Joe Biden | Bach Seat

Tag Archive for Joe Biden

RB | June 29, 2019

Comments Off

Presidential Wannabe’s Don’t Use Email Security

We are in the run-up to the 2020 ~~silly~~ U.S. Presidential election season. Not much has changed in the three years after ~~Trump operatives~~ Russian hackers targeted and breached the email accounts of Hillary Clinton’s presidential campaign. Email security firm Agari reports that nearly all 2020 presidential candidates have learned nothing. They have not implemented email security. They are not protected against email attacks, fraud, and data breaches typically run by nation-states.

During the 2016 presidential campaign, the chairman of Hilary Clinton’s campaign, John Podesta, was the victim of a spear-phishing attack. That attack led to the now-infamous WikiLeaks email publication. The WikiLeaks release derailed the campaign and influenced the result of the election. Agari’s CMO, Armen Najarian, explained the importance of DMARC email protection;

DMARC is more important than ever because if it had been implemented with the correct policy on the domain used to spearphish John Podesta, then he would have never received the targeted email attack from Russian operatives.

Which campaign practices email security

Data released by the California-based firm found that just one presidential hopeful uses DMARC for email security. Democratic candidate Elizabeth Warren’s campaign is the only one that uses DMARC for email security. The Warren campaign has completely secured its campaign against the types of email threats that took down Clinton and harmed her campaign staff, potential donors, and the public.

Agari suggested in a blog post that the remaining 11 candidates it checked do not use DMARC. This includes Bernie Sanders, Joe Biden, and presidential incumbent Donald Trump. All do not use DMARC on their campaign domains to secure their email accounts. The company warned that the candidates risk their campaigns being impersonated in spam campaigns and phishing attacks.

Agari also analyzed advanced email security controls of the campaigns. They found that 10 of 12 have no additional protection beyond basic security included in Microsoft Office 365 or Google Suite.

Email alphabet soup

DMARC is not an email authentication protocol. It sits on top of the authentication standards SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail). With SPF and DKIM, DMARC supplements SMTP, the basic protocol used to send email, because SMTP does not include any mechanisms for email authentication.

A properly configured DMARC policy can tell a receiving server whether or not to accept an email from a particular sender. DMARC records are published alongside DNS records, including:

SPF
A-record
CNAME
DKIM

Matt Moorehead at Return Path explains that DMARC is the latest advance in email authentication. DMARC ensures that legitimate email properly authenticates against established SPF and DKIM standards and that fraudulent activity appearing from domains under the organization’s control is blocked. Two key values of DMARC are domain alignment and reporting.

DMARC’s alignment feature prevents spoofing of the email “header from” address. To pass DMARC, a message must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment. A message will fail DMARC if the message fails both (1) SPF or SPF alignment and (2) DKIM or DKIM alignment.

rb-

Using email authentication to prove that an email comes from the person it says it is is important because nearly 30% of advanced email attacks (PDF) come from hijacked accounts. Without email, authentication accounts are vulnerable to email security-initiated breaches – attacks typically run by nation-states. The 2018 Verizon DBIR found that nation-state groups accounted for at least 23% of the attacks in successful breaches by an outsider.

DMARC is a widely deployed technology that can make the “header from” address (what users see in their email clients) trustworthy. DMARC helps protect customers and brands; it discourages cybercriminals, who are less likely to target a brand with a DMARC record.

How to fight 2020 election hacking: Here’s what cybersecurity experts say (Fast Company)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2019, APT, Bernie Sanders, Clown, DKIM, DMARC, Donald Trump, Elizabeth Warren, email, Joe Biden, Phishing, POTUS, Security, SMTP, SPAM, SPF

RB | May 18, 2011

3 comments

Tech Regulatory Capture

Regulatory capture occurs when governmental bodies created to act in the public interest instead advances the commercial or special interests that dominate the industry or sector it is charged with regulating. Regulatory capture is a form of government failure, as it can encourage large firms to exploit the public.

Sunlight: Congress’ Revolving Door to Telecom, Cable Firms

According to a 2010 Washington Post article, broadband providers including Comcast, Time Warner Cable, AT&T and Verizon Communications have amassed armies of former government officials to lobby against net neutrality and other regulations at the Federal Communications Commission, according to a report by the Sunlight Foundation. The nonprofit public interest organization said those firms hired 276 former government officials, including 18 former members of Congress, to fight against rules that would require them to treat all Web sites and content equally on their networks.

AT&T (T) has hired Republicans and Democrats from the US House and Senate to lobby for them including:

Jim Davis former Democratic congressman from Florida;
Trent Lott former Republican senator from Mississippi;
Vic Fazio former Democratic representative from California;
John Breaux former Republican senator from Louisiana;
J.C. Watts former Republican representative from Oklahoma.

Comcast (CMCSA) has also hired former politicians like:

Democratic representative Ron Klink from Pennsylvania;
Republican Senator Don Nickles from Oklahoma;
Democratic Representative William H. Gray from Pennsylvania.

Verizon (VZ) hired Republican representative Jack Fields from Texas.

The cable industry trade group National Cable & Telecommunications Association, hired Chip Pickering, a former Republican congressman from Mississippi.

The US Telecom Association, the Broadband Association hired Al Wynn former Democratic representative from Maryland.

Revolution LLC.

Ron Klain is General Counsel of former AOL CEO Steve Case’s Revolution LLC. Prior to joining Mr. Case’s firm Mr. Klain has extensive public service, most recently as a senior White House aide to President Obama, and Chief of Staff to Vice President Biden. He has also served as Chief of Staff or Staff Director for Vice President Al Gore, Attorney General Janet Reno, the Senate Democratic Leadership Committee, and the Senate Judiciary Committee. Mr. Klain was also Associate Counsel to President Clinton and a law clerk to Supreme Court Justice Byron White. He has served as a top debate preparation advisor to Presidents Obama and Clinton, and Democratic Presidential nominees Al Gore and John Kerry.

State Department’s Katie Stanton Moves to Twitter

Twitter has captured Katie Stanton, a special adviser at the State Department and former White House staffer. She is heading to Twitter to work on international business strategy according to the Washington Post. Ms. Stanton tweeted her move to the social information platform’s San Francisco office. The Post says Ms. Stanton will be a vice president driving Twitter’s international business strategy and operations. Ms. Stanton previously worked at Google as a product manager for the search engine’s finance application.

She joined the White House as the director of citizen participation after working on new media strategies for President Obama’s election campaign. Stanton moved to the State Department last year, working with Alec Ross, senior adviser for innovation, on how to use social media tools and technology for diplomatic goals.

Facebook Hires White House Adviser as New VP

AppScout reported that Facebook has captured an economic adviser to President Obama to serve as its new vice president of global public policy. Marne Levine is the special assistant to the president for economic policy and chief of staff for the National Economic Council at the White House.

“With over 70 percent of our users living outside the United States, her unique mix of government and Internet industry experience will be invaluable to help Facebook address some of the most interesting questions at the intersection of technology and public policy,” Elliot Schrage, vice president of global communications at Facebook, said in a statement.

Levine will work out of Facebook’s D.C. office where she will oversee and coördinate interactions with governments and non-governmental organizations, Facebook said. She will also help to build Facebook policy teams in Asia, the Americas, and Europe.

According to the article Ms, Levine helped launch an online peer-to-peer payment platform and helped manage its privacy and compliance issues which are probably why Facebook hired her so she can lobby her former boss on privacy and banking issues.

Regulatory Capture in Industrial Age and Information Age Business (nationalspacestudiescenter.wordpress.com)

Category: Uncategorized | Tags: 2011, Al Gore, AOL, AT&T, Comcast, Facebook, Joe Biden, Obama, Politics, President, Twitter, Verizon, White House

Bach Seat