Home » Archive by category "Political" (Page 2)

以色列黑了 Kaspersky 的系統,然後通報美國機密資料外洩...

前幾天在「俄羅斯政府透過卡巴斯基的漏洞,偷取美國國安局的文件」這邊提到了俄羅斯是透過 Kaspersky 的漏洞取得,後續又有些消息揭露出來了...

這件事情會被抓包,是因為以色列黑進去 Kaspersky 的系統 (???),然後發現美國的機密資料外洩 (??????),於是通報盟友美國後追查出來的 (?????????):「Israel hacked Kaspersky, then tipped the NSA that its tools had been breached」。

這過程是殺小 XDDD

加州也禁止詢問之前的薪資了

在「California bosses can no longer ask you about your previous salary」這邊看到的消息。繼「麻州立法禁止詢問前一份工作的薪資」與「紐約市也將禁止雇主詢問薪資」後,加州也加入了這個行列。

The salary privacy bill, was enacted by Gov. Jerry Brown on Thursday, Oct. 12, at a celebratory signing ceremony at Women’s Empowerment, a Sacramento nonprofit for homeless women. He was surrounded by members of the California Legislative Women’s Caucus.

法案將於 2018 年生效:

The salary privacy bill takes effect on January 1, 2018.

分析 FCC 對網路中立性的留言,將鄉民與機器人分開來分析

Boing Boing 的立場其實還蠻鮮明的,所以有時候他們的新聞看看就好...

但這篇真的很有趣,把 FCC (美國的聯邦通信委員會) 上兩千兩百萬則對網路中立性的留言拿出來分析,結果發現真人與機器人的差異超明顯 XDDD:「Analysis of 22 million FCC comments show that humans love Net Neutrality and bots really, really hate it」,引用的文章在「Discovering truth through lies on the internet - FCC comments analyzed」這邊。

分析可以發現,真人偏好網路中立,而機器人反對網路中立 XDDD:(其實大家心裡都有底是怎麼玩出來的... 只是這次有機會分析,讓事情更明顯)

Data analysis company Gravwell ingested 22,000,000 comments sent to the FCC's docket on Net Neutrality and posted their preliminary findings, which are that the majority of comments came from bots, and these bots oppose Net Neutrality; of the comments that appear to originate with humans, the vast majority favor Net Neutrality.

文章中列出幾個有趣的現象,像是機器人的 comment 大量重複:

A very small minority of comments are unique -- only 17.4% of the 22,152,276 total. The highest occurrence of a single comment was over 1 million.

甚至是 pornhub.com 的郵件位置 XDDD:

Most comments were submitted in bulk and many come in batches with obviously incorrect information -- over 1,000,000 comments in July claimed to have a pornhub.com email address

然後機器人的 pattern 也很容易辨別:

Bot herders can be observed launching the bots -- there are submissions from people living in the state of "{STATE}" that happen minutes before a large number of comment submissions

這個有點類似「50 Cent Party (五毛黨)」,但是是自動化機器人,而且產出的「品質」不太好 XDDD

俄羅斯政府透過卡巴斯基的漏洞,偷取美國國安局的文件

這下知道為什麼美國政府要直接禁用 Kaspersky 了:「Russian Hackers Stole NSA Data on U.S. Cyber Defense」。如果看不到 WSJ 的文章,可以看「Russia reportedly stole NSA secrets with help of Kaspersky—what we know now」這邊。

最近的事件被發現與 Kaspersky 的漏洞有關:

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

加上 Kaspersky 有濃厚的俄羅斯官方色彩 (關係良好),以及法令上與技術上都有可能性要求 Kaspersky 協助。雖然這次事件是合約工家裡電腦用 Kaspersky 造成的,但已經有足夠的風險讓美國政府決定開鍘下令完全禁用了:

For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company’s assistance in intercepting communications as they move through Russian computer networks.

波蘭政府的官方網站將會使用 Let's Encrypt

Twitter 上看到這則 tweet,指出波蘭政府的官方網站使用了 Let's Encrypt 的憑證:

SSL Labs 上也可以看出來:「SSL Server Test: www.gov.pl (Powered by Qualys SSL Labs)」。

不過不確定目前是暫時性的 (之後會換成其他的 SSL certificate),還是本來就打算這樣設計了。

Cloudflare 新推出的 Geo Key Manager

Cloudflare 對新推出的 Geo Key Manager 寫了兩篇文章說明:「Introducing the Cloudflare Geo Key Manager」、「Geo Key Manager: How It Works」。

這個服務是之前推出的 Keyless SSL 的延伸應用。

Keyless SSL 是將 Private Key 放在自己家,透過加密協定讓 Cloudflare 使用 (有點像是 HSM 的概念,也就是 Hardware security module,不讓應用的人存取到 Private Key)。這次推出的 Geo Key Manager 則是取中間值,希望針對效率與 High Availability 做出改善。

改善的方法還是將 Private Key 上傳到 Cloudflare 裡,但不是 Cloudflare 所有的機房,而是讓使用者挑選某些風險比較低的地區。

像是只放在美國,或是只放在歐盟,或是以安全度來選擇:

這其實是不信任政府單位而設計出來的系統,雖然效果如何還不知道...

Uber 在倫敦將會被停業

Uber 在倫敦將會被停業:「Uber has license to operate in London revoked」、「London regulator announces Uber ban」、「Uber London loses licence to operate」。

更精確的說是不再續發 license,舊的 license 只到 9/30:

Transport for London (TfL), which operates public transport in the capital, has made the decision not to renew the app-based taxi’s license in the city.

The license was renewed in May, but for a period of only five months. It will run out on 30th September, though the company will be allowed to continue to operate during the appeal process.

看起來主要原因是圍繞於 Greyball (利用演算法躲避執法人員的工具):

According to the TfL regulatory board, the ‘approach and conduct’ of Uber showed a lack of corporate responsibility, which could have resulted in public safety and security issues. It also raised concerns with the company’s ‘approach to explaining the use of Greyball, software that could be used to block regulatory bodies from gaining full access to the app.’

新任 CEO 則是出來道歉:「Uber CEO apologizes for “mistakes” in London」。

其實是利益團體之間的衝突... 這戲還在繼續演。

美國政府暗中介入好萊塢的劇本,影響大眾對戰爭的看法

透過 Freedom of Information Act (FOIA) 取得的資料顯示美國政府 (包括了五角大廈、CIA、NSA) 如何介入好萊塢,影響大眾對於戰爭的看法:「EXCLUSIVE: Documents expose how Hollywood promotes war on behalf of the Pentagon, CIA and NSA」。

灰標「US military intelligence agencies have influenced over 1,800 movies and TV shows」可以看出影響的層面。

The documents reveal for the first time the vast scale of US government control in Hollywood, including the ability to manipulate scripts or even prevent films too critical of the Pentagon from being made — not to mention influencing some of the most popular film franchises in recent years.

從很意想不到的地方介入... 引用其中一個說明:


Jon Voight in Transformers — in this scene, just after American troops have been attacked by a Decepticon robot, Pentagon Hollywood liaison Phil Strub inserted the line ‘Bring em home’, granting the military a protective, paternalistic quality, when in reality the DOD does quite the opposite.

紐約市也將禁止雇主詢問薪資

去年麻州立法禁止雇主詢問前工作的薪資 (參考「麻州立法禁止詢問前一份工作的薪資」),而紐約市也要加入這個行列了:「New York City bans employers from asking potential workers about their past salary」。

New York City joined Massachusetts, Puerto Rico, and Philadelphia in banning employers from asking job applicants about their pay at current or past jobs after the city council passed the measure in a vote on Wednesday.

Archives