2017/10/02

What exactly hosts the mail on ijkfamily.com?

So what exactly hosts the mail on ijkfamily.com?

To sum up: Right now, it appears to be just the Trump organization email servers, which does not inspire confidence in their security.

Best as I can tell, as of 8pm Pacific time, it appears that it's hosted by the same servers running Trump org email, possibly hosted by "BBH Solutions" Here's what I did:

1) dig ijkfamily.com MX
yields:
;; ANSWER SECTION:
ijkfamily.com. 3055 IN MX 0 ijkpph01.ijkfamily.com.
ijkfamily.com. 3055 IN MX 0 ijkpph02.ijkfamily.com.

2) dig ijkpph01.ijkfamily.com
yields:
ijkpph01.ijkfamily.com. 3600 IN A 144.121.114.12

3) OK, let's try to telnet to port 25 and see what happens:

telnet 144.121.114.12 25
Trying 144.121.114.12...
Connected to 144.121.114.12.
Escape character is '^]'.
220 MAILHOST01.TRUMPORG.COM ESMTP Mon, 2 Oct 2017 23:03:16 -0400

4) TRUMPORG.COM? Well a server can be configured to say anything here, but, that's interesting. Let's do a sanity check here starting from the "trumporg.com" domain:
dig trumporg.com MX
-->trumporg.com. 3600 IN MX 0 mailhost01.trumporg.com.
dig mailhost01.trumporg.com
-->mailhost01.trumporg.com. 3600 IN A 144.121.114.12

Yup, same IP address as for ijkfamily.com, and therefore, same mail server. Presumably, it's whoever runs the Trump org IT, which is not in fact a commercial mail provider as far as i know. Various researchers in 2016 pointed out Trump org email servers were "horribly insecure" (https://thehackernews.com/2016/10/donald-trump-email-server.html, for example).

None of this inspires confidence.

5) Addendum: Going to http://whois.urih.com and plugging in the 144.121.114.12 address (to see who's hosting the actual servers, or at least proxying them) yields:

http://www.bbhsolutions.com/about-us/
BBH Solutions
2131 Jericho Tpke
Garden City, NY 11040

I don't know of any connection here but the DNS entries seem pretty conclusive -- this isn't being run by a commercial mail provider, but by Trump org internal IT (or vendor(s)).

[Originally published Oct 2, 2017 at https://plus.google.com/115608553892438743738/posts/Fj7vkKssvND]

2017/07/07

The problem with creation date metadata in PDF documents

Last night Rachel Maddow talked about an apparently fake NSA document "leaked" to her organization.  There's a lot of info there, I suggest you listen to the whole thing:

http://www.msnbc.com/rachel-maddow/watch/maddow-to-news-orgs-heads-up-for-hoaxes-985491523709

There's a lot to unpack there but it looks like somebody tried to fool MSNBC into running with a fake accusation based on faked NSA documents, apparently based on cloning the document the Intercept published back on 6/5/2017, which to all appearances was itself a real NSA document in PDF form.

I think the main thrust of this story is chilling and really important to get straight -- some person or persons unknown is sending forged PDFs to news organization(s), apparently trying to get them to run stories based on forged documents.  And I completely agree with Maddow that she was right to send up a "signal flare" to all the news organizations to look out for forgeries.  Really, really, really important stuff.

This post, though, is going to talk about a detail that Maddow may have gotten wrong, why it may be wrong, and how this bears on the possibility that the Intercept was somehow involved vs. any of the millions of people who downloaded the Intercept's published PDF file.

First, let's start with the assumption that the PDF Maddow has is a cloned-and-modified copy of https://assets.documentcloud.org/documents/3766950/NSA-Report-on-Russia-Spearphishing.pdf which is what the Intercept published.

Maddow looked at a bunch of things including the data and metadata of the document.  One of the key pieces of metadata was the "creation timestamp" of the PDF file.  To be clear, this is just a sequence of bytes in a file and could easily be faked if anybody cared to fake it, something that Maddow made clear too.  But if you assume that (A) the document is a clone-with-modifications of the Intercept's PDF and (B) the "creation timestamp" embedded in the PDF wasn't faked, there appeared to be an interesting factoid:  The "creation timestamp" reported by Maddow for her PDF is 3 hours before the actual publication of the PDF, but of course the PDF would necessarily have been created before it was put up on the web server and 3 hours doesn't seem unusual.

But the Intercept took umbrage at the suggestion that this was suspicious, saying:
If you look at the time stamp on the metadata on the document that The Intercept published, it reads “June 5, 12:17:15 p.m.” — exactly the same time and date, to the second, as the one on the document received by Maddow:
And they include a screenshot of the output of "exiftool" which indeed reports (in human readable form) a "Create Date" of "2017:06:05 12:17:15" (with no timezone).

The Intercept then goes on to add:
It’s also possible that simple time zones explain the discrepancy: that whoever forged the document was in a time zone several hours behind East Coast time, and June 5, 12:17 p.m., in that time zone is after The Intercept’s publication, not before.
(The time zone theory doesn't make a lot of sense, because it implies that somebody created a totally new PDF document in a time zone somewhere after publication, but just happened to make the minutes and second match exactly the ones in the original creation timestamp; but at least this is something that's actually testable on a technical level.)

And with this statement, I jump into the fray, because I'm a software engineer and have had to deal with this kind of technical ambiguity in timestamps way too many times and there might in fact be a way to answer at least this one small question absolutely with no ambiguity at all.

It is possible for a PDF file to contain timezone information (see  http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/pdfs/pdf_reference_1-7.pdf, page 160).  But sometimes software is stupid, and doesn't record what timezone it's talking about, which is horrible because it leads to confusion.  Did the Intercept's file contain a timezone?  

So I looked at the actual bytes of the Intercept's PDF.  No, it doesn't include timezone info:


Even though my local tool claims it's PDT; this is a lie:



Most likely, somebody downloaded the PDF file from the Intercept after publication, and modified it, leaving the original creation timestamp alone.  The way to tell if the two PDFs have the same or a different timestamp are to open up each one in a binary editor and search for "/CreationDate" and just compare the strings byte for byte, because timestamp formats are horrible and you can't trust the tools to get it 100% right.

So here's what you do, Rachel Maddow:  Open both PDFs in a binary editor ("vi" works on a Mac).  Search for the string "CreationDate".  See if the "D:##########" string matches in each of them.  If it matches, the files have the same creation timestamp, for whatever that is worth.

More broadly, everybody writing software: Just Say No to writing ambiguous timestamps!  And if you read one, DO NOT just slap the local timezone on the end like my local properties viewer does.  And if it's really, really important, check the bytes by hand.


2017/06/14

Electronic pollbooks are an attractive attack vector on elections


See http://www.politico.com/magazine/story/2017/06/14/will-the-georgia-special-election-get-hacked-215255

This appears to be a very easy and effective attack on election systems that does not even involve trying to flip votes.

"The center also distributes the voter registration list to counties for use on their ExpressPoll pollbooks; if attackers were to delete voter names from the database stored on the center’s server or alter the precinct where voters are assigned, they could create chaos on Election Day and possibly prevent voters from casting ballots. This is not an idle concern: During the presidential election last year, some voters in Georgia’s Fulton County complained that they arrived to polls and were told they were at the wrong precinct. When they went to the precinct where they were redirected, they were told to return to the original precinct. The problem was apparently a glitch in the ExpressPoll software."

-- http://www.politico.com/magazine/story/2017/06/14/will-the-georgia-special-election-get-hacked-215255

In other words, the very system that had major security problems and a lack of due diligence in fixing them, maintains the "source of truth" for the per-precinct registration lists. Merely deleting voters from lists in precincts which are known to lean towards one party or the other would probably be enough to tip an election (even if they are allowed to vote provisionally, that doesn't always go smoothly, and it always slows things down and creates confusion; if you can get them shuttling between precincts through manipulating the files, even better.)

This is an attractive attack vector because it's easy, it doesn't require attacking voting machines at all, could be done by attacking a "low security" system, and could be blamed on "glitches" quite plausibly. And we already know from the leaked report last week that state-level actors were attempting to modify voter roll information in other systems.

[This was originally published Jun 14, 2017 at https://plus.google.com/115608553892438743738/posts/QxYGgrETgwh]

2017/02/03

"We will give him a family and he will be our brother"


Remember this?

"Dear President Obama,
Remember the boy who was picked up by the ambulance in Syria? Can you please go get him and bring him to [my home]? Park in the driveway or on the street and we will be waiting for you guys with flags, flowers, and balloons. We will give him a family and he will be our brother..."

(At this point, I cannot read this caption without tears coming to my eyes.)

(Ref: https://www.theatlantic.com/news/archive/2016/09/six-year-olds-letter/501203/)


[Originally published Feb 3, 2017 at https://plus.google.com/115608553892438743738/posts/fapk4NdA9Re]

2017/02/02

Why We Do Not Punch Nazis And We Oppose Those Who Do

On punching Nazis: It is NOT OK to punch Nazis in the street. Stop it. Anyone who is doing this is hurting the cause. Everyone who cares about the civil rights needs to yell at people doing this, stop them where possible, and allow the police to arrest them.

I hope that position is clear. If you want to argue against this, or you want arguments for this position, please read on.

Why We Do Not Punch Nazis And We Oppose Those Who Do

1. We stand for civil rights. One of those rights is to anyone regardless of their beliefs to be able to walk in public and not be punched. This reason is sufficient.

2. It is a stupid and self defeating strategy. It gives talking points to the Nazis and lets them be victims (even if they were using "fighting words" and inciting violence). This reason is also sufficient, so even if you disagree with me on #1, please seriously consider #2.

Here's some ridiculous stuff I've heard on the Internet and why it's ridiculous.

Argument: "But We Punched Hitler!"

Yes we did, when we declared war against the Axis and defended the free world from fascism last time around. (And thank you, Greatest Generation, once again.)

But we are NOT at war and you do NOT want to open that door. Know why? Because in a war, you don't punch Nazis, you shoot them and kill them, preferably from a long distance with lots of technology to multiply your effectiveness. And they will be doing the same thing to you. You want a second Civil War? No? OK, good, you're sane.

Argument: "But I Want to Take Action!"

Awesome! Take action. Start with calling everybody in Congress you can get ahold of starting with you representatives. Write letters. March. Talk to people and convince them that there is a clear and present danger to the Constitution. Resist fascists and yell at them and make them mentally uncomfortable. Put your body on the line when necessary. Nonviolent resistance has a proven track record.

If you really, really, really want to punch a Nazi after all this, go ahead and challenge one to a boxing match in a ring with legal waivers. If they accept, put it on YouTube and contribute the ad proceeds to the ACLU, OK?

(Side note: This is all playing out in front a big audience. If only 5% of the eligible voters WHO DID NOT VOTE in the recent election become mobilized and voted on our side, we will have a totally different government.)

Argument: "But Protests Alone Didn't Work Against Nazis Last Time"

Studying history, excellent. Please read https://en.wikipedia.org/wiki/Reichstag_fire. Punching Nazis didn't work last time. Now read about the history of the Civil Rights movement, especially the nonviolent resistance. This month is a good one for it. It appears that the current administration doesn't know anything about this history, so we can crib from it and it will surprise them.

"None of These Arguments Convince Me, I Want to Punch Nazis and Burn Things"

OK. It's a free country and you have every right to have those feelings and thoughts. If you take action on those feelings and thoughts, I will do my best to stop you and hand you over to the police, because those things are wrong and they are hurting the cause of civil rights. You're not part of my cause.

Argument: "None of These Arguments Convince Me, I'm Actually a False Flag Operative Trying to Delegitimize Your Cause"

Hi there! Thought you might show up. Yep, you can try, but you'll be unmasked by your own actions and if possible handed over to the police (see above). Enjoy your night in jail.
---
Addendum: As always self defense is perfectly acceptable. If Nazis are punching YOU then you have every right to defend yourself with appropriate force.

[Originally published Feb 2, 2017 at https://plus.google.com/115608553892438743738/posts/5jgzZL3Gcnu]

2017/01/07

Paper ballots are critical election security infrastructure

Why voter-verified paper audit trail is so important. (https://en.wikipedia.org/wiki/Voter-verified_paper_audit_trail)

From the 1/6/16 intelligence assessment: "Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards. DHS assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying."

So either (a) the Kremlin tried to compromise vote tallying systems but didn't succeed or (b) they were after something else having to do with "state or local electoral boards", and maybe succeeded.

Both of these possibilities are terrible and we should block this kind of election fraud.

The security of most electronic voting systems without paper trails can plausibly be compromised by state level actors. (This is the consensus view of the software engineering professionals.) The best practice to defend against this is a paper trail and automatic recounts.

See https://medium.com/@jhalderm/want-to-know-if-the-election-was-hacked-look-at-the-ballots-c61a6113b0ba#.b25sz36l6, especially the following about how an attacker might accomplish this:

"First, the attackers would probe election offices well in advance in order to find ways to break into their computers. Closer to the election, when it was clear from polling data which states would have close electoral margins, the attackers might spread malware into voting machines in some of these states, rigging the machines to shift a few percent of the vote to favor their desired candidate."

It's very hard to say from the intelligence report whether this was the first part of an attempt or not. But it's very concerning, which is why every state that cares about the integrity of its election results should implement paper trail and automatic recounts.

(The other possibility is perhaps just as disturbing -- that the Kremlin was not targeting vote tallying but something else having to do with electoral boards not directly tied to vote tallying. Blackmail material?)

Back to the intelligence report, the next paragraph:

"We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their
election processes."

[Originally published Jan 7, 2017 at https://plus.google.com/115608553892438743738/posts/NprmqKdEzY5.  Subsequently, I have seen many problems with the machine-generated "audit trails" sold by vendors and believe that we should minimize the use of machine printed ballots and maximize the use of hand marked ballots in order to have meaningful audits and defend against this kind of election fraud.]

2017/01/02

How to Deal with Donald Trump

I don't know Donald Trump, but I've dealt with his specific cluster of personality traits before. I have some rules for dealing with them. You may find them useful the next few years.

1. If possible, do not engage

This may seem like useless advice, given Trump will be President in three weeks But keep it in mind. The best possible strategy for dealing with someone like Trump is: Don't. Go no contact, do not engage with him. Do something else more productive.

2. If you have to engage, be BIFF

If you are forced to engage with him, keep it Brief, Informative, Friendly, and Firm (BIFF). Don't get into Twitter wars. Don't antagonize him or try to set him off (he'll go off on his own anyway). Be impersonal but friendly.

Pick your battles carefully. But once you do pick a position and draw a line, do not waver from it no matter what Trump and his allies throw at you.

3. Believe actions, not words

Trump's words are meaningless -- or, worse, a distraction or smokescreen that obscures what's really going on. Don't pay a lot of attention to them; prioritize attention to actions. Don't over-analyze his words.

Never ever trade something in exchange for a promise from Trump. Demand payment up front if you must violate rule #1.

When Trump does one thing and says another, believe what he does and ignore the words.

4. Do not give the benefit of the doubt

We reflexively give the benefit of the doubt, especially to the President. Our political institutions codify this. The strong temptation is to give Trump chance after chance.

That makes no sense at this point. He had his chance after winning the election to turn over a new leaf and to demonstrate what kind of President he plans to be.

This means that him saying something has zero effect, for or against, on whether or not you should believe it.

5. Use positive reinforcement

You get what you reward. Sometimes Trump will say or do things that actually make sense. Positively reinforce when he does, while keeping in mind rules 2-4. Give praise for this, even if his other actions are terrible.

But don't reward him for words.

6. Don't normalize the abnormal

It's a slippery slope. A situation may not be changeable today, but that does not mean it cannot be changed. Simultaneously be realistic, while working towards a better tomorrow.

7. Be patient and proactive

"A lie can travel half way around the world while the truth is putting on its shoes."
-- Mark Twain

"Truth is the daughter of time, not of authority."
-- Francis Bacon

Trump and his allies have enormous power right now. But it's fragile, based on reality distortion. In the long run, if we keep the record clear, this can be apparent.

Trump will do everything possible to muddy the record. Defend the record, make sure that the ground truth is available for those who want it.

8. Keep Reading and Learning

Keep informing yourself. Start with these excellent articles from the Atlantic and Teen Vogue if you haven't read them already:

http://www.theatlantic.com/notes/2016/11/a-reflexive-liar-in-command-guidelines-for-the-media/508832/

http://www.teenvogue.com/story/donald-trump-is-gaslighting-america

[Originally published Jan 2, 2017 at https://plus.google.com/115608553892438743738/posts/9YTq4MQd53o]

COVID-19: Evaluating School Closures

I'm getting increasingly concerned that many Santa Clara County public schools are continuing normal operations when -- based on availab...