DOJ requests IP addresses of visitors to Innauguration Day protest site

A shared hosting provider DreamHost (which specialized in Wordpress) has resisted a federal DOJ demand for the IP addresses of over 1.3 million visitors to a website “DisrruptJ20.org” set up to coordinate violent protests against President Donald Trump on Inauguration Day in Washington DC.  Ellen Nakashima has the detailed story in Economy and Business in the Washington Post on Tuesday August 15, 2017 here. The company is resisting those demands. 

  

It’s not clear how much protection https would offer, although it would prevent investigators from seeing what had been viewed.  But this the sort of situation that has led the Electronic Frontier Foundation to suggest that users learn to use TOR, even in the U.S.  

It's possible for people to be implicated in crimes using evidence from browser visits.  I don't know whether this could go further, monitoring behavior of people who might be believed to present s future threat, like to minors.  Even visits to certain Facebook pages could be interesting to some investigators, even in civil situations. 

Techie who stopped WannaCry arrested for earlier hacking activity, which may have been legitimate

Marcus Hutchins, the 23-year-old Brit who helped stop WannaCry with a  kill switch, has been arrested y the FBI for supposed participation in spreading Trojan Horse Kronos  malware (from 2014-2015) through phishing or Word documents that can compromise bank accounts, story    This earlier activity is unrelaed to WannaCry.

But activity researching malware could be confused with actually spreading it.  US hacking laws are set up in such a way that prosecution for legitimate research is possible.  This sounds a bit like the “downstream liability” debate.

  

Hutchins was arrested at a conference in Las Vegas. 

2-step verification: there are controversies within

There is controversy over which sub-method for two-step verification is safer.  Is sending an SMS message, common with Google and banks, and simpler for many users, less safe that an authentication app which does not require another message over the Internet?

Security Stack Exchange provides a detailed discussion from 2016 here. 

  

Ars Technica also reports on a special app for 2-step verification for Whats App, and the user rules are quite strict.

Conventional wisdom on complicated passwords changes

Here’s an interesting piece challenging the conventional wisdom on password security in the Wall Street Journal , by Robert McMillan.

The piece does not recommend forcing people to use special characters and random combinations of numbers and letters, upper and lower case, and to change passwords often. The problem is that when people change them, they don’t change them enough.

  

The other idea is that you don’t need to change a password unless you have reason to believe it is compromised. 

Phishing emails appeal to job skills I've never said I have

Here's another interesting phishing scam.  Emails that say they are interested in my "selling background".  How many times have I said that I am nor a huckster?  I've never sold insurance or mortgages.  I've worked on the IT systems supporting them.

Oh, maybe I'm treating "sales" and trolling consumers (which is how you generate leads) beneath my dignity.

There are also reports of a phishing scam imitating the Better Business Bureau.

I've also gotten one phish claiming a "relative" is in jail overseas/ 

Odd dns link seems to try to load with some Wordpress pages in Windows 10 Creators Update ("incapdns")

I’m noticing odd behavior of my Wordpress blogs in Windows 10 Creators Update environment.

When I go to a specific page, in Chrome or Firefox (so far), sometimes the page tries to load from “incapdns.net”, which seems to be some ad-serving network judging from Google searches. Yet the blog post right now does not serve ads. It is conceivable that it comes from am embedded YouTube video which does have ads.

I’ve messaged Trend Micro to ask if this is acceptable behavior. A full scan does not find malware.

The Trend security report shows no problems.

I’ve also noticed that in Windows 10 Creators Update the sound can fail and YouTube will not play, and the problem clears with a Restart.

Update:

Apparently I get the same result on another computer with an earlier version of Windows 10.  Will try Windows 7, MacOS tomorrow.

I'm wondering now if this has to do with BlueHost's  "add-on" structure for hosting accounts.  This may be the domain that converts the physical url's to logical one's with dns resolution.  This process could eventually prove useful in a strategy to implement "https everywhere".

But I had found some negative links about the site online and sites that claimed to remove it.

Comcast Business gives another reason not to pay ransomware

Comcast Business is advising customers never to pay ransom for "ransomware" attacks, because often files are merely "deleted" but not encrypted, and can be recovered.  Here's the article from today.

Here is US Cert's latest on Petya, link.