I got a weird text from T-Mobile a few minutes ago:
T-Mobile Alert: We have identified an industry-wide phone number port out scam and encourage you to add account security. Learn more: t-mo.co/secure
Well, that does not sound good.
And it's not. Apparently thieves have found that American mobile phone providers are unusually helpful when it comes time to steal mobile phone numbers (called "SIM hijacking") or to port those numbers to third-party mobile providers. In both cases, the thieves now have a way to bypass any three-factor authentication (TFA) you may have set up with, for example, your bank.
T-Mobile at least offers a service called "Port Authentication" which lets you set up a 6- to 16-digit PIN that you must have to make any changes to your account—like, for example, getting a new SIM. After getting the text alert, and validating it with trusted online sources, I immediately called 611 and set up port authentication.
There are a couple of other things you should do:
- Lock your phone all the time, with something very hard to subvert, like a strong password. If you must use a convenience feature like iris or fingerprint authentication, make sure the phone still requires a password on reboot.
- Set your phone up so that it doesn't display the contents of texts or IMs when your phone is locked.
- Encrypt your phone, so that even if all your other security is bypassed, you won't be stuck.
Seriously, this all costs you nothing and can save you a fortune.
As part of my current project's non-technical requirements, I've just completed 5 hours of anti-terrorism and security training. Biggest takeaway: bullets ricochet down, grenade shrapnel goes up. Also, don't put random CDs in your computer. Oh, and I have to repeat about 3 hours of it a year from now.
Today is actually a company holiday but I've got a lot of work to do, including this training. Also we've gotten about 60 mm of snow today with more coming down. So steps go down, heating bill goes up.
Kerry Howley, writing for New York Magazine, profiles the "terrorist [with] a Pikachu bedspread:"
In those first months on the job, the country was still adjusting to Trump, and it seemed possible to some people that he would be quickly impeached. Reality listened to a podcast called Intercepted, hosted by the left-wing anti-security-state website the Intercept’s Jeremy Scahill and featuring its public face, Glenn Greenwald, and listened intensely enough to email the Intercept and ask for a transcript of an episode. Scahill and Greenwald had been, and continue to be, cautious about accusations of Russian election meddling, which they foresee being used as a pretext for justifying U.S. militarism. “There is a tremendous amount of hysterics, a lot of theories, a lot of premature conclusions being drawn around all of this Russia stuff,” Scahill said on the podcast in March. “And there’s not a lot of hard evidence to back it up. There may be evidence, but it’s not here yet.”
There was evidence available to Reality.
The document was marked top secret, which is supposed to mean that its disclosure could “reasonably be expected” to cause “exceptionally grave damage” to the U.S. Sometimes, this is true. Reality would have known that, in releasing the document, she ran the risk of alerting the Russians to what the intelligence community knew, but it seemed to her that this specific account ought to be a matter of public discourse. Why isn’t this getting out there? she thought. Why can’t this be public? It was surprising to her that someone hadn’t already done it.
The classified report on the Russian cyberattack was not a document for which Reality had a “need to know,” which is to say she wasn’t supposed to be reading it in her spare time, let alone printing it, and were she to print it for some reason, she was required to place it in a white slatted box called a “burn bag.”
Why do I have this job, Reality thought, if I’m just going to sit back and be helpless?
Reality folded up the document, stuffed it in her pantyhose, and walked out of the building, its sharp corners pressing into her skin. Later that day, President Trump fired James Comey, who had been leading an investigation into Russian election-meddling. Reality placed the document in an envelope without a return address and dropped it in a standing mailbox in a strip-mall parking lot. Court documents suggest she also sent a copy to another outlet, though which one we don’t know.
For a bad decision she made at 25, she may spend most of her productive years in prison. And in the current climate of secrecy and surveillance, it's hard to see how she can even defend herself against the charges.
Her trial is set for March.
I'm on a train, using my mobile phone to tether my laptop to the Intertubes. I know this is an old technology, and also the reason I have unlimited data on my mobile, but I still love this stuff.
Things I'm reading:
Now approaching...Highwood! And soon off to my meeting.
I'm under the weather today, probably owing to the two Messiah performances this weekend and all of Parker's troubles. So even though I'm taking it easy, I still have a queue of things to read:
I will now...nap.
Via Bruce Schneier, an advisor to the project, Citizen Lab has created an online tool to help you stay safe online:
Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. It's not meant to be comprehensive, but instead to give people things they can actually do to immediately improve their security. I don't see it replacing any of the good security guides out there, but instead augmenting them.
The advice is peer reviewed, and the team behind Security Planner is committed to keeping it up to date.
Some of the recommendations are simple: use Chrome; use https:// whenever it's available; use your computer's built-in encryption (BitLocker on Windows and FileVault on Mac). Some are a little more complex: use two-factor authentication; set up a password manager.
I recommend anyone who uses computers do a quick self-exam with the tool—especially if you aren't that experienced with security.
The unsurprising news that President Trump tweeted about something that his son found out only minutes before back in June shows just how foreign governments can use his impulsiveness and stupidity to play him:
Seeing Assange prompt a Trump tweet, via Don Jr, is I suspect only the first and clearest of many examples. Who told Trump what? In a lot of cases Trump’s tweets will likely tell us. Trump’s October 12th Wikileaks tweet was totally opaque until we found out about Don Jr’s DMs with Assange a few minutes before. Trump’s tweets are impulsive, immediate, unvarnished. They amount to realtime surveillance of what he was thinking and what he knew at key points of the campaign. They just require the fruits of the ongoing investigations to decipher what they mean.
Some day, we'll find out (perhaps through a Truth & Reconciliation Committee) just how badly this man has hurt the country.
I'm chilling in my hotel room on the second day of my trip, not sure how much longer I'll remain awake. (Waking up at 5am sucks, even more so when it's 4am back home.) This is a problem in that I need to write some code before tomorrow.
So I've spent a few minutes perusing the blog feeds and news reports that came in today, and I have a favorite. The favorite is not:
No, though all of those brought little flutters of joy to my heart, the story that London is going to make Oxford Street a pedestrian utopia by 2020 really got my interest. Since I have never driven a car anywhere in Zone 1 and have no intention of ever doing so, I think blocking 800 meters of Oxford Street to cars is fookin' brilliant.
I'm about to fly to San Antonio for another round of researching how the military tracks recruits from the time they get to the processing center to the time they leave for boot camp (officially "Military Basic Training" or MBT).
I have some stuff to read on the plane:
OK, off to K20. Or K18. Or wherever my plane has got to.
Imagine the largest office building (in land area) you've ever been in, add a small shopping mall, four food courts, and the security that demonstrates exactly how silly and ineffectual airport security is, and that's the Pentagon.
I'm in a little island that's like an anti-SCIF (Secure Compartmented Information Facility). We're in the one unclassified office in the ring, complete with unclassified Internet service, and because of that, behind two steel doors and in a Faraday cage. And it's literally the only place we're allowed to take pictures, which is sad because every hallway in the building is a museum exhibit. It's weird.
That, and we can't go to the bathroom without an escort, makes this a very strange day indeed.
Also, it's like an ongoing pop quiz in uniform insignia recognition. And I'm still having problems with upper enlisted ranks.
Home tomorrow, after a visit to a military facility outside Baltimore.