz, a research fellow at Harvard Institute, said the inspiration for their design came from the cockroach and that the robotic bugs had been in development for eight years. He added that the next step was to mount cameras on the robots and scale them down to a 15-milimeter size. De Rivaz said that once the robots had performed their duty they could be programed to leave the engine or could simply be "flushed out" by the engine itself. Also under development are "snake" robots that are flexible enough to travel through an engine like an endoscope. These would enter through a combustion chamber and would inspect damage and remove any debris. The second "snake" would deposit a patch repair that would sit temporarily until the engine was ready for full repair. No schedule is placed on when the crawling robots will be available. You can view animations of each robot type here.

Read more of this story at Slashdot.

Packet Storm: Ubuntu Security Notice USN-3717-2

Ubuntu Security Notice 3717-2 - USN-3717-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. Various other issues were also addressed.

Packet Storm

Ubuntu Security Notice USN-3717-2

Ubuntu Security Notice 3717-2 - USN-3717-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. Various other issues were also addressed.

Cyber warfare: Who is China hacking now?

cnn.com - In the dark world of cyber-espionage, the finger of blame has often been pointed at China. China has all along denied the allegations of state-sponsored hacking. But analysts say China's cyber operat…


Tweeted by @BoehlyE https://twitter.com/BoehlyE/status/1019364092006498310

CVE-2018-14378

An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur via an invalid or empty tif argument to TIFFWriteBufferSetup in tif_write.c, and it can be exploited (at a minimum) via the following high-level library API function: TIFFWriteTile.

CVE-2018-14375

An issue was discovered in LibTIFF 4.0.9. A buffer overflow vulnerability can occur via an invalid or empty tif argument to TIFFRGBAImageOK in tif_getimage.c, and it can be exploited (at a minimum) via the following high-level library API functions: TIFFReadRGBAImage, TIFFRGBAImageOK, and TIFFRGBAImageBegin.

CVE-2018-14374

An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur via an empty fmt argument to unixErrorHandler in tif_unix.c, and it can be exploited (at a minimum) via the following high-level library API functions: TIFFClientOpen, TIFFFdOpen, TIFFRawStripSize, TIFFCheckTile, TIFFComputeStrip, TIFFReadRawTile, TIFFUnRegisterCODEC, and TIFFWriteEncodedTile.

CVE-2018-14373

An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in tif_dirinfo.c, the structure tif is being dereferenced without first checking that the structure is not empty and has the requested fields (tif_foundfield). In the call sequences following from the affected library functions (TIFFVGetField, TIFFVGetFieldDefaulted, TIFFVStripSize, TIFFScanlineSize, TIFFTileSize, TIFFGetFieldDefaulted, and TIFFGetField), this sanitization of the tif structure is never being done and, hence, using them with an invalid or empty tif structure will trigger a buffer overflow, leading to a crash.

Debian Security Advisory 4248-1

Debian Linux Security Advisory 4248-1 - Multiple vulnerabilities have been discovered in various parsers of Blender, a 3D modeller/ renderer. Malformed .blend model files and malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code.

Be Careful What You Share on Venmo

For better or worse, Venmo will make all your transactions over the app public by default and even encourage you to write a blurb about them. However, that data can also expose personal details about yourself, according to a privacy researcher.

SN 672: All Up in Their Business

This week we look at even MORE, new, Spectre-related attacks, highlights from last Tuesday's monthly patch event, advances in GPS spoofing technology, GitHub's welcome help with security dependencies, Chrome's new (or forthcoming) "Site Isolation" feature, when hackers DO look behind the routers they commandeer, the consequences of deliberate BGP routing misbehavior... and reading between the lines of last Friday's DOJ indictment of the US 2016 election hacking by 12 Russian operatives -- the US appears to really have been "all up in their business."

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Bandwidth for Security Now is provided by CacheFly.

Sponsors:

Episode 104: Mueller’s Cyber Eye on the Russian Guys also Reaper Drone Docs Stolen

In this week’s episode of the podcast (#104): the Mueller indictment of 12 Russian GRU operatives for hacking the 2016 presidential election was a bombshell. It was also 30 pages long. We read it so you don’t have to and we’ll talk about the big take aways. Also: when researchers from Recorded Future saw an offer on a dark web...

Read the whole entry... »

Related Stories

Saudi Arabia Bans 47 Games In Response To Two Child Suicides

An anonymous reader quotes a report from IGN: Saudi Arabia is apparently banning 47 games in response to a pair of children committing suicide after allegedly being encouraged to do so while playing an online game. Per the Associated Press, the Saudi General Commission for Audio-Visual Media said yesterday that a 13-year-old girl and a 12-year-old boy have taken their own lives after playing a social media game known as Blue Whale. Also called the Blue Whale Challenge, the disturbing social media phenomenon is a form of extreme cyberbullying. It's not clear how the Saudi government believes this connects to more mainstream video games, but it nonetheless appears to have banned 47 popular indie and AAA games in response.The Saudi General Commission for Audio-Visual Media's website actually says the list of banned games was last updated on July 2, but the Associated Press' report claims the bans were just announced Monday.

Read more of this story at Slashdot.

Air Force Reserve

afreserve.com - Overview: The mission statement of the U.S. Air Force is to fly, fight and win...in air, space and cyberspace. The emerging 21st Century battleground is cyberspace; the computer networks and communic…


Tweeted by @AirForceReserve https://twitter.com/AirForceReserve/status/1019356092437016581

By targeting encrypted content, Australia threatens press freedom

Cellphones
Jole Aron

The Australian government is considering legislation that would endanger source protection, confidential reporting processes, and the privacy of everyone in an ill-conceived effort to grant law enforcement easier access to electronic communications.

Freedom of the Press Foundation has joined a group of digital rights organizations in calling for the Australian government to refrain from any effort to weaken access to encrypted communication services. “We strongly urge the government to commit to not only supporting, but investing in the development and use of encryption and other security tools and technologies that protect users and systems,” the open letter to Australian officials states.

While it has not yet introduced such legislation, the government has reiterated its intention of doing so consistently over the past year. In July 2017, Australian Prime Minister Turnbull and Attorney General George Brandis held a press conference at which they initially stated their intention to force communications companies to comply with law enforcement decryption efforts. Months later, the foreign minister said legislation intending to work with communication providers to stop terrorism was imminent.

It’s unclear what this legislation will look like, but communication companies or device makers could face significant government fines if they refuse to assist law enforcement with accessing users’ data. This could apply not only to Australian telecommunications companies like Telstra and Optus, but also to huge, internationally-based tech companies like Facebook and Apple.

If companies have the ability to decrypt their users’ data and hold their private encryption keys, those companies could be forced to provide confidential communications anytime the government deems access necessary. Taylor has claimed there will be no requirements for companies to build “backdoors” into their products for law enforcement, but the alternative to undermining encryption itself is to target physical devices.

This is one of the fears of Nathan White, Senior Legislative Manager at Access Now. He is concerned that rather than compelling WhatsApp or Gmail to provide access to encrypted content, the legislation will force device manufacturers to push targeted malware to the devices of people who are the subject of investigations.

Regular software updates are critical to the security and privacy, because they often fix vulnerabilities and introduce new protections. Laws that could force a company like Apple to target a user’s device with malware would eradicate trust between device makers and their users in software updates. The government could hypothetically demand malware to be sent to the devices of journalists, sources, or activists, and use confidential communications acquired through targeted malware to prosecute or investigative them.

Australian Attorney General George Brandis called encryption “potentially the greatest degradation of intelligence and law enforcement capability” in a lifetime. He has indicated that the new laws would be akin to the United Kingdom’s Investigatory Powers Act, and would grant the government the ability to force companies to comply with investigations.

It’s a chilling comparison to make. The Investigatory Powers Act is one of the world’s most Orwellian and sweeping surveillance laws, which authorizes the blanket collection, monitoring, retention of citizens’ communications and online activity.

Australia is also part of the powerful “Five Eyes” intelligence alliance that includes the United Kingdom, United States, New Zealand, and France. The adoption of laws that use broad “terrorism” claims to justify weakening of encryption or targeting of devices could open the door not only to similar legislation in other countries and even normalize international sharing of decrypted sensitive data. (Australia is also hosting a Five Eyes meeting in August, where these legislative efforts could be discussed.)

It’s unclear what this legislation will look like, or when it will be introduced, but the government’s efforts will be met with widespread opposition when it does so. Any laws that threaten software updates or encryption would threaten the privacy of everyone in Australia, and set a disturbing precedent for governments and intelligence agencies around the world.

Facebook defends itself against report it allowed hate speech for financial gain

Facebook has denied allegations by a by a U.K. news outlet that it gave preferential treatment to some pages that promote hate speech because of financial interest, saying that creating a safe environment for its users remains a top priority. The social media giant Tuesday defended itself against a TV report on Channel 4 in the United Kingdom...

Read the whole entry... »

Related Stories

The Value of Online Malware Collections

resources.infosecinstitute.com - One of the biggest security threats to a modern business is a malware outbreak. The risk of its occurrence is fairly high, thanks to the prevalence of malware-spam campaigns and easy propagation via …


Tweeted by @LotusProfession https://twitter.com/LotusProfession/status/1019354498655911937

Not all FAANG stocks are created equal

What truly separates this group is earnings growth: It's no longer similar. Netflix and Amazon have far outperformed the rest of the FAANG names this year because their earnings growth expectations have been much higher.

Debian: DSA-4248-1: blender security update

LinuxSecurity.com: Multiple vulnerabilities have been discovered in various parsers of Blender, a 3D modeller/ renderer. Malformed .blend model files and malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code.

Cyber warfare training center in NYC

fox5ny.com - NEW YORK (FOX5NY.COM) - You won't find any elliptical machines at Cybergym. However, heavy lifting is being done by good guys doing bad things for a good reason. Governments and companies can come he…


Tweeted by @CSFI_DCOE https://twitter.com/CSFI_DCOE/status/1019349353696301057

Health Insurers Are Vacuuming Up Details About You — And It Could Raise Your Rates

schwit1 shares an excerpt from an in-depth report via ProPublica and NPR, which have been investigating for the past year the various tactics the health insurance industry uses to maximize its profits: A future in which everything you do -- the things you buy, the food you eat, the time you spend watching TV -- may help determine how much you pay for health insurance. With little public scrutiny, the health insurance industry has joined forces with data brokers to vacuum up personal details about hundreds of millions of Americans, including, odds are, many readers of this story. The companies are tracking your race, education level, TV habits, marital status, net worth. They're collecting what you post on social media, whether you're behind on your bills, what you order online. Then they feed this information into complicated computer algorithms that spit out predictions about how much your health care could cost them. Patient advocates warn that using unverified, error-prone "lifestyle" data to make medical assumptions could lead insurers to improperly price plans -- for instance raising rates based on false information -- or discriminate against anyone tagged as high cost. And, they say, the use of the data raises thorny questions that should be debated publicly, such as: Should a person's rates be raised because algorithms say they are more likely to run up medical bills? Such questions would be moot in Europe, where a strict law took effect in May that bans trading in personal data.

Read more of this story at Slashdot.

Oracle Releases July 2018 Security Bulletin

Original release date: July 17, 2018

Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Oracle July 2018 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Telefonica Data Breach

In response to the news that Telefonica has suffered a data breach which exposed the details of millions of Spanish users, Rob Shapland, IT security experts commented below.

Rob Shapland, Principle Cyber Security Consultant at Falanx Group: 

“Telefonica will need to assess the scope of the breach in order to understand how it impacts GDPR. Has the breach been exploited and the information stolen by hackers? If so, they will certainly need to inform the GDPR supervisory authority, and very likely each of the affected customers. They could then be liable to fines of up to €20 million or 4% of their global turnover (their turnover is $53 billion, so potentially over €2 billion in fines though that is highly unlikely).

Flaws like this are quite common in websites. It does imply that the website has not been tested against industry best practice as the flaw that was exploited should be easily discovered during penetration testing. It could also be that Telefonica made changes to the system without running additional checks, which then introduced the vulnerability.

Customers who have been affected should update their password on Telefonica’s systems (and any other websites that same password was used), just in case passwords were exposed, though there is no evidence of this at this stage. It would also be prudent for customers to update their security questions on any key websites such as online banking, in case the personal info that was stolen could be used to answer these questions.”

Ryan Wilk, Vice President at NuData Security:

“This sort of data exposure is why so many organisations who transact with customers online – from the banking and finance sector to eCom and major retailers – are layering in advanced security solutions, such as passive biometrics and behavioural analytics. In doing so, they’re shifting from “let’s make our company a bunker for everyone” to “let’s leave the bunker for risky users only.”  They do so by using technology that doesn’t rely on data that could have been exposed in a breach, thus preventing post-breach damage.

“For years now, many top merchants and financial institutions have incorporated passive and active biometrics and behavioural analytics to verify customer identities online. By analysing hundreds of indicators derived from the user’s online behaviour, companies don’t have to rely on passwords, payment data, and other leaked information to make an authentication decision. Removing the organisation’s reliance on ‘things users know’, companies are far less vulnerable to the data exposed by leaks and breaches.

“Passive biometric technology cannot be mimicked by hackers, and helps break the chain of perpetual fraud that grows whenever customer data is breached and stolen.”

The ISBuzz Post: This Post Telefonica Data Breach appeared first on Information Security Buzz.

NHS At 70 And The Role Of Cybersecurity

The UK’s National Health Service is celebrating its 70th anniversary this year. To coincide with this, the UK government has made a big financial commitment to the service’s future. The NHS annual budget of £114 billion will rise by 3.4 percent a year.

Technology is one of the four main pillars to be covered in a new 10-year plan that’s supported by this new funding. But, as the service was seriously disrupted by cyber-attacks only a year ago, there is clearly a need to consider cybersecurity as part of any future investment in new technology.

The challenge of protecting NHS from cyber-attacks is complicated by its vast size and complexity. In England alone, the NHS is the largest public-sector employer with over 1.4 million staff. Medical services are accessed and delivered through a network of close to 500 hospitals and over 3,500 GP surgeries dotted across the UK. Despite the ‘national’ in its name, NHS reforms have meant the service is run on a very regionalised basis with local budgets and budget decision-makers, making it difficult for the NHS to coordinate a response to prevent or recover from a cyber-attack.

At the same time, the service has a chequered history of digitisation. For many years, there have been plans and targets to modernise how the NHS collects and shares patient information digitally. While progress has been difficult, the NHS is committed to digitisation where it can deliver better medical outcomes and patient experience.

Cybersecurity has a positive role in how it can facilitate the use of digital technologies across the NHS. It also can improve trust in how the NHS uses and shares data, especially critical when many patients and patient groups have expressed serious opposition to projects in this field in the past. However, cybersecurity for cybersecurity’s sake isn’t appropriate when what’s of prime importance to the NHS is that patient services are never interrupted by another cyber-attack.

The great lesson of the WannaCry incident wasn’t how the ransomware caused problems but because NHS IT teams didn’t know the extent of the threat and had to turn off IT systems. There was no operational crisis management in place in the event of an attack, with the outcome being that no individual, region or even central government body knew the extent or level of attack impact. It was this lack of clarity and certainty that meant a shutdown was the only option, which was what then directly disrupted medical services on an alarmingly wide scale.

A clear goal of the 10-year plan will be how technology helps deliver excellent medical services and outcomes for patients. Cybersecurity must serve this end but must not get in the way. 

As WannaCry demonstrated, greater visibility of threats and vulnerabilities is key but not if it simply hands a small and overstretched team of NHS IT specialists an even longer to do list. There is great expertise and skill within the NHS, but the reality is the service cannot retain enough staff with top cybersecurity skills when it has rigid pay structures and competes with the private sector which can pay much more.

So, NHS IT teams are desperate for practical support that will help direct priorities, as well as technology that can automate much of the workload of mitigating vulnerabilities effectively. The answer is threat and vulnerability management solutions that use current threat intelligence to cut through the noise of vulnerabilities – which in large, complex networks can range in the millions – and more accurately prioritise remediation.

A threat-centric vulnerability management approach focuses action on the small subset of vulnerabilities most likely to be used in an attack – and often, those vulnerabilities are not the most obvious ones.

The solution must also have at its core the ability to consider network context, which comes from being able to model the entire hybrid network, including the security controls in place. This is key in situations where patching may not be an option, or when the team needs to consider more expedient, cost-effective or lower risk options, depending on the environment. This may include relying on existing security controls such as IPS signatures, changing firewall or security tags and adjusting configurations. The threat-centric approach not only has the greatest impact on risk reduction, it increases the efficiency and effectiveness of vulnerability management teams.

How this might be applied in NHS as digitisation is rolled out more widely? Empower NHS IT teams with technology that breaks down data silos by merging together all the information about the network into a single repository of truth, including assets, network topology, existing security controls, vulnerabilities and threats. This provides the foundation of network visibility and context that’s needed to identify and assess risks and security priorities clearly and – more importantly – efficiently address them without interrupting medical care or placing additional burden on the limited NHS IT resources.

Peter Batchelor
Peter Batchelor, Public Sector Technology Specialist and Director at Skybox Security

Peter Batchelor Web Site

The ISBuzz Post: This Post NHS At 70 And The Role Of Cybersecurity appeared first on Information Security Buzz.

Walmart Teams Up With Microsoft To Fight Amazon, Netflix

Slashdot readers hyperclocker and Hallux-F-Sinister have shared news about Walmart's new strategy to take on Amazon. In a nutshell, Walmart will use more of Microsoft's cloud services and work with the company on AI and machine learning projects. The goal is to reduce its energy consumption and improve its delivery systems. Hyperclocker shares an excerpt from a report: Today, Walmart announced that it has established a strategic partnership with Microsoft to, "further accelerate Walmart's digital transformation in retail, empower its associates worldwide and make shopping faster and easier for millions of customers around the world." What that means in reality is, Walmart is embracing Microsoft's cloud services and will run its digital operations by taking full advantage of Microsoft Azure and Office 365. The partnership agreement lasts for five years and starts with a team of Walmart and Microsoft engineers working together to transition the retailer to Microsoft's ecosystem. Hallux-F-Sinister provides some commentary: According to CNN Money, Walmart and Microsoft are ganging up on Amazon.com. I found myself wondering if this was more like Lex Luthor teaming up with the Joker to fight Sinestro, or Bruce Wayne letting Tony Stark use the Bat Computer to fight against the thing Richard Pryor's character designed in whichever godawful nineteen eighties-era Superman sequel he was in. The story itself would bore an accountant to tears, I am convinced, so I did not dare read it for fear of being rendered insensate; but here is the URL if you find you are in desperate need of sleep. Perhaps this other bit of news will wake you up: Walmart is also contemplating starting its own streaming service to compete with Amazon and Netflix. According to GeekWire, citing The Information, "Walmart is considering various ways to stand out, including undercutting Amazon and Netflix on price or offering an ad-supported free service."

Read more of this story at Slashdot.

AI Will Create As Many Jobs As It Displaces

Today PWC published a report which stated that AI will create as many jobs as it displaces by boosting economic growth. In response to the release of this report, Matt Walmsley, EMEA Director at Vectra – a company that automates the hunt for cyber threats by using AI – has provided commentary on how AI is helping to create new cybersecurity jobs.

Matt Walmsley, EMEA Director at Vectra:

“AI is already changing the workplace, and in some areas creating new work opportunities. For example, in the uniquely adversarial world of cybersecurity, we’re seeing that AI is addressing a significant professional skills and resource gap and is reducing the barrier to entry to the cybersecurity profession. Here AI is being used to combat cybersecurity threats by analysing digital communications in real time and spotting the hidden signals to identify attacker behaviour. A task that is simply beyond the scale and speed of humans alone. And when you are able to quickly identify and stop cyberattacks before they’re able to wreak havoc, you dramatically reduce business risk.

We are seeing enterprises actively deploying AI platforms to support junior staff in front-line cybersecurity operations roles. In some cases, even utilising graduate program interns. AI helps these less technically experienced, but still savvy staff, to teach on the job and augment them with intelligent supporting technology. These are people who traditionally would be unable to take on these positions without significant further education, professional development, and substantial experience. This enables them to quickly ramp up to being productive members of the cybersecurity team by using AI to empower them.”

The ISBuzz Post: This Post AI Will Create As Many Jobs As It Displaces appeared first on Information Security Buzz.

EU and Japan Agree on Reciprocal Adequacy

On July 17, 2018, the European Union and Japan successfully concluded negotiations on a reciprocal finding of an adequate level of data protection, thereby agreeing to recognize each other’s data protection systems as “equivalent.” This will allow personal data to flow safely between the EU and Japan, without being subject to any further safeguards or authorizations. 

This is the first time that the EU and a third country have agreed on a reciprocal recognition of the adequate level of data protection. So far, the EU has adopted only unilateral adequacy decisions with 12 other countries—namely, Andorra, Argentina, and Canadian organizations subject to PIPEDA, the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the United States (EU-U.S. Privacy Shield)—which allow personal data to flow safely from the EU to these countries.

Background

On January 10, 2017, the European Commission (“the Commission”) published a communication addressed to the European Parliament and European Council on Exchanging and Protecting Personal Data in a Globalized World. As announced in this communication, the Commission launched discussions on possible adequacy decisions with “key trading partners,” starting with Japan and South Korea in 2017.

The discussions with Japan were facilitated by the amendments made to the Japanese Act on the Protection of Personal Information (Act No. 57 of 2003) that came into force on May 30, 2017. These amendments have modernized Japan’s data protection legislation and increased convergence with the European data protection system.

Key parts of the adequacy finding

Once adopted, the adequacy finding will cover personal data exchanged for commercial purposes between EU and Japanese businesses, as well as personal data exchanged for law enforcement purposes between EU and Japanese authorities, ensuring that in all such exchanges a high level of data protection is applied.

This adequacy finding was decided based on a series of additional safeguards that Japan will apply to EU citizens’ personal data when transferred to their country, including the following measures:

  • expanding the definition of sensitive data;
  • facilitating the exercise of individuals’ rights of access to and rectification of their personal data;
  • increasing the level of protection for onward data transfers of EU data from Japan to a third country; and
  • establishing a complaint-handling mechanism, under the supervision of the Japanese data protection authority (the Personal Information Protection Commission), to investigate and resolve complaints from Europeans regarding access to their data by Japanese public authorities.

Next steps

The EU and Japan will launch their respective internal procedures for the adoption of the adequacy finding. The Commission is planning on adopting its adequacy decision in fall 2018, following the usual procedure for adopting EU adequacy decisions. This involves (1) the approval of the draft adequacy decision by the College of EU Commissioners; (2) obtaining an opinion from EU Data Protection Authorities within the European Data Protection Board, (3) completing by a comitology procedure, requiring the European Commission to obtain the green light from a committee composed of representatives of EU Member States; and (4) updating the European Parliament Committee on Civil Liberties, Justice and Home Affairs. Once adopted, this will be the first adequacy decision under the EU General Data Protection Regulation.

View the Commission’s full press release and Q&As on the Japan adequacy decision.

GOP Congressman Introduces Bill To Reinstate Net Neutrality Rules

Rep. Mike Coffman (R-CO) today announced his support for a bill that would institute the basic outlines of the FCC's 2015 Open Internet order, which banned the throttling and blocking of content as well as harmful paid prioritization practices. He is also the first Republican to sign on to the Democrat-led discharge petition, which aims to force a vote on the House floor to roll back the FCC's December decision to repeal net neutrality. The Verge reports: The 21st Century Internet Act aims to restructure the current framework by which the internet has been governed since the '90s. Coffman's bill moves past this argument by amending the 1934 Telecommunications Act and adding the new Title VIII. This new classification would "permanently codify into law the 'four corners' of net neutrality" by banning providers from controlling traffic quality and speed and forbidding them from participating in paid prioritization programs or charging access fees from edge providers. On top of providing stable ground for net neutrality rules to be upheld in the future, the legislation also makes it illegal for providers to participate in "unfair or deceptive acts or practices." It directs the FCC to investigate claims of anticompetitive behavior on behalf of consumers after receiving their complaints. Transparency requirements are heightened for providers as well, as companies must publicly disclose information regarding their network practices to allow consumers to "make informed choices regarding use of such services."

Read more of this story at Slashdot.

Democratic socialism can succeed in the Midwest – by any other name

After 28-year-old socialist Alexandria Ocasio-Cortez pulled off a stunning upset in New York's 14th Congressional District, Illinois senator Tammy Duckworth told CNN that Ocasio-Cortez's brand of socialism might be the future of the party in the Bronx but not in the Midwest. Eric Levitz, politics writer at New York Magazine's Daily Intelligencer says she's absolutely wrong.

Six Things your Enterprise Needs to Learn from the DNC Hacking Indictment

All politics aside, the United States Department of Justice on Friday unsealed a judicial indictment against a number of individuals alleged to be from Russia’s intelligence services engaged in activities in 2016.

Stepping outside of the context of this party or that party, and politics as a whole – McAfee’s CTO, Steve Grobman noted, “Attribution is amongst the most complex aspects of cyberwar and the US government is in a unique position to make this attribution assessment.  Technical forensics combined with information from trusted intelligence or law enforcement agencies are needed to provide confidence behind identifying actors in an attack or campaign.  These indictments clearly show the US has reason to believe Russia interfered with the election process. “

The level of technical detail also offers practical insight for aspects of organizations’ readiness to react to the threat environment.

1) Nation State Activity is Real

At McAfee, we operate our own Advanced Threat Research.  We employ many professionals whose entire job it is to find ways to break things, to learn how others have already broken things, and to make decisions on the level of risk it represents to our customers and future customers.  Our hope is that our activity is both non-disruptive, ethically conducted, and consistent with our corporate values and our commitments to our customers.  In today’s threat environment, countries throughout the globe are investing in the cyber capabilities to practice intelligence, deception, counter intelligence, and in the past few years, we have documented the crossover from the cyber capability into kinetic effects.

While matters of one service’s actions versus another’s being perceived as “good” or “bad”, a matter of “criminal conspiracy” or “policy” involves many factors and points of view, as a profession it is critical that we recognize this rapidly growing reality for the fact that it is.

This judicial action is another breadcrumb reminding us as enterprise leaders that sophisticated adversaries need resources to act, especially those enterprises involved in services to organizations of public importance.  Organizations should evaluate their customer base, and the services that they provide for relative risks.  Risk has upside opportunity (“Revenue”) but should also prompt questions internally as to whether an organization or subset requires advanced security controls, or more proactive threat detection and resistance measures.

2) Geo-Location is Practically Irrelevant

For many professionals engaged in the early days of information security, we could leverage aspects of connection metadata to make snap judgements about the trustworthiness of requests.  The days of first-jump relays to command and control servers going to a given country’s public IP space or a two- letter country-associated domain are mostly over.

Instead, the organization needs to transition, looking more directly at the behavior of not just users, but of systems, and the access of resources.  At McAfee, we have evolved our own offerings in this space to establish McAfee Behavioral Analytics to discern elevated risks that break established patterns and to put advanced tools like McAfee Investigator in the hands of threat hunters.

Whether using our products or not, today’s enterprise needs to rely on security behaviors that do not look for traditional geographic or demographic identifiers as a means of making a strong determination of trust for access and/or threat identification.

When it comes to identify mis-use, where multi-factor authentication is possible, it should be implemented, with a decreased emphasis on means which are easily open to interception by opponents (like SMS based message codes).  Yubikey, TOTP based generators, and interactive application confirmation by providers like Duo Security are all effective measures to make it more difficult to apply credentials intercepted or cajoled from end users by other means.

3) URL Shorteners can be a Risk Indicator

While for many organizations – especially in the realm of social media analytics – the use of URL shorteners has enabled short-format messaging with business intelligence potential, they are often a means to obscure potentially malicious targets.  The indictment released by the United States Department of Justice highlights the continuing threat that the combination of URL Shortening and the user-focused technique of Spear Phishing continue to present as a means to attack the enterprise.

Aside from education campaigns to help users distinguish legitimate links and to help them become more sensitive to the risk, the organization can also consider web access methods for greater control and recognition of potential threats.

Systems like User Entity Behavioral Analytics (UEBA) can identify outlier websites not otherwise accessed at the organization and the presence or use of unknown URL shorteners can itself be a risk indicator.  The security operations team may want to look at the identification/risk management of certain URL shorteners over time to aid in determining which become commonly seen in the wild in the organization’s recent incidents, and thus could or should be managed in email and web access hygiene.

4) Vulnerability Management is a Key Risk Mitigation

I’ve never known a security professional who skips into the office with their coffee and announces, “I love patching servers.”  Never.  As experienced security leaders, we know how hard it can be to manage the impact to production systems, to identify system owners, to work together to maintain a cadence of patching.  Sometimes, even just the heterogeneous nature of the modern operating environment can be its own challenge!

The alleged activity of the identified conspirators reminds us how critical the public attack surface remains in protecting the enterprise as a whole.  Try as we might, each of our public infrastructure will maintain a footprint.  We “leak” details of our enterprise systems as a necessary byproduct of creating the ability for those systems to technically operate.  DNS Records.  Public IP block ownership.  Routing advertisements.  Job listings.  Employee CVs.  Employee social media profiles.

Vulnerability management requires an organization to think about more than patching.  Your organization’s threat surface has to be considered in a broader sense to manage holistic threat consideration and remediation.  The organization can also use public models as a means to check the organization’s readiness to defend against new vulnerabilities ahead of patching or other long-term remediation.

5) Response Threat Hunting is Hard – Trust Nothing

Despite the best efforts of technical security teams, sometimes intelligence and cues are missed.  The reality is that sophisticated adversaries have sophisticated skills and multiple means to stay engaged.  They also have reason and/or desire to hide from security teams.  As security professionals, we have to put personal ego and hubris aside.  Threat hunting in an incident is a time for humble approaches that recognize the adversaries are at or above our own skill level (and hope that is not the case).

In such a case, we go back to a few core fundamentals: we trust nothing.  We require validation for everything.  Each piece of intelligence goes into the picture, and through our tools to identify additional leads to pursue, and is evaluated for potential remediate actions made possible.  While we have talked at length prior about the cyber kill chain, a fundamental truth illustrated in today’s Department of Justice action is that where advanced activity occurs, the entire environment needs to be suspected and become zero trust.

Can you force each network flow to be validated for a time?  Can someone form the organization vouch for a piece of software or a specific node on the network?  Do your pre-work ahead of time to create the space so that when company brand is on the line, you can use maintenance windows, incident response policies, and similar corporate buffers to buy the “right” to shut down a segment, temporarily block a network flow and see what happens, etc.

6) Your organizational data is in the cloud. Your Incident Response needs to be, too.

The cloud was a key opportunity for the organizations compromised in these activities to continue to lose information.  Indications are that when the identity and initial incident was addressed “on premise”, the cloud systems were not connected to those changes.

Your organization has leveraged the advanced capability and time to market of the cloud.  Our recent survey of organizations worldwide indicates that the typical enterprise class organization has dozens of distinct providers hosting corporate data.  Just as your sensitive information may be stored in those providers, yet is part of your brand value and your delivery strategy, your response plans need to integrate intelligence from those providers – and to those providers – for investigation and mitigation.

Building unified visibility across cloud providers requires a deliberate approach and investment from the organizations.  Incident response procedures should include looking at cloud sources for activity from potential Indicators of Compromise, as well as an incident step of considering what actions are needed to manage the risk in cloud providers.

Your cloud is part of your holistic data and threat stance, it also needs to be part of your remediation and resilience plan.

Nation State Actors Remind us of the Fundamentals

The indictment released by the United States Department of Justice describes a multi-faceted effort that involved target research, user-focused phishing, exploiting vulnerable software, malware, and making use of the disconnect between on-premise and cloud management.

For literally years, McAfee has focused on a platform approach to security in our products.  We offer software with advancements like OpenDXL and an actively managed ecosystem of Security Innovation Alliance offerings.  We make these investments for the simple reason that in order to protect and adapt to continuing threats, your organization needs rapidly available, actionable intelligence.  Your organization’s approach to information security should return periodically to verify fundamental information sharing and basic controls, even as advanced capabilities are implemented.

 

The post Six Things your Enterprise Needs to Learn from the DNC Hacking Indictment appeared first on McAfee Blogs.

What is single sign-on? How SSO improves security and the user experience

Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you one on one designated platform, enabling you to then use a plethora of services without having to log in and out each time.

Market Update: U.S. Stocks Rise After Fed Chairman Testimony; Earnings in Focus

U.S. stocks rebounded Tuesday after Federal Reserve Chairman Jerome Powell told Congress that economic growth and inflation should keep the central bank on track to raise interest rates later this year. Stocks Rise All of Wall Street’s major indexes reported gains on Tuesday, with the Nasdaq Composite Index returning to record territory. The technology-focused average […]

The post Market Update: U.S. Stocks Rise After Fed Chairman Testimony; Earnings in Focus appeared first on Hacked: Hacking Finance.

Microsoft Is Making the Windows Command Line a Lot Better

An anonymous reader quotes a report from Ars Technica: Over the last few years, Microsoft has been working to improve the Windows console. Console windows now maximize properly, for example. In the olden days, hitting maximize would make the window taller but not wider. Today, the action will fill the whole screen, just like any other window. Especially motivated by the Windows subsystem for Linux, the console in Windows 10 supports 16 million colors and VT escape sequences, enabling much richer console output than has traditionally been possible on Windows. Microsoft is working to build a better console for Windows, one that we hope will open the door to the same flexibility and capabilities that Unix users have enjoyed for more than 40 years. The APIs seem to be in the latest Windows 10 Insider builds, though documentation is a little scarce for now. The command-line team is publishing a series of blog posts describing the history of the Windows command-line, and how the operating system's console works. The big reveal of the new API is coming soon, and with this, Windows should finally be able to have reliable, effective tabbed consoles, with emoji support, rich Unicode, and all the other things that the Windows console doesn't do... yet.

Read more of this story at Slashdot.

Search Msdn: Announcing .NET Core 2.1 | .NET Blog

We’re excited to announce the release of .NET Core 2.1. It includes improvements to performance, to the runtime and tools. It also includes a new way to deploy tools as NuGet packages. We’ve added a new primitive type called Span<T> that operates on data without allocations. There are many other ...

Search Msdn