feeling a lot of nervousness and excitement about what is happening
1239 stories
·
0 followers

CCleaner Hack May Have Been A State-Sponsored Attack On 18 Major Tech Companies

1 Comment

At the beginning of this week, reports emerged that Avast, owner of the popular CCleaner software, had been hacked. Initial investigations by security researchers at Cisco Talos discovered that the intruder not only compromised Avast's servers, but managed to embed both a backdoor and "a multi-stage malware payload" that rode on top of the installation of CCleaner. That infected software -- traditionally designed to help scrub PCs of cookies and other tracking software and malware -- was subsequently distributed by Avast to 700,000 customers (initially, that number was thought to be 2.27 million).

And while that's all notably terrible, it appears initial reports dramatically under-stated both the scope and the damage done by the hack. Initially, news reports and statements by Avast insisted that the hackers weren't able to "do any harm" because the second, multi-stage malware payload was never effectively delivered. But subsequent reports by both Avast and Cisco Talos researchers indicate this payload was effectively delivered -- with the express goal of gaining access to the servers and networks of at least 18 technology giants, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself.

Cisco's researchers say they obtained a copy of the hackers' command-and-control server from an unnamed source. That server contained detailed logs of the 700,000 or so computers that had "phoned home" to the hackers earlier this month. Subsequent investigation has concluded that the hackers didn't really care about most of the infected customers, and that this may have been a sophisticated state-sponsored attack specifically designed access and copy internal information and trade secrets from major tech firms:

"That target list presents a new wrinkle in the unfolding analysis of the CCleaner attack, one that shifts it from what might have otherwise been a run-of-the-mill mass cybercrime scheme to a potentially state-sponsored spying operation that cast a wide net, and then filtered it for specific tech-industry victims. Cisco and security firm Kaspersky have both pointed out that the malware element in the tainted version of CCleaner shares some code with a sophisticated hacking group known as Group 72, or Axiom, which security firm Novetta named a Chinese government operation in 2015."

One configuration file on the attackers' server was also set for China's time zone, though of course neither of these are enough solid evidence to definitively conclude state-sponsored involvement... yet. In an updated post to its website, Avast has been forced to concede that their initial claim that the second, multi-staged payload was never delivered was false, and that the total number of compromised machines at these targeted companies is "at least in the order of hundreds":

"First of all, analysis of the data from the CnC server has proven that this was an APT (Advanced Persistent Threat) programmed to deliver the 2nd stage payload to select users. Specifically, the server logs indicated 20 machines in a total of 8 organizations to which the 2nd stage payload was sent, but given that the logs were only collected for little over three days, the actual number of computers that received the 2nd stage payload was likely at least in the order of hundreds. This is a change from our previous statement, in which we said that to the best of our knowledge, the 2nd stage payload never delivered."

Cisco also warned impacted tech companies that deleting the software itself off of infected PCs is no guarantee that the threat has been mitigated, since the payload may have installed a second payload on their networks with its own, still-active command and control server. Like previous attacks of this type, the reported scope of the sophisticated attack is likely to only grow as researchers dig deeper.

As several outlets were quick to correctly note the attack on CCleaner highlights a supply-side security problem at a growing number of software companies like Ukrainian accounting software MeDoc and South Korea-based firm Netsarang, which both passed on malware to trusting clients in the last few months. Traditionally we've comforted ourselves by insisting we're safe if we just avoid untrusted app stores, dubious attachments, or questionable links -- but this attack further up the software supply chain erodes public trust, which could deter users from using or updating essential protection.



Permalink | Comments | Email This Story
Read the whole story
jsled
8 hours ago
reply
Wow.
South Burlington, Vermont
Share this story
Delete

Quick Takes: How Do You Buy a Vote to Repeal Obamacare?

1 Comment

* Things must not be looking good for passage of the Graham-Cassidy bill because Republicans are apparently trying to buy Sen. Murkowski’s vote with these additions:

1. Alaska (along with Hawaii) will continue to receive Obamacare’s premium tax credits while they are repealed for all other states. It appears this exemption will not affect Alaska receiving its state allotment under the new block grant in addition to the premium tax credits.

2. Delays implementation of the Medicaid per capita caps for Alaska and Hawaii for years in which the policy would reduce their funding below what they would have received in 2020 plus CPI-M [Consumer Price Index for Medical Care].

3. Provides for an increased federal Medicaid matching rate (FMAP) for both Alaska and Hawaii.”

* This pretty much nails what’s going on.

* If you’d like a comprehensive list of individuals/groups that have publicly stated their opposition to Graham-Cassidy, CAP Action has you covered.

* The idea that fake Russian Facebook pages deserve privacy has finally been tossed aside.

Facebook has decided to turn over to Congress copies of more than 3,000 online political advertisements bought through Russian accounts during the 2016 U.S. presidential campaign, reversing a decision that had frustrated Capitol Hill investigators, company officials said Thursday.

The company had previously shown some of the ads to investigators but taken back copies before they could be studied carefully, citing concerns over user privacy at the time. Facebook reversed that position Thursday amid rising complaints from Capitol Hill that the company was not cooperating fully with its investigation.

* It probably shouldn’t come as a surprise that David Horowitz would espouse white supremacist sentiments.

Suggesting that African Americans should be grateful that, after almost 250 years and a Civil War, we finally ended slavery is bad enough. But think for a moment about who Horowitz credits for the brilliance of Coates’ writing, which is what brought him a modicum of fame and fortune…white America.

Let’s add this one to the list, “You might be a white supremacist if you think white people deserve credit for the achievements of black people.”

* Finally, does anyone else remember the trepidation many of us felt as we waited for word on whether or not the Supreme Court would kill Obamacare? As we await a vote in the Senate on Graham-Cassidy next week, there’s a bit of deja vu. David Litt (whose book was reviewed here at the Washington Monthly) reminds us of how Obama handled it the first time.

Read the whole story
jsled
9 hours ago
reply
«If you want to know how great the Graham-Cassidy bill is for states, the bribe for Alaska is that THEY GET TO KEEP OBAMACARE!!

— Matt Fuller (@MEPFuller) September 21, 2017»
South Burlington, Vermont
Share this story
Delete

Who Is Telling the Truth About Pre-Existing Conditions?

1 Comment

Since the day that a Republican first uttered the words, “repeal and replace” in reference to Obamacare, the party has been promising to keep the regulation that prohibited insurance companies from charging higher premiums to those with pre-existing conditions. The reason is, of course, because that is one of the most popular provisions in Obamacare. Does Graham-Cassidy keep that promise?

Obviously Jimmy Kimmel’s segment the other night, in which he made it clear that the answer to that question is “no,” had an impact. Yesterday morning Trump tweeted this:

One of the authors of the bill, Sen. Lindsay Graham, followed up with this:

What most Americans will hear is that Kimmel said the Republican bill will not protect those with pre-existing conditions while both the president and the author of the bill say that it will. That is a classic case of bothsiderism—which means that people will believe whoever it is that they trust.

This is precisely why Trump and Republicans have worked so hard to discredit the media. It allows them to suggest that any fact-checks on their claims can simply be called #FakeNews. It is also why we are beginning to see personal attacks on Jimmy Kimmel. Anything that goes contrary to their claims must be discredited.

For those who are actually interested in the facts, there are people like Sarah Kliff who have explained how Graham-Cassidy neuters the current protections for those with pre-existing conditions. But the truth is a bit complicated and most people won’t be willing to dig that hard to find it.

This provides us with a perfect example of how our culture feeds political polarization. But in this one instance, we have an interesting check on that. Take a look at what a company that would be perceived as the beneficiary of a rollback of these regulations had to say.

The Blue Cross Blue Shield Association warned against a new GOP ObamaCare bill on Wednesday, saying it would “undermine” protections for pre-existing conditions.

“The bill contains provisions that would allow states to waive key consumer protections, as well as undermine safeguards for those with pre-existing medical conditions,” the association said in a statement.

The bill would allow states to repeal ObamaCare rules that prevent people with pre-existing conditions from being charged higher premiums.

When an insurance company says that Graham-Cassidy will undermine protections for people with pre-existing conditions, that’s pretty definitive. In other words, Republicans are lying.

Read the whole story
jsled
14 hours ago
reply
It is not a lie: Graham-Cassidy is bad news.
South Burlington, Vermont
Share this story
Delete

Disable Apple's "Find My Device" to Stop Hackers From Ransoming Your Mac or iPhone

1 Share

Hackers are using Apple’s “Find My” service to remotely hold devices for ransom, reports MacRumors. Multiple people have tweeted about stolen accounts in the past week. Two-factor authentication does not prevent the hack.

Read more...

Read the whole story
jsled
14 hours ago
reply
South Burlington, Vermont
Share this story
Delete

Trump Has Filled, Not Drained, the Swamp

1 Comment

There is no campaign promise that Donald Trump has failed to honor more flagrantly than his oft repeated pledge to “drain the swamp” in Washington, D.C. He has violated the letter of his promise and trampled all over its spirit. His supporters ought to be furious. But few perceive the scale of his betrayal or its brazenness.

Are they skeptics of the Russia investigation?

Forget the Russia investigation. Even if no wrongdoing is proved on that matter, the Trump Administration’s behavior would still be epically swampy. A list of examples is clarifying:

Corey Lewandowski, who worked as Trump’s campaign manager, moved to Washington, D.C., and started a Beltway lobbying firm, where he accepted lots of money from special interests that were trying to influence Trump. Meanwhile, The New York Times reported, “Established K Street firms were grabbing any Trump people they could find: Jim Murphy, Trump’s former political director, joined the lobbying giant BakerHostetler, while another firm, Fidelis Government Relations, struck up a partnership with Bill Smith, Mike Pence’s former chief of staff. All told, close to 20 ex-aides of Trump, friends, and hangers-on had made their way into Washington’s influence business.”

  1. Trump promised that he was putting his sons in charge of his business empire, telling Americans, “I hope at the end of eight years I’ll come back and say, ‘Oh you did a good job.’” But Forbes talked with Eric Trump, who revealed he’d be giving his father at least quarterly updates. And ProPublica discovered fine print in the legal arrangements that allows Trump to draw money from his 400 businesses “any time, without disclosing it,” a far cry from a prior statement by Trump’s lawyers that he was “completely isolating himself from his business interests.”
  2. At the same time, “the administration has not been shy about hiring individuals who were once registered as lobbyists with the federal government. Data provided to The Washington Post by the liberal PAC American Bridge details the extent to which former lobbyists have made their way into the administration. Twenty work for the executive office of the president itself, including four ‘super-lobbyists’—ones who represented at least 10 different companies or organizations before coming to work for the government. What’s more, of the 74 lobbyists identified … 49 now work for agencies they used to lobby.”
  3. “A major construction company owned by the Chinese government was hired to work on the latest Trump golf club development in Dubai,” the Sacramento Bee reports, “despite a pledge from Donald Trump that his family business would not engage in any transactions with foreign government entities while he serves as president.”
  4. Health and Human Services Secretary Tom Price is flying on private jets at taxpayer expense. He spent $60,000 in a single week. His predecessors flew commercial.
  5. The U.S. Coast Guard paid Mar-a-Lago, Trump’s exclusive Palm Beach resort, more than $1,000 for a two-night stay in a luxury room. “It is not clear whether the invoice stemmed from a one-time occurrence or represented one of many Mar-a-Lago rooms that have been booked at government expense for presidential aides or other officials since Trump took office,” The Washington Post reported. “Other agencies that likely have had regular presence at the club, such as the Secret Service, have declined to provide the Post information.”
  6. Trump is using money donated to the Republican National Committee to pay his personal lawyers.
  7. “As Trump and Chinese president Xi Jinping dined on Dover sole and New York strip steak earlier this month,” The Guardian reports, “thousands of miles away in China a government office quietly approved trademarks that could benefit the U.S. president’s family. On the day the president’s daughter Ivanka Trump met the Chinese leader, China granted preliminary approval for three new trademarks for her namesake brand, covering jewelry, bags, and spa service.”
  8. The Washington Post found “the State Department spent more than $15,000 to book 19 rooms at the new Trump hotel in Vancouver when members of President Trump’s family headlined the grand opening of the tower in late February. The hotel bookings—which were released under a Freedom of Information Act request—reflect the first evidence of State Department expenditures at a Trump-branded property since President Trump took office in January.”
  9. People with business before the federal government are paying for rooms in Trump’s D.C. hotel. Vanity Fair reports examples including “the prime minister of Malaysia, who is the focus of a Justice Department corruption probe; the Louisiana Association of Business and Industry that wants more offshore drilling; an association of candymakers seeking federal help in an enduring dispute with the U.S. sugar industry; and a trade group for vape-shop owners and e-cigarette makers.”
  10. Ivanka Trump, the president’s daughter and a White House adviser, retains a stake in that hotel and receives an income stream from it.
  11. As Politico reported, “In May, Jared Kushner’s sister Nicole Meyer pitched Chinese investors in Beijing on a Kushner development project in Jersey City, telling them that if they put at least $500,000 into the project they would be rewarded with EB-5 investor visas to immigrate to the United States. Kushner, whose role in the White House includes advising on China policy, stopped running his family’s company in January; but Meyer mentioned her brother by name at the Beijing event, reminding guests he was now serving in the White House and adding that the project ‘means a lot to me and my entire family.’”
  12. Despite a pledge to donate all profits from foreign entities to the U.S. Treasury to avoid conflicts of interest, Trump’s businesses now “say it would be ‘impractical,’ to require customers representing foreign nations to identify themselves,” Reuters reports, adding that “The Kuwaiti and Azerbaijani governments have already hosted events at the Trump International Hotel in Washington, D.C.”
  13. The BBC reports that “Philippines’ newest trade envoy to the United States is the same man who is building Trump Tower Manila. Like many of Trump’s branding projects, Mr Trump does not own the building himself, but licenses his name to the building in return for regular payments. Trump family members have previously promoted the project. The trade envoy/business partner reportedly flew to U.S. to hold a private meeting with Mr. Trump after the election.”
  14. According to ABC News, “Secretary Steven Mnuchin requested use of a government jet to take him and his wife on their honeymoon in Scotland, France, and Italy earlier this summer, sparking an inquiry by the Treasury Department's Office of Inspector General … Officials familiar with the matter said the highly unusual ask for a U.S. Air Force jet, which according to an Air Force spokesman could cost roughly $25,000 per hour to operate, was put in writing by the secretary’s office but was deemed unnecessary after further consideration.”
  15. Ousted former National Security Adviser “Michael Flynn informed the Trump administration that he was under investigation for secretly lobbying on behalf of Turkish interests—and the president decided to appoint him to one of the most powerful national security posts in the government, anyway,” New York Magazine recounted. “Flynn then used his short time in office to veto a plan for retaking the Islamic State’s de facto capital, despite the plan’s strong support from the Pentagon and Obama administration. The operation would have involved partnership with Syrian Kurdish forces—a prospect vehemently opposed by Turkey’s government.”
  16. Trump still hasn’t released his tax returns.

That list is highly incomplete. But already it is too much for the brain to take in all at once. Every item is a scandal in its own right. And an exhaustive list is all but impossible. To understand why, scroll through the Sunlight Foundation spreadsheet that aggregates Trump’s conflicts of interest. Probing all of them would take months.

Former President Jimmy Carter sold a peanut farm to avoid the appearance of one much less serious conflict. Trump chooses to put his business interests before the country’s interests. Despite repeating “drain the swamp” often, it was always just an opportunistic slogan for him.

“I told people the other day: ‘Drain the swamp,’ I don’t really like that expression,” he admitted to a Las Vegas campaign crowd last October. “I said, I don’t love that expression, so hokey … I hate to use this … it doesn’t work, right. And I said it two weeks ago to a big crowd, and the place went crazy. Then I said it a second time, and the place went even crazier. And then the third time, like you, they started saying it before I said it. All of the sudden, I decided, I love that expression; it’s a great expression.”

Now the emptiness of Trump’s words are borne out in his actions. The evidence is right there on public record, though Trump supporters who rely on Sean Hannity, Rush Limbaugh, or Tucker Carlson for their news haven’t yet gotten the truth about the new swamp. But those who’ve read this far have gotten it. Why aren’t you furious yet?

Read the whole story
jsled
17 hours ago
reply
«There is no campaign promise that Donald Trump has failed to honor more flagrantly than his oft repeated pledge to “drain the swamp” in Washington, D.C. He has violated the letter of his promise and trampled all over its spirit. His supporters ought to be furious. But few perceive the scale of his betrayal or its brazenness.»
South Burlington, Vermont
Share this story
Delete

Single Payer Myths: Understanding Labor Turnover

1 Share

As a follow up to Tuesday’s post about single payer and redundant health administration workers, I believe it would be valuable to discuss labor turnover more extensively.

Labor Force Flows
When the jobs report comes out every month, we are accustomed to hearing things like “the economy added 150,000 jobs last month.” What most people don’t realize is that this figure is based on net jobs, meaning the number of jobs created minus the number of jobs destroyed. The actual amount of labor market turnover is far higher than that headline figure.

Consider the following graph based on BLS data. In it, we have how many people move from unemployment to employment (black line) and how many people move from employment to unemployment (red line) in an average month between 1991 and 2016.

As you can see, even in good times, the economy pushes 1.6 million people out of jobs and into unemployment every single month. But, conveniently enough, the economy also tends to push a somewhat higher number of people out of unemployment and into jobs every single month. This is how any kind of dynamic economy operates: workers get released from jobs and then reallocated into new jobs.

Of course, it is awful when people lose jobs and we need to increase the generosity of unemployment benefits and the extent of active labor market policies in this country. But when we are talking about making some health administration workers redundant, we need to put the numbers in perspective. Even if we were talking about releasing 1 million such workers from the sector over the course of a few years, that would be equal to around 19 days of normal labor flow activity in the US economy.

Job Seeking
When people lose a job or enter the labor market for the first time, they become job seekers. So a natural question to ask is: how long does job seeking tend to take? One way to get at this question is to look at the distribution of job seekers by the number of weeks they have been looking for work, which I have done in the following graph.

About a quarter of job seekers have been looking for less than a month. Around half have been looking for less than 3 months. Around 90 percent have been looking for less than one year. This is not a perfect indicator of how long it takes to find a job of course, but it gives you at least some sense of the time we are talking about here.

Single payer proposals tend to include special unemployment benefits for those made redundant by the change. The most prominent such proposal, Conyers’ HR 676, provides for 2 years of unemployment benefits at 100 percent of salary. In the graph above, less than 5 percent of current job seekers have been looking for more than 2 years.

Applicable Skills
The ability to get a new job after an economic shift has changed the sector you worked in depends in significant part on how applicable your skills are to other sectors.

For instance, a coal miner who has only ever known digging coal and who has minimal other skills to draw upon can find themselves permanently locked out of the labor market if structural changes permanently reduce the number of available coal jobs or jobs featuring similar kinds of manual labor.

Health administration workers have skills that are applicable to basically every other sector in the economy. As I noted in the prior post, there are currently around 19 million Office and Administrative Support jobs in non-health care establishments. The precise content of office and administrative work varies sector to sector, but the basic skills to do it do not seem to.

Most Economic Reforms Are About Reallocating Workers
Finally, it is worth noting that basically every single economic reform anyone talks about is in some deeper way about reallocating workers in the economy. Think about it for a second. If your economic reform plan keeps the same workers doing the same tasks in the same jobs, then what exactly is it changing? How can the economy be different when workers are not doing different things than they used to do?

Consider the case of reducing income inequality in the country. No matter how you go about doing it, changing the distribution of income so that less income goes to the rich and more income goes to the middle and poor will lead to significant layoffs. Sectors that cater to the consumption desires of affluent people — housekeeping, yacht building, and SoulCycle instructing — will shed jobs when the rich have less money to pump into them. On the other end of things, sectors that meet the consumption desires of lower and middle class people will see more money flow into them, which will create jobs.

The net result of this kind of reform is a reallocation of workers out of rich-consumption sectors and into nonrich-consumption sectors. We don’t usually talk about reducing income inequality like this, but this is really the primary purpose of it.

The fact that nearly every economic reform involves the reallocation of workers does not mean that the frictions involved in reallocating workers don’t matter. They do and that’s why we should be pushing for generous unemployment benefits and active labor market policies as I noted already. But it is kind of ridiculous to say that single payer reforms are somehow uniquely problematic in this regard. They are not.

This is the second post in our Single Payer Myths series. The series tackles common arguments against a single payer system one at a time.

Read the whole story
jsled
18 hours ago
reply
South Burlington, Vermont
Share this story
Delete
Next Page of Stories