Archive for USA

« Older Entries

More US States Restrict Access To Porn…. VPN Usage Spikes As A Result…. Shock… Not….

Posted in Commentary with tags , on January 2, 2025 by itnerd

About two or so years ago, a trend in the US started where individual states started to require online porn sites to do some form of age verification to keep kids from accessing online porn. Now whether that is the true goal of the states who do this is an open question as some would argue that these states are trying to restrict access to the Internet. But I will leave you to form your own opinion on that.

As of the new year, the list of states that restrict online porn is as follows:

  • Virginia 
  • Montana
  • North Carolina
  • Arkansas
  • Utah
  • Mississippi
  • Texas
  • Nebraska
  • Idaho
  • Kansas
  • Kentucky
  • Indiana
  • Alabama
  • Oklahoma
  • Florida
  • Tennessee
  • South Carolina
  • Louisiana

Georgia has a law that takes effect in July.

The net result of this is that porn sites such as PornHub which is apparently the biggest player in the online porn space have outright blocked access to their sites in those states. Why? Well, for sites like PornHub to comply with these laws, they would have to perform reasonable age verification methods to verify the age of individuals attempting to access the material, which usually involves uploading your ID to them for verification purposes. PornHub clearly doesn’t want to play gatekeeper, nor do they want to be responsible for all that personally identifiable information, so they blocked access instead.

Now history has proven that if someone wants to ban something, those who want access to what is being banned will find a way to access it somehow. Which is why it isn’t surprising to me that according to VPN Mentor, in the state of Florida alone, they detected a surge of 1150% in VPN demand in the first few hours. You have to assume that similar things are happening in other states that have been geo blocked by PornHub. Meaning that the efforts to restrict access to online porn are completely ineffective. Not that I am surprised by that because anyone who has been on the Internet for something longer than 60 seconds could have predicted that this was going to happen. Thus it will be interesting to see what these states do next? Do they ban VPN usage? Do they force ISP’s to hand over info on which of their customers use VPNs? Do they go after PornHub or other online sites for not doing enough in their eyes? Or do they do nothing?

Get the popcorn ready.

Leave a comment »

US Companies Will Soon Have To Report Any Instance That They Have Been Pwned Or They Paid A Ransom

Posted in Commentary with tags , , on March 13, 2022 by itnerd

I’ve said for a long time that companies will only ensure that their cyber defences are as strong as they possibly can be if they’re forced to by law. That’s why this news is really good news as far as I am concerned:

Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress. 

The rules are part of a broader effort by the Biden administration and Congress to shore up the nation’s cyberdefenses after a series of high-profile digital espionage campaigns and disruptive ransomware attacks. The reporting will give the federal government much greater visibility into hacking efforts that target private companies, which often have skipped going to the FBI or other agencies for help.

“It’s clear we must take bold action to improve our online defenses,” Sen. Gary Peters, a Michigan Democrat who leads the Senate Homeland Security and Government Affairs Committee and wrote the legislation, said in a statement on Friday.

The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon. It requires any entity that’s considered part of the nation’s critical infrastructure, which includes the finance, transportation and energy sectors, to report any “substantial cyber incident” to the government within three days and any ransomware payment made within 24 hours.

What I hope this does is make companies think long and hard if they want to be on the wrong end of getting pwned, and having to report it to the US Government. Which will make them invest time, effort, money, and more time, effort, and money into people, training and products that will keep their companies from getting pwned. That in turn will hopefully make cybercrimes like ransomware less attractive to cybercriminals, and we will see less of this as a result.

Oh. In case you’re wondering what happens if a company doesn’t report a cyber incident? Here’s your answer:

The new rules also empower CISA to subpoena companies that fail to report hacks or ransomware payments, and those that fail to comply with a subpoena could be referred to the Justice Department for investigation.

The CISA is the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. This is the lead agency for the US Government for this sort of thing. And I am pretty sure that no company wants the Justice Department knocking on their door. Thus this is great news as far as I am concerned.

1 Comment »

US Goes After China For Hacking… China Hits Back

Posted in Commentary with tags , , on July 21, 2021 by itnerd

The US has taken the unusual step taking a shot at China over the hacking of Microsoft. This March, Microsoft reported that at least 30,000 customers were affected by a hack that allowed outsiders to access the firm’s email and calendar service through a software loophole previously unknown to the company. Volexity, the cybersecurity firm that first discovered the Exchange breach, and Microsoft concluded the attacks originated from China and appeared to be state-sponsored.

This has now led to the U.S. Justice Department charging four Chinese citizens from China’s secretive ministry of state security who are alleged to have hacked into the computer networks of dozens of companies, universities and government entities. China denies this:

“The U.S. ganged up with its allies and launched an unwarranted accusation against China on cybersecurity,” Chinese Foreign Ministry spokesman Zhao Lijian said Tuesday at a regular press briefing in Beijing. “It is purely a smear and suppression out of political motives. China will never accept this.”

But this is likely the beginning according to Director of Enterprise Security at Darktrace, David Masson:

“We have entered a new era of cyber-threat – attacks are increasing in speed, sophistication, and scale with malicious software like ransomware being able to encrypt an organization’s entire digital infrastructure in seconds. Even more alarmingly, geopolitical tensions are being played out in cyber battles with organizations getting caught in the crossfire.

Although it is difficult to attribute these attacks to any single nation-state, our government should take every opportunity to pressure cyber-criminals and grow international condemnation in the hopes of resetting the current state of unchecked nation and non-nation state cyber-aggression targeting countries globally. This lack of a unified strong and significant international response only further emboldens nation-state driven or sponsored cyber-attacks against the private sector and government institutions.

Canada can lead the way in putting every nation state and cybercriminal group, whether state-sponsored, supported, or simply sheltered, on notice that cyber-attacks will not only be taken extremely seriously, but that there could be a high cost where those responsible are held accountable through all levers of national power.

The priority must be protecting Canadian businesses and institutions from cyber-attacks that pose a threat to both economic and national security.”

Hopefully Canadian businesses, if not all businesses take heed of this warning.

Leave a comment »

US Government Introduces Legislation To Take On Big Tech

Posted in Commentary with tags on June 11, 2021 by itnerd

US House representatives have unveiled the Ending Platform Monopolies Act today with Rep. David Cicilline (D-RI) sharing a statement that I found in The Verge that aims to take big tech down a peg or two:

“Right now, unregulated tech monopolies have too much power over our economy. They are in a unique position to pick winners and losers, destroy small businesses, raise prices on consumers, and put folks out of work,” Rep. David Cicilline (D-RI) said in a statement Friday. “Our agenda will level the playing field and ensure the wealthiest, most powerful tech monopolies play by the same rules as the rest of us.”

If eventually passed in the House and Senate, that could usher in the regulation of Apple, Amazon, Facebook, and Google to ensure that they don’t have too much power. I am not sure that this is a great thing to do. But I guess we will see how this plays out.

Leave a comment »

America To Give Ransomware Attacks Similar Priority As Terrorism

Posted in Commentary with tags , on June 4, 2021 by itnerd

The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters:

Internal guidance sent on Thursday to U.S. attorney’s offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington. “It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, acting deputy attorney general at the Justice Department.

Last month, a cyber criminal group that the U.S. authorities said operates from Russia, penetrated a pipeline operator on the U.S. East Coast, locking its systems and demanding a ransom. The hack caused a shutdown lasting several days, led to a spike in gas prices, panic buying and localized fuel shortages in the southeast. Colonial Pipeline decided to pay the hackers who invaded their systems nearly $5 million to regain access, the company said.

The problem is that this won’t help as a lot of these threat actors are based in countries where the US can’t get them and toss them into jail. Here’s what will actually help:

  1. Business systems should be running ONLY applications needed to do the job, and no others.
  2. Business systems networks should be isolated from operations networks. Air Gapped as needed.
  3. Systems that need access in or out should be properly firewalled, including blocking entire countries or regions as needed.

The fact is that good IT is expensive. Bad IT is costly. We are in a place where bad IT is the norm. On top of that, it is perceived that it is much easier to have bad IT and pay the BITCOIN when they get pwned. But it isn’t cheaper. And that needs to change. When it does, this problem will get mitigated.

Leave a comment »

Bill To Strip Section 230 Protections From Internet Companies Introduced…. Is Trump Getting What He Wants?

Posted in Commentary with tags on December 10, 2020 by itnerd

I’ve talked about the fact that President Trump has been whining and complaining about nuking Section 230 which would strip the protections from nearly every internet venue with user interaction. That would include Facebook and Twitter among others. The Break Up Big Tech Act of 2020, introduced yesterday by Rep. Tulsi Gabbard (D-HI) and Rep. Paul Gosar (R-AZ), seeks to strip companies of those protections if they take supposed actions like “acting as publishers and censoring certain users.”

The legislation if passed would remove Section 230 protections from online companies that perform the following activities.

  • Selling and displaying targeted ads without a user’s consent
  • Collecting data for “commercial purposes other than the direct sale of the interactive computer service.”
  • Acting as a marketplace by “facilitate the placement of items into the stream of commerce.”
  • Employing digital products intended to “engage and addict users” to the service.
  • Acting as a publisher by using algorithms to moderate or censor content without opt-in from users

So this would effectively give Trump and conservatives who have been claiming that the Internet censors their voices what they want. Assuming that this passes. We’ll see if that actually happens or if this bill dies quietly after January 20th 2021.

Leave a comment »

Report: Trump Gave The CIA More Power To Launch Cyberattacks

Posted in Commentary with tags on July 15, 2020 by itnerd

The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities, Yahoo News reported, citing former U.S. officials with direct knowledge of the matter:

The secret authorization, known as a presidential finding, gives the spy agency more freedom in both the kinds of operations it conducts and who it targets, undoing many restrictions that had been in place under prior administrations. The finding allows the CIA to more easily authorize its own covert cyber operations, rather than requiring the agency to get approval from the White House. Unlike previous presidential findings that have focused on a specific foreign policy objective or outcome — such as preventing Iran from becoming a nuclear power — this directive, driven by the National Security Council and crafted by the CIA, focuses more broadly on a capability: covert action in cyberspace.

The “very aggressive” finding “gave the agency very specific authorities to really take the fight offensively to a handful of adversarial countries,” said a former U.S. government official. These countries include Russia, China, Iran and North Korea — which are mentioned directly in the document — but the finding potentially applies to others as well, according to another former official. “The White House wanted a vehicle to strike back,” said the second former official. “And this was the way to do it.” The CIA’s new powers are not about hacking to collect intelligence. Instead, they open the way for the agency to launch offensive cyber operations with the aim of producing disruption — like cutting off electricity or compromising an intelligence operation by dumping documents online — as well as destruction, similar to the U.S.-Israeli 2009 Stuxnet attack, which destroyed centrifuges that Iran used to enrich uranium gas for its nuclear program.

Assuming that this is accurate, I am not sure that this was a good idea. Having checks and balances to ensure that this is an option that is only used if it is truly required would likely mean that these are targeted operations by the US with a limited scope and a low chance that the target will retaliate. But now that this is out there, countries with the ability to launch these sorts of cyberattacks will likely feel that they have the green light to retaliate. Or launch larger scale cyberattacks of their own with potentially devastating effects. That has the potential to create all sorts of chaos. And it may come back to haunt the US at some point.

Leave a comment »

Tata Consultancy CEO Warns The USA On H1B Visa Freeze

Posted in Commentary with tags on July 10, 2020 by itnerd

The chief executive officer of Tata Consultancy Services which is Asia’s largest IT services firm warned that a U.S. freeze on thousands of employment visas by President Donald Trump will only raise costs for American corporations like Wall Street banks, auto manufacturers and drugmakers.

Tata Consultancy Services (TCS) CEO Rajesh Gopinathan told Bloomberg News the move has put massive stress on a huge swath of Indian-born engineers that have lived in the U.S. for years and helped support American clients, who will ultimately be the ones hurt most. His remarks were among the strongest public rebukes from India’s $181 billion IT industry since U.S. President Donald Trump’s June decree to halt approvals for a range of visas until the end of the year — including those for intra-company transfers. 

TCS and peers like Infosys have relied for years on the ability to send talent to work alongside their customers overseas, which include some of the largest electronics manufacturers and global retailers. Investors worry that the inability to do so will hurt their competitiveness in the largest international market. “The ignorance around this ruling should be addressed,” Gopinathan said via video conference on Friday. “Playing with the status of people who’ve moved away from families and committed to spending five-six years in a foreign country without immigrant status to deliver value to customers, is a short-term gimmick,” the executive said.

Now there is a bit of self interest at work here. Tata and Infosys are used by US companies because they are cheaper, not because they are better. The IT industry has been replacing competent local staff with less competent and cheaper Indian staff for years now. Every IT type like me has seen this happen. Many of us have seen the disasters these cheaper staff create and are quite happy to see curbs on H1B visas.

Here’s the flip side. This could send tech workers of all sorts running to other countries like Canada. As it stands, Canada was becoming a tech hub thanks to Trump administration policies. Now I have seen an acceleration of this because of the latest move by Trump. That cannot end well for the US.

It will be interesting to see how this plays out. My guess is that this is far from over.

Leave a comment »

DOJ Opening “Broad Antitrust Review” Of Major Tech Companies

Posted in Commentary with tags on July 24, 2019 by itnerd

If you’re Apple, Google, or Facebook, this may be a problem. As detailed by the Wall Street Journal [Likely Paywalled], the DOJ review targets practices of online platforms:

Justice Department officials said those agreements weren’t meant to be open-ended or all-encompassing. But in any case the department isn’t trying to pre-empt the FTC’s work, they said, and suggested the two agencies might explore different tech practices by the same company, as well as different legal theories for possible cases.

While companies like Facebook and Google perhaps have some “questionable” business practices, Apple perhaps doesn’t belong on this list. Though the The Wall Street Journal suggests otherwise when it comes to the App Store [Likely Paywalled]. In short, I wonder how much of this is about politics and how much of this is because there are actual problems with tech companies. I guess we’re about to find out.

1 Comment »

Visitors To The US Will Need To Hand Over Their Social Media Info If They Need A Visa

Posted in Commentary with tags , on June 2, 2017 by itnerd

I’ve been following this story for a while now, and it’s finally become reality. The US Government has rolled out a new questionnaire for U.S. visa applicants worldwide that asks for social media handles for the last five years and biographical information going back 15 years. From the report:

The new questions, part of an effort to tighten vetting of would-be visitors to the United States, was approved on May 23 by the Office of Management and Budget despite criticism from a range of education officials and academic groups during a public comment period. Critics argued that the new questions would be overly burdensome, lead to long delays in processing and discourage international students and scientists from coming to the United States. Under the new procedures, consular officials can request all prior passport numbers, five years’ worth of social media handles, email addresses and phone numbers and 15 years of biographical information including addresses, employment and travel history.

Welcome to the world of extreme vetting. And the problem with this is that:

  1. It’s not going to work because nobody who is up to no good is going to serve up any social media information that highlights the fact that they’re up to no good. Nor are they going to make it easy enough to find. Thus I seriously doubt that a single “bad dude” is going to get caught via any sort of extreme vetting.
  2. The unintended side effect of this sort of thing is that nobody is going go to the US. That’s going to have a negative effect on the $1.6 trillion in economic output in 2015 that tourism to the US generates. And according to The IndependentThe Washington Post and even FourSquare, tourism to the US has dropped since President Trump took power in the US. And my wife and I are examples of this as we cancelled a vacation to the US and instead will be road tripping across Canada simply because we do not feel that the US is a good place to go on vacation right now. I also have really cut back on any business trips to the US since Trump became president unless I have no other choice for a similar reason. Thus in the process, depriving the US of additional revenue from the flight, hotel, car rental, restaurants, etc. that my business trips would generate.

I suspect that once jobs start disappearing and the lawsuits start getting filed regarding how overly broad this appears to be, then they may be a rethink of this. We will have to watch and see.

UPDATE: I should have mentioned that disclosing your social media is “voluntary” as per this from the Reuters story:

While the new questions are voluntary, the form says failure to provide the information may delay or prevent the processing of an individual visa application.

So, to me it sounds like you pretty much have to hand this info over if you want your visa application processed in a timely manner.

 

Leave a comment »

« Older Entries