C’Mon Florida, Let’s Sew Some Masks for Donation

Can Florida lead the nation in volunteers sewing masks for medical personnel? Yes, there is a shortage of N95 masks and hospital personnel often reuse their N95 masks during shortages. Florida can help. The faster we help our state, the faster we restore the lives of everyone. Even if you don’t sew, you are still needed to put out the call for fabric, cutting the patterns, making phone calls and even deliveries.
This is our moment, this is our duty, this is our safety.

Hamilton County Public Health Accepting Homemade Masks ... source

READ ON…

So, we need masks. After much searching, I found an instructional video for sewing masks to meet the requirements of medical personnel including reference to the CDC.

In this video I’m going to show you how to sew a reusable face mask with filter pocket. This medical face mask can be sewn in 5 minutes! Great mask pattern to batch sew masks for hospitals quickly. These mask are super comfortable to wear by themselves (with or without the filter), over the top of hospital PPE masks and are made of washable materials. No elastic, no pleats to sew, have a flexible nose band and fit the face really well. No ear pain since the straps do not sit directly behind your ear-making it ideal for those 12+ hour shifts. Great beginner sewing pattern. Disclaimer: These masks are not going to prevent you from contracting any sort of respiratory illness. They are meant to be used as a temporary solution and will only provide minimal protection.

Before beginning to batch sew masks, I highly encourage you to contact your local hospital, clinic or long term care facilities to see if they have specific types of masks they are looking for. I’ve heard many hospitals are only accepting specific masks types.

You may be asking about contamination in the sewing process. Okay, here is the answer for that:

The researchers published their decontaminating protocol so other hospitals can follow their lead.
Using vaporized hydrogen peroxide, the researchers can kill microbial contaminants that lurk on the masks after they’re worn.
It’s a method labs have used for decades to decontaminate equipment, said Wayne Thomann, director emeritus of the Duke Occupational & Environmental Safety Office. Now that procedure is used/applied for  the N95 masks, yes. However, on a temporary basis until such time the N95’s get out into distribution, it behooves all of us Floridians to step up our game now to get back in the real game of life faster.

People around the country are sewing masks. And some hospitals, facing dire shortage, welcome them

(CNN)Crafty people are stepping up to create homemade masks for health care workers facing shortages amid the coronavirus pandemic.

Volunteers across the nation have formed sewing groups, where they share patterns they think can best address the needs of medical workers. Using their sewing machines and piles of fabric, they work to make as many masks as they can to help hospitals in need of more supplies.
“We’re the ones you want around in the apocalypse,” said Christine Cox, a volunteer in the Atlanta area who is helping with a local effort to create masks. More detail here.

 

 

Zoom Bombing, don’t be Fooled

So, there are several online conference video chat platforms now being used while businesses continue to operate even while doing the stay at home thing. We are aware of course of the common Skype platform, Uber Conference and gaining huge popularity is Zoom.

Warning to the healthcare industry: Since the United States has launched full tele-health platforms, all parties involved in the session(s) should watch carefully the platform(s) for cyber weirdness. All the same warnings and watchful eyes should be applied to the military across the spectrum as forces too are working from remote locations.

How to Record Zoom Meeting on PC, iPhone

In recent days, I have seen reports of Zoom conference/meeting events getting bombed by rogue players. Every nation while struggling to overcome the pandemic, governments and companies are quite vulnerable to breaches of cyber security due to limited employee resources. What better time for bad actors (read China) to attack?

Zoom has also seen a sharp increase in usage, but the attention the teleconferencing solution is receiving continues to be decidedly mixed. TechCrunch reports that researcher Patrick Wardle has found two local security flaws in Zoom’s macOS client.

***

While Zoom has certainly drawn investors’ eyes in a good way, it’s also attracted the ministrations of white hat researchers, cybercriminals, the plaintiffs’ bar, and state attorneys general. The platform’s encryption isn’t really end-to-end, the Intercept reports. Instead, it uses familiar transport encryption, which gives Zoom itself the potential to access its users’ traffic. The FBI’s Boston Field Office has issued a detailed warning about the ways in which criminals (conventional criminals out for gain, sleazy hacktivists, and skids out for the lulz) have been able to meddle with Zoom sessions. Check Point describes the ways in which criminals have registered domains that include the name “zoom;” these domains are of course up to no good at all. Zoom was also discovered to have been sharing analytic data with Facebook, a practice Zoom halted after it came to public attention, but not in time to forestall a class action suit under California’s Unfair Competition Law, Consumers Legal Remedies Act, and Consumer Privacy Act. And the New York Times reports that all of this news has prompted New York State’s Attorney General to ask Zoom for an explanation of its privacy and security policies.

So, as I was researching for this piece, I received an email from a distant buddy that read in part:

The government has sought the assistance of outside software experts to move online meetings. In one particular instance, my email buddy noted the following”

I have a Zoom warning. We had a Council meeting this afternoon and it had to end immediately. Fortunately, the Council was 99% finished with the meeting. The reason for ending the meeting is because we were Zoom Bombed (yup this is really the name for it). A participant joined the meeting late and his name was Mr. Off. His first name was Jack and he had a middle name “Me”. You can imaging the video. It was horrible. There were three hosts of the meeting that could control participants. The hosts could not see this participant so they didn’t think anything was wrong. Clearly, the hack knows how to enter a meeting without the controlling hosts knowing what is going on. I saw it and ordered the meeting end immediately. The Chair couldn’t see it and was wondering what to heck was wrong with me. It took about 5 more long seconds for me to yell at people to leave the meeting. We all jumped back on the meeting in five minutes and Mr. Off joined the meeting again.

I will add that only half the participants actually saw the act. We also caught it in time to not have it go live on cable or YouTube. Another participant actually viewed video of three other participants that no one else could see and were likely ready to Bomb the meeting.

In the future, we will use passwords for participants. This is unfortunate for the public because they wont be able to join the Zoom part of the meeting. They will still be able to watch it live on local cable and YouTube. We will set up an email and telephone for public comment if the agenda item requires public comment.

I highly recommend you use passwords for future meetings.

Seems we have a new kind of cyber terrorism going on here….espionage at a silent/covert level. Perhaps we can get some kind of press release from the NSA or something.

 

 

The Reason for the WH and Dr. Birx Chilling New Probability Report

Primer: We all seem to guess this except for Jim Acosta/CNN and the others at MSNBC. Media continues to blame the Trump White House for the slow response to address COVID-19, while Dr. Birx and Dr. Fauci explained what they did not know very early on. Now we know.

Now some real questions and new policy towards China must be considered. We can start with the $1.8 T in U.S. debt that China holds. The next is challenging American telecommunications companies to squelch China’s advances of 5G. Then there is the next phase of the U.S. trade agreement with China. Add in the mission to stop China’s power agenda across the globe as it is clear, China is fine with killing people and economies across the world.

China has concealed the extent of the coronavirus outbreak in its country, under-reporting both total cases and deaths it’s suffered from the disease, the U.S. intelligence community concluded in a classified report to the White House, according to three U.S. officials.

The officials asked not to be identified because the report is secret and declined to detail its contents. But the thrust, they said, is that China’s public reporting on cases and deaths is intentionally incomplete. Two of the officials said the report concludes that China’s numbers are fake.

The report was received by the White House last week, one of the officials said. The outbreak began in China’s Hubei province in late 2019, but the country has publicly reported only about 82,000 cases and 3,300 deaths, according to data compiled by Johns Hopkins University. That compares to more than 189,000 cases and more than 4,000 deaths in the U.S., which has the largest publicly reported outbreak in the world.

Communications staff at the White House and Chinese embassy in Washington didn’t immediately respond to requests for comment.

While China eventually imposed a strict lockdown beyond those of less autocratic nations, there has been considerable skepticism of China’s reported numbers, both outside and within the country. The Chinese government has repeatedly revised its methodology for counting cases, for weeks excluding people without symptoms entirely, and only on Tuesday added more than 1,500 asymptomatic cases to its total.

Stacks of thousands of urns outside funeral homes in Hubei province have driven public doubt in Beijing’s reporting.

Deborah Birx, the State Department immunologist advising the White House on its response to the outbreak, said Tuesday that China’s public reporting influenced assumptions elsewhere in the world about the nature of the virus.

Coronavirus: Doctor at hospital in China's Hubei province ... source

“The medical community made — interpreted the Chinese data as: This was serious, but smaller than anyone expected,” she said at a news conference on Tuesday. “Because I think probably we were missing a significant amount of the data, now that what we see happened to Italy and see what happened to Spain.”

China is not the only country with suspect public reporting. Western officials have pointed to Iran, Russia, Indonesia and especially North Korea, which has not reported a single case of the disease, as probable under-counts. Others including Saudi Arabia and Egypt may also be playing down their numbers.

U.S. Secretary of State Michael Pompeo has publicly urged China and other nations to be transparent about their outbreaks. He has repeatedly accused China of covering up the extent of the problem and being slow to share information, especially in the weeks after the virus first emerged, and blocking offers of help from American experts.

“This data set matters,” he said at a news conference in Washington on Tuesday. The development of medical therapies and public-health measures to combat the virus “so that we can save lives depends on the ability to have confidence and information about what has actually transpired,” he said.

“I would urge every nation: Do your best to collect the data. Do your best to share that information,” he said. “We’re doing that.”

The outbreak began in China’s Hubei province in late 2019, but the country has publicly reported only about 82,000 cases and 3,300 deaths, according to data compiled by Johns Hopkins University. That compares to more than 189,000 cases and more than 4,000 deaths in the U.S., which has the largest publicly reported outbreak in the world.

Map of sampling sites in the Hubei Province of China. Red ... source

 

Abstract

Background: The COVID-19 outbreak containment strategies in China based on non-pharmaceutical interventions (NPIs) appear to be effective. Quantitative research is still needed however to assess the efficacy of different candidate NPIs and their timings to guide ongoing and future responses to epidemics of this emerging disease across the World. Methods: We built a travel network-based susceptible-exposed-infectious-removed (SEIR) model to simulate the outbreak across cities in mainland China. We used epidemiological parameters estimated for the early stage of outbreak in Wuhan to parameterise the transmission before NPIs were implemented. To quantify the relative effect of various NPIs, daily changes of delay from illness onset to the first reported case in each county were used as a proxy for the improvement of case identification and isolation across the outbreak. Historical and near-real time human movement data, obtained from Baidu location-based service, were used to derive the intensity of travel restrictions and contact reductions across China. The model and outputs were validated using daily reported case numbers, with a series of sensitivity analyses conducted. Results: We estimated that there were a total of 114,325 COVID-19 cases (interquartile range [IQR] 76,776 – 164,576) in mainland China as of February 29, 2020, and these were highly correlated (p<0.001, R2=0.86) with reported incidence. Without NPIs, the number of COVID-19 cases would likely have shown a 67-fold increase (IQR: 44 – 94), with the effectiveness of different interventions varying. The early detection and isolation of cases was estimated to prevent more infections than travel restrictions and contact reductions, but integrated NPIs would achieve the strongest and most rapid effect. If NPIs could have been conducted one week, two weeks, or three weeks earlier in China, cases could have been reduced by 66%, 86%, and 95%, respectively, together with significantly reducing the number of affected areas. However, if NPIs were conducted one week, two weeks, or three weeks later, the number of cases could have shown a 3-fold, 7-fold, and 18-fold increase across China, respectively. Results also suggest that the social distancing intervention should be continued for the next few months in China to prevent case numbers increasing again after travel restrictions were lifted on February 17, 2020. Conclusion: The NPIs deployed in China appear to be effectively containing the COVID-19 outbreak, but the efficacy of the different interventions varied, with the early case detection and contact reduction being the most effective. Moreover, deploying the NPIs early is also important to prevent further spread. Early and integrated NPI strategies should be prepared, adopted and adjusted to minimize health, social and economic impacts in affected regions around the World.

 

FBI Abuse of FISA Much Worse per New Report

FBI problems with FISA warrants extend beyond Russia case, DOJ watchdog warns

The Justice Department’s chief watchdog issued an extraordinary warning Tuesday that the FBI is failing to follow its own rules when pursuing surveillance warrants in sensitive intelligence and terrorism cases, confirming that problems first exposed in the Russia collusion probe extend to other cases.

Among the problems cited was a failure by agents to substantiate allegations submitted to courts, similar to the missteps the FBI made in failing to ensure allegations in the Steele dossier back in 2016 were verified before securing a FISA warrant targeting the Trump campaign and former adviser Carter Page.

The report found that investigators:

  • could not review original Woods Files for four of the 29 selected FISA applications because the FBI has not been able to locate them and, in 3 of these instances, did not know if they ever existed;
  • identified apparent errors or inadequately supported facts in all of the 25 applications we reviewed;
  • identified deficiencies in documentary support and application accuracy;
  • interviewed FBI officials who indicated to us that there were no efforts by the FBI to use existing FBI and National Security Division oversight mechanisms to perform comprehensive, strategic assessments of the efficacy of the Woods Procedures or FISA accuracy.

Sen. Charles Grassley, R-Iowa, a senior member of the Judiciary Committee who played a key role in exposing FISA abuses during the Russia probe, said Horowitz’s memo show the problems first exposed with the faulty Carter Page warrant were “just the tip of the iceberg.”

“Not a single application from the past five years reviewed by the inspector general was up to snuff. That’s alarming and unacceptable,” Grassley said.

“The FBI has an important job to protect our national security, but it does not have carte blanche to routinely erode the liberties of Americans without proper justification. Oversight mechanisms like the Woods Procedures exist for a reason, and if the FBI wants to restore its reputation among the American people, it had better start taking them seriously,” he added.

Sally Moyer not ‘Agent 5’ in IG report on FBI source

The final report just issued in .pdf is found here.

Additionally, NR has this summary in part:

Horowitz’s office said in a report released Tuesday that of the 29 applications — all of which involved U.S. citizens – that were pulled from “8 FBI field offices of varying sizes,” the FBI could not find Woods Files for four of the applications, while the other 25 all had “apparent errors or inadequately supported facts.”

“While our review of these issues and follow-up with case agents is still ongoing—and we have not made materiality judgments for these or other errors or concerns we identified—at this time we have identified an average of about 20 issues per application reviewed, with a high of approximately 65 issues in one application and less than 5 issues in another application,” the report reveals.

The Woods Procedure dictates that the Justice Department verify the accuracy and provide evidentiary support for all facts stated in its FISA application. The FBI is required to share with the FISA Court all relevant information compiled in the Woods File when applying for a surveillance warrant.

“FBI and NSD officials we interviewed indicated to us that there were no efforts by the FBI to use existing FBI and NSD oversight mechanisms to perform comprehensive, strategic assessments of the efficacy of the Woods Procedures or FISA accuracy, to include identifying the need for enhancements to training and improvements in the process, or increased accountability measures,” the report states.

The OIG concludes by recommending that the FBI “systematically and regularly examine the results of past and future accuracy reviews to identify patterns or trends in identified errors” relating to the Woods Procedure, as well as double-checking “that Woods Files exist for every FISA application submitted to the FISC in all pending investigations.”

In a letter acknowledging the audit, FBI Associate Deputy Director Paul Abbate said that the issues “will be addressed” by the Bureau’s already-issued correctives after the Carter Page review, and added that “the FBI fully accepts the two recommendations.”

McCabe admitted in January that the FBI has an “inherent weakness in the process” of obtaining FISA warrants.

Google Sent Users 40,000 Warnings

Primer questions: Did other tech companies do the same and if so, how many? What does Congress know and where are they with a real cyber policy?

Google’s threat analysis group, which counters targeted and government-backed hacking against the company and its users, sent account holders almost 40,000 warnings in 2019, with government officials, journalists, dissidents, and geopolitical rivals being the most targeted, team members said on Thursday.

The number of warnings declined almost 25 percent from 2018, in part because of new protections designed to curb cyberattacks on Google properties. Attackers have responded by reducing the frequency of their hack attempts and being more deliberate. The group saw an increase in phishing attacks that impersonated news outlets and journalists. In many of these cases, attackers sought to spread disinformation by attempting to seed false stories with other reporters. Other times, attackers sent several benign messages in hopes of building a rapport with a journalist or foreign policy expert. The attackers, who most frequently came from Iran and North Korea, would later follow up with an email that included a malicious attachment.

Color-coded Mercator projection of the world.

“Government-backed attackers regularly target foreign policy experts for their research, access to the organizations they work with, and connection to fellow researchers or policymakers for subsequent attacks,” Toni Gidwani, a security engineering manager in the threat analysis group, wrote in a post.

Top targets

Countries with residents that collectively received more than 1,000 warnings included the United States, India, Pakistan, Japan, and South Korea. Thursday’s post came eight months after Microsoft said it had warned 10,000 customers of nation-sponsored attacks over the 12 previous months. The software maker said it saw “extensive” activity from five specific groups sponsored by Iran, North Korea, and Russia.

Thursday’s post also tracked targeted attacks carried out by Sandworm, believed to be an attack group working on behalf of the Russian Federation. Sandworm has been responsible for some of the world’s most severe attacks, including hacks on Ukrainian power facilities that left the country without electricity in 2015 and 2016, NATO and the governments of Ukraine and Poland in 2014, and according to Wired journalist Andy Greenberg, the NotPetya malware that created worldwide outages, some that lasted weeks.

The following graph shows Sandworm’s targeting of various industries and countries from 2017 to 2019. While the targeting of most of the industries or countries was sporadic, Ukraine was on the receiving end of attacks throughout the entire three-year period:

Sandworm’s targeting efforts (mostly by sector) over the last three years.
Enlarge / Sandworm’s targeting efforts (mostly by sector) over the last three years.
Google

Tracking zero-days

In 2019, the Google group discovered zero-day vulnerabilities affecting Android, iOS, Windows, Chrome, and Internet Explorer. A single attack group was responsible for exploiting five of the unpatched security flaws. The attacks were used against Google, Google account holders, and users of other platforms.

“Finding this many zeroday exploits from the same actor in a relatively short time frame is rare,” Gidwani wrote.

The exploits came from legitimate websites that had been hacked, links to malicious websites, and attachments embedded in spear-phishing emails. Most of the targets were in North Korea or were against individuals working on North Korea-related issues.

The group’s policy is to privately inform developers of the affected software and give them seven days to release a fix or publish an advisory. If the companies don’t meet that deadline, Google releases its own advisory.

One observation that Google users should note: of all the phishing attacks the company has seen in the past few years, none has resulted in a takeover of accounts protected by the account protection program, which among other things makes multifactor authentication mandatory. Once people have two physical security keys from Yubi or another manufacturer, enrolling in the program takes less than five minutes.