Tag Archives: hacking

Wow! MSNBC’s Joy Reid May Have Given Us The Biggest Jumbo Ever!

The fact that MSNBC continues to employ Joy Reid, so unethical in so many ways,  would be sufficient all by itself to justify never trusting the network. Just in case her racebaiting, bias and hate-mongering weren’t enough, however, now she has issued a mind-blowing Jumbo of such magnitude and audacity that it is impossible to deny that either she is willing to lie about anything, or in the alternative, is nuts. There do not seem to be any other explanations.

On Ethics Alarms, a Jumbo is the term for a desperate, ridiculous lie that insults the intelligence of all who hear it. The term comes from name of the elephant Jimmy Durante was trying to sneak out of the circus in Billy Rose’s eponymous Broadway extravaganza “Jumbo,” when he was stopped by a sheriff, in the show’s most famous moment. “Where are you going with that elephant?” demanded The Law. “Elephant? What elephant?” answered the Schnozzola, innocently. But Reid’s Jumbo out-Jumbos Jimmy.

It all began last December, when some homophobic posts on Reid’s old blog surfaced. Then she issued a self-contradictory apology, flagged in this Ethics Alarms entry. but it turned out that there were more such posts to be found. Six days ago, the media site Mediaite uncovered more posts by Reid that were critical of homosexuality and gays, from The Reid Report, a now defunct blog that Reid authored long before she became a warrior of “the resistance.”  They were originally tracked down and shared on Twitter by sleuth Jamie Maz, who found them using the internet archiving service, the Wayback Machine, which takes screenshots of frequently trafficked web pages to preserve them. Reid’s response was to deny that she wrote the posts:

“In December I learned that an unknown, external party accessed and manipulated material from my now-defunct blog, The Reid Report, to include offensive and hateful references that are fabricated and run counter to my personal beliefs and ideology.

I began working with a cyber-security expert who first identified the unauthorized activity, and we notified federal law enforcement officials of the breach. The manipulated material seems to be part of an effort to taint my character with false information by distorting a blog that ended a decade ago.

Now that the site has been compromised I can state unequivocally that it does not represent the original entries. I hope that whoever corrupted the site recognizes the pain they have caused, not just to me, but to my family and communities that I care deeply about: LGBTQ, immigrants, people of color and other marginalized groups.”

To be blunt but accurate, she was lying. Continue reading

18 Comments

Filed under Arts & Entertainment, Business & Commercial, Character, Ethics Alarms Award Nominee, Ethics Dunces, Gender and Sex, Journalism & Media, Jumbo, Professions, The Internet, U.S. Society

Comment Of The Day: “Wait, WHAT? NOW They Tell There Are “Two Big Flaws” in Every Computer?”

The comments on this post about the sudden discovery that every computer extant was vulnerable to hacking thanks to two 20-year-old “flaws” were so detailed, informative and excellent that I had the unenviable choice of posting one representative Comment of the Day, or eight. Having just posted eight COTDs on another post last weekend, I opted for one, but anyone interested in the topic—or in need of education about the issues involved— should go to the original post and read all the comments. Forget the post itself—the comments are better.

Here is Extradimensional Cephalopod‘s Comment of the Day on the post, Wait, WHAT? NOW They Tell There Are “Two Big Flaws” in Every Computer?

This is not likely to be a popular opinion among professional programmers, but I feel it needs to be said.

The excuse that computers are complex and that testing to remove all of these flaws would take a prohibitive amount of time just doesn’t hold water. I understand that security vulnerabilities are different from outright bugs: security vulnerabilities are only problems because people deliberately manipulate the system in unanticipated ways. Bugs happen when people inadvertently manipulate the system in unanticipated ways. Some of these ways are incredibly sophisticated and may be infeasible to anticipate. However, having supported computers for the past few years, I’ve seen bugs that should have been anticipated, and zero testing would be required in order to do so.

The problem with testing is that the people testing usually understand the software well enough to know how it is supposed to work, or they are given a few basic things to try, but they don’t have time to test a program with heavy use. Luckily, testing is not the problem.

The problem is that in many cases I’ve seen (and I’ve come to suspect most cases across the software industry) the input and output footprints of code modules are not documented (and if your code contains comments laying out the pseudocode structure, I consider you very lucky). From an engineering standpoint, the input footprint of a system or subsystem describes the conditions the system assumes to be true in order to work effectively. The output footprint describes what effects (including side-effects) the system has or could have on its environment, including if the input footprint is not fulfilled. Those aren’t the official names; I’ve just been calling them that. Continue reading

5 Comments

Filed under Comment of the Day, Ethics Alarms Award Nominee, Science & Technology

Wait, WHAT? NOW They Tell There Are “Two Big Flaws” in Every Computer?

(That’s Meltdown on the left, Spectre on the right.)

From the New York Times:

Computer security experts have discovered two major security flaws in the microprocessors inside nearly all of the world’s computers. The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in so-called cloud computer networks.

There is no easy fix for Spectre, which could require redesigning the processors, according to researchers. As for Meltdown, the software patch needed to fix the issue could slow down computers by as much as 30 percent — an ugly situation for people used to fast downloads from their favorite online services. “What actually happens with these flaws is different and what you do about them is different,” said Paul Kocher, a researcher who was an integral member of a team of researchers at big tech companies like Google and Rambus and in academia that discovered the flaws.

Meltdown is a particular problem for the cloud computing services run by the likes of Amazon, Google and Microsoft. By Wednesday evening, Google and Microsoft said they had updated their systems to deal with the flaw.

Here’s the best part:

“Amazon told customers of its Amazon Web Services cloud service that the vulnerability “has existed for more than 20 years in modern processor architectures.”

We trust the tech giants and computer manufacturers to give us secure devices. We then entrust our businesses and lives to these devices.

That there were such massive “flaws” in every computer, and that it took 20 years for those whom we trusted to discover them, is an unprecedented breach of competence, trust and and responsibility. Imagine auto manufacturers announcing that every car in the world had a “flaw” that might cause a fatal crash. I see no difference ethically.

And why is this story buried in the Times’ Business Section, and not on the front page, not just of the Times, but of every newspaper?

 

61 Comments

Filed under Around the World, Business & Commercial, Ethics Alarms Award Nominee, Journalism & Media, Science & Technology

KABOOM! A Head-Explodingly Unethical Lawyer!

I have never heard of a lawyer behaving this unethically in such a reckless and transparent manner. I have never heard of anything close to this.

Michael Potere, 32, a recently fired former associate at the large law firm Dentons was arrested last week on charges of trying to extort $210,000 and a valuable artwork from the firm, according to a criminal complaint filed in federal court.

According to his profile on LinkedIn, Potere had a Fulbright Scholarship,  a master’s degree in public policy and administration from the London School of Economics., and had been an associate at renowned law firm Kirkland & Ellis. Something was amiss, however, as Dentons let him go on June 1. Potere did not take this blow well. He reacted by telling partners that he had taken potentially  embarrassing sensitive information from the firm and would leak it all to the legal gossip site “Above the Law” unless he was paid $210,000 and given  a valuable  piece of artwork owned by the firm.

Potere was able to steal the confidential information because a partner gave him  access to his email login information while they were working on a case in 2015, so the associate could access documents related to discovery requests in the case. After he learned that he was being fired, Potere used that login to search through the partner’s emails and download the sensitive documents, including emails between partners, quarterly financial reports, client lists, confidential reviews of associate attorneys, lists of equity partner candidates, documents describing billing rates, details of recruitment efforts, and memos describing how partners should approach clients with outstanding balances” according to the FBI. Continue reading

25 Comments

Filed under Business & Commercial, Character, Ethics Alarms Award Nominee, Ethics Dunces, Law & Law Enforcement, Professions, Science & Technology, Workplace

THREE Comments Of The Day (Really Useful Ones): “Tech Dirt’s Mike Masnick On The Internet Privacy Bill”

There were not one but three excellent, informative, detailed comments, one after the other,  in response to the post about the GOP’s elimination of the recent Obama FCC regulations of Big Data gathering by broadband providers. Technology competence is, I believe, the greatest looming ethics issue for the professions, and it is important for the general public as well. All three of these Comments of the Day are educational. If only the news media and elected officials were as well-informed as Alex, John Billingsley, and Slick Willy.

I am very proud of the level of the discourse on Ethics Alarms, and these three Comments of the Day on the post Ethics Quote Of The Month: Tech Dirt’s Mike Masnick On The Internet Privacy Bill are prime examples.

First, here’s slickwilly:

How to be safe with electronic data

First rule: anything online is vulnerable, no matter who secures it. It follows that any computer/device connected online is also vulnerable.

Second rule: Public WiFi is hack-able, and doing so is not that difficult. Someone just has to want to. Using it for playing games could make you vulnerable, and using it to access your financial information (banks, brokers, etc.) is stoopid

Third rule: Anything you do electronically is forever. Any tweet, snap chat, Facebook post, cell phone text or conversation, email, web post, browsing activity, and anything else may be saved by someone. Some of those are harder to get than others: browsing activity takes a snooper on the data line, or a court order to set a snooper up at your ISP. For instance, all cell phones activity is now all saved by the NSA, including where the phone was when. No, no one looks at it, not until they have a reason to research a person, perhaps years later. ‘Smart’ TVs can record you in your own home, without your knowledge, unless you take steps to stop it (electrical tape over cameras/microphones is a start, but still not enough)

Fourth rule: Any public activity can be recorded today. Besides CCD cameras everywhere and license plate readers on many roads, facial metrics can track you in most urban and many rural areas. Even going into the desert or mountains could be spotted via satellite, should the motivation be enough to look your way.

So don’t leave your computer connected to the Internet 24/7 (a power strip that stops electricity from reaching the computer helps cut connectivity when ‘off’), do nullify the ability of other devices to spy on you in your home, and never say anything electronically you do not want going public. Use complex passwords, and never the same for multiple sites. Password safes are better than written notes (and Apple Notes are silly to use for this.) How much you protect yourself depends on your level of paranoia.

Do you have something to hide? A secret you would rather not be made public? Do not document it electronically! Or use the method below.

Now, how to be safe with electronic information: Place it exclusively on an air-gapped (no network connection at all) computer. Place that computer in a heavy steel safe. Encase that safe in concrete, take it out to a deep ocean trench, and drop it overboard. Forget the coordinates where you dropped it.

The point is, nothing is fool-proof

You can take steps to lower the probability that your information gets out, but even using paper and quill pen was only so good as the physical security the document was placed under. Learn some simple steps and you will remove yourself from the radar of most predators. People are careless, apathetic, and just plain dumb, so anything you do helps keep you safer.

I keep such information in a secure, encrypted flash drive that is not stored in a computer USB slot. Could someone break the encryption, should they find the drive and wish to spend the effort? Sure. But if they want me that badly they will get me, one way or another. Why would they? I do not have any deep dark secrets or hidden crimes in my past. Even so, why should my business be available to anyone just to browse through?

Your mileage may vary, but doing nothing is unethical in my responsibilities to my family.

Now John Billingley’s contribution:

Continue reading

2 Comments

Filed under Business & Commercial, Comment of the Day, Ethics Alarms Award Nominee, Health and Medicine, Professions, Rights, Science & Technology, The Internet

Comment Of The Day: The Russian Cyber-Attack Report: Observations And Questions

putin

Ethics Alarms is grateful to reader Greg, the author of this first Comment of the Day of the New Year, for supplementing the recent post here, and providing a critical and more detailed assessment of the intelligence community’s much ballyhooed report on its conclusions regarding Russian cyber-attacks during the 2016 election, with the alleged purpose of defeating Hillary Clinton.

I am particularly relieved that he shares my own reaction to the report, which simply did not deliver on what was promised by James Clapper in the hearings earlier in the week. Oddly, the news media and almost everyone I know miraculously seem to think it did.  The two key issues I, and I assume everyone, wants clarified is 1) whether Russia was indeed trying to elect Donald Trump, as opposed to generally gumming up the works, embarrassing the likely President (Clinton, of course), undermining public faith in the democratic system, and basically making everyone involved look like fools, knaves, and boobs (Note that Trump appeared to be handling his side of that task all by himself) , and 2) did their efforts in fact have any effect on the results? Answering the first clearly and decisively is essential to understanding the second: to most people, if Russia’s actions were designed to make Trump President, and in fact Trump did shock the world by becoming President, this creates a rebuttable presumption that in fact the Russian Government, and Vladimir Putin in particular, did affect the results of the election. That millions of people regard the matter in this way is certain, because we know that millions of people are desperately searching for some conspiracy or sinister outside agency to explain an event that shattered their expectations and world view.

We also know that the false belief that the sequence Conduct  A is intended to cause Result B, A occurs,  B occurs after A, ergo A caused B, is widely accepted, because public school  teachers are too busy teaching that the United States oppresses minorities  to get around to logic.  Now, that sequence is utter crap, validating, among other things, superstitions and rain dances, but never mind most people think that way.

Yet the report provides no evidence to support the intelligence community’s conclusions in either matter. I find that incomprehensible, and also irresponsible. What the report does  say, in essence, is, “Trust us, we’re experts,”  and leaves the rest to confirmation bias. Could the authors not have provided some evidence to support these conclusions? If not, why not?

Here is Greg’s Comment of the Day on the post, The Russian Cyber-Attack Report: Observations And Questions:

This so-called “25-page report” is almost entirely padding and filler. I read it and I don’t see anything in it that adds to what we knew before the report was issued. Continue reading

9 Comments

Filed under Around the World, Comment of the Day, Government & Politics, Journalism & Media, Law & Law Enforcement, Science & Technology

The Russian Cyber-Attack Report: Observations And Questions

The first page of the Joint Analysis Report narrative by the Department of Homeland Security and federal Bureau of Investigation and released on Dec. 29, 2016, is photographed in Washington, Jan. 6, 2017. Computer security specialists say the technical details in the narrative that the U.S. said would show whether computers had been infiltrated by Russian intelligence services were poorly done and potentially dangerous. Cybersecurity firms ended up counseling their customers to proceed with extreme caution after a slew of false positives led back to sites such as Amazon and Yahoo Inc. Companies and organizations were following the government’s advice Dec. 29 and comparing digital logs recording incoming network traffic to their computers and finding matches to a list of hundreds of internet addresses the Homeland Security Department had identified as indicators of malicious Russian intelligence services cyber activity. (AP Photo/Jon Elswick)

From The New York Times today:

President Vladimir V. Putin of Russia directed a vast cyberattack aimed at denying Hillary Clinton the presidency and installing Donald J. Trump in the Oval Office, the nation’s top intelligence agencies said in an extraordinary report they delivered on Friday to Mr. Trump.

The officials presented their unanimous conclusions to Mr. Trump in a two-hour briefing at Trump Tower in New York that brought the leaders of America’s intelligence agencies face to face with their most vocal skeptic, the president-elect, who has repeatedly cast doubt on Russia’s role. The meeting came just two weeks before Mr. Trump’s inauguration and was underway even as the electoral votes from his victory were being formally counted in a joint session of Congress.

Soon after leaving the meeting, intelligence officials released the declassified, damning report that described the sophisticated cybercampaign as part of a continuing Russian effort to weaken the United States government and its democratic institutions. The report — a virtually unheard-of, real-time revelation by the American intelligence agencies that undermined the legitimacy of the president who is about to direct them — made the case that Mr. Trump was the favored candidate of Mr. Putin.

The Times story is a mostly fair, if incomplete, description of the report itself, which is a provocative, disturbing and infuriating document. Damning? I don’t know about that. Anyone can damn something, but to be sure the damning is just requires evidence.

Observations and Questions:

1. The report isn’t evidence of anything. It just isn’t, and anyone or any source that states otherwise is misleading us. It would not be admissible as evidence if Russia or Putin were on trial in the U.S. for trying to influence the 2016 election. The document is a statement of opinions after analysis of material and sources we are not allowed to see. At the beginning, the report goes to great lengths to explain why this is, and the explanation is sound. Unless, however, the position we are supposed to take is that the intelligence community is to be assumed to be 100% correct, uninfluenced by bias, and  ought to be believed without reservations despite the presence of hard evidence, the declassified report is a statement by experts of an analysis based on experience and study, of exactly what, we don’t know.

2.Regarding the Times story: the intention of the news media to undermine the Trump Presidency and bolster Democrats who want to blame their candidate’s defeat on anything but her own weaknesses and conduct  appears to be on display in the Times story. For example, we have this statement:

“The Russian leader, the report said, sought to denigrate Mrs. Clinton, and the report detailed what the officials had revealed to President Obama a day earlier: Mr. Trump’s victory followed a complicated, multipart cyberinformation attack whose goal had evolved to help the Republican win.”

The leaping to the logical fallacy of post hoc ergo propter hoc (“after this, therefor because of it”) is both a human tendency to be avoided and well-known. This statement appeals to it, intentionally, or incompetently. The fact that Trump’s shocking victory came after the cyber-attacks does not mean or even suggest that the attacks were responsible for that result. The Times immediately, in the next sentence, even states that “The 25-page report did not conclude that Russian involvement tipped the election to Mr. Trump.” Well, those are mixed messages. Do I, based on the uninterrupted anti-Trump attitude of the Times in its headlines, placement of stories, tone and pitch of news reports, op-eds and editorials, conclude that the mixed message is intentional or sparked by negligence seeded by bias?

I do.

3.  Much further down in its story, the Times admits, Continue reading

21 Comments

Filed under Around the World, Ethics Alarms Award Nominee, Ethics Train Wrecks, Government & Politics, Incompetent Elected Officials, Journalism & Media, Law & Law Enforcement, Leadership, Science & Technology