Tag Archive for POTUS

| April 21, 2020
Comments Off on Earth Day 2020

Earth Day 2020

Earth Day 2020Earth Day 2020 is Wednesday, April 22! This year is the 50th anniversary of Earth Day. The theme for Earth Day 2020 is climate action. On the global holiday’s 50th anniversary, the U.S. has one of the highest rates of climate change deniers.

In a survey conducted by the Pew Research Center, the percentage of U.S. adults who say global climate change is a major threat has risen from 44% to 60% since 2009. Statista reports, there’s a large chasm between Democrats and Republicans in their increased awareness.

Climate change awareness grows - Statista

Democrat respondents who say global climate change is a major threat went from 61% in 2009 to 88% in 2020. Republicans who say global climate change is a major threat only increased from 25% to 31% in 11 years. That change isn’t considered statistically significant according to Statista.

Science is useful

Despite increased overall awareness, the politicization of climate change has gotten worse. We are in an era when pretty much all science is under attack by populist leaders. Laws inspired by that first Earth Day are under threat of dismantlement by the current president. Trumpie has criticized climate scientists and downplayed the risks of climate change. Most Republican lawmakers continue to avoid the subject when not parroting the party line that businesses and industries are hobbled by climate-friendly policy and regulations.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| April 18, 2020
Comments Off on COVID Corporate Welfare

COVID Corporate Welfare

05/03/2020 – SBA said it discovered a data breach on the COVID relief application portal for Economic Injury Disaster Loans. The breach may have disclosed personal information — including Social Security numbers, income amounts, names, addresses, and contact information. Politico reports the breach affected 7,900 applicants for the EIDL program.

04/22/2020 – CNBC is reporting that 70% of the Paycheck Protection Program emergency funding has been claimed by large, publicly traded companies. Data from Morgan Stanley found that at least $243.4 million of the $349 billion available went to publicly traded companies.

The bankrupt PPP was supposed to help America’s small businesses stay afloat and prevent mass layoffs during the COVID lockdown. Morgan Stanley’s data shows that 15 firms worth over $100M got government funds. Among the wealthy firms claiming support are oil services company DMC Global. They got $6.7M. Biotechnology company Wave Life Sciences got $7.2 M. Fiesta Restaurant Group whose 329 restaurants are located in the Caribbean, Central America, South America, and the U.S got $10M.

COVID Corporate Welfare

I was hoping that we would never need the Recession topic on the Bach Seat again. But here we go again – down the economic commode abetted by bad policy and greed. The COVID-19 virus has wiped out more jobs in a few weeks than Wall Street erased in 18 months. Politico calculated that the jobs lost due to COVID in three weeks are larger than those lost during the 2007-2009 “Great Recession.” They also cite economic forecasts that predict unemployment will exceed its historic 25% peak during the Great Depression.

As an attempt to right the economic ship – Trump and his fellow travelers have put in place a $2 Trillions dollarCares Act.” The Cares Act has turned out to be is a giant middle finger to the working people. It is really an enormous corporate welfare bailout to the wealthiest corporations in the U.S. These greedy firms cannot manage their finances as well as the middle-class Americans they are laying off. Businesses are lining up for a government COVID bailout. Here are a few examples.

Fast Company reports that the hotel industry has met with the chief inn-keeper. They want $150 billion for hotel loan payments and employee layoff packages. 

Disney, Universal, and Expedia through their lobbyist U.S. Travel Association, requested $100 billion in a meeting with the Trumpster.

The LA Times is reporting that hedge funds, firms that control $80.5 Billion are claiming to be small businesses, They are seeking a bailout from the broken Paycheck Protection Program.

The bumbling aerospace giant Boeing wants a $60 billion bailout. Boeing’s problems started a year ago before COVID hit with the 737 MAX tragedies. The corporation paid out $65 billion in stock buybacks and dividends over the last ten years. It is highly politically connected.

Airlines for America wants $50 billion. The groups members include American Airlines, United Airlines, Delta Air Lines, Southwest Airlines, and Alaska Airlines, has  That is in spite of spending 96% of their free cash flow in the past decade on buying back their own shares of stock. The facts are that airline bankruptcy presents no significant risk to the economy as a whole. Airlines have safely flown through bankruptcy in the past.

Airports: The, Airports Council International-North America and the American Association of Airport Executives requested $10 billion from Congress, to be directed to U.S. airports for coronavirus relief.

Two of the richest people in the world want bailouts. Elon Musk of SpaceX and Jeff Bezos, the world’s richest man want$5 billion in grants or loans to keep commercial space company employees on the job and launch facilities open.” They also want the IRS to give them cash for R&D tax credits.  

The NYC Metropolitan Transportation Authority wants $4 billion in assistance for the New York City subway.

Everyone wants COVID bailout moneyEveryone wants COVID bailout money. CNBC reported 

The New York Times reported that Adidas is seeking a provision allowing people to use pretax money to pay for gym memberships to gyms that are closed.

The Washington Post reported that Trump was “strongly considering” a federal bailout for the fracking industry. One politically connected shale oil company, Continental Resources, founded by Harold Hamm, a Trump supporter  lost more than half of its market value

rb-

One that I can agree on. The National Restaurant Association wants a $455 billion aid package. Fast Company reports the COVID lockdown could lead to the loss of 5 to 7 million jobs.

Do republicans want pandemics to continue?It is arguable that the Republicans want pandemics to continue so they can keep feeding the rich with corporate welfare. Trumpies 2021 budget cuts funding for the CDC by $1.2 billion (15%) and eliminates $35 million of the Infectious Diseases Rapid Response Reserve Fund. 

Why use taxpayer money to help out companies that goose their stock price rather than saving the funds for a rainy day?

As Judge Leo Strine Jr., former chief justice of the Delaware Supreme Court wrote for the NYT – families are encouraged to put aside a reserve to pay their mortgages and bills and to feed themselves in case of an emergency. Why don’t corporations do the same? After a 10-year economic expansion that led to record increases in earnings, plus huge corporate tax relief, American corporations should have had substantial cash reserves to sustain them during a short period without revenue. But many did not and lived paycheck to paycheck.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| August 15, 2019
Comments Off on Why Coffee Is Called “a Cup of Joe”

Why Coffee Is Called “a Cup of Joe”

Why Coffee Is Called “a Cup of Joe”Followers of the Bach Seat know that coffee is vital to life. And while there and many ways to have a coffee – drip, cold brew, cappuccino, Irish, lattes, macchiato, mochas, even worse – iced mochas. And many places to get your coffee from home, Starbucks, Dunkin Donuts, or the best – Tim Horton’s to get your morning pick-me “cup of joe.”

Tim's largeWhy do we call our morning pick-me a “cup of Joe?”  There are a number of theories why it’s “Joe.” The first theory dates back to 1898 when according to Driftaway Coffee‘s blog, Martinson Coffee trademarked the term “cup of joe.” Martinson Coffee was founded in New York in 1898 by Joe Martinson. The author speculates that the coffee may have locally been called “Joe’s coffee” or a “cup of joe.” As the company grew, “cup of joe” could have expanded from a local nickname to a more widely used term by the 1930s

Brooke Nelson at Readers Digest says the most popular origin story goes back to Josephus Daniels during World War I. Mr. Daniels was appointed Secretary of the U.S. Navy during World War I by President Woodrow Wilson.

USS Josephus Daniels DLG/CG-27Mr. Daniels, a teetotaler, and vehement white supremacist imposed General Order 99 that prohibited alcohol aboard U.S. Navy ships on June 01, 1914. According to this theory, the loss of easy access to booze aboard U.S. Navy ships led to increased coffee consumption by sailors. The sailors sarcastically called it their new beverage “a cup of Josephus” in honor of the man who had banned their booze. The snarky name stuck and eventually turned into “a cup of Joe” for short.

Ms. Nelson concludes that this origin story for “cup of Joe” is amusing, but probably not true. She points out that the term “cup of Joe” only appears in writing for the first time in 1930—long after the Navy’s alcohol ban. Barbara Mikkelso at  Snopes.com also points out that U.S Navy ships had been officially dry for enlisted men since the spirit ration was abolished in 1862.

Not so average Joe drinking coffeeAnother theory is that “Joe” refers to the average man and is often used as slang for “fellow, guy, or chap.” Snopes reports this usage dates to 1846 and is still present today. “Joe” is used to describe a typical guy who is interchangeable with any other guy:

  • “G.I. Joe,”
  • “Joe Blow,” or
  • “Average Joe.”

So “cup of joe” could be another way of saying “the common man’s drink.”

Another origin story holds that “joe” is a mash-up of two other slang words for coffee “java” and “mocha.” The mash-up led to “jamoke,” which combines the words “java” and “mocha.”  Eventually “cup of jamoke” was shortened down to a “cup of Joe.” People do love to shorten their slang terms, after all.

Not so average Marilyn drinking coffeeSnopes says jamoke is the best theory for morphing into joe. The British etymologist Michael Quinion found an early documented example from 1931 in the Reserve Officer’s Manual by a man named Erdman:

‘Jamoke, Java, Joe. Coffee. Derived from the words Java and Mocha, where originally the best coffee came from.’”

rb-

So, where did this nickname really come from? No one knows for sure. No matter what you call it (or how you take it!), you can always count on a cup of joe to help you function in the morning.

Related Posts

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| June 29, 2019
Comments Off on Presidential Wannabe’s Don’t Use Email Security

Presidential Wannabe’s Don’t Use Email Security

Most Presidential Wannabe's Don't Use Basic Email SecurityWe are in the run-up to the 2020 silly U.S. Presidential election season. Not much has changed in the three years after Trump operatives Russian hackers targeted and breached the email accounts of Hillary Clinton’s presidential campaign. Email security firm Agari reports that nearly all 2020 presidential candidates have learned nothing. They have not implemented email security. They are not protected against email attacks, fraud, and data breaches typically run by nation-states.

During the 2016 presidential campaign, the chairman of Hilary Clinton’s campaign, John Podesta, was the victim of a spear-phishing attack. That attack led to the now-infamous WikiLeaks email publication. The WikiLeaks release derailed the campaign and influenced the result of the election. Agari’s CMO, Armen Najarian, explained the importance of DMARC email protection;

DMARC is more important than ever because if it had been implemented with the correct policy on the domain used to spearphish John Podesta, then he would have never received the targeted email attack from Russian operatives.

Which campaign practices email security

ClownsData released by the California-based firm found that just one presidential hopeful uses DMARC for email security. Democratic candidate Elizabeth Warren’s campaign is the only one that uses DMARC for email security. The Warren campaign has completely secured its campaign against the types of email threats that took down Clinton and harmed her campaign staff, potential donors, and the public.

Agari suggested in a blog post that the remaining 11 candidates it checked do not use DMARC. This includes Bernie Sanders, Joe Biden, and presidential incumbent Donald Trump. All do not use DMARC on their campaign domains to secure their email accounts. The company warned that the candidates risk their campaigns being impersonated in spam campaigns and phishing attacks.

Agari also analyzed advanced email security controls of the campaigns. They found that 10 of 12 have no additional protection beyond basic security included in Microsoft Office 365 or Google Suite.

Email alphabet soup

DMARC is not an email authentication protocol. It sits on top of the authentication standards SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail). With SPF and DKIM, DMARC supplements SMTP, the basic protocol used to send email, because SMTP does not include any mechanisms for email authentication.

A properly configured DMARC policy can tell a receiving server whether or not to accept an email from a particular sender. DMARC records are published alongside DNS records, including:

  • SPFemail security
  • A-record
  • CNAME
  • DKIM

Matt Moorehead at Return Path explains that DMARC is the latest advance in email authentication. DMARC ensures that legitimate email properly authenticates against established SPF and DKIM standards and that fraudulent activity appearing from domains under the organization’s control is blocked. Two key values of DMARC are domain alignment and reporting.

DMARC’s alignment feature prevents spoofing of the email “header from” address. To pass DMARC, a message must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment. A message will fail DMARC if the message fails both (1) SPF or SPF alignment and (2) DKIM or DKIM alignment.

DMARC flowrb-

Using email authentication to prove that an email comes from the person it says it is is important because nearly 30% of advanced email attacks (PDF) come from hijacked accounts. Without email, authentication accounts are vulnerable to email security-initiated breaches – attacks typically run by nation-states. The 2018 Verizon DBIR found that nation-state groups accounted for at least 23% of the attacks in successful breaches by an outsider.

DMARC is a widely deployed technology that can make the “header from” address (what users see in their email clients) trustworthy. DMARC helps protect customers and brands; it discourages cybercriminals, who are less likely to target a brand with a DMARC record.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| June 17, 2018
Comments Off on What is SS7?

What is SS7?

What is SS7?– Updated 10/25/2018 – The NYT is reporting that China and Russia are spying on Trump via his unsecured iPhone. NYT says that though intercepted calls, likely related to SS7 the Chinese have pieced together a list of the people with whom Mr. Trump regularly speaks in hopes of using them to influence the president, the officials said. Among those on the list are Stephen A. Schwarzman, the Blackstone Group CEO, and Steve Wynn, the former Las Vegas casino magnate.

Trump uses unsecure cell phoneA number of outlets are speculating that the Chinese are using the known SS7 flaw to spy on the president’s iPhone.  I have written about the problems with SS7 a number of times since 2016 and now the chicken has come home to roost.

Trump recently bragged that he gave the North Korean dictator his personal cell number. If that is true, he has created a major national security exposureKarsten Nohl, chief scientist at the firm Security Research Labs, who researches cell network attacks told Wired,  “Absolutely that is a problem.” He says hackers can abuse flaws in Signaling System 7 to listen in on someone’s phone calls, intercept their text messages, and track their location.

North Korean intelligence isn't already tracking Trump's phonesIf North Korean intelligence isn’t already tracking Trump’s phones through malware, a direct phone number could give them a way in. The SS7 attacks can give hackers relatively easy access to calls and texts, and location data. Wired points out that North Korea has proven itself as an adversary willing to hack and manipulate systems around the world for its financial or intelligence gain—it was responsible both for the 2014 hack of Sony and 2017’s WannaCry ransomware outbreak – SS7 hacking is likely no exception.

The telecom industry and U.S.government have done very little to plug the SS7 hole. Senator Ron Wyden, a Democrat from Oregon and a senior member of the Senate Select Committee on Intelligence, has been tracking the SS7 issue for several years. He has sent letters to FCC Chairman Ajit Pai, asking for answers on SS7 security and details about how many network providers have been breached through SS7. Mr. Wyden wrote, “I’ve spent the past year fighting to reveal what a terrible job the telephone companies and FCC are doing at protecting Americans from being spied on, tracked, or scammed.”

Attackers used SS7 to get customer dataFCC Chairman Ajit Pai

Mr. Wyden said he had been told by a big-name mobile network that malicious attackers are believed to have used SS7 to obtain US customer data. DHS confirmed reports of “nefarious” types leveraging SS7 to spy on American citizens by targeting their calls, text messages, and other information.

So what is SS7?

The Signaling System 7 (SS7) network is fundamental to cellphones operations, but its security design relies entirely on trust. The protocol does not authenticate messages; anyone with access to SS7 can send a routing message, and the network will make it. Now as SS7 network operators are opening the SS7 network to third-party access, vulnerabilities are being exposed and attacked initially by governments and now criminals.

Since 1975, over 800 telecommunications companies around the world use SS7 to ensure their networks interoperate. SearchNetworking.com defines the Signaling System 7 (SS7) as an international telecommunications standard that describes how network elements in a public switched telephone network (PSTN) exchange information over a digital signaling network.

SS7 control messages

SS7 control messages contain routing, congestion, and authentication information.

  • SS7 routing deals with: How do I send a call to 313-555-1234?
  • Congestion – What to do if the route to a network point is crowded.
  • Authentication – Confirms that the caller is a valid subscriber and lets the call set up continue.

They explain that SS7 consists of a set of reserved or dedicated channels known as signaling links. There are three kinds of network points signaling points:

  • Service Switching Points (SSPs) originate or terminate a call and communicate with SCPs to determine how to route a call or set up and manage some special feature.
  • Signal Transfer Points (STPs) are packet switches that route traffic on the SS7 network.
  • Service Control Points (SCPs) SCPs and STPs are usually mated so that service can continue if one network point fails.

Cell phonesSS7 out-of-band signaling (control) information travels on a separate, dedicated 56 or 64 Kbps channel and not within the same channel as the telephone call. Historically, the signaling for a telephone call has used the same voice circuit that the telephone call traveled on. Using SS7, telephone calls can be set up more efficiently and special services such as call forwarding and wireless roaming service are easier to add and manage. SS7 is used for:

  • Setting up and managing the connection for a call,
  • Tearing down the connection when the call is complete
  • Billing,
  • Managing features such as:
    • call forwarding,
    • calling party name and number display,
    • three-way calling,
    • Toll-free (800 and 888) and toll (900) calls
    • 911 emergency service calls in the US, and,
    • Other Intelligent Network (IN) services.
  • Wireless as well as wireline call service including:
    • Mobile telephone subscriber authentication,
    • Personal communication service (PCS) and,
    • Roaming,
    • SMS messages.

Within SS7, SMS messages are sent on the same channels and infrastructure as SS7 uses to control the core of the telephone networks.

When an SMS message is sent from an SMS-capable cell phone, the message is handled no differently than a normal call setup: it moves from the cell phone to a base station to a Mobile Switching Center (MSC).

SMS messageFrom the mobile switching center, the SMS message moves inside the SS7 network to the Short Messaging Service Center (SMSC), a standard part of the network. The SMSC queries the Home Location Register (HLR) to find out where the recipient of the message is and whether he or she is switched on to receive a message. If not, the SMSC stores the message until it can be delivered.

Mobile Switching Center (MSC) — The MSC is the equivalent of the local switch inside the mobile network. It provides very similar services to a switch, but uses virtual circuits over radio channels instead of physical voice circuits. One variation on the MSC is the Gateway Mobile Switching Center (GMSC) which routes calls into and out of the network and will not have phones locally registered.

Visitor Location Register (VLR) — The VLR is the database attached to an MSC that keeps track of all the phones currently “registered” to it, informing other nodes of status changes, and checking authentication information.

Short Message Service Center (SMSC) —The SMSC is the clearinghouse for SMS messages on an SS7 network and provides store-and-forward services.

Home Location Register (HLR) — HLR is a core database that keeps track of subscribers. It contains information on the current account status and provides authorization information for billing. When a call or SMS is trying to reach a subscriber, this is the node that is queried to find out where in the network that subscriber actually is.

SS7 Architecture

rb-

Mr. Nohl told Motherboard SS7 is, “probably the weakest link in our digital protection chain.” CTIA, the telecom lobbying arm, denies there is a problem with SS7. CTIA told DHS that the SS7 flaws are “perceived shortcomings.” They also said that talking about SS7 attacks is “unhelpful.” CTIA, practicing “security through obscurity,” claimed that talking about the issues may help hackers. 

This is a mess. Contact your senator and representative in D.C. and tell them to support Senator Wyden, efforts to force the FCC to deal with the SS7 flaws. 

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
« Older Entries