Day: May 14, 2018

Donald Trump’s attorney and walking accident Rudy Giuliani has been busying himself as of late seemingly attempting to do as much damage to the president’s legal prospects as possible. Whether it’s claiming that Trump knew perfectly well about the alleged hush money paid out to adult film star Stormy Daniels or saying he fired FBI James Comey to shut him up about that whole Russia thing, Giuliani’s been screwing up on a level that the likes of the Mooch could only dream of.

Anyhow, on Friday night Giuliani bungled another thing for the president by seemingly admitting that Trump personally interfered to stop the merger between telecom behemoth AT&T and multimedia giant Time Warner. Officially, the Department of Justice is suing to stop the deal over antitrust concerns, but unofficially, rumors have been flying for months that the DOJ is only trying to scuttle it because Trump despises Time Warner subsidiary CNN.

In an attempt to defend the president’s other lawyer Michael Cohen from accusations he took $600,000 to “consult” on the merger, Giuliani told the Huffington Post:

Giuliani said Cohen’s business relationships did not contradict Trump’s campaign promises to end “pay-to-play” schemes and to “drain the swamp” because Cohen did not get for his newfound clients what they wanted.

“Whatever lobbying was done didn’t reach the president,” Giuliani said, offering as proof the fact that AT&T’s proposed merger with Time-Warner has not gone through. “He did drain the swamp … The president denied the merger. They didn’t get the result they wanted.”

That “the president,” rather than the DOJ, directed an end to the merger would be a big deal, as it would support the companies’ legal assertions that the sudden intervention smells fishy as hell. The current DOJ antitrust chief, Makan Delrahim, had previously commented he didn’t view the merger as a problem—and while denying the merger is almost certainly good for consumers, it’s a suspicious move for an administration with a laissez-faire attitude towards corporate matters.

In other words, this is another minefield that Giuliani wandered into apropos of nothing. The comment appears to have put the president himself on the defensive, inspiring a tweet lamenting the “disgrace in reporting”:

By Saturday, Giuliani was walking the remarks back, telling CNN “He told me directly he didn’t interfere.”

US District Judge Richard Leon has said he’ll have a ruling on the antitrust trial by mid-June, which seems like more than enough time for him to take this incident into account. The DOJ does project that consumers would pay for the successful hybridization of the two companies into one massive mega-corporation in the form of $571 million in additional fees by 2021, so there’s probably an argument to be made for Giuliani being able to get away with portraying this as just a little misstatement.

[Huffington Post]

The eruption at Kilauea volcano on Hawaii’s Big Island has technically been going on for over 30 years, but became a problem in recent weeks when a collapse on its eastern flank started draining its lava lake into surrounding parts of the island. It’s continued to get worse since then, and as of Sunday, CBS reported a total of 17 active volcanic fissures have opened up, including one near the Puna Geothermal Venture energy conversion plant:

Officials had said an 18th fissure opened up, but because no lava was seen spewing from it, they are documenting 17 total active fissures so far on Hawaii’s Big Island.

Hawaii County Civil Defense officials urged residents of Halekamahina Loop Road to evacuate as well as two nearby community centers that were serving as shelters for people and pets. It was there that officials found the new fissure along the road. They numbered fissure 18, but later renamed it No. 17.

Popping, exploding and sloshing sounds could be heard from the fissure as far as 1,500 yards away. Observatory scientist Steve Brantley says this most recent fissure measures 1,000 feet but is not acting vigorously. There is some intermittent spatter but no substantial lava flow.

Said plant was fortunately evacuated of 50,000 gallons of flammable pentane gas, CBS added.

Many of the older fissures have stopped spewing molten rock, though the Associated Press reported that one of the newer fissures was spewing magma as far as 100 feet (30 meters) in the air, and the situation risks getting even worse as the volcano runs out of “relatively cool, sluggish magma left over from a similar event in 1955” and instead begins leaking fresher magma. According to CNN, the United States Geological Survey’s Hawaiian Volcano Observatory is additionally warning that it is possible that Halemaumau crater at Kilauea’s summit could undergo an explosive steam eruption potentially capable of covering an area of 12 miles in plumes of ash. 

Such a situation could become a possibility if the amount of lava in the volcano diminishes below the water table, which would send water pouring in and potentially cause a devastating reaction when it flashes to steam. As the Washington Post noted, precisely that mechanism is believed to be responsible for an incident in 1790 that wiped out a group of native warriors almost instantaneously. According to USA Today, the potential steam eruption could happen with very little notice, and the Hawaii National Guard is preparing for evacuation operations that could involve “ground convoys and even helicopters if necessary” to retrieve hundreds of locals who did not evacuate.

One concern is that residents could be trapped by lava flows, debris, or toxic fumes in a situation that develops considerably faster than anticipated.

“We’ve got all the warning signs we need,” Steve Brantley, the deputy scientist-in-charge at the HVO, told the Honolulu Star-Advertiser. “There may not be any additional warning before the magma actually starts moving up to the surface.”

Some 1,700 people have already evacuated as lava flowed through nearby Leilani Estates, destroying dozens of homes and leaving residents shocked. However, no deaths or serious injuries have yet been reported.

[CBS/CNN]

After miraculously getting a Little Tikes Cozy Coupe toy to take flight, the RC hobbyists at YouTube’s FliteTest challenged themselves to get one of Ikea’s cheap Jokkmokk wooden chairs airborne. Not only did they succeed, they also managed to complete all of the flightworthy upgrades in a mere six hours

Building an RC plane isn’t as challenging as designing and engineering a 747, but it’s still no easy feat. Even building an RC plane from a kit, that’s guaranteed to soar, can take days. As far as we know, no one’s ever used a wooden Ikea chair as an airframe before, which makes it all the more amazing that this bizarre craft smoothly took to the skies on its very first takeoff. The only upgrade it possibly needs now is a stronger motor to allow its pilot to actually sit on that chair during flight.

[YouTube]

If you use PGP or S/MIME for email encryption you should immediately disable it in your email client. Researchers have discovered a critical vulnerability they’re calling EFAIL that exposes the encrypted emails in plaintext, even for messages sent in the past.

“Email is no longer a secure communication medium,” Sebastian Schinzel, a professor of computer security at Germany’s Münster University of Applied Sciences, told the German news outlet Süddeutschen Zeitun.

The vulnerability was first reported by the Electronic Frontier Foundation (EFF) in the early hours of Monday morning, and details were released prematurely just before 6am ET today after Süddeutschen Zeitun broke a news embargo. The group of European researchers are warning people to stop using PGP entirely and say that, “there are currently no reliable fixes for the vulnerability.”

From the researchers:

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

You can read more about what the researchers are calling the EFAIL vulnerability at https://efail.de/.

Sebastian Schinzel, a professor of computer security at Germany’s Münster University of Applied Sciences, had planned to wait until the early morning hours of Tuesday to release their findings, but the embargo was broken. In the long term, the standards need to be drastically updated, which researchers warn will take a considerable amount of time.

PGP (Pretty Good Privacy) is an encryption program that’s considered the gold standard for email security and was first developed in 1991. Encrypted email, often sold as a kind of invisibility shield by too many irresponsible security experts, became more mainstream after whistleblower Edward Snowden revealed the scope of the U.S. government’s electronic surveillance in June of 2013. But encrypted email isn’t perfect, just as no security system ever will be.

For its part, the privacy community is insisting that this vulnerability is overblown and that people are overreacting. Werner Koch, principal author of GNU Privacy Guard, writes that the two ways to mitigate this attack are to simply not use HTML emails, and to use authenticated encryption, something noted in the paper.

“They figured out mail clients which don’t properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation,” GNU Privacy Guard said on Twitter.

“If used correctly” seems to be the magic phrase for so many security companies these days.

The EFF has guides for how to disable PGP in Apple Mail, in Outlook, and in Thunderbird. What should you use as an alternative? The EFF says that there are no reliable email alternatives, and recommends using Signal for end-to-end encrypted texts and phone calls. But be aware that nothing is foolproof.

You can read the full paper, authored by Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk over at EFAIL.de.

[EFF and Süddeutschen Zeitun]