Category Archives: Security

Lara Logan Switched from News Reporter to Extreme Right Propagandist

The explanation given by those who worked with Lara Logan is that she used to have editors and producers filtering noise out of her work but lost access to them when she went too far off the rails.

One former CBS producer who worked with her, Peter Klein, said in an interview that the structure of a large newsroom was a moderating influence. “There’s a system in place in newsrooms that offer checks and balances,” said Klein, founder of the Global Reporting Centre in British Columbia, a nonprofit. “Most of us need that system — but she really needed that system. And we knew that from the beginning,” he said. “Now she’s just unfiltered,” Klein added.

Now instead of being ignored she found a rapid rise to prominence by abandoning integrity, feeding into paranoia, removing quality and espousing extreme right propaganda.

The switch most likely began soon before she very loudly refused to accept basic truth in 2013, as that same article details.

Sounding more like an advocate for the military than a reporter, Logan told her [2012] audience in Chicago that she hoped the government was getting ready to deploy its “best clandestine warriors” to “exact revenge.” The world should know, she added, that the United States would not be attacked and then “stand by and do nothing about it.” And she accused the Obama administration of playing down the threat from the Taliban, and of lying “about who they really are.” Then, about a year later, she began telling people she was working on a story that “was going to blow the lid off Benghazi,” according to one person’s recollection. The story she came up with was the kind of work known inside “60 Minutes” somewhat dismissively as a “book report” because it was based in part on a forthcoming book. Logan interviewed the author, a security contractor stationed in Libya, who said in a segment that aired on Oct. 27, 2013, that he had helped defend the compound on the night of the attack. He described in harrowing detail how he came face to face with the enemy. The New York Times reported several weeks later that the contractor had, in fact, told the FBI that he was not inside the compound that night. After initially defending Logan and the report, CBS News retracted it and apologized. Logan and her producer were placed on a leave of absence, and she acknowledged having made a “disappointing” mistake. The network’s chief and executive producer of “60 Minutes” at the time, Jeffrey Fager, later called the story “the worst mistake on my 10-year watch.”

She really, really wanted to believe a vulnerability narrative and push a hard-line military perspective, so much that she let it divorce her from even simple facts about actually who was inside a compound being attacked.

Now she has transitioned into false victimization paranoia market, marrying a defense contractor and moving to Texas, where the extreme right operates most dramatically to excite and agitate social conflict.

More to the point, back in 2010 she had been flagged for “misfire” and showing poor judgment. CNN’s former chief military correspondent, Jamie McIntyre, said what General McChrystal and his aides did was so egregious that Logan’s defense of them…

…unfortunately reinforced the worst stereotype of reporters who ’embed’ with senior military officers but are actually ‘in bed’ with them.

Ouch.

Wait, it was even worse for Logan as she gets called out for being a direct threat to real journalism by trying to replace it with militant fetishism.

…Logan implies that somehow military service trumps the journalistic tradition of truth-seeking. If critics, who are already predisposed to believe the worst about the media, are looking for evidence combat reporters are too dazzled by the shiny stars on the commander’s epaulets, this is their smoking gun.

CBS was thus late to send her packing, as they could have avoided “their worst mistake” of a decade.

Ironically after Logan was held to account for highly-politicized positioning in opposition to the U.S. government she decided to become a vocal critic of journalists as propagandists if they didn’t fall in line with her own political views.

And her views have been exposed as becoming more and more preposterous, unhinged conspiracies with no factual basis.

In the below video note how she describes an “aha” moment growing up in South Africa. As a white girl she says she believed Black people are bad, then credits those people for instilling in her a belief anything can be true (she was forced to accept after the end of apartheid that Black people in prison were in fact not bad).

Her victimization views are truly so deranged they’re being promoted in Russian propaganda in an attempt to help invasion of Ukraine.

Let’s be clear. Russia has inherited the mantle of Nazism and Ukraine is defending against it. Logan is upside down and backwards, which I guess is obviously why RT is promoting her.

This is a repeat of years ago when Logan attempted to undermine science and promote baseless paranoia when (during Hanukkah no less) she falsely tried to equate a modern U.S. government officials’ expertise with disease eradication to… Nazism.

Lara Logan, a host on Fox News Media’s streaming service, compared Anthony Fauci, the nation’s leading infectious disease expert, to the infamous Nazi doctor Josef Mengele, who worked at Auschwitz during the Holocaust.

These absurd and shrill comments make her whole career seem like it has been a slow-moving attempt to restore white power after being confused by the fall of apartheid.

She brings to mind a bigger issue in America.

Why are white South Africans of her particular age becoming such large-scale proxies for right wing extremism in the U.S. trying to amass power through military, financial markets and media (e.g. Thiel, Musk, Logan…)?

Strava-cide? Top California Cyclist Allegedly Murdered by Jealous Texan

A woman cyclist, arguably the best in history yet still early in her career at just 25, was ruthlessly murdered in Texas.

The details of this premeditated act are chilling albeit complex.

Shortly before her body was found, Moriah [Wilson] had flown into Texas to participate in the Gravel Locos, a 150-mile bike race. While in town, she and Colin [Strickland, who had been in a romantic relationship with her] agreed to meet up and hang out. Police believe Kaitlin [Armstrong, who lives with Colin and runs a business with him] may have located the two via a cycling app known as Strava, where locations are enabled. According to police, Kaitlin allegedly followed Moriah to the apartment she was staying in and may have fired a 9mm handgun – the same gun Colin told authorities [he had given to Kaitlin].

To recap, Strickland pulled Wilson into what easily could be described as a romantic evening (despite his claims otherwise) when she traveled to Texas to compete in a race. Armstrong, his business partner and girlfriend is now accused of murdering Wilson.

Surveillance video showed Armstrong suddenly appeared at Wilson’s residence (black Jeep Cherokee, Texas plate LDZ5608) after Wilson was delivered there by Strickland. Ballistics tie the gun Strickland purchased for Armstrong to the crime.

Authorities in fact took Armstrong for questioning (based on an unrelated warrant) yet also allowed her to walk free as she balked at details about the murder (e.g. her Jeep and the gun Strickland gave her).

When detectives suggested “maybe you were upset and just in the area,” she allegedly nodded in agreement. Police said that she became angry when asked about Mr Strickland meeting with Ms Wilson. “I didn’t have any idea that he saw or even went out with this girl… as of recently,” she allegedly told investigators. Investigators then “confronted Armstrong on how seeing her vehicle in the area, coupled with the statements made by Strickland, made things not look too good,” according to the warrant.

Armstrong simply walked away from investigators once she was informed she had a right to leave; went and deleted her social media then disappeared.

Authorities say she is now a wanted fugitive.

Strickland frames his role as a poor liar, not an accessory to murder, during his long-term relationship with Wilson.

Strickland told detectives Armstrong did not know where Wilson was staying. But Wilson’s Strava account might have provided a clue: On the day she was killed, she uploaded a ride that began and ended at the home where she was staying. At just before 10 p.m., a woman who rents the home where Wilson was staying called police after arriving and finding Wilson lying in the bathroom. She told police that nothing was missing in the home except for Wilson’s bicycle, which investigators later found in thick bamboo more than 60 feet from the house.

Strickland said he had erased Wilson’s text messages and altered Wilson’s name on his phone as a means to keep his relationship going while Armstrong vigorously tracked them and tried to intervene multiple times. His statement Armstrong did not know where Wilson was staying, the source of speculation about the role of Strava in the murder, seems willfully ignorant at best.

Strickland released a statement he wants people to believe his “romantic” time with Wilson was just one week in October when he was single, despite Armstrong at that time “called Wilson on the phone, telling Wilson she was the one who was dating Strickland”.

The affidavit and Strickland’s phone history suggest it was months later in January when Armstrong objected more violently to what was perceived to be an ongoing romantic relationship with Wilson.

Perhaps the most Texas moment of all was around that time, and in that context of anger, Strickland purchased Armstrong the gun that was just used to kill Wilson.

Strickland not only gave Armstrong the weapon, he also may have brazenly led her to the scene and triggered her.

The affidavit points out that while Strickland claimed Armstrong didn’t know where Wilson was staying (and he only engaged with her in a “platonic” relationship) in fact he went to pick Wilson up at 5:45 pm directly from where she was staying to ride on his motorcycle for a swim and private dinner.

Strickland returned Wilson by motorcycle again directly to where she was staying. At 8:36 pm he sent a text message to Armstrong saying he “went to drop some flowers…and my phone died”.

Wilson entered the residence at the same time as that text message, according to the unique code and timestamp on the door lock.

Armstrong’s SUV one minute later was captured on video stopping outside Wilson’s residence, perhaps not needing Strava because simply observing Strickland and Wilson riding his motorcycle, and perhaps treating that text message as a signal.

DOJ Clarifies Security Research Protected Under CFAA

Interesting to read the sensible conclusions being reached by the U.S. department established by President Grant.

Justice Department urges prosecutors not to bring cases against legitimate cybersecurity researchers under main U.S. anti-hacking law, enacted in 1986

The reporter uses a powerful method called the “sandwich” to push the message here.

The policy change is a victory for the many cyber professionals and academics who have criticized the Computer Fraud and Abuse Act for potentially criminalizing research that security experts see as key to protecting computer systems from cyberattacks.

“The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good,” Deputy Attorney General Lisa Monaco said in a statement.

The revised policy directs federal prosecutors to avoid bringing cases if individuals accessed computers to test, investigate or correct vulnerabilities “in a manner designed to avoid any harm to individuals or the public.”

See what just happened?

1) The policy change
2) DoJ says “never been interested”
3) The revised policy

Next comes the reporter trying to explain why a new policy is really just clarification of overly broad computer language from 1980s.

Critics in the cybersecurity industry say the language is ambiguous and could be used to prosecute routine activity…

Updating vague language from the dinosaur days of computers arguably doesn’t rise to the level of changing a policy, but the DoJ themselves want it to be seen as a clean break because the prior policy didn’t accurately represent their intentions.

The official DoJ announcement text ends with this:

All federal prosecutors who wish to charge cases under the Computer Fraud and Abuse Act are required to follow the new policy, and to consult with CCIPS before bringing any charges. Prosecutors must inform the Deputy Attorney General (DAG), and in some cases receive approval from the DAG, before charging a CFAA case if CCIPS recommends against it. The new policy replaces an earlier policy that was issued in 2014, and takes effect immediately.

And that follows the reasonable doctrines of accuracy and efficiency in justice.

The new policy states explicitly the longstanding practice that “the department’s goals for CFAA enforcement are to promote privacy and cybersecurity by upholding the legal right of individuals, network owners, operators, and other persons to ensure the confidentiality, integrity, and availability of information stored in their information systems.” Accordingly, the policy clarifies that hypothetical CFAA violations that have concerned some courts and commentators are not to be charged. […] The policy focuses the department’s resources on cases where a defendant is either not authorized at all to access a computer or was authorized to access one part of a computer — such as one email account — and, despite knowing about that restriction, accessed a part of the computer to which his authorized access did not extend, such as other users’ emails.

In related news, some people have all the fun.

Former special forces operative Guillaume runs a company called Golem Protection that tests the defences of high profile business people or wealthy VIPs from all over the world. His team “breaks into” well-guarded homes, using paintball guns and marker pen “knives” to demonstrate just how terrifyingly close they can get to their targets. […] “Obviously, we simulate the killing part,” he jokes.

Apple’s OSX 12.4 Full of 73 Important Hidden Security Fixes

Already I’m seeing social media channels fill up with Apple users whining about the 2GB or larger download required for OSX 12.4.

Why should I download this if there are no major changes?

Deployment model plans aside — proprietary lightning connectors are nearly dinosaur speed versus modern USB-C so Apple arguably put themselves in this corner — let’s talk about what Apple doesn’t seem to highlight in its official release notes: data safety (CRITICALITY OF FIXES).

  1. CVE-2022-26772 memory corruption to execute arbitrary code with kernel privileges
  2. CVE-2022-26741 buffer overflow to execute arbitrary code with kernel privileges
  3. CVE-2022-26742 buffer overflow to execute arbitrary code with kernel privileges
  4. CVE-2022-26749 buffer overflow to execute arbitrary code with kernel privileges
  5. CVE-2022-26750 buffer overflow to execute arbitrary code with kernel privileges
  6. CVE-2022-26752 buffer overflow to execute arbitrary code with kernel privileges
  7. CVE-2022-26753 buffer overflow to execute arbitrary code with kernel privileges
  8. CVE-2022-26754 buffer overflow to execute arbitrary code with kernel privileges
  9. CVE-2021-44224 “multiple issues”
  10. CVE-2021-44790 “multiple issues”
  11. CVE-2021-44719 “multiple issues”
  12. CVE-2022-22720 “multiple issues”
  13. CVE-2022-22721 “multiple issues”
  14. CVE-2022-26697 out-of-bounds read for unexpected application termination or disclosure of process memory
  15. CVE-2022-26698 out-of-bounds read for unexpected application termination or disclosure of process memory
  16. CVE-2022-26736 out-of-bounds write to execute arbitrary code with kernel privileges
  17. CVE-2022-26737 out-of-bounds write to execute arbitrary code with kernel privileges
  18. CVE-2022-26738 out-of-bounds write to execute arbitrary code with kernel privileges
  19. CVE-2022-26739 out-of-bounds write to execute arbitrary code with kernel privileges
  20. CVE-2022-26740 out-of-bounds write to execute arbitrary code with kernel privileges
  21. CVE-2022-26694 inherit app permissions and access user data
  22. CVE-2022-26721 memory initialization to gain root privileges
  23. CVE-2022-26722 memory initialization to gain root privileges
  24. CVE-2022-26763 out-of-bounds access to execute arbitrary code with system privileges
  25. CVE-2022-26711 integer overflow to cause unexpected application termination or arbitrary code execution
  26. CVE-2022-26725 location information may persist after it is removed
  27. CVE-2022-26720 out-of-bounds write to execute arbitrary code with kernel privileges
  28. CVE-2022-26769 memory corruption to execute arbitrary code with kernel privileges
  29. CVE-2022-26770 out-of-bounds read to execute arbitrary code with kernel privileges
  30. CVE-2022-26748 out-of-bounds write for arbitrary code execution
  31. CVE-2022-26756 out-of-bounds to execute arbitrary code with kernel privileges
  32. CVE-2022-26701 race condition to execute arbitrary code with kernel privileges
  33. CVE-2022-26768 memory corruption to execute arbitrary code with kernel privileges
  34. CVE-2022-26743 out-of-bounds write to escalate to kernel privileges
  35. CVE-2022-26714 memory corruption to execute arbitrary code with kernel privileges
  36. CVE-2022-26757 use after free to execute arbitrary code with kernel privileges
  37. CVE-2022-26764 memory corruption to bypass kernel memory mitigations
  38. CVE-2022-26765 race condition to bypass Pointer Authentication
  39. CVE-2022-26706 access issue to circumvent sandbox restrictions
  40. CVE-2022-26767 to bypass Privacy preferences
  41. CVE-2022-26776 cause unexpected application termination or arbitrary code execution
  42. CVE-2022-26708 for unexpected application termination or arbitrary code execution
  43. CVE-2022-26775 integer overflow to cause unexpected application termination or arbitrary code execution
  44. CVE-2022-0778 invalid cert for denial of service
  45. CVE-2022-23308 use after free to cause unexpected application termination or arbitrary code execution
  46. CVE-2022-0778 invalid cert for denial of service
  47. CVE-2022-26712 vulnerable code to modify protected parts of the file system
  48. CVE-2022-26727 bypass entitlements to modify protected parts of the file system
  49. CVE-2022-26693 bypass checks to inherit application permissions and access user data
  50. CVE-2022-26746 vulnerable code to bypass Privacy preferences
  51. CVE-2022-26731 state management logic weakness to track users in Safari private browsing mode
  52. CVE-2022-26766 certificate parsing issue to bypass signature validation
  53. CVE-2022-26715 out-of-bounds write to gain elevated privileges
  54. CVE-2022-26718 out-of-bounds read to gain elevated privileges
  55. CVE-2022-26723 memory corruption for arbitrary code execution
  56. CVE-2022-26728 bypass entitlements to access restricted files
  57. CVE-2022-26704 validation issue to gain elevated privileges
  58. CVE-2022-26726 bypass checks to capture a user’s screen
  59. CVE-2022-26755 lack of sanitization to break out of a sandbox
  60. CVE-2022-26700 memory corruption for code execution
  61. CVE-2022-26709 use after free for arbitrary code execution
  62. CVE-2022-26710 use after free for arbitrary code execution
  63. CVE-2022-26717 use after free for arbitrary code execution
  64. CVE-2022-26716 memory corruption for arbitrary code execution
  65. CVE-2022-26719 memory corruption for arbitrary code execution
  66. CVE-2022-22677 logic issue so call may be interrupted
  67. CVE-2022-26745 memory corruption to disclose restricted memory
  68. CVE-2022-26761 memory corruption to execute arbitrary code with kernel privileges
  69. CVE-2022-26762 memory corruption to execute arbitrary code with system privileges
  70. CVE-2022-0530 bypass file state for denial of service
  71. CVE-2018-25032 memory corruption for unexpected application termination or arbitrary code execution
  72. CVE-2021-45444 arbitrary code execution

Whew! Even with sparse details and placeholder CVE records that’s still 24 mentions of kernel privileges and 2 root level. Can you figure out the one missing from this list?

Did Yahoo’s CISO Wreck Facebook?

There’s a buried lede in Newsweek analysis of the Meta problem with big data security.

“People are talking about Facebook as if it’s about to become the next MySpace or Yahoo,” says Daniel Salmon, an analyst who follows Meta for BMO Capital Markets…

It really begs the question what Facebook was thinking when it hired the inexperienced and unqualified CISO from Yahoo, as I’ve mentioned here many times before.

Yahoo soon after his departure was accused of “egregious misconduct” in record-setting privacy breaches that he had failed to disclose.

And then under his tenure Facebook had even larger record-setting privacy breaches, losing more trust faster than any other technology brand.