It's super strong, fennel-flavored, as transparent as water -- and in many households across Sardinia it's still produced illegally.

Hong Kong is widely considered one of the most challenging cities in the world to operate a restaurant -- a roiling cauldron of changing tastes, cleaver-sharp competition and unsavory economics.

How to place ads in more than 1 BILLION places FREE as often as you want with 1 click ease! Get infinite FREE ads too

Make massive amount of money in record time with your own ebook

Discover closely-guarded secrets to achieve top search engine ranking placement in Google and drive truckloads of laser targeted traffic to your website.

Gotomyerp, a leading cloud hosting provider for QuickBooks, SAP, Sage Cloud applications, and other third-party ERP (enterprise resource planning) business applications across the United States, Canada, and Mexico is celebrating its 16th year of offering secure and reliable enterprise cloud hosting solutions for businesses with a special offer for new clientele.

Article warning: If you are paranoid about everything, you should avoid reading this article or it may ruin the Internet for you.

I started converting the Behold Forum over to bbPress. The first thing I had to do was convert all the registered users. To my horror, I discovered that my old Forum stored the passwords as plain text.

That actually was terrible for three reasons. First, if I was a dishonest guy, I could take your password, assume you used the same one at other sites you use, and login as you and do malicious things. Second, since I'm honest and don't even want to know what your password is, if there was someone working for me who had access to the database, they might be dishonest and use your password. Third, since I don't have anyone working for me, if there was a hacker out there who could get into my database, they could use your password.

So I'm not talking here about the "quality" of your password. It doesn't matter if you use a simple 3 letter password, or a complex 29 character password with lower and uppercase and numbers and special characters. If someone can find it out, it doesn't matter how well crafted it is.

WordPress and bbPress are different. They do not store the password in the database. Instead they "hash" the password using the MD5 algorithm and store that hashed value. This is not encryption which makes the password retrievable again. This is a hash which hides the password from everyone, including the owners of the database.

Now I know there have been vulnerabilities found to MD5 and WordPress and others are working to block them, but even so, hashing the password is infinitely safer than leaving it in plain text for the three reasons above.

So that got me wondering. I have about a dozen different passwords at several hundred different sites I use. I wonder how many of them are not hashed but are insecure in plain text in the databases.

In most cases, there actually is an easy way of finding out. Go to a site you've registered with and click on the "lost my password" link. If they email you back your actual password, then they are storing it in text or in some accessible way. If they instead send you a message with a new random password and say your password is reset, then they probably don't have access to it, and all they can do is give you a new one.

Unfortunately, you can't find this out until you've already registered for the site. For people paranoid about this, I guess the trick would be to use a dummy e-mail address and dummy password and register with that, do a lost password request and see what they send back. Then you can decide whether to trust them and register for real.

Credit card information could have the same problem. You can't do the same thing here, since I've never seen a "lost my credit card information" link on a site. You can follow the policy of only giving your credit card to companies you totally trust. That's why PayPal is so popular. You can buy from thousands of companies, but PayPal will be the only one with your number. But do you trust PayPal? I'd trust them more than the various kids working at the corner gas station who get my card number all the time. This is not really a worry though, because credit cards have lots of levels of security and are actually very safe. The credit card companies will protect you from credit card fraud.

But giving out passwords you use can be much worse. What if your userid and password were the same for your PayPal account? That could be very bad.

For those of you who signed up to my Behold Forum, I apologise. I didn't know about this before. I'm transferring your account and an MD5 hash of your current password to the new bbPress forum I am creating, and they'll now be safe.

Version 1.6. The new command line parameter -s (Silent - no errors or warnings) has been added.

1

New Content Coming Soon

SAVE up to 45% outlet section!

30% off Managed Office Protection

[Premium Times] A PREMIUM TIMES review of the relevant Nigerian laws and speaking with lawyers reveal a series of legal violations in the recent trial of minors arrested in connection with the #EndBadGovernance protest.

Avoid unnecessary time delays with these timely tips.

[New Times] A week after Donald Trump's re-election as President of the United States, Africa is grappling with the prospects of what the Republican's second term could mean for the continent.

[State Department] The United States congratulates the people of Mauritius for their dedication to the democratic process and the newly elected government on its election victory. We look forward to working with Prime Minister-Elect Dr. Navin Ramgoolam on strengthening our bilateral ties. By expanding our partnership and deepening our cooperation, we can promote democracy, economic growth, and regional security to the benefit of both our countries and the Indian Ocean region.

[spotlight] In June, we heard what could be this year's biggest HIV breakthrough: a twice-yearly injection can prevent HIV infection. Findings from a second large study of the jab has now confirmed that it works. Elri Voigt goes over the new findings and unpacks the licenses that are expected to facilitate the availability of generic versions of the jab in over a hundred countries, including South Africa.

[New Zimbabwe] Vice President Constantino Chiwenga's ex-wife, Marry Mubaiwa is seeking staying of her prosecution due to poor health.

[IMF] The Government of Côte d'Ivoire, announced today at COP29 in Baku a wide range of initiatives to catalyze climate financing in Côte d'Ivoire.

[Capital FM] Baku, Azerbaijan -- UN Secretary-General António Guterres declared that securing a climate finance deal at COP29 is critical for developing nations, emphasizing that they "must not leave Baku empty-handed."

[Africa Check] Viral 'U$57.5bn loan' to Nigerian Biafra secessionists not true

[Nile Post] At a press conference, UPPA president Sam Ibanda Mugabi strongly criticised the decision, underscoring the importance of independent media coverage free from interference.

February 10, 2006 – Yesterday, the Transportation Security Administration suspended work on Secure Flight; the agencies long awaited and very expensive airline passenger screening system. Development work on the system has been plagued with trouble for the past four years. And the system has faced stiff opposition from consumers concerned about privacy. But if Secure Flight has proven anything, it’s been that it has more lives than most cats. So is this the end of the program? Unfortunately the answer is, “Probably not.”

February 15, 2006 – If you think you don’t have much in the way of financial privacy right now, you are correct. Banks can disclose your information to their affiliate companies without your permission (You can thank Congress for that). Database companies gather, store and resell your information (including your Social Security Number) to the highest bidder. But if you think financial privacy is lacking already, the Bush Administration is trying to hard to make the situation even worse. If they get their way, copies of your credit card bills and your ATM card purchases will be sent straight to the IRS. So much for due process!

August 31, 2005 – As the Federal Emergency Management Agency (FEMA) swings into high gear to provide disaster relief to victims of Hurricane Katrina, ACCESS has learned that the Social Security Administration has no procedures to help many of these same victims get back on their feet. The problem that many victims face is that they escaped with only the clothes on their backs; meaning that they have too little iformation for the Social Security Administration to reissue them Social Security Cards. This means that storm victims face a variety of problems that neither they, nor the Federal Government have ever even considered.

RSS is growing at a lightening speed. What was once only known as a techie tool, RSS is becoming a tool that is continuously being used by the general population. Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security. While an annoyance to the search engines, spam in RSS feeds pales in comparison to the possible security concerns that could be in RSS future.

RSS Feed Security

Security Implications Related to RSS.

As RSS gains momentum security fears loom large. As publishers are quickly finding innovative uses for RSS feeds, hackers are taking notice. The power and extendibility of RSS in its simplest form is also its achilles heel.

RSS Feed Security

Security Implications Related to RSS.
As RSS gains momentum security fears loom large. As publishers are quickly finding innovative uses for RSS feeds, hackers are taking notice. The power and extendibility of RSS in its simplest form is also its achilles heel.

RSS Security

RSS is growing at a lightening speed. What was once only known as a techie tool, RSS is becoming a tool that is continuously being used by the general population. Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security. While an annoyance to the search engines, spam in RSS feeds pales in comparison to the possible security concerns that could be in RSS future.

RSS Security

RSS is growing at a lightening speed. What was once only known as a "techie tool", RSS is becoming a tool that is continuously being used by the general population. Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security.

RSS Feed Security

As RSS gains momentum security fears loom large. As publishers are quickly finding innovative uses for RSS feeds, hackers are taking notice. The power and extendibility of RSS in its simplest form is also its achilles heel. The expansion capabilities of the RSS specification, specifically the enclosure field which has launched the podcasting phenomenon, is where the vulnerabilities lie. The enclosure field in itself is not the problem, in fact the majority of RSS feeds do not even use the enclosure tag. The enclosure tag is essentially used to link to file types, things like images, word documents, mp3 files, power point presentations, and executables and can be thought of in similar terms to email attachments.

RSS Security

Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security. While an annoyance to the search engines, spam in RSS feeds pales in comparison to the possible security concerns that could be in RSS' future.

RSS Security

The incredible popularity of a specific pizza order has led to the bust of an unusual drug trafficking operation.

(Telecompaper) Telefonica has started offering a "secret" low-cost convergent plan that also includes access to the company's pay-TV service, reports website Bandaancha...

(Telecompaper) Swisscom has submitted a second set of remedies with a view to securing the approval of the Italian Competition Authority (AGCM) for its intended...

(Telecompaper) Cisco is publicising a deal with consulting firm LTIMindtree to deploy secure edge technology for its hybrid workforce and global consulting client base...

(Telecompaper) SpaceX's Starlink announced that its satellite internet service is now available in Chad, making it the latest African country to approve Starlink's low-Earth orbit (LEO) satellite internet services. Elon Musk announced on his X feed that Chad approved the licensing of Starlink on 11 November to...

(Telecompaper) Rivada announced it has secured new spectrum rights to support its planned satellite constellation and services. In the past year Rivada secured market access for its Outernet constellation in 18 countries and on every continent, including the UK, the Netherlands, Denmark, Finland, Colombia and...

Mumbai welcomes Ligne Roset, the 137-year-old French furniture brand, whose timeless designs include the classic Togo that is celebrating its 50th anniversary this year

1. Trump names Fox News host Pete Hegseth as defence secretary pick  BBC.com
2. Trump's defense choice stuns the Pentagon and raises questions about the Fox News host's experience  The Associated Press
3. Trump Puts Allies on Alert by Handing Pentagon to Fox News Host Hegseth  Bloomberg
4. How Pete Hegseth went from Fox News host to Trump’s Defense Secretary pick  CNN

The real estate industry warned that eliminating indexation benefits for long-term capital gains would stunt its expansion, negatively affecting property owners and potentially increasing taxes. While experts thought low returns could still be a problem, authorities disagreed, citing high real … Continue reading →

This budget’s extensive measures demonstrate the government’s dedication to the real estate industry’s overall growth, which makes it a major driver of the country’s economic expansion.  The Finance Minister, Nirmala Sitharaman, unveiled the 2024 Union Budget, which includes some ground-breaking … Continue reading →

Doors are usually mundane, but these 16 different doors all hide terrible secrets behind them. Or do they?

A federal judge in Washington yesterday ordered the Interior Department to shut down most of its employees' Internet access and some of its public Web sites after concluding that the agency has failed to fix computer security problems that threaten...

Summary: I'm fairly certain that what I write here won't change the minds that need changing. But I feel like I need to make a statement anyway: your vote is secure.

There's a lot of fear mongering about the security of elections. I've wanted to discuss this for a while. I have several things in my background that have given me insight into how elections work. I was the CIO for the State of Utah. I was a member of the Lt Governor of Utah's voting equipment selection committee. And I've been involved in identity and security for several decades.

Let me give you the headline up front: committing election fraud in a way that changes the result is difficult, nearly impossible. Let's examine how elections are run and how fraud could happen to see why.

First a caveat: there is no single way that US elections are run. Elections in the US are quite decentralized. Each state has different election laws and in most cases the mechanics of running an election are given over to county clerks who must follow state law, but also have freedom to create their own workflows and processes within that law. There are 3244 counties in the US. The analysis that follows is generalized and likely more true of Utah, which I'm very familiar with, than other places. Still, I think the big ideas are largely the same everywhere.

The process of voting is divided into two parts: (1) voter registration and (2) voting. This is important because most people who make up scenarios to convince you that voting is insecure usually ignore voter registration. Registration requires that you provide an address. This is an important piece of information because if you're voting by mail, it's where the ballot will be mailed. If you're voting in person, you need to vote at a specific polling place depending on your address.

When you vote, you either mail back the ballot that was mailed to you at the address you provided or you go to your assigned polling place and fill out a ballot (usually via a voting machine). In either case, the ballot presented to you depends on your address since the candidates listed on your ballot depend on your voting precinct. Also, as of 2024, 35 states require voters to present identification at the polling place in order to vote. Of those that don't, many require it for voters who are voting for the first time after their registration.

Now, let's examine voting fraud and how it might work. One important factor is scale. You need to commit fraud at a scale necessary to impact the outcome. For small elections (say a single state legislative race or a small school board election) you don't need to change a lot of votes to change the outcome in a tight race—hundreds of votes might do it. For larger elections, like the presidential election, scale is a significant issue. I'm going to focus on presidential elections since they are the most consequential. Less consequential elections are not likely to attract the kind of money and talent necessary to commit election fraud.

A second factor is stealth. You have to keep the fraud from being discovered so that it's not reversed. Proving consequential fraud would likely result in the election being challenged and rerun. You don't have to identify who did it, just prove that it was done. So election fraud is much more dependent on not being discovered than commercial transaction fraud where the loss is likely to only be recoverable if the identity of the perpetrator is known.

The nature of presidential elections is greatly influenced by the electoral college system. You need to influence the votes in enough states to swing that state's electoral votes to the candidate you favor. You don't want to commit fraud where it's not needed because you'll waste money while increasing your chances of discovery. So, selecting the states where you want to commit fraud is critical. Each of those states will have different requirements, so you'll have to tailor your attack to each of them. Furthermore, you'll have to tailor your attack to each voting precinct within the counties you determine are the most likely to impact the election.

There are a few ways to attack an election:

• Sending your people to vote—for this to work, your fake voters have to have been registered and, in most cases, provide some form of ID. To register, they need a plausible address. The election office might not notice if one or two extra people with different last names are registered at a specific address, but they might if this is systematic or if an unreasonable number of people register at the same address. Remember that elections are run at the county level, so you have to assume that the election workers have a good understanding of the local environment. These fake voters now have to go to many different polling locations and cast a vote. They can't easily cast multiple ballots at the same polling location since the poll workers might remember them. So, you need lots of people going to lots of different polling locations.
• Intercepting mail-in ballots—for this to work, you have to register at someone else's home address and then get to the mail before they do or steal their ballots after they've filled them in and change the vote. This requires lots of people. You can't do this remotely. It requires "boots on the ground" as the saying goes. Furthermore, those people are exposed since they're looking in mailboxes in neighborhoods where they don't live. Doable, but not very stealthy.
• Paying people to vote—for this to work, you have to contact a lot of people, convince them to commit fraud, and then be satisfied with the fact that you'll never know if they voted for your candidate or not because ballots are secret. They could take your money and vote for whoever they want. Or just not vote at all unless you're supervising them, an activity that will call attention to you and your agents.
• Replacing real ballots with fake ones—for this to work, you have to create realistic facimiles of real ballots for many different polling places (remember they're different because of overlapping jurisdictions), intercept the ballots somewhere in transit or on delivery, and replace the real ballots with ones that you've filled out for your candidate. This likely involves subverting county election workers. Not just one, but many. Again, the risk of discovery goes up with each contact.
• Destroying ballots—for this to work, you need to destroy ballots that are for the candidate you don't want to win. You could simple destroy ballots without regard to how they're filled, but this won't assure you'll meet your goal. To be effective, you have to just destroy the ones for the other candidate and leave the ones for your candidate. Again, you will have to subvert election workers to get your hands on the ballots and determine who the ballot is for.
• Changing the results after the ballots are counted—for this to work, you have to either hack the machines that record the vote or hack the machines that are tabulating the vote. Hacking the machines won't work if the machines keep a paper audit trail and it's used to audit results. Hacking the tabulators means getting access to those machines. Recall those are kept at the county level, so you have to hack many in different locations unless a single county can swing the election your way.

I hope all of this has at least given you a feel for the scale and scope of the problem. Pulling it off successfully without anyone knowing it happened is a difficult problem. Each method involves many people being let in on the secret—in some cases a lot of people. This isn't an operation that a small group of hackers can reliably pull off. Having lots of people involved increases the chances that you'll be discovered. The decentralized and distributed nature of how elections are run is a feature and makes elections more secure and trustworthy.

On top of all this, election officials aren't stupid, lazy, or inept. Sure, you're going to find a few who are. But as a rule the elections officials I've interacted with at the state and county level are professionals who are attuned to these dangers and take active steps to protect against them. They are usually happy to talk about how they operate and will respond to polite requests for information about how they audit systems and the processes they have in place to protect the vote.

As an aside, do you know what's easier than committing election fraud? Using social media to convince people that election fraud is happening to reduce confidence in the election and sow discontent. Then you can use that discontent to challenge a legitimate election and maybe change the outcome. Ask yourself which is more likely.

Successfully changing the results of a presidential election isn't impossible. But the odds of doing so and not leaving any evidence—the perfect crime—are vanishingly small. I have confidence in the security of the US election system.

Photo Credit: Voting from DALL-E (public domain) Prompt: Draw a horizontal picture of a woman casting a ballot with a ballot box

Tags: voting identity security government

Kyra Wilson, Aylin Caliskan, Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society, Nov 13, 2024

The topic of AI-based recruitment and hiring has been discussed here before and research continues apace. This item (13 page PDF), despite the characterization in GeekWire, is a fairly narrow study. It looks at three text-embedding models based on Mistral-7B-v0.1, and tests for gender and racial bias on applications containing name and position only, and name and position and some content (the paper discusses removing the name but does do it). The interesting bit is that intersectional bias (ie., combining gender and race) is not merely a combination of the separate biases; while separate biases exaggerated the discrimination, "intersectional results, on the other hand, do correspond more strongly to real-world discrimination in resume screening." Via Lisa Marie Blaschke, who in turn credits Audrey Watters.

The General Services Administration is now offering at their Section 508 site their free STEP508 software to help government agencies...

Despite increasing awareness of online threats, the Cyber Security Breaches Report 2022 shows that the number of cyber-attacks against UK businesses is growing. With the potential to damage your operations, finances, and reputation, a cyber-attack can cause catastrophic damage to your organization, which is why it’s essential to take steps to mitigate the threat. With …

4 Ways to Increase Your Company’s Online Security Now Read More »