Which messengers leak your data, drain your battery, and more

Study shows which messengers leak your data, drain your battery, and more
https://arstechnica.com/information-technology/2020/10/study-shows-which-messengers-leak-your-data-drain-your-battery-and-more/

They make online conversations easier by providing images and text associated with the file that’s being linked. Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday, were messengers from Facebook, Instagram, LinkedIn, and Line.

For this to happen, the app itself—or a proxy designated by the app—has to visit the link, open the file there, and survey what’s in it. This can open users to attacks. The most severe are those that can download malware. Other forms of malice might be forcing an app to download files so big they cause the app to crash, drain batteries, or consume limited amounts of bandwidth. And in the event the link leads to private materials—say, a tax return posted to a private OneDrive or DropBox account—the app server has an opportunity to view and store it indefinitely.

Educational CyberPlayGround, Inc. NetHappenings Newsletter 10-26-2020

Educational CyberPlayGround, Inc.
NetHappenings Newsletter 10-26-2020
Copy link and Share with friends
https://cyberplayground.org/2020/10/26/educational-cybe…etter-10-26-2020/

NetHappenings Newsletter
subscribe/unsubscribe anytime
https://cyberplayground.org


HEALTH

Huge COVID study finds remdesivir doesn’t work—FDA grants approval anyway BUT IT DOESN’T WORK SO WHAT’S WITH THE FDA?

A study coordinated by the World Health Organization has indicated that remdesivir, along with three other potential drug treatments for the coronavirus, has “little or no effect” on death rates among hospitalized patients.
https://arstechnica.com/science/2020/10/fda-approves-remdesivir-for-covid-19-but-global-study-finds-it-doesnt-work/

ELECTION

2020 General Election Early Vote Statistics
https://electproject.github.io/Early-Vote-2020G/index.html
AS OF 10/25/2020 Washington’s mail ballot return rates are nearly three times what they were in 2016.
Nationwide, voters will not only be sent an unprecedented number of at least 87 million mail ballots, but they are returning them sooner than in past elections. In all nearly 40 million mail ballots have been returned so far, a return rate of nearly 46%. Americans’ resilience and support for their democracy is very heartening in these trying times. Voters still haven’t returned a little more than 47 million mail ballots to election officials.
Last update next week, with more precise turnout forecasts and a couple of projections for all-mail states like Colorado, Oregon, and Nevada. And before you think these states are uninteresting because they aren’t all battlegrounds, they may provide us with a sense of the direction and magnitude of the national swing towards Biden or Trump.

LAW

When Barrett joins the court, five of the nine justices will have been appointed by presidents who lost the popular vote.
The Republican senators who will vote for her represent 15 million fewer Americans than their Democratic colleagues.
How is this representative government? ~ Robert Reich

Maxwell Deposition 2016 Original Document (PDF)
https://www.documentcloud.org/documents/7274479-Maxwell-Deposition-2016.html

Lest We Forget the Horrors: A Catalog of Trump’s Worst Cruelties, Collusions, Corruptions, and Crimes
The Complete Listing (So Far): Atrocities 1- 944
https://www.mcsweeneys.net/articles/the-complete-listing-so-far-atrocities-1-944

ANTITRUST TECHNOLOGY LAW

Google must respond to U.S. antitrust lawsuit by Dec. 19
The Justice Department on Tuesday sued the $1 trillion company and accused it of illegally using its market muscle to hobble rivals in the biggest challenge to the power and influence of Big Tech in decades.
https://www.reuters.com/article/tech-antitrust-google/google-must-respond-to-us-antitrust-lawsuit-by-dec-19-idINL1N2HE172

Signs point to another Google antitrust complaint, this time focused on adtech
https://www.thedrum.com/news/2020/10/23/signs-point-another-google-antitrust-complaint-time-focused-adtech
Google could be hit with another multistate antitrust complaint to pile on the US Justice Department’s search-centric suit against the company. State lawyers have been poking at Google’s adtech system for months, asking detailed questions about ad auction mechanics, header bidding, third-party data access and more. A new complaint against Google involving its advertising industry practices is percolating. While the antitrust complaint filed by the US Department of Justice (DOJ) earlier this week is all about Google’s search business, another multistate complaint against the company could come down the pike soon.

EDUCATION / DIGITAL DIVIDE

FINALLY!

WHAT THE HELL TOOK THEM SO LONG TO DO THIS!

They are getting money from the government – because all the taxes the phone companies took from the public since 1994 to do this job never happened. Now we have to pay again with taxes collected from the goverment to pay for it. We had to pay TWICE!
American Farm Bureau Federation https://www.fb.org/

DIGITAL DIVIDE AMERICAN CONNECTION PROJECT

FIND WIFI LOCATIONS

MAP  https://www.americanconnection.io/
New tool locates Wi-Fi hot spots in rural communities.
Close the digital divide and extend broadband access to over 3 million unserved people in rural America by July 2022.
https://www.businesswire.com/news/home/20200909005377/en/
American Connection Project makes it easier to find free internet connectivity across the nation. Broadband Coalition represents more than 100 companies and organizations who are working together to bring high-speed internet access to all U.S. households, with a focus on those in rural areas.

* American Connection Project Broadband Coalition to Support Advocacy and Connectivity Improvement Efforts
* Offering Free High-Speed Internet Access for Guests in Select Store Parking Lots
* Contributed 3,000 Chromebooks to Hourly Team Members with School-age Children.

DOWNLOAD THE APP.  FIND
https://www.tractorsupply.com/tsc/cms/app
Access points through the 4-H organization, libraries and county extension offices.

SECURITY

The UN urges people to #PledgetoPause before sharing information online
https://news.un.org/en/story/2020/10/1075742

ARE YOU ON FACEBOOK?
WANT TO HELP ACADEMICS FIND OUT WHAT IS FACEBOOK UP TO?
HELP ACADEMIC RESEARCHERS AND FIND OUT INSTALL INTO CHROME OR FIREFOX
https://adobserver.org/
Ad Observer is a tool you add to your Web browser. It copies the ads you see on Facebook, so anyone, on any part of the political spectrum, can see them in our public database. If you want, you can enter basic demographic information about yourself in the tool to help improve our understanding of why advertisers targeted you. However, we’ll never ask for information that could identify you. https://adobserver.org/ad-database/

Firefox – Folks are gaming Twitter and Facebook’s algorithms to spread misinformation.
Trending Topics and Group Recommendations need to take a pause so misinformation doesn’t threaten our democracy.
See the actions we’re taking and how you can help:
https://www.mozilla.org/en-US/firefox/unfck/

Choosing a password manager
https://freedom.press/training/blog/choosing-password-manager/

Signal >> Blog >> Multi-device calls with ICE forking
https://signal.org/blog/ice-forking/

Social Media Restrictions Cannot Keep Up with Hidden Codes and Symbols
Much like spoken language, Internet memes take on shifting political meanings according to context
https://www.scientificamerican.com/article/social-media-restrictions-cannot-keep-up-with-hidden-codes-and-symbols/

Also WhatsApp Security Vulnerability
Back in March, Rolf Weber wrote about a potential vulnerability in the WhatsApp protocol that would allow Facebook to defeat perfect forward secrecy by forcibly change users’ keys, allowing it — or more likely, the government — to eavesdrop on encrypted messages.
https://www.schneier.com/blog/archives/2017/01/whatsapp_securi.html
It seems that this vulnerability is real
the bad guys will move to one of 546 foreign-made encryption products, safely out of the reach of any U.S. law.
Either we build encryption systems to keep everyone secure, or we build them to leave everybody vulnerable.
https://twitter.com/schneierblog/

Scientific American: Social Media Restrictions Cannot Keep Up with Hidden Codes and Symbols. “On the same day that President Donald Trump announced his COVID-19 diagnosis, Twitter reminded users of its policy that ‘tweets that wish or hope for death, serious bodily harm or fatal disease against *anyone* are not allowed and will need to be removed.’ The social media platform soon filled with posts accusing it of hypocrisy: threats targeting women and people of color have accumulated for years without removal, users said. But even as Twitter attempted to enforce its rules more stringently, thinly veiled posts slipped through the cracks.”
https://www.scientificamerican.com/article/social-media-restrictions-cannot-keep-up-with-hidden-codes-and-symbols/

EDUCATION

House Subpoenas DeVos Staff in Probe of For-Profit College
Education Secretary Betsy DeVos and other high-ranking officials are deliberately sidetracking the oversight efforts by refusing to comply with their requests for information.
Citing a U.S. News investigation, the House Education Committee is compelling testimony from staffers into agency involvement in a for-profit college’s defrauding of students. “The Department has obstructed the Committee at every turn,” Education and Labor Committee Chairman Bobby Scott wrote regarding Education Secretary Betsy DeVos and other high-ranking officials. House Democrats subpoenaed three career staff members at the Education Department on Thursday as part of their ongoing investigation into the Trump administration’s role in allowing Dream Center, the operator of two now-defunct for-profit colleges, to mislead students and continue operating the schools despite losing their accreditation.
https://www.usnews.com/news/education-news/articles/2020-10-22/house-subpoenas-devos-staff-in-probe-of-for-profit-college

K12 Surveillance

K12 EDUCATION Students Are Rebelling Against Eye-Tracking Exam Surveillance Tools
Invasive test-taking software has become mandatory in many places, and some companies are retaliating against those who speak out.
“We must do better than subjecting our students to surveillance & violations of their privacy… better than allowing algorithmic policing through biometric surveillance as the new normal.” @zenalbatross
on why students are rejecting surveillance tools.
https://www.vice.com/en/article/n7wxvd/students-are-rebelling-against-eye-tracking-exam-surveillance-tools

Activists Turn Facial Recognition Tools Against the Police
Around the world, activists are building facial recognition tools specifically to identify police officers. The authorities are not happy to be on the other side of the technology.
https://www.nytimes.com/2020/10/21/technology/facial-recognition-police.html

When you tell Chrome to wipe private data about you, it spares two websites from the purge: Google.com, YouTube.
“Programmer Jeff Johnson noticed the unusual behavior, and this month documented the issue with screenshots. In his assessment of the situation, he noted that if you set up Chrome, on desktop at least, to automatically delete all cookies and so-called site data when you quit the browser, it deletes it all as expected – except your site data for Google.com and YouTube.com.” Google says this is a bug that will be fixed.
https://www.theregister.com/2020/10/19/google_cookie_wipe/

CEO Telegram: Developers secretly embed backdoor into apps!
Bundeskabinett approves draft law allowing trojans on phones to monitor WhatsApp
https://www.bmi.bund.de/SharedDocs/downloads/DE/gesetzestexte/gesetzesentwuerfe/entwurf-anpassung-verfassungsschutzrecht-bverfschg-madg-g10.pdf
*Note that this is not about backdoor requirements or abilities, but about QuellenTKÜ (english: source telecommunications surveillance), which involves getting a trojan onto end devices, either through hacking, like using a bought 0-day, or by breaking into houses of suspects. It already exists as a part of law enforcement in various German states. The proposed regulation is to allow this for a bunch of additional federal agencies as well.

Also https://en.secnews.gr/209977/ceo-tou-telegram-prosochi-to-whatsapp-kryvei-kindynous/
On the occasion of the recent attack hacking which was accepted by its billionaire owner Amazon, Jeff Bezos, through the WhatsApp application, the Telegram CEO, Pavel Durov, said that WhatsApp application hides many risks.
Durov noted the hacking attack on his smartphone Jeff Bezos it wasn’t due to an Apple security error, but to application of WhatsApp. Wanting to speak more specifically, Durov said his vice president Facebook accused her Apple for hacking Bezos. According to Durov, however, the WhatsApp application was responsible for the hacking. He even justified his view by saying that the “corrupt” error video “WhatsApp didn’t just exist in iOS, but also to Android and Windows Phone. Therefore, it appeared in mobile phones which had WhatsApp installed.

 

HUMANS ‘anthropodermic bibliopegy’
NPR: ‘Dark Archives’ Explores The Use Of Human Skin In Bookbinding
“Megan Rosenbloom, a young librarian-in-training, wanders through the Mütter Museum’s collection of medical oddities. In an inconspicuous corner, she discovers a display case of leather-bound books with their covers closed — unusual for rare books. The caption explains these books are closed because their binding is more notable than their contents, and that’s because they were made from human skin. This marks the beginning of Rosenbloom’s obsession with ‘anthropodermic bibliopegy’ and the opening scene to Dark Archives: A Librarian’s Investigation into the Science and History of Books Bound in Human Skin…”

Educational CyberPlayGround NetHappenings Newsletter 10-5-2020

Educational CyberPlayGround Inc. NetHappenings Newsletter
Sub/Unsub anytime cyberplayground.org
Privacy is a Right
K12playground.com | Edu-Cyberpg.com
@cyberplayground @nethappenings

October is National CyberSecurity Month

Educational CyberPlayGround Inc. NetHappenings Newsletter cyberplayground.org

Security

OCTOBER is National CyberSecurity Month

TEST YOUR CYBERSMARTS–  choose from four game options: Balloon Pop, Horse Race, Hoop Shoot, and Plinko. Through each game, users receive questions and challenges to “test cybersecurity knowledge and teach useful tips for staying safe online.” For example, Horse Race quizzes users on malware infection and identity theft protection, and Hoop Shoot tests players on smart social media practices. Though the bonus prizes and coupons (since closed) were only available to Texas A&M students and staff, anyone can continue to play the game online. And, the real prize is the “cybersmarts” knowledge gained along the way.

FBI reorganizes cyber-crime and foreign cyber-espionage divisions as cases rise 
The goal is to reinforce investigations into computer hacking perpetrated by organized cyber-criminals, as well as by foreign states aiming to steal government and corporate secrets. According to the Reuters news agency, the FBI made the decision to reorganize its cyber divisions after Internet-based crime and espionage cases rose to unprecedented levels in the past year, a trend that is partly driven by the COVID-19 epidemic. Aside from the damage caused to national security, the financial loss associated with computer hacking is said to be incalculable
The United States Federal Bureau of Investigation is reorganizing its cyber-crime and foreign cyber-espionage divisions in order to combat growing activity in those areas, while also increasing its cross-agency contacts. The goal is to reinforce investigations into computer hacking perpetrated by organized cyber-criminals, as well as by foreign states aiming to steal government and corporate secrets.

Russian operation masqueraded as right-wing news site to target U.S. voters – sources

 

FACEBOOK TURD

MARK ZUCKERBERG

who sat behind a screen rating girls for college bros cause he can’t relate to people has total control  of the biggest website bomb that completely detroys  the way people relate online. This Moron has No college degree, no ability to relate to people, is in charge of a website that is killing democracy

FACEBOOK WORKERS UNITE
FORM A UNION
STOP YOUR WORK

After months of talks, Democrats say Facebook isn’t ready for the election. Democratic Party leaders are “banging their head against the wall” after private meetings with Facebook on election misinformation.
BOARD OF DIRECTORS ARE RESPONSIBLE – THROW ZUCKERBERG OUT

Facebook shut down malware that hijacked accounts to run ads
Wired ($): Hackers drained $4 million from victims during a hacking spree that involved compromising Facebook accounts and buying malicious ads to promote scams on the platform

Social media is the perfect petri dish for bias.
The solution is for tech companies to slow us down. Stanford psychology professor Jennifer Eberhardt, the author of Biased: Uncovering the Hidden Prejudice That Shapes What We See, Think, and Do, says Nextdoor reduced racial profiling by 75 percent by introducing a tiny bit of friction for users.

ANTI TRUST LAW

NYU’s Professor Galloway outlines 7 antitrust questions Tim Cook may be asked

NYU professor and author Professor Scott Galloway has outlined seven antitrust questions Tim Cook may be asked when he appears before Congress on Wednesday. Apple is one of four tech giants due to be grilled by the House Judiciary Committee – alongside Amazon, Facebook, and Google – and Galloway is well-qualified to discuss the antitrust issues around all of them … Galloway has now written a blog post listing four key antitrust questions he thinks need to be put to all of the tech giants, with a further three for Apple specifically. The first four share a common theme: are the companies now so large that they make it almost impossible for smaller players to compete?

HIGHER ED SECURITY

Nearly a quarter of former students in Citizen’s survey say they can’t stay current on their debt payments, and almost two-thirds say they’re uncomfortable with their debt load. Almost half say they would have reconsidered going to college entirely if they knew how burdensome their debts would be years or even decades later.

 

NYU Professor Scott Galloway: The Coming Disruption
Scott Galloway predicts a handful of elite cyborg universities will soon monopolize higher education. The post-pandemic future, he says, will entail partnerships between the largest tech companies in the world and elite universities. MIT@Google. iStanford. HarvardxFacebook. According to Galloway, these partnerships will allow universities to expand enrollment dramatically by offering hybrid online-offline degrees, the affordability and value of which will seismically alter the landscape of higher education. Galloway, who also founded his own virtual classroom start-up, predicts hundreds, if not thousands, of brick-and-mortar universities will go out of business and those that remain will have student bodies composed primarily of the children of the one percent.

Who needs a college degree?

What happened during the pandemic?
Remember…..
Robots are supposed to set us free from having to work. Then Universal Basic Income will protect us all from being destitute because we no longer have a job.
Did all those robots that replace workers happen for Jeff Bezos and the Amazon factory line worker? NO? No no no they did not! why not?

Bezos made 18 Billion during the pandemic so far  — so yes he can pay everyone $25,000 a year UBI, keep his robots employed. He can get taxed by how many robots he employs.

CyberPlayGround NetHappenings©1989K12 School Security

Confidential information released after school district refused to pay hackers’ ransom demand (https://www.cnn.com/2020/09/29/us/nevada-school-district-hack-ransom/index.html)
CNN: Hackers who launched a data-stealing ransomware attack on the fifth-largest school district in the U.S. have published the information they stole after the school district failed to pay the ransom. The ransomware operators published employee Social Security numbers, addresses and retirement paperwork. For students, information released includes a data file with names, grades, birth dates, addresses and the school attended. The district has about 320,000 students
More: Wall Street Journal (R) (https://www.wsj.com/articles/hacker-releases-information-on-las-vegas-area-students-after-officials-dont-pay-ransom-11601297930) | Clark County School District (https://www.ccsd.net/district/dataincident/)

Elizabeth Warren says her plan to eliminate student loan debt can bypass Congress

Colleges with high default rates may lose their eligibility to participate in federal student aid programs.

F’CKING COMPUTERS

Microsoft outage prevents millions from logging in Office, Outlook, and Teams accounts because of an outage with Azure’s Active Directory.

Microsoft says Russia behind most nation-state cyberattacks
Bloomberg: In a new report, Microsoft said that Russia-based hackers are responsible for the majority of nation-state attacks on its customers. That is, to be clear, detected attacks. Microsoft issued 13,000 alerts about nation-backed hacking incidents between July 2019 and June 2020. More than half were attributed to Russia, and about one-quarter were blamed on Iran.

Helping to pay off ransomware hackers could draw big penalties from the feds
Cyberscoop: In a new advisory this week, the U.S. Treasury said ransomware victims and cybersecurity firms that help companies respond to attacks could face severe penalties if they pay the ransom that then goes on to fund attackers on the U.S. sanctions list. It comes after the Garmin attack  in July, which sources said paid the ransom, even though the group allegedly behind the attack is on a U.S. sanctions list.

Google is creating a special Android security team to find bugs in sensitive apps
ZDNet: Google is hiring to create a new Android security team that will try to find vulnerabilities in high-profile apps on Google Play, like coronavirus contact tracing and election-related apps.

PRIVACY

This is what Palantir and the LAPD know about you
Newly obtained documents reveal how for more than a decade the LAPD used technology built by Palantir, the secretive data analytics and surveillance startup, which went public this week. The documents show that dozens of police depts, sheriff’s offices, airport police, universities, and school districts gave their data to the LAPD’s Palantir database. The documents give an unprecedented look into how the technology works. This is a really incredible read.

TOOLS

Freelan is VPN software that provides a virtual LAN that connects computers anywhere in the world as if they were on the same network switch. with Freelan, geographically disparate machines can play LAN-only games, access shared drives (for example, from a NAS device), access network printers, access home automation devices, and perform any other network tasks as if they were all in the same location. A number of configuration examples are provided on the Freelan front page that demonstrate the different modes in which the software can operate. The Downloads page provides installers for Windows and macOS desktops. Users of Linux and BSD systems can find Freelan in their package repositories.

CRYPTO

Justin Sun: the crypto millionaire who acquired BitTorrent — and waded into the trade war

 

__________________________________________

 

Jobs – 2020 Pandemic SIP Hiring List for unemployed InfoSec professionals

FIND A REMOTE INFOSEC JOB

@Rob Fuller ( https://twitter.com/mubix ) who hosts a hiring page around major security conferences like ShmooCon and DerbyCon around the U.S. has started a

2020 Pandemic SIP Hiring List for unemployed InfoSec professionals

ONLY POST IF YOU CAN REMOTE INTERVIEW AND REMOTE HIRE FOR REMOTE WORK

The 2020 Unofficial Pandemic Shelter-In-Place Hiring List.
To get on the list is just complete the following form <here>

This is  definitely worth a look if you’re looking for work in these uncertain times.

One of the hard things about this pandemic is many people are either losing
their jobs or having a hard time finding a new one in general. It was suggested that I make one of these during this time.

CYBERSECURITY

“The explosive expansion of remote work during this pandemic, amplifying even further our already inescapable dependence on secure, robust digital platforms, underscores how critical it is that we not weaken or discourage basic security mechanisms such as cryptography.” ~ matt blaze

10 Years ago

Cobol Your universities and institutions, thought leaders, prominent folks would never be interested in these or speak about these. It’s a huge failure on all fronts IMHO. Neither have we modernized, nor are we prepared to continue to run these legacy tech/systems well.

NOW New Jersey needs COBOL programmers!

NJ’s 40-year-old system increases delays for unemployment checks amid coronavirus crisis

New Jersey officials vowed Saturday to speed up the processing of unemployment claims despite relying on a 40-year-old computer system that has been overwhelmed by the record number of requests due to the coronavirus crisis.
Labor Commissioner Robert Asaro-Angelo said a plan to increase phone lines, train additional staff to handle claims and provide laptops to workers at home will help ease the crushing amount of claims being sought amid the economic meltdown brought upon by the virus.
“There is nothing I want more than to put your hard-earned benefits into your family budget sooner,” he said at Gov. Phil Murphy’s daily coronavirus briefing.
Recently jobless New Jerseyans have experienced heavy lag times or issues while trying to collect unemployment insurance, partly due to a “clunky” 1980s computer system that the Department of Labor still depends upon to process claims and issue checks.
“We literally have a system that is forty-plus years old,” Murphy said.
“There will be lots of postmortems and one of them on our list will be: how did we get here when we literally need COBOL programmers,” Murphy said of the outdated computer language.

Arvind Narayanan (@random_walker)
This is like the unrealistic movie trope we all chuckle at in which a few badasses in their 70s have to come out of retirement to save the world because a long-forgotten horror has resurfaced and they’re the only ones who know anything about it. https://t.co/cyHU7JwlMj

The governor of New Jersey just put out the call on live TV that he is desperate for Cobol programmers right now.

COBOL Is Everywhere. Who Will Maintain It?

Think COBOL is dead? About 95 percent of ATM swipes use COBOL code, Reuters reported in April, and the 58-year-old language even powers 80 percent of in-person transactions. In fact, Reuters calculates that there’s still 220 billion lines of COBOL code currently being used in production today, and that every day, COBOL systems handle $3 trillion in commerce. Back in 2014, the prevalence of COBOL drew some concern from the trade newspaper American Banker.

Cyber Version of ‘Justice League’ Launches to Fight COVID-19 Related Hacks
Goal is to help organizations – especially healthcare entities – protect against cybercriminals trying to take advantage of the pandemic.

Hackers linked to Iran target WHO staff emails during coronavirus

Hacking forum gets hacked for the second time in a year