BC INTERNET
Saved by @Alex1Powell

SolarWinds follow up. Very good tweet explaining what happened.

 Basically what this means is that SolarWinds itself was exploited. Someone posted an infected update as legitimate (digitally signed), leading customers to download a bad update.
“Multiple trojanized updates were digitally signed from March - May 2020 and posted to the SolarWinds updates website” https://t.co/8e3bMFWXYu
FireEye then explains that infected organizations were approached and exploited. This is a separate Step 2.
At this point, information is already going to “malicious domains” without extra intervention, after the malware does nothing for “up to two weeks”
But the cyber thieves take the opportunity to move around (“laterally”) inside the infected organization.
Bad actor = UNC42.
Trojan software = SUNBURST.
Basically the intruder tiptoes around the infected network grabbing more stuff.
As Chris Krebs pointed out, the hack is “resource intensive” because it takes a lot of work to do some of this. For example to create a malicious false domain with the same information as in the victim’s network.
What this means is that certain “choice” organizations are such significant targets that the cyber thief dwells on ensuring they can rummage around (spy on emails for example) undetected.
There is no definitive proof I have seen that Russia perpetrated this hack. Why won’t the media say that China or Iran or some other country could have done it?
Six years ago, another company

https://t.co/lzTINHgyAt
“Members of China's military systematically hacked the computers of SolarWorld USA, engaging in corporate espionage with the possible aim of advantaging SolarWorld's Chinese rivals, the US government alleges.” (May 19, 2014)
“Chinese bank forced western companies to install malware-laced tax software

GoldenSpy backdoor trojan found in a Chinese bank's official tax software, which the bank has been forcing western companies to install.” https://t.co/iEcdevXS7q
Another one from China: “execute files downloaded from a remote command and control (C&C) server, and update or uninstall itself.” https://t.co/CpTRlx3n8h
They tell us China is the biggest threat to our security and then refuse to publicly say that China could have done it, instead reflexively naming Russia. https://t.co/4ZOhYgWT03
Even the official denials are well known! https://t.co/29Hd0wJilI
“A bombshell report claims that China has been developing a massive spying operation for a few years that involved building hardware backdoors into critical server components with the help of microchips no bigger than a grain of rice or the tip of a sharpened pencil.”
“Those chips, once placed on motherboards that go into popular servers, would be able to help Chinese spies access information that would otherwise be unavailable to them.”
“Secret Backdoor in Some Low-Priced Android Phones Sent Data to a Server in China”
https://t.co/MQoZ3XEtgc
“Pompeo warns governors of Chinese infiltration into US: 'It's happening in your state'” (February 2020)

https://t.co/inXsE8UxAl
IS THE SOLARWINDS HACK RELATED TO ELECTION INTERFERENCE AS SOMEONE SUGGESTED HERE ON TWITTER (sorry I can’t find your tweet at the moment)
DID SOMEONE GAIN ACCESS TO THE STATES AND MESS WITH THEIR COMPUTERS SO THAT ELECTION DATA WAS SENT TO CHINA
THE REPORT ON FOREIGN ELECTION INTERFERENCE DROPS BY FRIDAY
Pompeo said to the governors: “The Chinese government has been methodical in the way it's analyzed our system... it's assessed our vulnerabilities and it's decided to exploit our freedoms, to gain an advantage over us at the federal level, the state level and the local level."
Pompeo warned them that we know.
“I'd be surprised if most of you in the audience had not been lobbied by the Chinese Communist Party directly."
“He said groups loyal to communist China are operating out in the open in Virginia, Minnesota, Florida and dozens of other states all around the country.”
“Other Chinese groups, however, practice their nefarious actions in the shadows in an attempt to exercise influence over U.S. citizens and lawmakers.”
Examples like “a diplomat from China, assigned here to the United States, a representative of the Chinese Communist Party, in New York City, sending a letter urging that an American elected official shouldn’t exercise his right to freedom of speech”
THEY ARE ATTACKING OUR CHILDRENS MINDS SAID POMPEO THROUGH THE SCHOOLS
“The secretary said ...that Chinese officials based in the U.S. are actively seeking to sow seeds of chaos at the state and local level -- specifically in the realm of education on college campuses and K-12 classrooms.”
“Maybe some of you have heard about the time when the Chinese consulate paid the UC San Diego students to protest the Dalai Lama. It shows depth. It shows systemization. It shows intent.”
WAKE UP WAKE UP WAKE UP REMEMBER CYNTHIA A JOHNSON PLAYING PING PONG IN DETROIT WITH THE CHINESE OFFICIAL
“Chinese Communist party officials, too, are cultivating relationships with county school boards and local politicians -- Often through what are known as 'Sister City Programs' ... This competition is well underway."
REMEMBER THE HARVARD PROFESSOR ARRESTED CHARLES LIEBER NANOTECHNOLOGY GOT PAID FROM “THOUSAND TALENTS PLAN”
“Pompeo also spoke about China's campaign to recruit U.S. scientists and academics to share vital secrets, in exchange for monetary gain through their ‘Thousand Talents Plan,’”
“a campaign that has already targeted scientists and professors on campuses such as Virginia Tech and Harvard and triggered investigations by the Department of Justice (DOJ).”
https://t.co/bozYbHtPqb
CHINA TURNS STUDENTS INTO SPIES
“He also explained how Beijing pressures Chinese students in the U.S. to keep an eye on their fellow countrymen and report back to the government about their activities.”
CHINA PROPAGANDA FLOODS KIDS MINDS AND THE AIRWAVES
“China’s propaganda starts even earlier than college. China has targeted K-12 schools around the world”
THE FAKE NEWS OWNERS DO BUSINESS WITH CHINA THAT AFFECTS OBJECTIVITY https://t.co/dnCgXIUOQg
“Pompeo then warned state governors about doing business with China and said it is common to indirectly finance communism without realizing it.”
“I want to urge vigilance on the local level too”
“I hope you will all take on board what I've said today. Don’t lose sight of the competition from China that's already present in your state. Let's all rise to the occasion and protect our security, our economy, indeed all that we hold dear."
@threadreaderapp unroll
@threader_app compile

More from Dannielle (Dossy) Blumenthal PhD

Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
Chinese troops on U.S. soil?

Chinese troops on Canadian and Mexican/S. American soil?

Underground tunnels facilitate movement between the three?

This is a thread to follow up. I won't have enough time to do all the research necessary in one shot.

F-16 Crash Tuesday night (12/8/2020) and speculation about whether "50,000 Chinese troops were killed." Further research links on this
ECONOMY
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
It’s amazing how the President actually gets his enemies to do the work of burying themselves.


In this audio, which of course the President knew was being taped (after years of leaks), the President gets the Georgia Secretary of State to own the faulty data. Raffensperger cannot claim he made a mistake.


It’s a sting. “Shredded ballots” and “took out machines” - “do you know anything about that? ‘Cause that’s illegal, right?”


How can the fake news claim that this audio is false? The answer is that they can’t. It comes from one of their own, The Washington Post.

Ryan Germany, General Counsel for Georgia’s Secretary of State, jumps in. “No, Dominion has not moved any machinery out of Fulton County.”

“But have they moved the inner parts?”

“Are you sure, Ryan?”
SOCIETY
Advertisement
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
I previously did a wellness check on @SaRaAshcraft that resulted in her becoming very angry at me. She isn’t posting on Twitter. I am hoping that she is under Federal protection right now.

It wasn’t the wellness check that she was angry about - she thanked me for it - it was the fact that I characterized her as needing medical help.

This was based on her Tweets.

A true friend cares about others but also knows when to back off.

There is not a day that goes by that I do not reflect on Sarah, who is an amazing human being I was privileged to meet over Twitter.

The police officer who did the wellness check on Sarah told me his impression that she is highly intelligent, reported being a trauma victim, and only needed help to be OK.

I understand why the help he offered, eg to go to hospital, might not have been what she wanted.
HEALTH
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
New DHS center countering human trafficking https://t.co/mKU6XlEsO8 via @AddThis

Interagency Task Force - United States Department of State

https://t.co/VxT0iGCcQz


It ends now

You are heard

https://t.co/FTcaAxTIwF
CRIME
Dannielle (Dossy) Blumenthal PhD
Dannielle (Dossy) Blum...
@DrDannielle
What’s going on, open thread 12/19

https://t.co/jcUfxbzvRv


https://t.co/P06PsHzRyu
FOR LATER READ

More from Internet

Alex Stamos
Alex Stamos
@alexstamos
Dear journalists, venture capitalists, TikTok teens and other ThinkFluencers: before hot-taking on how to regulate online speech, please consider reading some of the foundational work in this area.

Start with @Klonick's groundbreaking

Follow with @daphnehk on the overall regulatory structure of online

Read @jkosseff's book before ever typing 2-3-0 on your

Read @evelyndouek on the risks of coordinated

Pre-order @jilliancyork to understand the global human-rights
INTERNET
Disclosure Backpack
Disclosure Backpack
@DisclosureBP
Affidavit by former head of IT for large Italian defense contractor admitting he uploaded instructions through military satellite to Frankfurt to flip votes from Trump to Biden on election night under direction of US persons. Willing to testify.#ItalyDidIt
INTERNET
Advertisement
Derek Ross
Derek Ross
@derekmross
Parler has been hacked and user data has been downloaded. The following thread contains information from /u/BlueMountainDace on Reddit:

"so a group of developers latched onto the Press Release that Twilio put out at midnight last night. In that Press Release, Twilio

accidentally revealed which services Parler was using. Turns out it was all of the security authentications that were used to register a user. This allowed anyone to create a user, and not have to verify an email address, and immediately have a logged-on account.

Well,

because of that access, it gave them access to the behind the login box API that is used to deliver content -- ALL CONTENT (parleys, video, images, user profiles, user information, etc) --. But what it also did was revealed which USERS had "Administration" rights,

"Moderation" rights.

Well, then what happened, those user accounts that had Administration rights to the entire platform... The hackers, internet warriors, call it what you will, was able to use the forgot password link to change the password. Why? Because Twilio was no

longer authenticating emails. This meant, they'd get directly to the reset password screen of that Administration user.

This group of Internet Warriors then used that account, to create a handful of other ADMINISTRATION accounts, and then created a script that ended up
INTERNET
Paul Bannister
Paul Bannister
@pbannist
This interview from @OSchiffey has great quotes that directly refute the nonsense that many privacy advocates spout about how the death of cross-site tracking will help ad-supported publishers on the open web. https://t.co/bj1gWPKOei 1/

The interview is with a senior leader at a major global ad agency. Someone who actually knows what advertisers are talking about, where they are directing their spending, and what the future trends will be. Not a privacy advocate who knows nothing about the advertising market 2/

First, privacy advocates spread misinformation and bad research data that ITP hasn't hurt publisher revenue and/or hasn't affected advertiser spending. And yet here is an unequivocal answer as to the impact of ITP on advertiser spending. 3/


The agency exec also clearly shares the opinion that the end of 3PC will push money away from the open web, exactly what privacy advocates claim won't happen. 4/

She also talks about how context matters, but so does audience. Audience targeting is effectively dead without 3PC and non-Chrome browsers are doing nothing to change this. 5/
FINANCE , INTERNET
David Frum
David Frum
@davidfrum
Yoga employs more Americans than coal. But compare and contrast 1/2


and 2/2


I think many of us carry in our minds an image of the US economy that looks like this


when the reality is this


and this
INTERNET

You May Also Like

Steve
Steve
@braidedmanga
Ivor Cummins has been wrong (or lying) almost entirely throughout this pandemic and got paid handsomly for it.

He has been wrong (or lying) so often that it will be nearly impossible for me to track every grift, lie, deceit, manipulation he has pulled. I will use...


... other sources who have been trying to shine on light on this grifter (as I have tried to do, time and again:


Example #1: "Still not seeing Sweden signal versus Denmark really"... There it was (Images attached).
19 to 80 is an over 300% difference.

Tweet: https://t.co/36FnYnsRT9


Example #2 - "Yes, I'm comparing the Noridcs / No, you cannot compare the Nordics."

I wonder why...

Tweets: https://t.co/XLfoX4rpck / https://t.co/vjE1ctLU5x


Example #3 - "I'm only looking at what makes the data fit in my favour" a.k.a moving the goalposts.

Tweets: https://t.co/vcDpTu3qyj / https://t.co/CA3N6hC2Lq
FINANCE , ALL
Tweeting Historians
Tweeting Historians
@Tweetistorian
@ChenHuailun here. I'm adding a supplementary thread before today's scheduled one to expand on the origins and early history of the Church of the East (aka the Nestorian Church) ~ahc #jingjiao 1/


The Church of the East traces its origins to the christological position of the School of Antioch, which held that the human and divine and human essences (ουσία) of Christ were united in a single prosopon (πρόσωπον). ~ahc #jingjiao 2/


This ran against the position of the School of Alexandria, which held that the two essences of Christ were united in a single hypostasis (ὑπόστασις). In general terms, hypostasis is more inherent than prosopon. ~ahc #jingjiao 3/


One implication of the Antiochene rejection of the hypostatic union is that Mary could not accurately be called the Theotokos, or God-bearer. Instead, she is the Christotokos, the Christ-bearer. ~ahc #jingjiao 4/


These Christological debates were further complicated by Syriac terms such as 'kyana' (ܟܝܢܐ), associated with 'ousia' but later translated to 'hypostasis' by Syrian Orthodox; and 'qnoma ' (ܩܢܘܡܐ), sometimes contentiously translated as 'hypostasis' or 'person.' ~ahc #jingjiao 5/
RELIGION
Advertisement
Carol Forden
Carol Forden
@CarolForden
1. The major problem most startups face is marketing and the ability to carve out a niche, find and retain paying customers.

Even with a stellar developer team and a stellar product, your startup may not grow or survive without a great marketing and sales teams.

2. Start growing your audience before you’ve a product or an idea.

You should start promoting yourself and building your audience before you have a finished product or even before you have a great idea that you want to build.

3. Don’t wait to start building your audience after you’ve launched a product.

Most first-time developers actually ignore marketing.

They’re oblivious to the challenge of attracting people to take a look at something they’ve created.

4. At least until they see their first project crash and burn within hours of the launch.

There are so many times that I have seen developers spend countless hours building something, releasing it with no fanfare...

5. and only then trying to figure out how to promote it by asking marketing questions on Indie Hackers, Quora or Hacker News. Don’t make that mistake.
STARTUPS
Stephen Bush
Stephen Bush
@stephenkb
Some quick thoughts on Sam Gyimah's resignation after conversations with various Conservative MPs: 1) the chances of a second referendum are a lot higher than I thought:

2) At this point, if you are a young and ambitious Tory MP it is now so overwhelmingly in your interest to vote against the withdrawal agreement. V v hard to see how Julian Smith can cap rebellion at under 100:

3) Really just to reiterate 1) Gyimah is the kind of "No, never gonna rebel" vaguely pro-EU Tory you'd need to get on side to outweigh Labour Leavers and Real Concerners.
POLITICS
Suhail
Suhail
@Suhail
1/ The first 18 months of starting a company is often life or death. I must've made 5 different companies that each failed within 9 mo. 😭 Each time the company failed I figured out what I could do better. Eventually startup #6 got to $40K/mo by month 18. Here’s what I learned...

2/ Stay focused! Ignore things that are a waste of time: meetups & conferences, meetings with no clear agenda, fundraising if you're not fundraising, reading lots of tech media articles, etc. Every week should feel like significant progress in the first year.

3/ Your first 5 hires will be the difference between life or death. Choose carefully. Be picky. Many of the things we do at the company still are a result of those early hires' legacy. Have fun as a tight knit team. It will change & evolve as you get bigger so enjoy this moment.

4/ Growth may be flat for the first 9 months. It's gonna be okay. Almost every company has experienced this: Airbnb had to sell cereal in-between, Slack failed as a gaming company first, Tesla sold only 147 cars after 6 years! You probably won't be an overnight success either.

5/ In the beginning, do customer support yourself. You will learn a lot about why your product sucks. I did 5,000+ support tickets when it was the two of us. Delight customers & fix things fast while you learn. It will help you build an amazing intuition about your customers.
STARTUPS