#electmorehackers — Public Fediverse posts

🎉 Right to repair is preserved! 🎉

A house committee in the Colorado legislature voted 7 to 4 to "postpone indefinitely" the SB26-090 bill that would have rolled back the hard-fought right, had it passed.

A coalition of experts from around the state, the country, and the world testified that the vague definition of "critical infrastructure" left open the possibility that manufacturers could have classified virtually any tech product under that category, which would then have exempted it from R2R unless the attorney general weighed in.

I'm so grateful to everyone who jumped in with almost no advance notice, and testified forcefully that the bill was bad and the arguments underpinning the bill's rationale were complete bullshit.

We won a victory, folks. Against huge industry lobbying efforts, we won the day. Activism mattered and made a difference tonight!

#RightToRepair #COpolitics #cybersecurity #ElectMoreHackers

RE: https://infosec.exchange/@threatresearch/116387050505018174

Current update on SB26-090 (Colorado's misguided "wrong to repair" bill):

After spending a bunch of the senate session on Tuesday in debate over a bunch of amendments, the bill is tentatively on the calendar for tomorrow, again, to have its third reading in the senate.

Please keep up the pressure - Coloradans and the rest of the country rely on being able to fix broken things in order to protect them from cyberattack. The repair is not the problem here.

https://leg.colorado.gov/agenda/floor/202604162

https://leg.colorado.gov/bills/sb26-090

#COpolitics #Boulder #legislation #RightToRepair #SB26090 #Colorado #CriticalInfrastructure #activism #engagement #TechPollicy #policy #ElectMoreHackers #InfoSec #malware #cybersecurity

🚨 Current update on the Colorado bill (SB26-090) that would rescind "right to repair" for "critical infrastructure" 🚨

Please share widely.

The bill is currently scheduled for "third reading (final passage)" in the Colorado senate for Monday, April 13, first thing in the morning. If you have delayed until now doing something, this is your moment to act. You do not need to be a Colorado, or even a US resident, to speak up!

https://leg.colorado.gov/agenda/floor/202604132

Paul Roberts (secure-resilient.org) is putting together a list of people willing to be signatories to a letter opposing this bill. Please reach out to him if you want to sign on to that letter.

Wayne Seltzer, who runs the Boulder U-fix-it Clinic, shared a link to this petition/letter to legislators: https://actionnetwork.org/letters/support-your-right-to-repair-in-colorado

Danny Katz of CO PIRG is running a petition drive to send messages to the legislature. Petition link: https://pirg.org/colorado/take-action/tell-your-senator-protect-colorados-right-to-repair-law/

Finally, and this is important, rep. Brianna Titone (the author of the original 2024 right to repair bill) informed me that some of the advocates for right to repair who have been writing to legislators have been threatening or offensive in their language they used in their messages. This is unhelpful and will not persuade lawmakers to change their minds, so please try to encourage others to remember that these legislators -- who are on the fence -- can be persuaded, and are not (necessarily) inherently evil or corrupt, and just lack understanding.Talk/write to them with that frame of mind.

Thank you!

https://leg.colorado.gov/bills/SB26-090

#COpolitics #Boulder #legislation #RightToRepair #SB26090 #Colorado #CriticalInfrastructure #activism #engagement #TechPollicy #policy #ElectMoreHackers #InfoSec #malware #cybersecurity

Last night I attended the #Boulder BVSD school district's District Accountability Committee meeting. I am the representative to my kids' high school at the DAC, that advises the school board on policy matters. It's a commitment I made to staying involved in local school operations, regardless of the outcome of the election last year.

The DAC is considering updates to policies surrounding the searches of and interrogations of students on school grounds. The DAC policy subcommittee made several positive changes that strengthen the protections this policy gives to students, who under these kind of circumstances are obviously in a power-imbalance situation.

But there was one change that I couldn't abide, and when I brought it up, it started a nearly hourlong debate in which many other DAC representatives chimed in with their own concerns.

The change was to give schools the permission to search students' mobile devices and laptops. It was a one-line insertion into an existing policy that gives school officials permission to search student lockers.

I made the point that phones/laptops often contain highly sensitive, personal information that falls outside the scope of any legitimate investigation, and that the language was overbroad and failed to take into account the need for student data privacy and limiting the scope of the search, and raises significant civil rights issues.

Another DAC member raised the issue that the policy seems to lay the responsibility for students maintaining the security of their devices on the students, even when an adult has access to those devices, which seemed weirdly out of sync.

Yet another DAC member was concerned that there was no guidance about how such searches would be conducted, and under what circumstances. Doesn't changing a policy like this lead to potential 'fishing expeditions' on specious evidence or even just allegations of misbehavior without evidence?

In the end, the DAC thought this policy would sail through and be passed along to the BVSD board for their approval next week. I think the policy needs significant rework and there's no way the board should pass it in its current form. I will speak at the school board meeting next week to get that point across, because the way it looks right now, I would not want my name connected to this policy.

#COpolitics #BVSD #SchoolBoard #policy #electmorehackers #4thAmendment #PolicyHackers #education #USPol

Last October, while in the home stretch of an off-year campaign for elected office, a political candidate's inbox received a series of email-borne attacks. @SophosXOps investigated both the business email compromise (BEC) and the phishing emails the candidate received.

https://news.sophos.com/en-us/2024/06/13/election-phishing-campaign/

#politics #COpolitics #phishing #spam #BEC #BVSD #SchoolBoard #ElectMoreHackers

I've spent the last few months canvassing residential neighborhoods in #Boulder for petition signatures for various candidates I support. But because I am an inveterate #hacker I quickly realized I could bump up my #WiGLE #wwwd rank if I engaged in a little complementary war-walking.

The #HackerBoxes "wispy" kit (https://hackerboxes.com/collections/past-hackerboxes/products/hackerbox-0089-wispy) is a pair of ESP-32 WROOM dev boards, a GPS receiver and a daughterboard with an OLED display and two antenna mounts. It tracks wifi and Bluetooth/BLE and fits inside a clipboard! #ElectMoreHackers

A friend sent me this generative AI illustration of a hacker-educator with a mohawk, but I think it looks like a playing card face card. Jack...er, Hack of the suit of...blue avocados? LOL! Also: SCHOOOIL!😂 #BVSD #SchoolBoard #ElectMoreHackers #Boulder

Hi folks. Yesterday I posted on my other Mastodon account about a pretty stupid gift card #scam that was sent to an email address I use as a political candidate for my run for #SchoolBoard (https://toot.bldrweb.org/deck/@andrewbrandt/111326617529695469)

Tonight, I received a more ominous, targeted #spearphishing email against that same campaign address.

It appears to be some form of Adobe e-signature message. The text content was weird and off.

The email has a file attachment that, if you double-click it, opens a browser window and displays a form that looks like a login dialog box. The login box is a #phishing attack, designed to steal credentials that you enter into it.

What was distinctive about this is the fact the attackers customized the login form so it has my campaign logo embedded within the form. It also pre-populated the username field with the email address that they sent the original email to. It was not generic; This was targeted.

The form will permit you to enter data into the password field three times, appearing to fail each time, and then redirects you back to your own website. It collects the IP address you were using at the time you submitted the form, and any of the passwords you submitted, and sends them to a #Telegram bot account.

I have captured the network traffic of the phishing attempt, in which I entered bogus data, and have identified the owner of the Telegram bot account and other identifiable information. I'll be reporting it to Telegram for shutdown as soon as possible.

I guarantee, if this is happening to me -- a relative nobody in my lowly, local school board race -- it is happening all over the country to political candidates of any stature.

There is less than one week until election day in the United States. Colorado voters already have their ballots and can turn them in by dropping them in a ballot collection box anytime between now and election day.

Just another reason why we need to #ElectMoreHackers

Also, once again: nice try, losers. Keep going. You're sure to hit pay dirt at some point. :ablobcateyeroll:​

#Boulder #BVSD #COpolitics

Big night tonight with a #BVSD #SchoolBoard candidate forum sponsored by the League of Women Voters and a school-focused charity, Impact on Education.

The forum will be livestreamed (https://www.youtube.com/@bouldervalleyschooldistric5781/streams) and you still have an opportunity to submit questions for the candidates. (All times are Mountain, UTC-6)

More info and the submission link is here: https://www.impactoneducation.org/event/2023-bvsd-board-of-education-candidate-forum/

Ballots are being sent to voters this week. We're in the home stretch. With your help spreading the word and your support, we're going to #ElectMoreHackers !

BrandtForBVSD.co

Hey, hacker fam. Quick update on what's going to be a big week.

Tomorrow I'm flying out to Bellevue and Wednesday I'm speaking at #BlueHat about the work @SophosXOps has done helping #Microsoft protect all Windows users from a very devious attack.

After I return, I'm in full-swing campaign mode running for the #BVSD #SchoolBoard. I've been doing door-knocking and meet-and-greet for days. Yesterday I spent hours giving out water to marathon runners here in #boulder

Next week though - I'll be participating in a candidate forum hosted by BVSD and you will be able to watch it live from anywhere because it will be broadcast by #livestream on BVSD's Youtube channel (https://www.youtube.com/@bouldervalleyschooldistric5781/streams). October 18 from 6pm-7:30pm MDT (UTC -6)

You can read up now on the forum and ** you can even submit questions.**

If you work in #infosec or fight #malware like me, I'd like you to submit questions to the forum. You can send in questions about #ChatGPT or any other subject, as long as it pertains to public education in some way. The link to submit questions and get more information (including a detailed look at my platform) is here: https://www.impactoneducation.org/event/2023-bvsd-board-of-education-candidate-forum/

I try not to clutter up the infosec feed with this stuff, so for more, follow @andrewbrandt

Together, we're going to #ElectMoreHackers

Proud to have been invited to participate in my third candidate forum at #OutBoulderCounty last night. We discussed equity and inclusion in the public schools and why #BVSD is so great...and must do better in the future.

The fact that we've been invited to five (possibly six, will know soon) candidate forums is an indication that nobody in #Boulder is taking the #BVSD #SchoolBoard race for granted this year. We have ten candidates running for four seats, a great group of people I've gotten to know.

Diversity of backgrounds really matters on a board, which is why we need to #ElectMoreHackers