Via Bruce Schneier (and other sources), the Australian government suffered one of its worst-ever disclosures of secrets caused by not looking through used furniture:
It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply.
The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the keys.
They were purchased for small change and sat unopened for some months until the locks were attacked with a drill.
Inside was the trove of documents now known as The Cabinet Files.
The thousands of pages reveal the inner workings of five separate governments and span nearly a decade.
Nearly all the files are classified, some as "top secret" or "AUSTEO", which means they are to be seen by Australian eyes only.
But the ex-government furniture sale was not limited to Australians — anyone could make a purchase.
And had they been inclined, there was nothing stopping them handing the contents to a foreign agent or government.
The found documents ranged from embarrassing (to both major Australian parties) to seriously top secret (troop deployments, police investigations). In response, the Australian government is calling for increased penalties for publishing or even possessing secret documents—but as Schneier points out, in this case that would have made the breech immeasurably worse for Australia:
This illustrates a fundamental misunderstanding of the threat. The Australian Broadcasting Corp gets their funding from the government, and was very restrained in what they published. They waited months before publishing as they coordinated with the Australian government. They allowed the government to secure the files, and then returned them. From the government's perspective, they were the best possible media outlet to receive this information. If the government makes it illegal for the Australian press to publish this sort of material, the next time it will be sent to the BBC, the Guardian, the New York Times, or Wikileaks. And since people no longer read their news from newspapers sold in stores but on the Internet, the result will be just as many people reading the stories with far fewer redactions.
In all, it's a reminder of the security adage that no security system can completely protect against human stupidity.
I got a weird text from T-Mobile a few minutes ago:
T-Mobile Alert: We have identified an industry-wide phone number port out scam and encourage you to add account security. Learn more: t-mo.co/secure
Well, that does not sound good.
And it's not. Apparently thieves have found that American mobile phone providers are unusually helpful when it comes time to steal mobile phone numbers (called "SIM hijacking") or to port those numbers to third-party mobile providers. In both cases, the thieves now have a way to bypass any three-factor authentication (TFA) you may have set up with, for example, your bank.
T-Mobile at least offers a service called "Port Authentication" which lets you set up a 6- to 16-digit PIN that you must have to make any changes to your account—like, for example, getting a new SIM. After getting the text alert, and validating it with trusted online sources, I immediately called 611 and set up port authentication.
There are a couple of other things you should do:
- Lock your phone all the time, with something very hard to subvert, like a strong password. If you must use a convenience feature like iris or fingerprint authentication, make sure the phone still requires a password on reboot.
- Set your phone up so that it doesn't display the contents of texts or IMs when your phone is locked.
- Encrypt your phone, so that even if all your other security is bypassed, you won't be stuck.
Seriously, this all costs you nothing and can save you a fortune.
Over the weekend I made a couple of minor updates to Weather Now, and today I'm going to spend some time taking it off its Azure Web Role and moving it to an Azure Website. That will (a) save me money and (b) make deployments a lot easier.
Meanwhile, a number of articles bubbled up overnight that I'll try to read at lunchtime:
Back to Azure deployment strategies.
Confronted with the options that these guys are master strategists or they're not even thinking about their next move, Occam's Razor suggests we're dealing with serious stupidity here:
The war between the president and the nation’s law enforcement apparatus is unlike anything America has seen in modern times. With a special counsel investigating whether his campaign collaborated with Russia in 2016 and whether Mr. Trump obstructed justice in 2017, the president has engaged in a scorched-earth assault on the pillars of the criminal justice system in a way that no other occupant of the White House has done.
At the start of his administration, Mr. Trump targeted the intelligence community for his criticism. But in recent months, he has broadened the attacks to include the sprawling federal law enforcement bureaucracy that he oversees, to the point that in December he pronounced the F.B.I.’s reputation “in tatters” and the “worst in history.”
In his telling, that bureaucracy, now run by his own appointees, is a nest of political saboteurs out to undermine him — an accusation that raised fears that he was tearing at the credibility of some of the most important institutions in American life to save himself.
This is insane. Even the Republicans in Congress who are enabling this behavior must know, on some level, it's insane.
In other news, the next presidential term begins in only 1,081 days...
A few links to click tomorrow when I have more time:
And now, I rest.
People watching the big-beer industry (think: Miller Lite and Coors Light) expect a 7.1% decline in mass-market beer sales—$2.1 billion annually—as more states legalize cannabis:
"There's a ton of overlap in marijuana and domestic beer consumption among younger college males," says Rick Maturo, co-founder of Cannabiz Consumer Group, an Inverness-based research company. "This is the group that drinks beer at a heavier volume and is most likely to cut back if cannabis is legally available."
He says 27 percent of beer drinkers say they've already substituted marijuana for beer or would do so if the drug were legalized in their state. Other research predicts an even worse dip: Alcoholic beverage sales fell 15 percent after the passage of medical marijuana laws in a number of states, according to researchers at the University of Connecticut and Georgia State University.
Sales of Coors Light and Miller Lite were down 3.6 percent and 1.6 percent, respectively, through the third quarter from a year earlier, according to Nielsen data from Beer Marketer's Insights. In October, Molson Coors, MillerCoors' Denver-based parent, said its U.S. beer sales dropped nearly 3 percent in the previous quarter. And between 2010 and 2016, the light category as a whole saw volumes decline by 14 percent.
What's worse: The decline of Miller Lite and Coors Light is nearly impossible to offset through other sales—even as the brewer's Leinenkugel's and Blue Moon brands post robust results—because the two light beers represent more than half of MillerCoors' overall sales volume. They're "a major driver of our profitability," CEO Gavin Hattersley acknowledged on MillerCoors' third-quarter earnings call recently.
Two things: first, pot was criminalized in the wake of the 21st Amendment exactly for this reason. Second, I'm not sorry to see declines in the sales of horrible products.
James Fallows points out the alarming parallels between sexual harassment in Hollywood and President Trump's manifest unfitness for office:
In the very short term, a few people reflexively offered “open secret” as an explanation, even a rationalization. Of course everybody knew that Harvey/Roger/Kevin was this way (the reasoning went). If you were smart, you kept your distance, and you’d never take the bait of going for “a meeting” up in the hotel room. Want to give, or get, a “massage”? No way!
But you rarely hear rationalizations of that sort any more. Now the open-secret premise usually leads to a follow-up question. If “everyone” knew what was going on, why didn’t anyone do more to stop it? And this in turn has led to institutional and personal self-examinations.
Based on the excerpts now available, Fire and Fury presents a man in the White House who is profoundly ignorant of politics, policy, and anything resembling the substance of perhaps the world’s most demanding job. He is temperamentally unstable. Most of what he says in public is at odds with provable fact, from “biggest inaugural crowd in history” onward. Whether he is aware of it or not, much of what he asserts is a lie. ...
This is “news,” in its detail, just as the specifics of Harvey Weinstein’s marauding were real, hard-won news. But it also is an open secret. This is the man who offered himself to the public over the past two-and-a-half years.
This is scary stuff. It's bad enough when you're talking about a powerful entertainment executive; quite another thing when talking about the most powerful office on earth.
Kerry Howley, writing for New York Magazine, profiles the "terrorist [with] a Pikachu bedspread:"
In those first months on the job, the country was still adjusting to Trump, and it seemed possible to some people that he would be quickly impeached. Reality listened to a podcast called Intercepted, hosted by the left-wing anti-security-state website the Intercept’s Jeremy Scahill and featuring its public face, Glenn Greenwald, and listened intensely enough to email the Intercept and ask for a transcript of an episode. Scahill and Greenwald had been, and continue to be, cautious about accusations of Russian election meddling, which they foresee being used as a pretext for justifying U.S. militarism. “There is a tremendous amount of hysterics, a lot of theories, a lot of premature conclusions being drawn around all of this Russia stuff,” Scahill said on the podcast in March. “And there’s not a lot of hard evidence to back it up. There may be evidence, but it’s not here yet.”
There was evidence available to Reality.
The document was marked top secret, which is supposed to mean that its disclosure could “reasonably be expected” to cause “exceptionally grave damage” to the U.S. Sometimes, this is true. Reality would have known that, in releasing the document, she ran the risk of alerting the Russians to what the intelligence community knew, but it seemed to her that this specific account ought to be a matter of public discourse. Why isn’t this getting out there? she thought. Why can’t this be public? It was surprising to her that someone hadn’t already done it.
The classified report on the Russian cyberattack was not a document for which Reality had a “need to know,” which is to say she wasn’t supposed to be reading it in her spare time, let alone printing it, and were she to print it for some reason, she was required to place it in a white slatted box called a “burn bag.”
Why do I have this job, Reality thought, if I’m just going to sit back and be helpless?
Reality folded up the document, stuffed it in her pantyhose, and walked out of the building, its sharp corners pressing into her skin. Later that day, President Trump fired James Comey, who had been leading an investigation into Russian election-meddling. Reality placed the document in an envelope without a return address and dropped it in a standing mailbox in a strip-mall parking lot. Court documents suggest she also sent a copy to another outlet, though which one we don’t know.
For a bad decision she made at 25, she may spend most of her productive years in prison. And in the current climate of secrecy and surveillance, it's hard to see how she can even defend herself against the charges.
Her trial is set for March.
Jaime Peters approached the Washington Post with a story about Republican Alabama U.S. Senate candidate Roy Moore. The Post this afternoon published a story about her:
A woman who falsely claimed to The Washington Post that Roy Moore, the Republican U.S. Senate candidate in Alabama, impregnated her as a teenager appears to work with an organization that uses deceptive tactics to secretly record conversations in an effort to embarrass its targets.
In a series of interviews over two weeks, the woman shared a dramatic story about an alleged sexual relationship with Moore in 1992 that led to an abortion when she was 15. During the interviews, she repeatedly pressed Post reporters to give their opinions on the effects that her claims could have on Moore’s candidacy if she went public.
The Post did not publish an article based on her unsubstantiated account. When Post reporters confronted her with inconsistencies in her story and an Internet posting that raised doubts about her motivations, she insisted that she was not working with any organization that targets journalists.
But on Monday morning, Post reporters saw her walking into the New York offices of Project Veritas, an organization that targets the mainstream news media and left-leaning groups. The organization sets up undercover “stings” that involve using false cover stories and covert video recordings meant to expose what the group says is media bias.
The best bit is about Philips' GoFundMe campaign.
But I digress. It's fascinating how much effort O'Keefe's organization puts into this crap, and how they're going after organizations that know a whole lot more about investigation than they do. I'm reminded of the scene in the last Superman movie where Batman is punching a Kryptonite-weakened Superman in the face...as the Kryptonite wears off. By punch #3, Superman is just looking at him like, "Dude." That seems to be where WaPo is with these clowns.