Skip to main content

Posts

Showing posts from 2017

What exactly hosts the mail on ijkfamily.com?

So what exactly hosts the mail on ijkfamily.com?

To sum up: Right now, it appears to be just the Trump organization email servers, which does not inspire confidence in their security.

Best as I can tell, as of 8pm Pacific time, it appears that it's hosted by the same servers running Trump org email, possibly hosted by "BBH Solutions" Here's what I did:

1) dig ijkfamily.com MX
yields:
;; ANSWER SECTION:
ijkfamily.com. 3055 IN MX 0 ijkpph01.ijkfamily.com.
ijkfamily.com. 3055 IN MX 0 ijkpph02.ijkfamily.com.

2) dig ijkpph01.ijkfamily.com
yields:
ijkpph01.ijkfamily.com. 3600 IN A 144.121.114.12

3) OK, let's try to telnet to port 25 and see what happens:

The problem with creation date metadata in PDF documents

Last night Rachel Maddow talked about an apparently fake NSA document "leaked" to her organization.  There's a lot of info there, I suggest you listen to the whole thing:

http://www.msnbc.com/rachel-maddow/watch/maddow-to-news-orgs-heads-up-for-hoaxes-985491523709

There's a lot to unpack there but it looks like somebody tried to fool MSNBC into running with a fake accusation based on faked NSA documents, apparently based on cloning the document the Intercept published back on 6/5/2017, which to all appearances was itself a real NSA document in PDF form.

I think the main thrust of this story is chilling and really important to get straight -- some person or persons unknown is sending forged PDFs to news organization(s), apparently trying to get them to run stories based on forged documents.  And I completely agree with Maddow that she was right to send up a "signal flare" to all the news organizations to look out for forgeries.  Really, really, really import…

Electronic pollbooks are an attractive attack vector on elections

See http://www.politico.com/magazine/story/2017/06/14/will-the-georgia-special-election-get-hacked-215255

This appears to be a very easy and effective attack on election systems that does not even involve trying to flip votes.

"The center also distributes the voter registration list to counties for use on their ExpressPoll pollbooks; if attackers were to delete voter names from the database stored on the center’s server or alter the precinct where voters are assigned, they could create chaos on Election Day and possibly prevent voters from casting ballots. This is not an idle concern: During the presidential election last year, some voters in Georgia’s Fulton County complained that they arrived to polls and were told they were at the wrong precinct. When they went to the precinct where they were redirected, they were told to return to the original precinct. The problem was apparently a glitch in the ExpressPoll software."

-- http://www.politico.com/magazine/story/2017/06/14/w…

"We will give him a family and he will be our brother"

Remember this?

"Dear President Obama,
Remember the boy who was picked up by the ambulance in Syria? Can you please go get him and bring him to [my home]? Park in the driveway or on the street and we will be waiting for you guys with flags, flowers, and balloons. We will give him a family and he will be our brother..."

(At this point, I cannot read this caption without tears coming to my eyes.)

(Ref: https://www.theatlantic.com/news/archive/2016/09/six-year-olds-letter/501203/)


[Originally published Feb 3, 2017 at https://plus.google.com/115608553892438743738/posts/fapk4NdA9Re]

Why We Do Not Punch Nazis And We Oppose Those Who Do

On punching Nazis: It is NOT OK to punch Nazis in the street. Stop it. Anyone who is doing this is hurting the cause. Everyone who cares about the civil rights needs to yell at people doing this, stop them where possible, and allow the police to arrest them.

I hope that position is clear. If you want to argue against this, or you want arguments for this position, please read on.

Why We Do Not Punch Nazis And We Oppose Those Who Do

1. We stand for civil rights. One of those rights is to anyone regardless of their beliefs to be able to walk in public and not be punched. This reason is sufficient.

2. It is a stupid and self defeating strategy. It gives talking points to the Nazis and lets them be victims (even if they were using "fighting words" and inciting violence). This reason is also sufficient, so even if you disagree with me on #1, please seriously consider #2.

Here's some ridiculous stuff I've heard on the Internet and why it's ridiculous.

Argument: "…

Walter Shaub blasts Trump's 'meaningless' plan to avoid Emoluments Clause violations

See https://www.washingtonpost.com/news/powerpost/wp/2017/01/11/federal-ethics-chief-blasts-trumps-plan-to-break-from-businesses-calling-it-meaningless/?utm_term=.49c762a3b828

Federal ethics chief blasts Trump's plan to break from businesses, calling it 'meaningless'.

NPR called it "smoke and mirrors".  Sounds about right.

[Originally published Jan 11, 2017 at https://plus.google.com/115608553892438743738/posts/aL75cKz3qRP]

Paper ballots are critical election security infrastructure

Why voter-verified paper audit trail is so important. (https://en.wikipedia.org/wiki/Voter-verified_paper_audit_trail)

From the 1/6/16 intelligence assessment: "Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards. DHS assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying."

So either (a) the Kremlin tried to compromise vote tallying systems but didn't succeed or (b) they were after something else having to do with "state or local electoral boards", and maybe succeeded.

Both of these possibilities are terrible and we should block this kind of election fraud.

The security of most electronic voting systems without paper trails can plausibly be compromised by state level actors. (This is the consensus view of the software engineering professionals.) The best practice to defend against this is a paper trail and automatic recounts.

See https://medium.com/@jha…

How to Deal with Donald Trump

I don't know Donald Trump, but I've dealt with his specific cluster of personality traits before. I have some rules for dealing with them. You may find them useful the next few years.

1. If possible, do not engage

This may seem like useless advice, given Trump will be President in three weeks But keep it in mind. The best possible strategy for dealing with someone like Trump is: Don't. Go no contact, do not engage with him. Do something else more productive.

2. If you have to engage, be BIFF

If you are forced to engage with him, keep it Brief, Informative, Friendly, and Firm (BIFF). Don't get into Twitter wars. Don't antagonize him or try to set him off (he'll go off on his own anyway). Be impersonal but friendly.

Pick your battles carefully. But once you do pick a position and draw a line, do not waver from it no matter what Trump and his allies throw at you.

3. Believe actions, not words

Trump's words are meaningless -- or, worse, a distraction or smok…