US administration adds “subliminal” ad to White House website – Naked Security

Hidden messages, features or jokes in apps and websites are commonly known in hacker jargon as easter eggs, because they’re supposed to be found and enjoyed, but they’re not supposed to be immediately obvious.

One of the most famous easter eggs in commercial software history – if not the most complex – was the hidden flight simulator (really!) in Microsoft Excel 97.

How to fly in Excel 97. Open New workbook. Hit F5. Type in L97:X97 [Enter][Tab]. Ctrl-Shift-Click on the Chart Wizard icon. Fly using mouse. Hit [Esc] to end.

Sometimes, amusingly, it wasn’t games hidden in business apps, but business apps hidden in games.

One of the most famous computer games in software history, the first IBM PC version of Tetris, had a hidden spreadsheet as its easter egg, or more accurately as its boss mode.

Boss mode, activated with the boss key, often Ctrl-B or Alt-B so it was quick to type, popped up a more dubious sort of easter egg intended as a decoy.

Boss screens were meant to cover the display instantly with what might just about look like real work if your boss suddenly appeared on the horizon.

Not the most convincing decoy in the world, even for a US company.
Tetris boss screen “spreadsheet” app.

As you can imagine, hidden and undocumented code of this sort is not as common these days, because it’s not a terribly good cybersecurity look.

After all, if there’s a whole flight simulator hidden behind some sort of esoteric incantation involving the keyboard and the mouse (in Word 97, the easter egg was a pinball game), how well was it tested?

How thoroughly was the code reviewed? How official was the process by which the code was added to the source tree? What else was snuck in there by developers and never noticed at all? Did the person who approved the digital signing of the shipped software even know that easter egg code existed? Are customers entitled to official support and patches for the easter egg? If not, why not?

Having said that, even the very latest version of Microsoft Edge contains an openly secret surfing game that you can access by visiting the special URL edge://surf:

Surfing in Edge. (Screen grab from Edge for Linux 89.0.767.0.)
Click the three-lines…


How Joe Biden’s Peloton Bike Could Be Hacked in the White House

Back in the day, somewhere in mid-20th century time, people thought that in the year 2000 we would be driving flying cars. Jet packs would be the norm. You know, cool stuff like that. That vision… didn’t quite happen, but that doesn’t mean technology hasn’t made giant leaps. We have little computers in our pockets that can access practically any information in the world. We can order stuff offline and have it shipped to us day-of. We can also work out on a trendy smart bike at home, so long as someone doesn’t hack it, causing a national security threat that tugs at the somewhat frayed seams of our ever-fragile democracy.

Get Unlimited Access to Esquire’s Best Stories

That seems to be the predicament that President-elect Joe Biden and his famed Peloton bike currently face as he makes his transition into the White House next week. As CNN reports, “Past presidents’ high-tech gadgets have typically required security vetting and retrofitting—especially when they connect to the internet or cell networks.” While that has worked in the past with things like the golf simulator Trump had installed, the Peloton may prove to be a bit trickier.

Speaking with Popular Mechanics, Max Kilger, Ph.D., director of the Data Analytics Program and associate professor in practice at the University of Texas at San Antonio, said, “If you really want that Peloton to be secure, you yank out the camera, you yank out the microphone, and you yank out the networking equipment.” For those keeping score, that basically leaves you with one of these bad boys:

stationary bike

Found Image Holdings IncGetty Images

We love a retro look. But that also means Biden’s favorite instructor won’t be able to inspire him with invasively personal sentiments like this one:

This content is imported from Twitter. You may be able to find the same content in another format, or you may be able to find more information, at their web site.

Jokes aside, even Peloton has admitted that to a certain extent, there’s only so much you can do when it comes to the bike’s security vulnerabilities. It says,…


Biden Adds Homeland Security, Cyber Heft to White House Team

President-elect Joe Biden on Wednesday added three experts to his National Security Council to advise him on homeland security and cybersecurity — two sprawling issues he will grapple with given the aftermath of the attack on the Capitol, and the recent widespread hack into government networks and private companies.

President Trump’s national security adviser Robert O’Brien had trimmed the homeland security position from the NSC. But Biden will add it back, putting Elizabeth Sherwood-Randall in the top job, and Russ Travers as her deputy.

Sherwood-Randall was former President Obama’s deputy secretary of energy, and has focused on military and nuclear policy during her career. Travers spent 42 years in the intelligence community, including in top jobs at the National Counterterrorism Center.

Biden also added a new position at the NSC focused specifically on cyber and emerging technology, putting Anne Neuberger in that post. She is currently the National Security Agency’s director of cybersecurity.

The federal government is still assessing the full impact of the massive SolarWinds computer breach discovered late last year that exposed a number of U.S. agencies to hackers.

Meanwhile, federal authorities continue to investigate and arrest rioters who took over the Capitol last week, killing one police officer. The FBI has issued a warning about protests and violence in state capitols ahead of Inauguration Day. Biden has been briefed on the threat, his officials said, and has urged the Senate to quickly confirm his Cabinet members to ensure a smooth transition. [Copyright 2021 NPR]


House speeding to impeach Trump for Capitol insurrection – Orange County Register


WASHINGTON (AP) — Poised to impeach, the House sped ahead Monday with plans to oust President Donald Trump from office, warning he is a threat to democracy and pushing the vice president and Cabinet to act even more quickly in an extraordinary effort to remove Trump in the final days of his presidency.

Trump faces a single charge — “incitement of insurrection” — after the deadly Capitol riot in an impeachment resolution that the House will begin debating Wednesday.

At the same time, the FBI warned ominously Monday of potential armed protests in Washington and many states by Trump loyalists ahead of President-elect Joe Biden’s inauguration, Jan. 20. In a dark foreshadowing, the Washington Monument was closed to the public amid the threats of disruption. Acting Homeland Security Secretary Chad Wolf abruptly resigned.

It all added up to stunning final moments for Trump’s presidency as Democrats and a growing number of Republicans declare he is unfit for office and could do more damage after inciting a mob that violently ransacked the U.S. Capitol last Wednesday.

“President Trump gravely endangered the security of the United States and its institutions of Government,” reads the four-page impeachment bill.

“He will remain a threat to national security, democracy, and the Constitution if allowed to remain in office,” it reads.

House Speaker Nancy Pelosi is summoning lawmakers back to Washington for votes, and Democrats aren’t the only ones who say Trump needs to go.

Republican Sen. Pat Toomey of Pennsylvania joined GOP Sen. Lisa Murkowski of Alaska over the weekend in calling for Trump to “go away as soon as possible.”

Rep. Liz Cheney, R-Wyo., encouraged House GOP colleagues late Monday to “vote your conscience,” according to a person granted anonymity to discuss the private call. She has spoken critically of Trump’s actions, but has not said publicly how she will vote.

Pending impeachment, Democrats called on Vice President Mike Pence and the Cabinet to invoke their constitutional authority under the 25th Amendment to remove Trump from office before Inauguration Day.

Their Democrats’ House…