Real estate, cybersecurity and other risks, economics, & more: links & commentary for May 1, 2019

As soon as the Consumer Protection Coalition saw Cohen’s video, it issued this statement: “It is precisely this type of gaming of the system that has hurt Florida’s hardworking families and fueled out-of-control AOB litigation, fraud and abuse in both property and auto insurance. Florida’s legislators and other senior elected leaders should be aware that there are already blatant efforts under way to erode the good reforms that the Legislature has just passed on AOB property abuse …”

AOB Abuse King Addresses His Army of Vendors, Vowing to Get Around the New Law

“Remote identification will enhance safety, security, and privacy, and serve as a critical tool for law enforcement to respond to and address reports of illegal and unauthorized drone operations,” the senators said in a letter to Chao on Monday.

The FAA said on Monday that “drone ID and remote tracking are priorities for the FAA and we are well underway developing proposed rules.” The agency said last month it plans to publish a proposed rule by July 21, having previously vowed to unveil the proposal by May 1.

Senators Push Regulator to Finalize Drone ID System

… according to an in-depth analysis shared with KrebsOnSecurity by security researcher Paul Marrapese, iLnkP2P devices offer no authentication or encryption and can be easily enumerated, allowing potential attackers to establish a direct connection to these devices while bypassing any firewall restrictions.

Marrapese said a proof-of-concept script he built identified more than two million vulnerable devices around the globe (see map above). He found that 39 percent of the vulnerable IoT things were in China; another 19 percent are located in Europe; seven percent of them are in use in the United States.

“A P2P server will direct connection requests to the origin of the most recently-received heartbeat message,” Marrapese said. “Simply by knowing a valid device UID, it is possible for an attacker to issue fraudulent heartbeat messages that will supersede any issued by the genuine device. Upon connecting, most clients will immediately attempt to authenticate as an administrative user in plaintext, allowing an attacker to obtain the credentials to the device.”

“The nature of these vulnerabilities makes them extremely difficult to remediate for several reasons,” Marrapese wrote. “Software-based remediation is unlikely due to the infeasibility of changing device UIDs, which are permanently assigned during the manufacturing process. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. Physical device recalls are unlikely as well because of considerable logistical challenges. Shenzhen Yunni Technology is an upstream vendor with inestimable sub-vendors due to the practice of white-labeling and reselling.”

… avoid purchasing or using IoT devices that advertise any P2P capabilities.

P2P Weakness Exposes Millions of IoT Devices

The program we are preparing for the EU elections focuses on three key issues. The first is democracy: we must invent more democratic and more inclusive decision-making processes in the EU. For now, the citizens of the EU are asked their opinion on unimportant issues such as the question of daylight savings time, but no one asked the citizens if they want austerity, if they reject a common solution to the economic crisis, etc. Citizens must have a say.

The second issue is to invert the EU’s priorities. Currently we have a Union built on the single market and fiscal compacts. In effect, such a Union demands that member states obey its fiscal rules at all costs and is at the same time completely indifferent if that causes a 30 percent rise in youth unemployment, if it starves old people because of pension cuts, or if national healthcare systems fall apart. A Union that mistreats its citizens in such a way is unsustainable! The EU should be just the opposite: it should enforce common welfare standards and social minimums rather than bloody fiscal rules.

And our third priority is European Green Deal. We propose an investment plan that would focus on pan-European green transformation. EU should finance building up of a European high-speed railway grid and of sustainable transport in general. It should invest heavily in green and carbon-free technologies. And it should subsidize the spread of such technologies. It should become a global leader in struggle against climate change.

Building the Slovenian Left: Successes and challenges in Eastern Europe’s most promising New Left project

The following is a highly comprehensive call by anti-Capitalists. These people are ecosocialists. Can capitalism rise to the Global-Warming occasion?

We are in dire need of just and sustainable structural reforms throughout society – bearing in mind the historical responsibility of the rich, big polluters. Making capitalism just a bit greener will not succeed in halting climate change, it will only delay climate action further. To date, dirty industries have been influencing our climate policies. Now we need our climate action to be accountable to the people, not the climate confusers. We need to place people and the sustainability of the environment above profit. If we do not implement radical system changes right now, the commercialisation of the earth will continue to put the interests of the multinational companies first. This puts our planet and ourselves at an unacceptable risk. We have a responsibility to avert the climate crisis with urgency and preserve the earth for future generations. The only effective response is to immediately address this crisis as a climate emergency. Together we can change the system to save the climate!

Climate emergency manifesto: We only have one planet. Let’s save it. Now!

Concerning this next one (and all links unless otherwise stated), linking doesn’t mean I agree with every last thing stated in the linked article. Often, I link to something I mostly disagree with or even completely disagree with. I do not even remotely disagree more than I agree with this next linked article; however, I do not agree with every last bit of it.

Let me say that socialist writers seem to drink more coffee (or something else stimulating).

Lastly, you are free, just as I am, to adopt what you want and to reject what you don’t. You do not have to agree with everything in the article in order to be for plenty of what it calls for. Many people are afraid to take that position.

… the political crux of the question. Capitalism has been built and continues to be built on fossil fuels. Governments have done almost nothing since the Earth Summit (Rio, 1992), and emissions have continued to increase so we are now in a critical situation. The largest and fastest possible reduction of emissions would necessarily involve the very rapid destruction of a huge amount of capital, of an unprecedented “bubble.” The most important sectors of capitalism oppose this with all their might, so two tendencies are crystallizing in the ruling class: that of Trump, Bolsonaro and some other climate denying leaders on the one hand, and on the other hand that of “green capitalism” which, to avoid an excessively brutal bursting of a bubble that is too big, argues in effect for scenario 4, with a massive deployment of BECCS [Bioenergy with Carbon Capture and Storage], a “temporary overrun” of the 1.5C limit and cooling of the planet during the second half of the century — since these people imagine that the Earth’s temperature is as easy to regulate as that of their “smart house.”

Everyone understands that the first tendency is simply criminal, but the second one is barely less. For three reasons:

No one knows if BECCS and the other technologies envisaged will actually remove enough carbon from the atmosphere to return below 1.5°C after exceeding this threshold;
No one knows how to avoid the likely adverse effects of BECCS and other so-called solutions, especially on the biodiversity and food of the world’s population; and
Climate change is a non-linear phenomenon. The risk increases very seriously that a major accident with irreversible consequences may occur during the “temporary overrun,” for example the breaking up of the gigantic Thwaites or Totten ice-sheets in the Antarctic, which would ultimately bring about an increase of three to six metres in the ocean level.

No shortcuts: The climate revolution must be ecosocialist: A red-green manifesto for the 21st century

… “312,570 files in 51,025 folders, over 516 Gb data financial and private information on all clients, include VAG, Ericsson, Leica, MAN, Toshiba, UniCredit, British Telecom and etc,” was stolen from the German service provider.

Extortionist hacks IT provider used by the stars of tech and big biz, leaks customer info after ransom goes unpaid

Security requirements

The top three security requirements set out in the CoP are that:

IoT device passwords must be unique and not resettable to any universal factory setting.
Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy.
Manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.

UK gears up for new laws on IoT security

Soil is starting to get the attention it needs.

Climate change being fuelled by soil damage – report

Estate Planning for Investors: Insight From a Real Estate Attorney

In a statement, Vodafone said: “The issues in Italy identified in the Bloomberg story were all resolved and date back to 2011 and 2012.

“The ‘backdoor’ that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet.

“Bloomberg is incorrect in saying that this ‘could have given Huawei unauthorised access to the carrier’s fixed-line network in Italy’.

Vodafone denies Huawei Italy security risk

Concerning cybersecurity vulnerabilities:

Prevented: safe by default languages and libraries, design reviews, training & documentation
Found automatically: static analysis, dynamic analysis, lint rules, tests, fuzzing.
Found manually: Security reviews and consulting, self-service tooling
Found externally: Bug bounty, external scanning services

Each method has a cost (time, $$$, friction to company), a return (# of bugs shifted and how far). Each company, situation, team has different trade-offs here.

6 buckets of prodsec

The Rich Kid Revolutionaries: Children of privilege, like Abigail Disney, are taking a moral stand against inequality.

The Organisation for Economic Co-operation & Development is scrutinizing the potential misuse of these schemes. In October 2018, it released a blacklist of 21 jurisdictions, including Malta and Cyprus, that it believes are undermining international efforts to combat tax evasion.

Millionaires Flee Their Homelands as Tensions Rise and Taxes Bite

Here’s why it might not be so good for small-time home builders this year

Where’s the wage pressure? There’s hardly any even though: Nine states at historically low unemployment rates in March 2019

… why not jettison the federal funds target, and just use the interest rate paid on reserves? There is really no compelling objection. The interest rate on reserves is already the key short-term rate, so the change would have no meaningful effect on the Fed’s monetary policy stance. It would also make things simpler and more transparent by eliminating the need for technical adjustments to the interest rate on reserves to ensure that the federal funds rate stays within its range.

The Fed Should Dump Its Interest-Rate Target: The federal funds rate has outlived its usefulness. By Bill Dudley

Plastic bottles, rusty barrels and even old washing machines are among tons of garbage clogging rivers in Bosnia that were once famous for their emerald color and crystal clear waters adored by rafters and adventurers as well as fishermen.

Garbage clogs once crystal clear Bosnia rivers amid neglect