home.social

#electmorehackers β€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #electmorehackers, aggregated by home.social.

  1. πŸŽ‰ Right to repair is preserved! πŸŽ‰

    A house committee in the Colorado legislature voted 7 to 4 to "postpone indefinitely" the SB26-090 bill that would have rolled back the hard-fought right, had it passed.

    A coalition of experts from around the state, the country, and the world testified that the vague definition of "critical infrastructure" left open the possibility that manufacturers could have classified virtually any tech product under that category, which would then have exempted it from R2R unless the attorney general weighed in.

    I'm so grateful to everyone who jumped in with almost no advance notice, and testified forcefully that the bill was bad and the arguments underpinning the bill's rationale were complete bullshit.

    We won a victory, folks. Against huge industry lobbying efforts, we won the day. Activism mattered and made a difference tonight!

    #RightToRepair #COpolitics #cybersecurity #ElectMoreHackers

  2. RE: infosec.exchange/@threatresear

    Current update on SB26-090 (Colorado's misguided "wrong to repair" bill):

    After spending a bunch of the senate session on Tuesday in debate over a bunch of amendments, the bill is tentatively on the calendar for tomorrow, again, to have its third reading in the senate.

    Please keep up the pressure - Coloradans and the rest of the country rely on being able to fix broken things in order to protect them from cyberattack. The repair is not the problem here.

    leg.colorado.gov/agenda/floor/

    leg.colorado.gov/bills/sb26-090

    #COpolitics #Boulder #legislation #RightToRepair #SB26090 #Colorado #CriticalInfrastructure #activism #engagement #TechPollicy #policy #ElectMoreHackers #InfoSec #malware #cybersecurity

  3. 🚨 Current update on the Colorado bill (SB26-090) that would rescind "right to repair" for "critical infrastructure" 🚨

    Please share widely.

    The bill is currently scheduled for "third reading (final passage)" in the Colorado senate for Monday, April 13, first thing in the morning. If you have delayed until now doing something, this is your moment to act. You do not need to be a Colorado, or even a US resident, to speak up!

    leg.colorado.gov/agenda/floor/

    Paul Roberts (secure-resilient.org) is putting together a list of people willing to be signatories to a letter opposing this bill. Please reach out to him if you want to sign on to that letter.

    Wayne Seltzer, who runs the Boulder U-fix-it Clinic, shared a link to this petition/letter to legislators: actionnetwork.org/letters/supp

    Danny Katz of CO PIRG is running a petition drive to send messages to the legislature. Petition link: pirg.org/colorado/take-action/

    Finally, and this is important, rep. Brianna Titone (the author of the original 2024 right to repair bill) informed me that some of the advocates for right to repair who have been writing to legislators have been threatening or offensive in their language they used in their messages. This is unhelpful and will not persuade lawmakers to change their minds, so please try to encourage others to remember that these legislators -- who are on the fence -- can be persuaded, and are not (necessarily) inherently evil or corrupt, and just lack understanding.Talk/write to them with that frame of mind.

    Thank you!

    leg.colorado.gov/bills/SB26-090

    #COpolitics #Boulder #legislation #RightToRepair #SB26090 #Colorado #CriticalInfrastructure #activism #engagement #TechPollicy #policy #ElectMoreHackers #InfoSec #malware #cybersecurity

  4. RE: infosec.exchange/@patrickcmill

    #Colorado is running a bill this session, titled SB26-051 (leg.colorado.gov/bills/SB26-051), which will require "general computing platforms" (laptops and phones) to build a form of locally-stored age attestation into the onboarding process for a new user on the device. The data about the user would then be categorized into one of three age brackets, stored locally, and then passed to various apps/platforms/social media at registration time.

    In the bill's committee hearing last week, I and several other people told the bill sponsors that we understand the problem you're trying to solve, but that this is a terrible way to solve it. Many speakers offered to help advise the bill authors on implementing a less fragile, more secure, less susceptible system, but they wouldn't budge. Not a single committee member voted no on a motion to advance the bill to the "committee of the whole" - i.e., the full legislature for a final vote.

    The only hope now is for people to reach out to legislators to ask them to vote no on the final bill draft. Otherwise, we're going to get stuck with a really dumb bill that gets signed into law on a "but...think of the children!" appeal, with no hope of being implemented properly.

    It's notable that this Apple system would not satisfy the requirements the bill sets up.

    #COpolitics #ElectMoreHackers #ageAttestation #childsafety #onlinesafety

  5. Last night I attended the #Boulder BVSD school district's District Accountability Committee meeting. I am the representative to my kids' high school at the DAC, that advises the school board on policy matters. It's a commitment I made to staying involved in local school operations, regardless of the outcome of the election last year.

    The DAC is considering updates to policies surrounding the searches of and interrogations of students on school grounds. The DAC policy subcommittee made several positive changes that strengthen the protections this policy gives to students, who under these kind of circumstances are obviously in a power-imbalance situation.

    But there was one change that I couldn't abide, and when I brought it up, it started a nearly hourlong debate in which many other DAC representatives chimed in with their own concerns.

    The change was to give schools the permission to search students' mobile devices and laptops. It was a one-line insertion into an existing policy that gives school officials permission to search student lockers.

    I made the point that phones/laptops often contain highly sensitive, personal information that falls outside the scope of any legitimate investigation, and that the language was overbroad and failed to take into account the need for student data privacy and limiting the scope of the search, and raises significant civil rights issues.

    Another DAC member raised the issue that the policy seems to lay the responsibility for students maintaining the security of their devices on the students, even when an adult has access to those devices, which seemed weirdly out of sync.

    Yet another DAC member was concerned that there was no guidance about how such searches would be conducted, and under what circumstances. Doesn't changing a policy like this lead to potential 'fishing expeditions' on specious evidence or even just allegations of misbehavior without evidence?

    In the end, the DAC thought this policy would sail through and be passed along to the BVSD board for their approval next week. I think the policy needs significant rework and there's no way the board should pass it in its current form. I will speak at the school board meeting next week to get that point across, because the way it looks right now, I would not want my name connected to this policy.

    #COpolitics #BVSD #SchoolBoard #policy #electmorehackers #4thAmendment #PolicyHackers #education #USPol

  6. Last night I attended the #Boulder BVSD school district's District Accountability Committee meeting. I am the representative to my kids' high school at the DAC, that advises the school board on policy matters. It's a commitment I made to staying involved in local school operations, regardless of the outcome of the election last year.

    The DAC is considering updates to policies surrounding the searches of and interrogations of students on school grounds. The DAC policy subcommittee made several positive changes that strengthen the protections this policy gives to students, who under these kind of circumstances are obviously in a power-imbalance situation.

    But there was one change that I couldn't abide, and when I brought it up, it started a nearly hourlong debate in which many other DAC representatives chimed in with their own concerns.

    The change was to give schools the permission to search students' mobile devices and laptops. It was a one-line insertion into an existing policy that gives school officials permission to search student lockers.

    I made the point that phones/laptops often contain highly sensitive, personal information that falls outside the scope of any legitimate investigation, and that the language was overbroad and failed to take into account the need for student data privacy and limiting the scope of the search, and raises significant civil rights issues.

    Another DAC member raised the issue that the policy seems to lay the responsibility for students maintaining the security of their devices on the students, even when an adult has access to those devices, which seemed weirdly out of sync.

    Yet another DAC member was concerned that there was no guidance about how such searches would be conducted, and under what circumstances. Doesn't changing a policy like this lead to potential 'fishing expeditions' on specious evidence or even just allegations of misbehavior without evidence?

    In the end, the DAC thought this policy would sail through and be passed along to the BVSD board for their approval next week. I think the policy needs significant rework and there's no way the board should pass it in its current form. I will speak at the school board meeting next week to get that point across, because the way it looks right now, I would not want my name connected to this policy.

    #COpolitics #BVSD #SchoolBoard #policy #electmorehackers #4thAmendment #PolicyHackers #education #USPol

  7. Last night I attended the #Boulder BVSD school district's District Accountability Committee meeting. I am the representative to my kids' high school at the DAC, that advises the school board on policy matters. It's a commitment I made to staying involved in local school operations, regardless of the outcome of the election last year.

    The DAC is considering updates to policies surrounding the searches of and interrogations of students on school grounds. The DAC policy subcommittee made several positive changes that strengthen the protections this policy gives to students, who under these kind of circumstances are obviously in a power-imbalance situation.

    But there was one change that I couldn't abide, and when I brought it up, it started a nearly hourlong debate in which many other DAC representatives chimed in with their own concerns.

    The change was to give schools the permission to search students' mobile devices and laptops. It was a one-line insertion into an existing policy that gives school officials permission to search student lockers.

    I made the point that phones/laptops often contain highly sensitive, personal information that falls outside the scope of any legitimate investigation, and that the language was overbroad and failed to take into account the need for student data privacy and limiting the scope of the search, and raises significant civil rights issues.

    Another DAC member raised the issue that the policy seems to lay the responsibility for students maintaining the security of their devices on the students, even when an adult has access to those devices, which seemed weirdly out of sync.

    Yet another DAC member was concerned that there was no guidance about how such searches would be conducted, and under what circumstances. Doesn't changing a policy like this lead to potential 'fishing expeditions' on specious evidence or even just allegations of misbehavior without evidence?

    In the end, the DAC thought this policy would sail through and be passed along to the BVSD board for their approval next week. I think the policy needs significant rework and there's no way the board should pass it in its current form. I will speak at the school board meeting next week to get that point across, because the way it looks right now, I would not want my name connected to this policy.

    #COpolitics #BVSD #SchoolBoard #policy #electmorehackers #4thAmendment #PolicyHackers #education #USPol

  8. Last night I attended the #Boulder BVSD school district's District Accountability Committee meeting. I am the representative to my kids' high school at the DAC, that advises the school board on policy matters. It's a commitment I made to staying involved in local school operations, regardless of the outcome of the election last year.

    The DAC is considering updates to policies surrounding the searches of and interrogations of students on school grounds. The DAC policy subcommittee made several positive changes that strengthen the protections this policy gives to students, who under these kind of circumstances are obviously in a power-imbalance situation.

    But there was one change that I couldn't abide, and when I brought it up, it started a nearly hourlong debate in which many other DAC representatives chimed in with their own concerns.

    The change was to give schools the permission to search students' mobile devices and laptops. It was a one-line insertion into an existing policy that gives school officials permission to search student lockers.

    I made the point that phones/laptops often contain highly sensitive, personal information that falls outside the scope of any legitimate investigation, and that the language was overbroad and failed to take into account the need for student data privacy and limiting the scope of the search, and raises significant civil rights issues.

    Another DAC member raised the issue that the policy seems to lay the responsibility for students maintaining the security of their devices on the students, even when an adult has access to those devices, which seemed weirdly out of sync.

    Yet another DAC member was concerned that there was no guidance about how such searches would be conducted, and under what circumstances. Doesn't changing a policy like this lead to potential 'fishing expeditions' on specious evidence or even just allegations of misbehavior without evidence?

    In the end, the DAC thought this policy would sail through and be passed along to the BVSD board for their approval next week. I think the policy needs significant rework and there's no way the board should pass it in its current form. I will speak at the school board meeting next week to get that point across, because the way it looks right now, I would not want my name connected to this policy.

    #COpolitics #BVSD #SchoolBoard #policy #electmorehackers #4thAmendment #PolicyHackers #education #USPol

  9. Last night I attended the #Boulder BVSD school district's District Accountability Committee meeting. I am the representative to my kids' high school at the DAC, that advises the school board on policy matters. It's a commitment I made to staying involved in local school operations, regardless of the outcome of the election last year.

    The DAC is considering updates to policies surrounding the searches of and interrogations of students on school grounds. The DAC policy subcommittee made several positive changes that strengthen the protections this policy gives to students, who under these kind of circumstances are obviously in a power-imbalance situation.

    But there was one change that I couldn't abide, and when I brought it up, it started a nearly hourlong debate in which many other DAC representatives chimed in with their own concerns.

    The change was to give schools the permission to search students' mobile devices and laptops. It was a one-line insertion into an existing policy that gives school officials permission to search student lockers.

    I made the point that phones/laptops often contain highly sensitive, personal information that falls outside the scope of any legitimate investigation, and that the language was overbroad and failed to take into account the need for student data privacy and limiting the scope of the search, and raises significant civil rights issues.

    Another DAC member raised the issue that the policy seems to lay the responsibility for students maintaining the security of their devices on the students, even when an adult has access to those devices, which seemed weirdly out of sync.

    Yet another DAC member was concerned that there was no guidance about how such searches would be conducted, and under what circumstances. Doesn't changing a policy like this lead to potential 'fishing expeditions' on specious evidence or even just allegations of misbehavior without evidence?

    In the end, the DAC thought this policy would sail through and be passed along to the BVSD board for their approval next week. I think the policy needs significant rework and there's no way the board should pass it in its current form. I will speak at the school board meeting next week to get that point across, because the way it looks right now, I would not want my name connected to this policy.

    #COpolitics #BVSD #SchoolBoard #policy #electmorehackers #4thAmendment #PolicyHackers #education #USPol

  10. @dangillmor ...which is just another reason we should #ElectMoreHackers so we have legislators who have the technical chops to build some consumer protection policy with teeth!

  11. The Aspen Tech Policy Hub is organizing some training in how hackers can engage in tech policy by learning how to speak and write effectively to communicate with lawmakers. They're calling it "The Cyber Civil Defense Policy Training Series"

    The first one starts next Tuesday.

    Sign up for one, or all three, here: aspenpolicyacademy.org/short-c

    #ElectMoreHackers #TechPolicy #Policy #engage #engagement #fightforthefuture #AspenTech #AspenTechPolicyHub

  12. The Aspen Tech Policy Hub is organizing some training in how hackers can engage in tech policy by learning how to speak and write effectively to communicate with lawmakers. They're calling it "The Cyber Civil Defense Policy Training Series"

    The first one starts next Tuesday.

    Sign up for one, or all three, here: aspenpolicyacademy.org/short-c

    #ElectMoreHackers #TechPolicy #Policy #engage #engagement #fightforthefuture #AspenTech #AspenTechPolicyHub

  13. The Aspen Tech Policy Hub is organizing some training in how hackers can engage in tech policy by learning how to speak and write effectively to communicate with lawmakers. They're calling it "The Cyber Civil Defense Policy Training Series"

    The first one starts next Tuesday.

    Sign up for one, or all three, here: aspenpolicyacademy.org/short-c

    #ElectMoreHackers #TechPolicy #Policy #engage #engagement #fightforthefuture #AspenTech #AspenTechPolicyHub

  14. The Aspen Tech Policy Hub is organizing some training in how hackers can engage in tech policy by learning how to speak and write effectively to communicate with lawmakers. They're calling it "The Cyber Civil Defense Policy Training Series"

    The first one starts next Tuesday.

    Sign up for one, or all three, here: aspenpolicyacademy.org/short-c

    #ElectMoreHackers #TechPolicy #Policy #engage #engagement #fightforthefuture #AspenTech #AspenTechPolicyHub

  15. The Aspen Tech Policy Hub is organizing some training in how hackers can engage in tech policy by learning how to speak and write effectively to communicate with lawmakers. They're calling it "The Cyber Civil Defense Policy Training Series"

    The first one starts next Tuesday.

    Sign up for one, or all three, here: aspenpolicyacademy.org/short-c

    #ElectMoreHackers #TechPolicy #Policy #engage #engagement #fightforthefuture #AspenTech #AspenTechPolicyHub

  16. Exciting news, #hackers: the #KamalaHarris campaign will be hosting a reception to support her candidacy at #Defcon on August 8.

    If you're interested in protecting our democracy and supporting a candidate who understands what a future looks like that hasn't been captured by corporate tech interests, I encourage you to join me in donating and attending this special event.

    The donation link is secure.kamalaharris.com/a/mid-

    #ElectMoreHackers #COpolitics #politics #USPol #hacking #cyberspace

  17. @paul_ipv6 @DeliaChristina and I am operating a campaign to recruit and train progressives in the information security and technology sectors to seek public office
    electmorehackers.com
    #ElectMoreHackers

  18. #Candidates often rely on services like #SquareSpace to quickly stand up a web presence for their #political #campaign messaging.

    If you're a candidate, you should be aware that a threat actor is targeting SquareSpace accounts to hijack domains, if those domains and accounts were set up using Google. There are some things you need to do right away to secure your account, and prevent your domain being taken over.

    krebsonsecurity.com/2024/07/re

    #politics #copolitics #electmorehackers

  19. Last October, while in the home stretch of an off-year campaign for elected office, a political candidate's inbox received a series of email-borne attacks. @SophosXOps investigated both the business email compromise (BEC) and the phishing emails the candidate received.

    news.sophos.com/en-us/2024/06/

    #politics #COpolitics #phishing #spam #BEC #BVSD #SchoolBoard #ElectMoreHackers

  20. Last October, while in the home stretch of an off-year campaign for elected office, a political candidate's inbox received a series of email-borne attacks. @SophosXOps investigated both the business email compromise (BEC) and the phishing emails the candidate received.

    news.sophos.com/en-us/2024/06/

    #politics #COpolitics #phishing #spam #BEC #BVSD #SchoolBoard #ElectMoreHackers

  21. Last October, while in the home stretch of an off-year campaign for elected office, a political candidate's inbox received a series of email-borne attacks. @SophosXOps investigated both the business email compromise (BEC) and the phishing emails the candidate received.

    news.sophos.com/en-us/2024/06/

    #politics #COpolitics #phishing #spam #BEC #BVSD #SchoolBoard #ElectMoreHackers

  22. Last October, while in the home stretch of an off-year campaign for elected office, a political candidate's inbox received a series of email-borne attacks. @SophosXOps investigated both the business email compromise (BEC) and the phishing emails the candidate received.

    news.sophos.com/en-us/2024/06/

    #politics #COpolitics #phishing #spam #BEC #BVSD #SchoolBoard #ElectMoreHackers

  23. Last October, while in the home stretch of an off-year campaign for elected office, a political candidate's inbox received a series of email-borne attacks. @SophosXOps investigated both the business email compromise (BEC) and the phishing emails the candidate received.

    news.sophos.com/en-us/2024/06/

    #politics #COpolitics #phishing #spam #BEC #BVSD #SchoolBoard #ElectMoreHackers

  24. @howelloneill I lobby my federal lawmakers, but I'm only one constituent and don't live in DC. It is nigh-impossible to overcome the paid lobbyist juggernaut. #ElectMoreHackers

  25. Oh look, the feature #Microsoft will be adding to #windows that nobody ever asked for or wanted: A full recording of absolutely everything you do on your computer, supposedly "powered by AI"

    Yeech. We need to #ElectMoreHackers so we can get a national data privacy law and rein in this kind of outrageous corporate hunger for data.

    arstechnica.com/gadgets/2024/0

    #spyware #privacy

  26. I'm actually astonished at how bad the answers were from this Colorado state senator Mark Baisley (2nd from left, so-called "freedom senator") to questions on this panel about #infosec and #elections.

    When asked about the risks to lower or local/downballot candidates were minimal (wrong!), and when asked how political parties or candidates should protect voter roll data, he answered "obfuscation, security through obfuscation" (I guess he's unfamiliar with the baseline security principle of "there's no security through obscurity.")

    We desperately need more people to run for office who know what they're talking about. This was just embarrassing.

    #COPolitics #ElectMoreHackers

  27. I'm at Google in #Boulder attending the Defending Digital Campaigns summit, with a lot of folks discussing how politicians and political campaigns are targets for cybercrime and a whole host of other threats. Jena Griswold just spoke about all the problems elections officials face. #COPolitics #Colorado #ElectMoreHackers

  28. @Irishmasms @dangoodin @eff Look, everyone in this conversation is someone I admire and recognize as knowledgable and sincere in their desire to help and protect others. I don't think name-calling benefits anyone.

    We can agree that different people have different threat models. I'm not a Colombian narco lord who the NSA wrote a specialized payload to run in my smart TV. But I do have concerns about what activity my television reports up to Samsung or LG, or whoever the TV sends telemetry back to.

    I've actually seen the content of the traffic that multiple smart TVs in my home have sent back, and it's more than I feel comfortable with. Do I think it poses a grave risk? No. Do I want to have more control over what should be a glorified monitor does with its access to my internal network? Absolutely!

    And Dan is correct about this: It has become routine for a wide variety of devices we use more intimately and directly and frequently to collect and transmit a significant amount of usage data to their creators or to third parties, and the lack of a coherent national set of enforceable data privacy rules/laws/whatevers has given this trend a chance to fester and grow.

    We should not accept this as inevitable. We should not throw up our hands and be resigned to the fact that this is just the way things are. They do not need to be this way.

    Feckless political leaders, in the pockets of large tech companies, are why we are here, and why we cannot pass meaningful legislation that protects consumers. We are fighting for our very lives against massive industrial giants who want to market us as products.

    This is why we need to #ElectMoreHackers. We cannot rely on disinterested or (frankly) corrupted politicians to push for these changes that would benefit so many.

  29. I will say this as often as I need to until people understand.

    A word that everyone clearly recognizes as meaning "someone who commits crimes" or, in the words of these clout-chasing fools, "seeks to destroy identities, ruin lives, destabilizes economies, and take down organizations" already exists.

    That word is CRIMINAL.

    I reclaim the word #hacker in the name of all the creative, inspirational people who live their lives to help others.

    #CriminalsSuck and we should #ElectMoreHackers not demonize them with outdated derogatory, defamatory stereotypes

    #hackers #hacking

  30. I'm a fan of @egallager live-tooting the NH legislature, even though I don't think I've ever even been to (I follow him because I'd met him at ). Anyone know of other legislators who live-toot (hopefully in )?

  31. I've spent the last few months canvassing residential neighborhoods in #Boulder for petition signatures for various candidates I support. But because I am an inveterate #hacker I quickly realized I could bump up my #WiGLE #wwwd rank if I engaged in a little complementary war-walking.

    The #HackerBoxes "wispy" kit (hackerboxes.com/collections/pa) is a pair of ESP-32 WROOM dev boards, a GPS receiver and a daughterboard with an OLED display and two antenna mounts. It tracks wifi and Bluetooth/BLE and fits inside a clipboard! #ElectMoreHackers

  32. @dangoodin Just more examples of my argument that we need to #ElectMoreHackers if we want technically competent legislators who won't embarrass themselves by making wildly inaccurate accusations, and then basing the creation of policy off of those misunderstandings of the fundamental nature of the technology

  33. Alright hacker fam, it's almost time for the committee hearing about the bill in Colorado that would regulate (read: ban) malicious use of generative AI in election communications. Here's how you can get involved right now.

    The hearing will be held in the Colorado House State, Civic, Military, & Veterans Affairs committee tomorrow, Monday, February 26, starting at 1:30pm MST (12:30pm PST). This will be the first reading of the bill in committee and the next step in the process of bringing it to the full state assembly for a vote.

    As a reminder, if passed into law, this bill "prohibits the distribution of a communication that includes an undisclosed deepfake with actual malice as to the deceptiveness or falsity of the communication related to a candidate for public office"

    I will be present and speaking as a concerned citizen in favor of passage of the bill.

    Even if you don't live in Colorado, you can submit written testimony in support of this bill by visiting this webpage:

    www2.leg.state.co.us/CLICS/CLI

    Follow the prompts to "Submit Written Testimony," then "By Sponsor And Bill" and choose "Joseph" as the Sponsor, "02/26/24 01:30PM" for "Meeting time and date," and "HB24-1147" under Hearing Item.

    The bill does not go far enough. I plan to tell the committee members that it's all well and good they proceed with this to lock down their own slice of the world, but that the potential for problems affecting them will still affect everyone else even if this bill passes and gets signed into law. So they *should* pass this, and then get busy writing a followup bill to protect the rest of us from the malicious abuse of generative AI.

    Please spread the word far and wide. We need guardrails on generative AI platforms before abuse of these platforms destroys the very concept of truth or reality. We're already seeing it happen, with the #enshittification of search results, news articles, and malicious misuse of Joe Biden's voice to make robocalls to New Hampshire voters telling them not to go to the polls the day before their primary.

    #COPolitics #HB241147 #GPT #generativeAI #malware #Boulder #elections #2024election #ElectMoreHackers

  34. We interrupt your social media feed to bring you this important message from a very special spokes-moose.

    I may just be a talking moose, but I wanted to thank everyone who supported, donated to, and voted for the Brandt for BVSD campaign.

    I know it was a long shot to run for school board, but I was deeply moved by your passion for public education.

    This election is just the beginning of a movement to elect more hackers to public office. You will be hearing more about that very soon.

    We are just getting started patching the bugs in our democracy.

    #ElectMoreHackers

  35. Hey, hacker fam. Quick update on what's going to be a big week.

    Tomorrow I'm flying out to Bellevue and Wednesday I'm speaking at #BlueHat about the work @SophosXOps has done helping #Microsoft protect all Windows users from a very devious attack.

    After I return, I'm in full-swing campaign mode running for the #BVSD #SchoolBoard. I've been doing door-knocking and meet-and-greet for days. Yesterday I spent hours giving out water to marathon runners here in #boulder

    Next week though - I'll be participating in a candidate forum hosted by BVSD and you will be able to watch it live from anywhere because it will be broadcast by #livestream on BVSD's Youtube channel (youtube.com/@bouldervalleyscho). October 18 from 6pm-7:30pm MDT (UTC -6)

    You can read up now on the forum and ** you can even submit questions.**

    If you work in #infosec or fight #malware like me, I'd like you to submit questions to the forum. You can send in questions about #ChatGPT or any other subject, as long as it pertains to public education in some way. The link to submit questions and get more information (including a detailed look at my platform) is here: impactoneducation.org/event/20

    I try not to clutter up the infosec feed with this stuff, so for more, follow @andrewbrandt

    Together, we're going to #ElectMoreHackers

  36. A friend sent me this generative AI illustration of a hacker-educator with a mohawk, but I think it looks like a playing card face card. Jack...er, Hack of the suit of...blue avocados? LOL! Also: SCHOOOIL!πŸ˜‚ #BVSD #SchoolBoard #ElectMoreHackers #Boulder

  37. Hi folks. Yesterday I posted on my other Mastodon account about a pretty stupid gift card #scam that was sent to an email address I use as a political candidate for my run for #SchoolBoard (toot.bldrweb.org/deck/@andrewb)

    Tonight, I received a more ominous, targeted #spearphishing email against that same campaign address.

    It appears to be some form of Adobe e-signature message. The text content was weird and off.

    The email has a file attachment that, if you double-click it, opens a browser window and displays a form that looks like a login dialog box. The login box is a #phishing attack, designed to steal credentials that you enter into it.

    What was distinctive about this is the fact the attackers customized the login form so it has my campaign logo embedded within the form. It also pre-populated the username field with the email address that they sent the original email to. It was not generic; This was targeted.

    The form will permit you to enter data into the password field three times, appearing to fail each time, and then redirects you back to your own website. It collects the IP address you were using at the time you submitted the form, and any of the passwords you submitted, and sends them to a #Telegram bot account.

    I have captured the network traffic of the phishing attempt, in which I entered bogus data, and have identified the owner of the Telegram bot account and other identifiable information. I'll be reporting it to Telegram for shutdown as soon as possible.

    I guarantee, if this is happening to me -- a relative nobody in my lowly, local school board race -- it is happening all over the country to political candidates of any stature.

    There is less than one week until election day in the United States. Colorado voters already have their ballots and can turn them in by dropping them in a ballot collection box anytime between now and election day.

    Just another reason why we need to #ElectMoreHackers

    Also, once again: nice try, losers. Keep going. You're sure to hit pay dirt at some point. :ablobcateyeroll:​

    #Boulder #BVSD #COpolitics

  38. Big night tonight with a #BVSD #SchoolBoard candidate forum sponsored by the League of Women Voters and a school-focused charity, Impact on Education.

    The forum will be livestreamed (youtube.com/@bouldervalleyscho) and you still have an opportunity to submit questions for the candidates. (All times are Mountain, UTC-6)

    More info and the submission link is here: impactoneducation.org/event/20

    Ballots are being sent to voters this week. We're in the home stretch. With your help spreading the word and your support, we're going to #ElectMoreHackers !

    BrandtForBVSD.co

  39. Proud to have been invited to participate in my third candidate forum at #OutBoulderCounty last night. We discussed equity and inclusion in the public schools and why #BVSD is so great...and must do better in the future.

    The fact that we've been invited to five (possibly six, will know soon) candidate forums is an indication that nobody in #Boulder is taking the #BVSD #SchoolBoard race for granted this year. We have ten candidates running for four seats, a great group of people I've gotten to know.

    Diversity of backgrounds really matters on a board, which is why we need to #ElectMoreHackers

  40. The data services company for my health insurance provider was breached five months ago. It took them six weeks to notice the breach, another six weeks after that to start an investigation, and five frickin months to notify the affected people that basically everything about their healthcare and every piece of personal information about them was stolen.

    #ElectMoreHackers so we can start to pass some data privacy and accountability laws with some goddamn teeth. This is ridiculous. And ridiculously common.

  41. CW: A long post about the end of my school board campaign and derision I have received, and some uplifting and slightly sappy views about hackers and politics

    It's the end of the line for my campaign for #SchoolBoard and my attempt to #ElectMoreHackers

    Tomorrow is election day in Colorado, and 24 hours from now, the race will be over.

    I was out canvassing at the University of Colorado campus in #Boulder today (and I will be back out there tomorrow). I met a lot of students who were busy and hadn't yet voted, and were grateful for the information. I also met a bunch who I would characterize as actively, maybe in some cases gleefully disinterested in participating in democracy. Not only could they just not be bothered, they seemed pleased to tell me they weren't voting. I cannot fathom that level of nihilism and I could not reach them. That's a failure mode we need to address.

    I also met the folks who have been campaigning for city council, and for ballot measures I deeply oppose. We were all not just civil, but slightly joyous about this being the end of a grueling four months of forums and questionnaires and ordering signs and designing literature and doorknocking and lit-dropping and canvassing. It's a lot! People were really nice face to face. Even if I disagree with someone's policies, we can treat our fellow humans with dignity and joke about the things we have in common.

    I did meet a lot of people who were extremely positive about my campaign and a few who were so vitriolically negative that the hostility took me aback when I encountered it. The latter has been, fortunately, very rare.

    Some of the volunteers for a campaign I am not allied with were very pleasant when I introduced myself, but I caught two of them mocking the shirt I was wearing and its meaning as they walked away. "Hackers! That's just what we need on the school board," one sarcastically joked to the other.

    Not wanting to come across like a gigantic asshole, I thought to myself (rather than shouting it out loud), thanks for the endorsement!

    Yeah, I worked on a project that contributed to law enforcement agencies around the world shutting down one of the most pernicious and harmful botnets. Sure, I helped Microsoft find and begin to repair a problem that affected literally every Windows computer and completely broke their trust model.

    Goodness knows, perish the thought of what might happen if someone with that level of community engagement and a desire to help others might get elected to public office!

    It has been a long, difficult, and emotional rollercoaster of an election campaign. Win or lose I will stand proud of the work I did to highlight the best of what my community of hackers and makers has to offer the world.

    Hackers can and do make the world a better place every single day, in small ways and big ways, for individuals and whole populations.

    Even if a couple of arrogant old rich white dudes don't appreciate it, hackers are saving their butts, too.

    So yeah, hackers: Just what we need on the school board.

    Hackers: Just what we need on city council. Hackers, just what we need in the mayor's office. Hackers, just what we need in the state house and senate. Hackers, just what we need in the federal house and senate, and in seats of power up and down the chain of command until we even have a hacker president. Hail to the hacker chief!

    This is just the beginning. We are going to #ElectMoreHackers and pentest and red team and blue team and patch the shit out of our politics and our country until we eliminate bugs large and small from the system. We're going to do it our way, not by coloring inside the lines but by looking for the best place to jump over them to get things done. And I hope people can suppress their nihilism and disdain for politics long enough to see that we can make this a success, and change the world for the better.

    We can only go up from here.

  42. A friend sent me this generative AI illustration of a hacker-educator with a mohawk, but I think it looks like a playing card face card. Jack...er, Hack of the suit of...blue avocados? LOL! Also: SCHOOOIL!πŸ˜‚ #BVSD #SchoolBoard #ElectMoreHackers #Boulder