Posts

Get Your Otherwise Objectionable Gear Before The Senate Takes It Away!

Get your Otherwise Objectionable gear in the Techdirt store on Threadless »

On Monday we released our line of Otherwise Objectionable gear in our store on Threadless and, the very next day, GOP Senators unveiled their latest attempt at truly stupid Section 230 reform: a bill that would remove those two critical words from the law. Of course, those who understand how important Section 230’s moderation protections are to the internet will fight to prevent this bill from passing, and then there’s the fact that it’s pretty obviously unconstitutional — but while the fight continues, there’s never been a better time to declare your Otherwise Objectionable status with pride.

As usual, there’s a wide variety of gear available in this and other designs — including t-shirts, hoodies, notebooks, buttons, phone cases, mugs, stickers, and of course the now-standard face masks. Check out all our designs and items in the Techdirt store on Threadless!

Techdirt.

The FCC Knows Trump’s Social Media Order Is A Joke, But Fecklessly Pretends Otherwise

We’ve mentioned at great length how Trump’s executive order to more heavily “regulate” social media is an unworkable joke. It attempts to tackle a problem that doesn’t exist (“Conservative censorship”) by attacking a law that actually protects free speech (Section 230), all to be enforced by agencies (like the FCC) that don’t actually have the authority to do anything of the sort. You can’t overrule the law by executive order or regulatory fiat, nor can you ignore the Constitution. The EO is a dumb joke by folks who don’t understand how any of this works, and it should be treated as such.

Instead, most press coverage of the move is still somehow framed as “very serious adult policy,” despite being little more than a glorified brain fart.

The FCC also knows the order is unworkable garbage that flies directly in the face of years of espoused (government hands off) ideology by Ajit Pai, Brendan Carr and friends. And yet, terrified of upsetting dear leader, Pai issued a totally feckless statement on Monday stating the EO would be pushed through the rule-making process, pretending as if this was all just ordinary, sensible tech policy:

This is, you’ll recall, the same guy who spent the last eight years insisting that fairly modest consumer protections governing telecom monopolies (net neutrality, privacy) was a vile example of “government run amok.” It’s the same guy whose entire policy platform revolves around the idea that hands off, limited government oversight universally results in near-mystical outcomes. The order to have the FCC regulate social media giants runs in stark contrast to nearly everything Pai professes to believe, including his adoration of free speech (since eliminating 230 would all but guarantee less of it). And yet he’s completely unwilling to make so much as a cautiously critical peep.

Even if Pai’s worried that he’ll just be replaced by Carr (whose somehow even worse about intellectual consistency) for showing the slightest shred of backbone, there are ways that Pai could express his disdain for this order without upsetting King Donald (perhaps just use big words). But Pai does nothing of the sort. He’s completely selling out everything he believes in to make Donald happy. Not only that, he attempts to frame the idea that we should shut down an idiotic assault on free speech before wasting everybody’s time as itself an attack on free speech.

As a result we’re wasting agency time and taxpayer resources (during a pandemic no less when 42 million Americans lack broadband, something actually under FCC authority) to pursue an inherently dumb and dangerous idea.

Now we move on to the next step in pretending this is real policy: opening the FCC comment system to 45 day of public comments. Except as we saw with the net neutrality repeal (in which the telecom industry used fake and dead people to support terrible and unpopular policy), the FCC doesn’t actually do much to prevent fraud or abuse. So anybody eager to see Silicon Valley saddled with additional regulatory oversight (like its ad competitors in telecom or K Street political operatives) are going to stuff the ballot box with nonsense, taking us further down the rabbit hole of pretending Trump’s EO is serious adult policy making.

In short we’ve got a garbage, unworkable proposal being shuffled through elaborate NTIA and FCC policy making system at taxpayer expense during a crisis, all “supported” by people too afraid of Donald Trump to show even the faintest hint of consistency or backbone. In other words, just another ordinary Monday in Washington.

Techdirt.

How AV can open you to attacks that otherwise wouldn’t be possible

Enlarge (credit: Florian Bogner)

Antivirus programs, in many cases, make us safer on the Internet. Other times, they open us to attacks that otherwise wouldn’t be possible. On Friday, a researcher documented an example of the latter—a vulnerability he found in about a dozen name-brand AV programs that allows attackers who already have a toehold on a targeted computer to gain complete system control.

AVGater, as the researcher is calling the vulnerability, works by relocating malware already put into an AV quarantine folder to a location of the attacker’s choosing. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory such as C:\Windows or C:\Program Files, which normally would be off-limits to the attacker. Six of the affected AV programs have patched the vulnerability after it was privately reported. The remaining brands have yet to fix it, said Florian Bogner, a Vienna, Austria-based security researcher who gets paid to hack businesses so he can help them identify weaknesses in their networks.

Bogner said he developed a series of AVGater exploits during several assignments that called for him to penetrate deep inside customer networks. Using malicious phishing e-mails, he was able to infect employee PCs, but he still faced a significant challenge. Because company administrators set up the PCs to run with limited system privileges, Bogner’s malware was unable to access the password database—known as the Security Account Manager—that stored credentials he needed to pivot onto the corporate network.

Read 8 remaining paragraphs | Comments

Biz & IT – Ars Technica

NSA Whistleblower Drake: You’re automatically suspicious until proven otherwise

Continuing in the theme of what NSA whistleblowers have to say about Americans under mass surveillance, such as William Binney’s claim that the NSA has dossiers on nearly every U.S. citizen, we’ll take a look at another former NSA official, Thomas A. Read more

Ms. Smith’s blog