You know those little subscriptions you sign-up for using PayPal? They’re the ones for a few bucks that charge you periodically. Well, here’s a link to show you what PayPal is hooked up with to automatically pay in your name. It also shows any that you think are setup but in typical PayPal fashion have auto-borked themselves.
This Guardian article really lays it all out. Apparently Senators like Dianne Feinstein only like spying when they are excluded from the enormous drag net.
The exasperation with Ms Feinstein is that she directs her sense of outrage only at the CIA. It seems restricted to issues that impact on her. She is outraged when the CIA allegedly hacked into her committee’s computers. She is upset over the alleged intrusion into the privacy of her own staff.
From ExtremeTech:
In both cases, incorrect code short-circuited the functions that are supposed to verify whether or not a proper SSL certification has actually been presented. Red Hat found the error during a security audit and describes it thus: “It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.
Don’t forget to opt-out of Dropbox’s new arbitration default. Arbitration is almost never good for the customer. I’m not a fan of class action lawsuits, but sometimes the threat of big losses (even if most of the money goes to attorneys) keep companies in line. Not to mention, there’s usually limited discovery actions available in arbitration, which means proving bad faith would be pretty difficult.
From Glenn Greenwald at The Intercept comes this completely unsurprising story:
Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable
But what should be surprising and disturbing are the tactics, which frankly can destroy innocent lives and families:
On writing a book about Snowden and the NSA:
By September the book was going well – 30,000 words done. A Christmas deadline loomed. I was writing a chapter on the NSA’s close, and largely hidden, relationship with Silicon Valley. I wrote that Snowden’s revelations had damaged US tech companies and their bottom line. Something odd happened. The paragraph I had just written began to self-delete. The cursor moved rapidly from the left, gobbling text.
From CWZ:
Of all the files created, all password protected, and each containing the exact same malware, only the ZIP file with a password of ‘infected’ was scanned. This suggests that Google likely isn’t using a sizable word list, but it’s known that they are targeting the password of ‘infected’. To compensate, researchers should now move to a new password scheme, or the use of 7zip archives instead of ZIP.
I love what Krebs does with these investigative articles.
If I had to hazard a charitable guess about what is going on here, I would say some ambitious “affiliates” associated with these moneymaking schemes were abusing the system and pushing through charges on stolen credit cards. But it is difficult to escape the conclusion that this is little more than an elaborate (and probably successful) scam set up to steal little bits of money from lots and lots of people.
I’ve received some feedback on our scanning episode of Technical Difficulties. Katie Floyd posted a nice suggestion to automatically redact specific sensitive phrases from PDFs using Hazel.
For several versions now, PDFpen has had the ability to search a file for a string of text and redact that text. However, this functionality was not accessible via AppleScript. I begged with them to make it so. They came through in PDFpen version 6.
From Nathan LeClaire:
When trying this out for the first time on a recruiter I was interested in contacting, I found myself clicking the generated permutations in succession with a looming disbelief that this trick would actually work. Then, suddenly, Rapportive lit up with their portrait and social media info and I felt a funny buzzing sensation in my head as the possibilities swirled around in it.
From your friends at LinkedIn
