Home Tags Vermont

Tag: Vermont

Ceiling-fan efficiency provokes 1st lawsuit against Trump Energy Secretary

Energy standards for a variety of commercial equipment were approved by Obama’s DOE.

Russian ‘grid attack’ turns out to be a damp squib

One laptop does not a blackout make Russian hackers have not penetrated America's electricity grid, in spite of an end-of-year media flurry saying they did. The story was triggered because an anonymous source told the Washington Post had penetrated the grid, when in fact – as the story was later amended to read – one Burlington Electric Department laptop was infected with Russian-attributed malware. Burlington Electric flat-out denied that its control systems were compromised. Rather, the company says in a home page statement, a single laptop was infected with malware “used in Grizzly Steppe”, and that machine was not connected to its grid systems. The infection was discovered in a scan after the Department of Homeland Security (DHS) distributed the signatures it associates with Grizzly Steppe, the operation that caused the late-December sensation in the outgoing Obama administration and led to 35 Russian spies getting their marching orders from the USA. Burlington Electric Department says someone in the company gave the Washington Post the incorrect information which led to the sensational but withdrawn claim that Russians hacked the Vermont grid. +Comment: Schadenfreude is all too easy at times like this, but the Washington Post's dilemma is faced by any journalist offered an infosec scoop. Last week, when the Obama administration expelled the Russian spies over interfering with the 2016 election process, it provided much more supporting documentation than is usually the case. Even so, there were plenty of infosec people and national security experts critical that more information should have been provided.

Take this, for example, from respected King's College London professor of war studies Thomas Rid: The USIC erred on the side of caution today and did *not* release the best evidence they have—spelling out this limitation would have helped — Thomas Rid (@RidT) December 29, 2016 Mostly, accusations of hacks are accompanied by little or no supporting evidence of any kind.

Even technical journalists are expected to work in an information vacuum, and all journalists, technical or generalist, are surrounded by a fog of vendor/consultant/analyst exaggeration. However, the speed with which Burlington Electric posted its rebuttal suggests it already knew the extent of the attack – so the Washington Post had the chance to verify. There is one more point to make. While the USA has a well-integrated electricity grid – the final steps to complete its interconnection were taken in 2010 – Burlington Electric isn't even remotely “the US grid”.
It's a local generation and distribution utility with fewer than 20,000 customers.

A hacker – even a Russian hacker – would have a long way to travel from Vermont to the interconnects that constitute the national grid. ® Sponsored: Customer Identity and Access Management

Yahoo Tells SEC It Knew About Data Breach in 2014

Yahoo fessed up in its latest SEC filing that it knew in 2014 that attackers were on its network and stole information from 500 million accounts. The breach was disclosed in September and Yahoo blamed state-sponsored attackers, a claim that was challenged by some experts who instead said a criminal outfit was behind the attack and may have sold some of the data to an Eastern European government. The SEC filing also contains a confirmation from Yahoo that Verizon’s multibillion-dollar acquisition of Yahoo’s core business could be in jeopardy, and that Verizon could seek to terminate or renegotiate the terms of the sale.
Verizon executive vice president Marni Walden said at a Wall Street Journal event 10 days ago that it was still moving forward with the acquisition, but according to the Journal, stopped short of saying that it would not put a halt to the deal if necessary. “What we have to be careful about is what we don’t know,” Walden said. “We’re not going to jump off a cliff blindly so we need to have more information before we can determine, but strategically the deal still makes a lot of sense to us.” Yahoo said that claims in July from hackers that 200 million account credentials were available for purchase on an underground hacker forum prompted a deeper investigation into the security of its network and a broader look at the 2014 intrusion. “In addition, the forensic experts are currently investigating certain evidence and activity that indicates an intruder, believed to be the same state-sponsored actor responsible for the Security Incident, created cookies that could have enabled such intruder to bypass the need for a password to access certain users’ accounts or account information,” Yahoo told the SEC. It added that on Monday, law enforcement shared evidence provided by a hacker that is allegedly legitimate Yahoo account information; Yahoo said it is investigating. Yahoo told the SEC that the stolen information included names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted and unencrypted security questions and answers. Yahoo reaffirmed earlier statements that no payment card data or bank account information was stolen; that information, Yahoo said, was not stored on the systems that were accessed. News of the Yahoo breach surfaced at a time when large-scale password dumps were being disclosed in waves. Most of the Yahoo passwords were hashed using bcrypt, but some were secured with MD5, a long-outdated algorithm that is considered unsafe and has been deprecated in many corners. Security company Venafi said in late September that data collected from its internal certificate reputation service indicates that Yahoo’s cryptographic practices were a mixed bag of outdated hashes and self-signed certificates, none of which are entirely secure. Beyond simply the use of SHA1 and MD5, for example, Venafi said that it found a wildcard certificate with a five-year expiration data, much longer than the standard 12- to 18-month standard.
It added that 27 percent of certificates on external Yahoo sites were in place since January 2015 and that fewer than 3 percent were issued in the previous 90 days. Weakened certificates have been attacked in the past to redirect traffic or pose as a Yahoo site and steal credentials or intercept traffic. Congress soon interjected and wrote a letter to CEO Marissa Mayer demanding to know why it took Yahoo two years to disclose the attack, expressing dismay that users’ data has been exposed during that period of time.
Vermont Senator Patrick Leahy called the situation “unacceptable.” The breach, Yahoo told the SEC, has also given birth to 23 class-action lawsuits filed against the company making claims of harm and seeking damages and relief. Yahoo said it has spent $1 million in the third quarter of this year related to its breach investigation, but said the breach did not materially impact its business or cash flow for the quarter. Yahoo also admitted in its filing that it does not have cybersecurity liability insurance.

Security Experts Voice Fears About Election Result Accuracy, Integrity

In face of alleged Russian attacks on U.S. election databases security experts warn that some states may have problems proving the integrity of their vote tally. The U.S. election system will likely face a significant trial this year, thanks to a summer of startling revelations including nation-state-linked attacks targeting the Democratic National Committee and state voter databases along with a statement of no-confidence by the Republican nominee.The result has been a slew of media stories positing how the election could be hacked.

The ongoing cyber-attacks and raised doubts will put states' choice of voting technology under the microscope with a focus on the security of voting system and the ability to audit the results produced by those balloting systems, according to election security experts.Unfortunately, while all but five states now have at least some systems with a verifiable paper trail, more than half do not have meaningful post election audits, according to Verified Voting, a group focused on improving election-system integrity and accuracy."We would like to see post election audits everywhere," Pamela Smith, director of the group, told eWEEK. "There is actual research showing that being able to conduct a robust audit in a public way brings confidence in the election.

A voter-verifiable paper ballot is a tool to instill confidence that the election has come to true result." The spotlight on election security and doubts from grand-standing candidates brings into focus a truth about elections: They are only as good as the citizens' confidence in them.
In the end, it matters little whether there is a threat and more whether the election technology and systems can convince the vast majority of people that the election was fair and accurate, J.

Alex Halderman, professor of computer science and engineering at University of Michigan and director of UM's Center for Computer Security and Society, told eWEEK. "Any election system must be able to prove to the supporters of the candidate who lost that the loser was indeed defeated," he said. "But unfortunately, the assertions … that the elections will be rigged are really hard to disprove."U.S. elections have never been free from issues.

The 2000 U.S. presidential election resulted in a contested vote in Florida bringing the term "hanging chad" into the America's lexicon.
It also resulted in the Help America Vote Act, a federal mandate to upgrade states' election systems.In 2004, the race for the governor of Washington state was decided by 127 votes, amidst legal challenges and a laundry list of election official mistakes, questionable ballots and polling-book discrepancies.Unfortunately, many states chose to purchase electronic systems that do not produce a verifiable paper record of a person's vote.

The lack of a paper ballot makes any recount of the election meaningless. Now, a decade later those systems are in need of upgrading, but many jurisdictions put off the expensive process.This summer's reports of nation-state cyber-attacks on election data systems have ratcheted up the pressure on election officials and political party leaders.  Hackers—allegedly linked to the Russian government—compromised computers at the Democratic National Committee and leaked sensitive emails and documents in July.Just before the Democratic National Convention convened, Debbie Wasserman Schultz resigned as DNC chairwoman, after leaked emails showed a lack of neutrality among the party leadership during the primary campaign that pitted Vermont Senator Bernie Sanders against eventual nominee Hillary Clinton.

Trump University and the art of the get-rich seminar

Editor's note: Though this isn't usual Ars Technica fare, we're publishing a non-tech story because we had a reporter with deep personal experience relevant to a topic of national interest. In 2005, both of us became fixated on a late-night infomercial that promised access to "hundreds of billions of dollars" in "free government money." As journalism grad students at the time, our evenings often ended with a couple beers as we decompressed by watching whatever was on our tiny 13" TV.

And what was on at the time—repeatedly—was a half-hour advertisement for an outfit called "National Grants Conferences" (NGC). Why did the NGC infomercial captivate us? It wasn’t the charisma of the commercial’s star, ex-football player and former Congressman J.C. Watts (R-Okla.), who was busy making a mockery of whatever credibility he once had.

And it wasn’t the enthusiastic couple who founded NGC, Mike and Irene Milin, proclaiming that numerous government grants were there for the taking. No, we couldn't stop watching because NGC just felt so sleazy.

Even in comparison with other get-rich-quick schemes competing for time in the twilight TV hours—the obnoxious guy with the question marks all over his suit, the insufferable smile factories bragging about their real estate conquests from tropical locales—this one seemed suspect. Though neither of us were rich, we were both confident about one thing: real secrets to the easy life weren't generally shared through free seminars given at local hotels.
So how could a business like NGC persist, even thrive? Mike Milin appearing in one of NGC's infomercials.Aurich Lawson To find out, one Saturday afternoon we biked to a nondescript hotel near the Oakland airport for an NGC presentation. We sat among hundreds of other people packed into the ballroom as a speaker confirmed what the infomercial had promised: serious sums of government money could be ours.

At the end of the session, dozens of attendees lined up to buy $999 NGC "memberships," receiving two thick books full of government programs and the promise of ongoing coaching and support. Intrigued, we spent the better part of a year researching NGC, its claims, and its founders’ pasts. We ultimately found that NGC—with several seminar teams circling the country and clearing tens of millions of dollars each year in sales—and its memberships produced no money for any of the customers we interviewed. Arriving at that conclusion was no great surprise. Nor was it surprising that the NGC money train would continue running well after we wrote a piece about it, which was published on the front page of The Sacramento Bee on July 5, 2006. What was remarkable—and what still feels surreal more than a decade later—is what happened near the end of our reporting. Donald Trump waltzed into our story. The pitch Trump bought The booming industry of real estate investment seminar gurus—who by the early 2000s numbered in the dozens—made it clear that you could make big money selling a roomful of people at a time on the dream of easy riches.

But seminar work itself was complex, ranging from managing teams of traveling crew members to keeping sales pitches just murky enough that law enforcement wouldn't butt in. Trump wanted a piece of the action, so he struck a licensing deal with the Milins in 2006.

The couple created the “Trump Institute,” using much of the same pitch material and some of the same pitchmen. Enlarge / Trump watching Trump at the launch of Trump University.Getty Images / Mario TamaThe launch of Trump Institute, in turn, paved the way for the later creation of the Trump University live seminar business, which continues to be one of the biggest scandals dogging Trump’s presidential campaign.

The New York Attorney General sued Trump, the Trump University, and its president, Michael Sexton, in 2013, alleging that they had ripped off thousands of customers, some of whom paid tens of thousands of dollars for “mentorship” programs. As the Republican primary heated up earlier this year, it was the Trump University scandal that led to some of the harshest accusations against Trump.

Former candidate Marco Rubio, after speaking to some Trump University customers, called Trump a “con man” in stump speeches and in one of the debates.

The New York lawsuit and a related class-action against the university are still pending, and it’s not inconceivable that Trump and his closest associates may end up being called to testify on a witness stand even as Trump runs for president. To understand the story, and to see how Trump University evolved, it helps to take a close look at exactly how NGC worked.

By the time Trump got involved with the Milins, NGC was already a well-oiled money-making machine. NGC plied particular markets with mailers, newspaper ads, and its late-night infomercial, filled with customer testimonials. "I got $80,000 in grant money, and I don’t have to pay it back!" said a supposed NGC customer named LaDawn Morris, who had gotten the money for “property rehab.” Another supposed customer, Dave Morgan, testified about winning a "grant for up to $1.3 million." Claims like these were lent credence by the assurances of former Congressman Watts and later by former Congressman J.D. Hayworth (R-Ariz.). The NGC ads urged people to attend one of several free seminars offered locally during an upcoming weekend.

These seminars were part motivational speech, part religious revival; at the end, they became a hard sales pitch.

The seminar salesmen—"front-end speakers" in industry lingo—assured the audience that they were big success stories who had learned the secrets of great wealth.

The hardest work they did now was walking to the mailbox to pick up their checks. NGC had been started to "let everyone in this room play the game" typically reserved for the wealthy, frontman Rick Wiseman promised the crowd at one of the dozen conferences we attended in the course of our reporting. Wiseman’s pitch hit every note of a classic rags-to-riches tale. He was dyslexic. He was called “dummy.” But, of course, no one was calling him that now. To seal the deal, Wiseman transitioned from his difficult upbringing to boasting about his current wealth.

That’s where a story about his Utah home, replete with photographs, came in.
It had been remodeled and upgraded, he said, with the help of $107,000 in state government grants. The frontmen, after establishing their authority, made sure to hammer home the importance of ignoring the dreaded "dream stealers" and "gunslingers" that surrounded each audience member.

These people were typically family or close friends who might discourage customers from spending $999—and sometimes much more—on an infomercial product. An NGC membership was an "investment in yourself," Wiseman told one crowd. Poor people don’t know what an investment is, he explained—but successful people do. "I cannot teach people how to get $107,000 when they think $1,000 is a lot of money," he said with a knowing smile. But when we checked out Wiseman's story, Utah officials told us the state grants didn't exist. (Researching his home, we found that Wiseman did apply for a few tax credits, which were approved.) What really made Wiseman wealthy, according to sources who knew the business intimately, was getting a cut of every NGC membership he sold.

This appeared to be enough, based on our observations of his sizable crowds, to clear five figures in a good week. Who was paying all that money? We interviewed nearly 50 customers who purchased NGC memberships and found that all had some source of income, but most were on the periphery of the middle class.

Almost everyone appeared to pay by credit card. None of the people we interviewed had received any grants.

Their experiences were telling, and some were eerily similar to allegations later leveled against Trump University. Some buyers were upset at NGC, feeling like they’d been had.

This was especially true of the go-getters who diligently pursued help from the company but who told us they were stonewalled or sent on wild goose chases. “The counselor would say, ‘I don’t know how to help you if you don’t know what you want,’” one NGC customer, a Maryland resident named Michele Guarino, told us. “I said, ‘I know what I want! I want to buy a house, and find out what grants are available to help me.
If I knew the particular program, I wouldn’t have needed you!’” “Even my sister was like, ‘I can’t believe how many times you asked her the same goddamn question,’” added Guarino, who eventually gave up on NGC. Dallas resident Toni Pallett, who was suffering from breast cancer and on a fixed income when she attended an NGC seminar, said she was sold on promises of grants for people with disabilities and illnesses.

But her estimated 20 calls to NGC produced nothing. Enlarge / Matthew Lesko, the "question mark suit guy," helped pioneer the "free government money" business.Matthew Lesko“They’re nurturing sharks, is what they are,” she said. “They’re just a glorified Nigerian scam.” Some customers we spoke to, after figuring out that NGC was of no use to them, had promptly demanded refunds.

As long as they didn’t wait too long, they tended to get their money back—a smart strategy by NGC unburdening it of a relatively small number of potential headaches. Others hadn’t even cracked the books open, evidently intimidated by the hundreds of pages of legalese consisting largely of reprinted descriptions of government programs. “They could sell ice to a penguin,” a San Francisco customer, who worked in sheet metal, told us. When asked if he regretted his two $1,000 purchases, the customer demurred. “You get what you put into it,” he said. “I haven’t been able to put in the time that I would like to put in.” That was the thing about NGC; its program had the effect of encouraging those who’d bought it to blame themselves for failure. To gain more insight into the business, we called up that annoying question-mark-suit guy, Matthew Lesko.

For a man who peddled “free money programs” in blaring TV spots, the skinny, bespectacled Lesko’s answers were remarkably frank. He seemed genuinely taken aback by the actions of NGC. The free-seminar business, he said, appealed to "people's ignorance.” “I do, too," he added. But one difference between Lesko and NGC was that he charged only $40 for his wisdom, providing a book that was essentially a description of US government programs.

Though initially an innovator in the business, Lesko was soon overtaken by more aggressive pitchmen. "My commercials started getting big, and then all these other people started coming up," Lesko said. "I guess I envy them, in a way.
I know they're doing a hell of a lot more revenue than I am.

They charge outrageous fees—like $1,000! I don't have the balls to charge that." Trump Institute is born The charges soon went even higher.
In the spring of 2006, Wiseman and fellow NGC pitchman Saen Higgins began hawking Trump Institute, which promised to reveal the business mogul’s tools for real estate investing and entrepreneurship. (Wiseman didn't return messages asking for comment. Higgins couldn’t be reached.) That June, we saw Higgins address a crowd eager to learn Donald Trump’s money-making secrets. Much of the pitch, delivered in San Diego, was recycled NGC material, including his telling of Wiseman's Utah grants story.

The remainder was an extended riff on Donald Trump’s real estate acumen. Though there were many similarities between the NGC and Trump Institute pitches, one thing had changed: the price. With the Trump name, membership had increased to $1,399. But just as the Trump Institute got rolling, the Milins ran into legal troubles. This wasn't a new situation for the couple.
In the 1990s, they were sued for deceptive trade practices by the Texas Attorney General’s office after hawking the "Milin Method" for real estate investing, complete with infomercials, hotel seminars, and a $499 package of books and tapes about how to get rich at government auctions. Their “testimonials were fake,” former Texas Assistant Attorney General Bruce Griffiths told us in an interview.

The Milins settled in 1993, paying $500,000 in restitution and agreeing to never again claim to have grown wealthy from real estate.

Griffiths regrets settling for such a low sum. “It only paid off something like 12 cents on the dollar of what they collected,” he said. “They had a $30 [million] or $40 million a year operation.” Enlarge / Trump University President Michael Sexton and Donald Trump in 2005, shortly before they struck a deal with the Milins.Getty Images / Mario Tama In 2006, NGC was sued by Vermont’s attorney general, Bill Sorrell, who said that it had violated state consumer protection laws.

The case was settled later that year, with NGC agreeing to pay nearly $325,000 in refunds to Vermont customers, along with attorneys’ fees. After Sorrell publicly blasted the enterprise as "unconscionable and illegal," fully 33 state attorneys general sent a letter to the Federal Trade Commission, singling out NGC and urging the agency to strengthen its deceptive advertising rules. “NGC used consumer endorsements to sell ‘program’ materials for nearly $1,000 a set,” the attorneys general wrote, even though the company “lacked substantiation for its claims.” NGC eventually disappeared in a blizzard of legal woes.

The Texas Attorney General’s office sued the Milins a second time, asserting that NGC misled customers about the availability of government grants. To find out why Trump would get involved with the Milins, we asked to speak with Michael Sexton, a Trump executive who helped manage the Trump Institute deal.
Sexton was happy to grant an interview with a couple of journalism students. Yes, the live seminar business had a "checkered past" and was filled with actors who “have not done a good job of serving the needs of their customers," he told us at the time.

After a “lengthy due-diligence process,” Sexton said, Trump decided to team with the Milins. "We’ve partnered with a group that’s the best in the business at putting this on," he said. "We’ve basically taken our curriculum and used their logistics infrastructure to make sure that this thing goes off without a hitch." The Vermont case was well underway by the time we spoke to Sexton, but he wouldn’t answer questions about what he called the Milins' “past businesses.” Sexton was happy, however, to offer an example of how Trump Institute inspired its students.
It was one we knew well—Rick Wiseman’s claim to have received $107,000 in government money to improve his home. Wiseman “has kind of a funny but meaningful case study about a home that he purchased,” Sexton said, with obvious pride. “And he got government grants to help rehab it.” We reached out to the Trump Organization this month with a list of further questions about the relationship between Trump and the Milins. Most went unanswered. "Trump University had no relationship whatsoever with NGC," Trump Organization general counsel Alan Garten said in an e-mail. "Trump University entered into a license arrangement" with the Milins and Trump Institute. "Upon expiration of the license arrangement in 2009, it was not renewed." Enlarge / Trump has moved on to bigger things—like seeking the US presidency.Getty Images / Joe Raedle Onward and upward Having spent two years learning how to market to working class strivers, Trump was ready to run a seminar business directly through Trump University. (This could be lucrative; according to a civil suit filed by the New York Attorney General’s office in 2013, Trump personally pulled in $5 million during the few years his “university” was functional.) Trump University operated much as NGC and then Trump Institute had.
In a front-end free seminar at a hotel, speakers sold expensive packages and promised that anyone who bought into Trump University would get a year of “apprenticeship support” through a toll-free hotline. Just as they had with the Milins, legal troubles followed this business model.

The New York attorney general filed a suit that continues today. While NGC’s phone support produced numerous complaints, Trump University didn’t have a “hotline for students with substantive questions about real estate,” according to the lawsuit.

And Trump University’s three-day seminars were really a long pitch “to upsell the expensive Elite programs,” the lawsuit stated. (Those packages ranged from $10,000 to $35,000, according to the suit.) Private claims came, too.
In 2010, a class-action lawsuit was filed by disgruntled customers, many asserting losses into the tens of thousands of dollars. Trump University changed its name after the New York lawsuit was filed, and it wound down that same year.
Searching for it online now leads to a non-functioning website branded the “Trump Entrepreneur Initiative.” Trump continues to defend the University’s record, saying that 98 percent of his students rated the program "excellent." He dismissed the lawsuit in one recent Republican debate as a “minor civil case” that he expects to win. By 2010, Trump apparently lost interest in the seminar business. He had established himself as a leader of another sort, questioning the citizenship of President Barack Obama at a time when this had almost fallen out of fashion. Ultimately, Trump would mount a run for political office himself, and today he stands as a leading contender for the top job. As he did with those who taught him the seminar business, Trump has moved on to a bigger game. Read the 2006 Sacramento Bee story (PDF)

Senator demands US courts recover 10 years of online public records

"Restore access," lawmaker says of docs purged because of computer upgrade issue.

Notorious ‘scanner troll’ gets no succor from Federal Circuit

MPHJ Technology ends up exactly where it didn't want to be—in state court.

Ongoing health exchange tech problems force enrollment deadline extension

HHS loosens rules to accommodate those still stuck in enrollment-site hell.

Infamous scanner “patent troll” seeks sanctions—against the government

The truth that Vermont can't handle: Free speech for patent trolls!

Nebraska AG seeks to shut down vague patent demand letters

Bruning: Using patents "to squeeze money from Nebraska consumers is a scam."

Notorious “scan-to-email” patents go big, sue Coca-Cola and Dillard’s

New suits show Canon and Sharp have struck deals with infamous "patent trolls."

Patent troll bill taken up by Senate, but some say “slow...

Senators want to rein in the trolls, but not rile the universities.