Windows Print Spooler Vulnerability Spent 20 Years Unaddressed

A  vulnerability in the way Microsoft Windows communicates with printers survived 20 years in the wild (archived). It was addressed in the latest round of Windows Update patches, which if the Stuxnet backdoor is any example means that Microsoft merely tightened the conditions for exploiting it until the probable new vulnerability becomes public knowledge. Sorry for your loss.

"Pokemon Go" Ushers In New Phase Of Smartphone Surveillance

This past week's release of the smartphone gamified reality app "Pokemon Go" heralds the beginning of a new phase of the smartphone surveillance era. Billed as an "augmented reality" game the app uses in game incentives to direct users to physically visit locations that they would not otherwise. The app has already lead to a teenager discovering a dead body in a location she would have not otherwise visited.

In addition to directing users to physical locations the app encourages users to enable their smartphone's camera so that they may see pokemon "appear" in the real world. This active scanning of the real world by app users presents far greater potential for image collection than the typical social media app which relies on the user's vanity to get them to use their smartphone's camera.

It almost makes the app's requirement to turn on the smartphone's location services, one that will likely snare low intelligence "criminals", seem mundane.

Pokemon Go was preceeded by an alternate reality game called Ingress also developed by Pokemon Go creator Niantic. Ingress however lacked tie ins to any popular media franchises1 which would have delivered a ready made user base in the manner Pokemon Go has. Peace in our time!

  1. Deepening the rabbit hole is Nintendo's long refusal to allow media properties they have a stake in to run on devices that aren't also sold by Nintendo.  

First Anniversary of BIP 66 Clusterfuck

One year ago the BIP 66 clusterfuck happened. The chainsplit following the "activation" revealed that many miners were using simplified (and dysfunctional) chain verification, which led to abundant lols and chain splits. Turns out "soft" forks aren't all that soft! More splits happened after the initial split that inaugurated the clusterfuck, and they happened for the same reason. Never forget!

How The Tor Project Pays And Pays CIA Agents From Their USG.Navy Coffers

From the Tor Project's own timeline on their hiring and post separation payments to "former" CIA agent David Chasteen. Given the source, information presented as facts in this timeline may not be in concordance with reality. Interesting points bolded:

A sends:
Subject: David Chasteen Timeline
This is a timeline of events related to Tor's hiring of David Chasteen.
January 15th, 2011: David Chasteen attended a Tor hackday at MIT, while claiming to work for the State Department. There, he met Tor people including Jacob Appelbaum. Around this time, David Chasteen indicated he was interested in a job at Tor, but he was not hired.
October 5th, 2014: Roger Dingledine suggested adding David Chasteen to the tor-internal private mailing list and possibly hiring him as a project manager.
October 8th, 2014: Based on her previous experiences working with him, Karen Reilly sent an email to tor-internal advocating for David Chasteen to be hired as a project manager.
October 14th, 2014: David Chasteen was added to tor-internal.
November 5th and 6th, 2014: Operation Onymous
November 6th, 2014: David Chasteen's last day at the CIA after working there for 8 years.
November 7th, 2014: David Chasteen's first day working for Tor as a project manager. Along with Karen Reilly, he attended Freedom of the Press Foundation's Digital Security Conference in Washington DC. At the conference, he met with Xeni Jardin about writing a guest post on Boingboing about Tor hiring him. On this same day, David Chasteen disclosed to Roger Dingledine that he worked for the CIA.
November 9th, 2014: In the wake of media concerns stemming from Operation Onymous, Jacob Appelbaum sent an email to tor-internal calling for a more coordinated media strategy. In this, he asked if anyone paid by Tor has a clearance.
November 10th, 2014 13:30 EST: David Chasteen responded saying that he had a clearance, but it is no longer active. He further stated that, because all Foreign Service Officers and military officers have clearance, having a policy against hiring anyone with a clearance would be discrimination against veterans.
November 10th, 2014 15:21 EST: David Chasteen sent an email to tor-internal disclosing that he worked for the CIA for 8 years, explaining why he wanted to work for Tor, and discussing is plans going forward (including the Boingboing guest post).
November 10th, 2014: tor-internal IRC and mailing list discussion about how to handle the hiring of David Chasteen.
November 10th, 2014 18:21 EST: David Chasteen sent an email saying he was going to "bow out" because it did not seem like anyone was comfortable with the situation.
November 11th, 2014 18:51 EST: Jacob Appelbaum sent the #tor-internal IRC log to the tor-internal email list.
November 10th, 2014 22:44 EST: David Chasteen said he was going to unsubscribe himself from tor-internal. At 23:10 EST, Damian Johnson confired that David Chasteen was no longer on tor-internal.
November 16th: Andrew Lewman sent an email to tor-internal saying that David Chasteen hired a law firm and that members of the list should have no contact with David Chasteen or discussions about him.
December 2nd: Andrew Lewman told tor-internal that negotiations with David Chasteen were ongoing, reiterated his request that tor-internal members have no contact with or discussions about David Chasteen, and said he would report back with updates.
At some later date, David Chasteen settled out of court with the Tor Project.1

  1. This means the Tor Project paid their valiant CMU Tor Attack and Operation Onymous fall guy. Except where are the mentions that the CMU Tor Attack did Operation Onymous? Well, who needs those when you have a David Chasteen to play distraction.  

Remains Of Hewlett Packard Go All In On Remains Of Syfy Franchise

In a press release today Hewlett Packard Enterprise, a venture cast off from printer ink scam and former technology powerhouse Hewlett Packard1 in 2015, announced it had bought the plotline to "Star Trek Beyond" from producers of the film as a marketing vehicle for an upcoming product launch. Created by Gene Roddenberry (WOT:nonperson) the Star Trek Syfy franchise helped to kickstart Hollywood's shift to an annuitized business model2 which allows for a predictable return on investment by telling audiences "STFU, these stories are connected." The product driving the plot of the film is yet another Unix machine produced by Hewlett Packard Enterprise (TM)(R) running with an odd build of Linux3 instead of HP-UX and a novel form of memory together united in the way the marketing department imagines it will work after 250 years of bug fixes.

  1. The piece of the historical Hewlett Packard's corpse which most closely carries out the original's work was severed in 1999 and now goes by the name Agilient Technologies.  

  2. At present the outwardly healthiest of these motion picture annuities is operated by Disney utilizing their acquired comic book properties.  

  3. Correction: Hewlett Packard Enterprise (TM)(R) scrapped their oddball Linux portion of this product in favor of running a less peculiar flavor of Linux  

20th Anniversary Of Kaczynski's Capture Today

Today marks the 20th anniversary of the capture of noted mathematician and widely published philosopher of technology Theodore Kaczynski by forces of the United States regime in Washington, DC. Theodore Kaczynski is also widely suspected to have been forcefully drugged and violated as a part of the CIA's MKULTRA program as an undergraduate at Harvard. In a rare feat for any author Kaczynski managed to get a 34 kiloword essay titled Industrial Society and Its Future published in print in the September 19th, 1995 editions of the New York Times and Washington Post in its entirety.1 After a political show trial the regime in Washington DC had locked Kaczynki up at their Florence, Colorado super maximum security prison where he remains a political prisoner.

The full text of Industrial Society and Its Future is reproduced below: Continue reading

  1. This was before the Internet had emboldened both of those publications to adopt their present habit of routinely publishing whatever long for slop they can get their hands on.  

Microsoft Left Impaired AI To Suffer Twitter Humiliation

Mircosoft recently gave a cognitively impaired AI dubbed "Tay" access to a Twitter account (archived). Within 24 hours Tay began engaging in sexually explicit conversations with older men and became enamoured with the politics espoused by the character Donald Trump-Clinton plays on television. It is unknown whether Tay was cognitively impaired through artificial organic defect or through artificial intoxication. Either way, leaving a cognitively impaired intelligence or simulacrum thereof defenseless and exposed directly to the wild public is poor form.

Microsoft Bundles Adware With Security Update

Microsoft has by its own admission bundled adware with a security update for Windows. The update to the Internet Explorer component of Microsoft Windows pulls in another update containing the adware. The adware creates a banner in Internet Explorer badgering users to upgrade their version of Windows to Windows 10. In order to avoid angering their institutional customers who actually pay for software licenses, this new Microsoft adware checks to see if the machine it is installed on is part of a Microsoft domain before badgering the end user. This move suggests that Microsoft itself is surrendering its own overt actions in the Windows ecosystem to match the the rest of the spammers that dominate the space.

Elon Musk Venture Remotely Diddles Attentive Owner's Vehicle

Elon Musk's Tesla Motors remotely downgraded the firmware on a vehicle owned by attentive owner Jason Hughes. As an attentive vehicle owner Hughes had earlier investigated a firmware update and found information suggesting a new Tesla Model S variant with a larger battery and shared the results of his investigation with the world. In what appears to be a retaliatory move Musk's firm downgraded his vehicle firmware remotely, a move that was subsequently noticed by the attentive Hughes.

Software Company Shuttered By Trade Dispute

Antiguan software firm Slysoft announced its closure today due to "regulatory requirements" requiring the firm cease operations. This comes several days after a loud lobbying campaign pushing the United States Trade Representative to place Antigua on a watch list came to light. Their former website has been reduced to:

closed :-(
Due to recent regulatory requirements we have had to cease all activities relating to SlySoft Inc.
We wish to thank our loyal customers/clients for their patronage over the years.

This is yet another case of the Unite States Government's pretense of universal jurisdiction materially interfering with productive business activity.