Hacker News readers who visit the site to learn how engineers and entrepreneurs talk, and what they talk about, can find themselves immersed in conversations that resemble the output of duelling Markov bots trained on libertarian economics blogs, “The Tim Ferriss Show,” and the work of Yuval Noah Harari.
“One of the things I’ve learned is that almost all of the generalizations are wrong. And I’ve learned this because people love to post generalizations about Hacker News to Hacker News.”.
In an Emacs file, Gackle collects a list of contradictory statements that people have used to describe Hacker News.
Gackle later told me that he sees frustration at work as part of the DNA of Hacker News.
For Gackle and Bell, moderating Hacker News has presented an opportunity for self-work.
N-gate, a satirical Web site with the slogan “We can’t both be right”, offers a weekly summary of Hacker News discussions, dubbed “Webshit weekly.” The N-gate entry about a Hacker News discussion of a Times article on the crashes of two Boeing 737 airliners, in Indonesia and Ethiopia, is typical.
The creation of Startup News was a response to Reddit’s Eternal September; some of the problems with which Gackle and Bell are grappling can be traced to a similar phenomenon at Hacker News.
A few weeks after meeting with Gackle and Bell, I checked Hacker News to see what commenters were saying about a Times story on the Facebook co-founder Chris Hughes’s antitrust work with the Federal Trade Commission.
The orginal article.
Jack Goldsmith and Robert Williams have argued in Lawfare that the strategy of charging Chinese hackers for theft of U.S. trade secrets has failed to deter such activity, citing the public charges against Chinese state-affiliated hackers in 2017 and 2018 as reason to believe Chinese cyber theft of American intellectual property had not ceased.
John Carlin, who oversaw the early charging of foreign hackers as assistant attorney general for national security from 2014 to 2016, has written about charging foreign hackers more broadly as part of a package of tools that the U.S. government can use to disrupt and deter state-sponsored hacking.
A full list is provided below and includes charges against foreign state-linked hackers involved in influence operations, which is often considered together with hacking in discussions of deterrence and responding to malicious cyber activity.
Bringing criminal charges against foreign hackers differs in important ways from other options available to policymakers-like press conferences, sanctions or offensive cyber operations-for responding to a cyber incident.
Waiting until the relevant sources go dry or methods fall out of use reduces the impact that criminal charges are likely to have, as individual hackers are likely to have changed their behaviors and may not be working with the foreign government at that point.
Even if Washington does not use criminal charges against foreign hackers and other foreigners engaged in state-linked malicious behavior in apolitical fashion, its adversaries may act more aggressively to politicize international law enforcement in an effort to undermine cooperation on combating cybercrime.
Many observers have questioned the worth of the charging strategy by arguing that it has not improved “Cyber deterrence.” That is to reject the charging strategy for the wrong reason-for many of the reasons discussed above, but also because that view avoids addressing many of the other consequences that criminal charges against foreign hackers raise.
Criminal charges against foreign hackers should be framed as “Persistent law enforcement”-continued efforts to disrupt and deter hackers.
The orginal article.
A new study has identified security flaws in five of the most popular password managers.
Which finds password manager users are vulnerable to targeted malware attacks, does shine a light on ways to bolster our defenses.
Password managers are programs that keep all your log-in details in an online safe-deposit box.
“The ‘lock’ button on password managers is broken – some more severely than others,” said lead researcher Adrian Bednarek.
Not storing extremely valuable secrets such as bitcoin private keys in password managers.
The other lesson from the new research is in how the password managers handled the problem.
Troy Hunt, a security expert who runs the compromised-passwords database Haveibeenpwned.com, says password managers ought to be as resilient as possible.
“If the outcome of this is that impacted password managers further strengthen their security posture, then that’s a good thing,” he said.
The orginal article.
Hackers can bypass these protections, as we’ve seen with leaked NSA documents on how Russian hackers targeted US voting infrastructure companies.
A new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication enabled.
The news acts as a reminder that although 2FA is generally a good idea, hackers can still phish certain forms of 2FA, such as those that send a code or token over text message, with some users likely needing to switch to a more robust method.
It’s increasingly clear that as well as trying to steal your passwords through deceptive phishing pages, hackers may try and pinch your 2FA code too.
In its investigation, Amnesty found the servers hosting the Gmail and Yahoo phishing sites had exposed file directories, revealing exactly what process the hackers’ had used to phish targets’ credentials and 2FA tokens.
Behind the scenes, the hackers’ servers take the victim’s phished credentials, enters them into the legitimate email service, which then returns a request for a 2FA code The hackers’ server asks the victim for that code, which the hacker then passes back to the real service in order to login, all at around the same speed it would take to log-in ordinarily.
The hackers’ tool then automatically creates an App Password-a separate password that lets third party applications have access to the email account-so the hackers can maintain a hold on the user’s account.
On Thursday, in a separate investigation focused on the Iranian government-linked hacking group known as Charming Kitten, cybersecurity firm Certfa documented how another campaign has attempted to steal 2FA tokens.
The orginal article.
In early interviews with David Kirkpatrick, the author of “The Facebook Effect,” Mark Zuckerberg, the company’s co-founder and C.E.O., envisioned a challenge to the tools of corporate and political camouflage.
A Times investigation by a team of reporters found that Facebook has engaged in a multi-pronged campaign to “Delay, deny and deflect” efforts to hold the company accountable.
To blunt critics in Congress, Facebook relied on Senator Charles Schumer, Democrat of New York, whose daughter works at the company; it also hired Warner’s former chief of staff to lobby against a Senate bill introduced by Warner and Amy Klobuchar, the Minnesota Democrat, which would expand federal regulation over online political advertising.
The most disturbing revelation is that Facebook employed Definers Public Affairs, a conservative Washington-based consultant, to promote negative stories about Facebook’s competitors by pushing them on the NTK Network, which calls itself “a unique news website that brings together data points from all platforms to tell the whole story.” NTK is not a news Web site; it shares offices and staff with Definers.
As the Times reported, “Many NTK Network stories are written by staff members at Definers or America Rising, the company’s political opposition-research arm, to attack their clients’ enemies. While the NTK Network does not have a large audience of its own, its content is frequently picked up by popular conservative outlets, including Breitbart.” In other words, Facebook employed a political P.R. firm that circulated exactly the kind of pseudo-news that Facebook has, in its announcements, sought to prevent from eroding Americans’ confidence in fact versus fiction.
On Thursday, Sarah Miller, a spokesperson for Freedom from Facebook, told me, “Congress and the Federal Trade Commission should come to terms with the fact that Facebook will never change, unless they force it to-and they should, without delay, to protect our democracy.”
The portrait of Facebook presented in the Times, as in other reports over the past two years, is no longer that of a hacker but, rather, that of a practiced participant in this golden age of manipulation, in which influential organizations-companies, candidates, murky political actors-use their power to shape political outcomes in ways they don’t disclose and that the public rarely fully understands.
Nobody involved with Facebook thinks they are at obvious risk of losing their jobs, because they maintain the support of a board of directors that some observers believe has been far too passive in the face of Facebook’s stumbles.
The orginal article.