ancianita
ancianita's JournalFWIW -- EFF Training in Malware, Phishing, What They Are, How To Protect Against Them
Just putting this Electronic Frontier Foundation (home page https://www.eff.org) training material out here in case it's useable.
Right now it might be for any of us who actively work on campaigns through computers, or communicate through emails or apps across campaign sites, party sites; or collect data, and actively input information during campaigns.
I'll be working through the GE and plan to check how computers security work and/or is used if/when I get near any.
It's better to be aware and not need it, than to need it and not be aware when we do.
https://sec.eff.org/uploads/upload/file/34/SEC-MalwareandPhishingHandout.pdf
https://sec.eff.org/topics/phishing-and-malware?fbclid=IwAR1rByWW6T2QEwRxpqio42M3joN4VIPI7ZLyusmlaocLUGx4wGQ39IsHPkQ
Any and all original material on the EFF website may be freely distributed at will under the Creative Commons Attribution License, unless otherwise noted. All material that is not original to EFF may require permission from the copyright holder to redistribute.
You do NOT have to ask permission to post original EFF material on a mailing list or newsgroup, to use an EFF logo as a pointer to us on your web site, or to reprint an EFF statement in a newspaper article. Permission to do such things is explicitly granted. Please do not write to us asking for permission, as this wastes our time and yours.
From page 1
● computer viruses
● programs that steal passwords
● programs that secretly record you
● programs that secretly delete your data
PHISHINGis when an attacker sends a message, email, or link that looks innocent, but is actually malicious. Phishing often involves impersonating someone you know or impersonating a platform that you trust.
Note: Not all phishing includes malware.
Sometimes an attacker wants to steal passwords to a service and might do so by impersonating a website, without installing malware on the user’s device.
--- COMMON WAYS MALWARE IS INSTALLED ---
-- OPENING A MALICIOUS ATTACHMENT OR FILE
A malicious attachment is often shared in phishing messages
-- CLICKING A MALICIOUS LINK
A malicious link is often shared in phishing messages.
-- DOWNLOADING UNLICENSED SOFTWARE
Software that cannot receive security updates increases risk (e.g. not from the Apple App store or Google Play store.)
-- VISITING COMPROMISED WEBSITES
Sometimes websites are taken over and are used to host malicious content.
-- DOWNLOADING AUTOMATIC CONTENT
Attackers may gain access to a network and can use this network to spread malware.
-- SHARING USB DEVICES OR PLUGGING INTO SUSPICIOUS PORTS
A charging station or port can be used to download malware.
--- TYPES OF MALWARE ---
ADWARE
ads everywhere
This malicious software usually attempts to display advertising to the user via overloading pop-ups or other methods. Some adware tracks information on the user or extracts personal information. Adware, like other malware, can be bundled with other software, often downloaded from non-reputable sources, such as outside of official app stores or from the software developer.
STALKERWARE
when your device helps your stalker
Stalkerware runs silently and gives the attacker full control over a device. Stalkerware can be installed when somebody has physical access to your device (such as a family member or partner, “let me use your phone for a moment”) and installs a stalkerware app or when a user gets tricked into downloading the app.
TROJAN
like a gift but an attack in disguise
When downloaded, Trojan software may perform like the intended legitimate application, but is in fact doing malicious things in the background. This is often found in pirated or “cracked” software or fake antivirus software.
RANSOMWARE
software holding you hostage
When downloaded, this malicious software holds a company, organization, or individual’s data for ransom. Ransomware gained popularity in the last decade and is now a multi-million dollar business for hackers around the world.
A.P.T. ATTACK
Advanced Persistent Threat
An A.P.T. attack is malware from an adversary with sophisticated capabilities and substantially more resources dedicated to achieving their goals: compromising your system. A.P.T. attacks are often used simultaneously with nation-state actors who will attempt to maintain “persistence,” or long -term access, to the system they are targeting.
from page 2
5 TIPS FOR DEFENSE AGAINST MALWARE
TIP #1: UPDATE YOUR SOFTWARE
(& CHECK YOU ARE USING LICENSED* SOFTWARE)... and lots more
2020, Every Day -- Rip It Up, Nancy!
Matt Gaetz and Trumpers don't get it.
Americans heard at least three lies in 45's presidenting show before Congress.
1. The economy? Job growth was higher under Carter, Clinton and Obama than under Trump.
Unless one is the 'F you, got mine' voter, pro-45 voters can't use THAT lie.
2. Education? US Homeless Student Population Reaches 1.5M, 8.6% of them WITHOUT families, 91.4% WITH families.
Unless one is a spite voter, pro-45 voters can't use THAT lie.
3. 40 million Americans still live in poverty caused by the above problems, added to corporate gentrification of rent districts, and unnatural climate crisis disasters.
Unless one is the non-reading voter, pro-45 voters can't use THAT lie, either.
So, Trump voters, just the 2020 SOTU alone gave the lie to your voting.
What else has your impeached leader got that's not an outright lie? Nothing.
80% of America, being good Christians and Americans, see Trump voters' other denials about ...
— 200+ contacts with a self-declared enemy, Russia
— clandestine server communications
— hush money for extramarital sex;
— pedophilic rich friends;
— debts and payments to influence the 2016 election;
— hidden taxes and financial records;
— breaking campaign finance laws;
— breaking tax laws;
— scoffing at any law;
-- breaking constitutional law;
— money laundering;
— thousands of lawsuits;
— illegal business practices, NDA’s;
— emoluments (e.g., profits made from military and govt personnel staying at Trump International Hotel, Washington, D.C., and other properties);
— 15,000+ lies (or misleading statements; e.g.,” what you’re hearing and seeing isn’t what’s happening …”)
— mocking, unethical insults to millions of Americans;
— foundation fraud;
— controlling an alt-right henchmen, bagmen syndicate
— witness intimidations, public and private;
— golfing that sucks 287.2 years of president salary from Americans ;
— cages of thousands of cold, lonely, sickened, permanently damaged children, guarded but uncared for.
These atrocities are just what normal Americans CAN see.
One unethical mockery of The People's House doesn't fool Americans who see a Mordor darkness descend on their capitol building that keeps a nation of laws.
The sauron-esque president and his congressional orcs rip up Truth and Law.
Speaker Pelosi ripped up their lies.
45's neonazi boyz like Gaetz file their hyprocrisies, strut their foolishness.
Democrats and Americans 'bout to rip that up.
U.S. Constitution 2020.
How We Can Commemmorate Our Fight For A Nation of Laws
We must make the country SEE the state we're in, the fight we're going through.
We need artists to remember this fight and these fighters in portraiture -- Pelosi, Schiff, Nadler, Democratic House attorneys, staff, and the entire House Democratic majority who won over Mitt Romney.
Even more, we can promote any and all art, music, education and media that sustain a rule of law culture against fascist or financial powers or alt right culture that promote only a nation of men.
As Pelosi, Schiff, Nadler, Democratic House attorneys and staff constantly stand inspired by our Founders, quote them, live up to them in word and deed, so we must try to promote them however we can.
We can uphold their "“Undaunted resolution." We must, for our children and grandchildren, pledge "our lives, our fortunes, our sacred honor." Yes, we can. We must try.
Because our Founders did not come out of their situation unscathed.
for reasons of security, the Declaration with the signatures was not published until January, 1777—six months after the signing—for it was fully understood that if the Revolution failed, the signers would be rounded up, their property confiscated, and their lives forfeited...
Nearly all the signers, in either a civil or a military role, became involved in the prosecution of the war. Over a fourth of them—seventeen—saw military service, and twelve of these were actively in the field during the Revolution. Four of them were taken prisoner. A civilian signer, Richard Stockton of New Jersey, father-in-law of Dr. Rush, who served as Surgeon General, was, however, the first to be captured...
Stockton was one of those who gave both his life and his fortune to back the instrument that he had signed: his health permanently broken by the ordeal of imprisonment and his fortune virtually wiped out, he died, at fifty, before the war was over.
Several of the signers lost their fortunes not to enemy action but in acts of private generosity for the public good.
https://www.americanheritage.com/we-mutually-pledge-each-other-our-lives-our-fortunes-and-our-sacred-honor#3
Post-Prayer Breakfast, Speaker Pelosi Tears Up Both Trump's Speeches
and Trump lies About H.R. 3, and how anything Trump brags about now is due to OBAMA MOMENTUM, NOT OBAMA MESS.
EDIT: NEW -- NOT FOX -- VIDEO, Longer b/c of live stream. Speech starts at 23:50.
More EFF News: The Safeguarding Americans' Private Records Act Builds on Earlier Surveillance Reform
This bipartisan legislation includes significant reforms to the government’s foreign intelligence surveillance authorities, including Section 215 of the Patriot Act.
Section 215 of the PATRIOT Act allows the government to obtain a secret court order requiring third parties, such as telephone providers, Internet providers, and financial institutions, to hand over business records or any other “tangible thing” deemed “relevant” to an international terrorism, counterespionage, or foreign intelligence investigation.
If Congress does not act, Section 215 is set to expire on March 15.
...This renewed bipartisan interest in FISA transparency and accountability—in combination with the March 15 sunset of Section 215—provides strong incentives for Congress to enact meaningful reform of an all-too secretive and invasive surveillance apparatus.
Congress passed the 2015 USA FREEDOM Act in direct response to revelations that the National Security Agency (NSA) had abused Section 215 to conduct a dragnet surveillance program that siphoned up the records of millions of American’s telephone calls. USA FREEDOM was intended to end bulk and indiscriminate collection using Section 215 ...
Here are some of the highlights:
Ending the Call Detail Records Program
SAPRA, however, would make the much-needed reform of entirely removing the CDR authority and clarifying that Section 215 cannot be used to collect any type of records on an ongoing basis...The bill also includes several amendments intended to prevent the government from using Section 215 for indiscriminate collection of other records.
More Transparency into Secret Court Opinions
this bill clarifies that all significant FISC opinions, no matter when they were written, must be declassified and released. It also requires that future opinions be released within six months of the date of decision.
previous requests under Section 215 included cell site location information, which can be used for invasive tracking of individuals’ movements. But the landmark 2018 Supreme Court decision in Carpenter v. United States clarified that individuals maintain a Fourth Amendment expectation of privacy in location data held by third parties, thus requiring a warrant for the government to collect it.
Expanding the Role of the FISC Amicus
Reporting
The FBI in particular has refused to count the number of searches of Section 702 databases it conducts using Americans’ personal information, leading to a recent excoriation by the FISC. SAPRA requires that the transparency reports include the number of Americans whose records are collected under 215, as well as the number of US person searches the government does of data collected under Sections 215 and 702.
Notice and Disclosure of Surveillance to Criminal Defendants
SAPRA ... requires notification to defendants in cases involving information obtained through Section 215. Second, and more generally, it clarifies that notice to defendants is required whenever the government uses evidence that it would not have otherwise learned had it not used FISA...in the FISA context, despite the existence of a disclosure mechanism, it has been completely toothless; the history of the law, no defendant has ever successfully obtained disclosure of surveillance materials.
It’s important for Congress to take this opportunity to codify additional due process protections. It’s a miscarriage of justice if a person can be convicted on unlawfully acquired evidence, yet can’t challenge the legality of the surveillance in the first place. Attorneys for defendants in these cases need access to the surveillance materials—it’s a fundamental issue of due process...
SAPRA is a strong bill that includes many necessary reforms. We look forward to working with lawmakers to ensure that these and other provisions are enacted into law before March 15.
https://www.eff.org/deeplinks/2020/01/new-bill-would-make-needed-steps-toward-curbing-mass-surveillance?fbclid=IwAR12I96-oIUvvb1g3wrapig8NWa1mzrpljnodgnowgO-LozdnjTgq8gJkgk
Agency
Definition of agency
1a : the office or function of an agent
b : the relationship between a principal and that person's agent
2 : the capacity, condition, or state of acting or of exerting power : OPERATION
3 : a person or thing through which power is exerted or an end is achieved : INSTRUMENTALITY
From Obama's dictionary: Yes. We. Can.
We are Americans above all. We lead our leaders. They do not lead us except by our consent. If they do not have our consent, we lead.
We know our collective moral imperative. Our leaders never define that for us.
We are agents of our future.
If it ain't rainin', we ain't trainin'!
Warning from Electronic Frontier Foundation: the formation of a global surveillance police state.
The data collected by U.K. police will include the private information of Americans and non-Americans alike. While U.S. persons aren’t supposed to be targeted, this deal won’t stop American communications with a targeted person from being swept up while foreign police investigate.
This deal even allows, for the first time, a foreign government to perform a wiretap on a conversation involving a U.S. citizen or resident. These wiretaps won’t have the normal safeguards that a U.S. person would get if they were subject to a wiretap authorized by a U.S. court.
The deal also allows police in the U.S. to bypass U.K. sovereignty. U.S. law enforcement will be able to search and seize data on territory located in Britain and Northern Ireland, without following privacy rules in the U.K.
The US-UK agreement is the first negotiated under the Cloud Act—a federal law that allows foreign police to negotiate agreements to demand data stored in the United States and about U.S. persons. This troublesome U.S.-U.K. agreement will set a terrible precedent for similarly bad Cloud Act deals that could be struck with other nations.
The DOJ should work on speeding up existing methods of getting data across borders while maintaining judicial oversight. The U.S.-U.K. Cloud Act agreement is a bad deal for citizens of both countries, and Congress should stop it.
https://act.eff.org/action/tell-congress-oppose-the-u-s-u-k-cloud-act-deal?fbclid=IwAR2EBTYfKpFaGVy8Q4X-juxLYi7OLvSs2yK_AelgmlJyOUhAi2_Zh28bA2U
Other digital rights organizations support EFF's warning.
https://www.techdirt.com/blog/?tag=cloud+act
The long-gestating "Snooper's Charter" frequently contained language mandating "lawful access," the government's preferred nomenclature for encryption backdoors. And officials have, at various times, made unsupported statements about how no one really needs encryption, so maybe companies should just stop offering it.
What the UK government has in the works now won't mandate backdoors, but it appears to be a way to get its foot in the (back)door with the assistance of the US government.
Congress, on behalf of The People's privacy and security, needs to stop this weaponization of surveillance upon Five Eyes populations. It's nothing but another bad faith pacification tool used against Western countries by leaders who want to preserve their power and control.
As I've said elsewhere, the alt-right moves to use any tools it can misuse to chill communications and even "thinking out loud" among Americans.
Tyranny maintains itself by controlling speech and thought -- excluding evidence, witnesses, CNN from a WH luncheon of TV networks, "criminally investigating" a political writer.
Rule #1 from Lessons On Tyranny: Do not obey in advance.
Please. Call at least one member of the House -- https://www.house.gov/representatives -- preferably a member of the House Intel Committee. Office: (202) 225-7690
While primary and media dramas unfold, heed a warning from the Electronic Frontier Foundation.
We're learning these days that surveillance is what's done to us by those in and out of our country.
Security is one thing. Privacy is quite another.
Give corporations, or the state, access to your privacy in the name of security, and Americans might never know who perpetrates chaos and disquiet upon them. We've been learning that in elections. It's time we fight a constitutional infrastructure fight, too.
I highly recommend that DU read more from the Electronic Frontier Foundation, who I've followed since their founding. https://en.wikipedia.org/wiki/Electronic_Frontier_Foundation
Are they perfect? Who is? However, they've done great work and their mission is to keep our online user rights as free as possible.
To the point: EFF is campaigning for Congress to stop the Graham-Blumenthal Anti-Security Bill, called the EARN IT Act. Blumenthal just leaked it. https://www.eff.org/document/earn-it-act
Senators Lindsay Graham (R-SC) and Richard Blumenthal (D-CT) have been quietly circulating a draft version of EARN IT. Congress must forcefully reject this dangerous bill before it is introduced.
Other digital rights groups are with them. https://www.techdirt.com/articles/20200131/11252343832/lindsey-grahams-sneak-attack-section-230-encryption-backdoor-to-backdoor.shtml
So is Stanford. https://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-ban-end-end-encryption-without-actually-banning-it
There is nothing as seductively bi-partisan as surveillance, as I see it.
As I see it, the EARN IT Act is misguided at best, and totally evil in the hands of a DOJ Attorney General like Barr and his legal toadies.
The EARN IT Act is the stuff of totalitarian aspiration for Barr, justified by his Opus Dei fundamentalist christo-fascist outlook on how to make America "great" again; and of course, Trump, who would love those powers like he loves Kim Jong-Un.
They both do each other's bidding in anything having to do with the pacification of Americans.
The politics of inevitability must not rule us. To lose a bit of privacy is one thing; to lose both our privacy and security to this pack of jackals is another.
We The People need to stop fighting in packed courts AFTER stealth moves are made on us, and practice our agency, to keep working preventively to protect and defend our constitutional rights to "life, liberty, property" and PEACE. Just peace, not unjust peace.
So please. Let's do the Democratic thing of multi-tasking, and make our opinions known by phone to any and all Democratic and Republican House members.
Please. Call at least one House member. https://www.house.gov/representatives
Let's not do this.
"Shambles?" "Hands an Opening To Trump"? "A Complete Disaster"?
Come on, "liberal" media, get a fucking grip.
Has anyone in America ever heard of gaslighting??
Are media really going do that to Americans, or are they going to just try to do their f'n jobs.
OR could media be all nutty because networks didn't get their immediate answer -- oh noes, what will corporate sponsors say!
A verified correct result, backed by paper counts from the precincts, will be accurate.
The world won't end because we need to wait.
And it might as well be Iowa as any other state.
"End-user" problems. Big deal. Like it didn't happen in FL in 2000.
But media might just lose their fucking minds. Telling us all to lose ours ... oh noes!
Don't believe the hype about a "messed up system."
"End user" problems build end user awareness.
Profile Information
Gender: Do not displayHometown: New England, The South, Midwest
Home country: USA
Current location: Sarasota
Member since: Sat Mar 5, 2011, 12:32 PM
Number of posts: 36,053
