Crossing The River

Crossing the river with my bare foots…

The flow of water mesmerizes me.

Taking all the worries and agony with it…

Filling me with boundless energy and freshness.

Now I see the sky much cleaner…

Now I feel the wind much finer.

Low to medium risk of Russian invasion of Ukraine in next few weeks: US general

There is a “low to medium” risk that Russia will invade Ukraine over the next few weeks, the top U.S. general in Europe said on Thursday, in the first such military assessment amid mounting concern about Russian troop movements toward Ukraine’s borders.

Air Force General Tod Wolters declined to explain the intelligence driving his assessment, which does not suggest that the U.S. military expects a Russian invasion at this point, but he is not ruling one out or playing down the risk.

But, in testimony before a House of Representatives committee he later suggested his view about the risks in the coming weeks and months was at least partly based on the disposition of Russian forces.

The Pentagon has declined to detail its assessment on the size and composition of those troops, referring reporters to Moscow. However, the White House disclosed last week that Russia had more troops on Ukraine’s eastern border than at any time since 2014, when it annexed Crimea and backed separatist territory seizures.

Asked by a lawmaker on the Armed Services Committee to estimate the chances of an invasion in the next few weeks, Wolters said: “Low to medium.”

Pressed by another lawmaker to explain whether that risk would change after that period, Wolters kept his cards close, saying: “The answer is, it depends.”

“And I would have to take each and every second of the day from this point till tomorrow to give you a different answer,” said Wolters, who is both head of the U.S. military’s European Command and is NATO’s supreme allied commander Europe.

If the current trajectory stayed the same, however, Wolters estimated the risk of an invasion could decrease.

“My sense is, with the trend that I see right now, that the likelihood of an occurrence will start to wane,” he told Congress members.

Ukraine and Russia have traded blame over a spike in violence in the conflict in eastern Ukraine, where Ukrainian troops have battled Russian-backed separatist forces in a conflict that Kyiv says has killed 14,000 people since 2014.

Tensions over a buildup of Russian troops on Ukraine’s eastern border have pushed up the cost of raising domestic debt and prompted the government to accelerate efforts to secure more International Monetary Fund loans, an adviser to Ukraine’s president told Reuters on Thursday.

The United States sought to impose costs on Russia on Thursday by imposing a broad array of sanctions, including curbs to its sovereign debt market, to punish it for interfering in last year’s U.S. presidential election, cyber-hacking, bullying Ukraine and other alleged “malign” actions.

Laura Cooper, deputy assistant secretary of defense for Russia, Ukraine and Eurasia, pointed to the sanctions and described the conflict in eastern Ukraine as “a hot war right now.”

“Since January, we’ve already had 30 Ukrainian service members killed in the east,” Cooper testified, speaking alongside Wolters.

Still, both Cooper and Walters did not request additional authorities to support Ukrainian forces, which started receiving anti-tank weapons and other weaponry in recent years from Washington.

“I think we have the right authorities and we have been able to provide the right lethal assistance, again, both on the land domain and the maritime domain at this point,” Cooper said.

“Need To Do Better Job For Employees”: Jeff Bezos In Last Letter As CEO

San Francisco, United States: 

US tech giant Amazon on Thursday sounded conciliatory notes as the US government considers stricter regulatory measures against America’s largest digital platforms.

Founder Jeff Bezos told investors his e-commerce empire needs a better “vision” for its workers, just days after an effort to create the company’s first labor union was defeated.

Some Amazon executives had fired off snappy comments at various politicians who supported the labor campaign, but their chief executive took a more circumspect approach to the anti-union victory at its plant in Bessemer, Alabama.

“Does your chair take comfort in the outcome of the recent union vote in Bessemer?” Bezos asked rhetorically in an annual letter to shareholders.

“No, he doesn’t. I think we need to do a better job for our employees.”

In the letter, which was his final before stepping down as chief executive, Bezos laid out a new goal for the company to be “Earth’s best employer and Earth’s safest place to work.”

“Despite what we’ve accomplished, it’s clear to me that we need a better vision for our employees’ success,” Bezos said.

The vote count in the contentious unionization drive at the warehouse in the southern state of Alabama last week showed a wide majority of workers rejecting the move.

“Bezos’s admission today demonstrates that what we have been saying about workplace conditions is correct,” said Stuart Appelbaum, president of the union that vied to represent Amazon workers.

“But his admission won’t change anything, workers need a union — not just another Amazon public relations effort in damage control.”

Bezos rejected news reports that he said unfairly portray Amazon workers as “desperate souls and treated as robots.”

“That’s not accurate,” Bezos said.

“They’re sophisticated and thoughtful people who have options for where to work.”

Unions and political leaders have argued that Amazon employees face constant pressure and monitoring, with little job protection, highlighting the need for collective bargaining.

Amazon has held firm that most of its workers don’t want or need a union and that the company already provides more than most other employers, with a minimum $15 hourly wage and other benefits.

Tax boost backed

Bezos had already shown deference to political momentum, announcing support for an increase in corporate taxes sought by US President Joe Biden to help finance a $2 trillion infrastructure plan.

Bezos embraced the move just days after Biden singled out Amazon for avoiding federal income taxes while proposing to boost the corporate tax rate to 28 percent.

“We support the Biden administration’s focus on making bold investments in American infrastructure,” Bezos said.

“We recognize this investment will require concessions from all sides — both on the specifics of what’s included as well as how it gets paid for (we’re supportive of a rise in the corporate tax rate).”

Amazon has been the target of critics for years who claim it pays little or no corporate taxes. The company has defended its policies, saying that its investments offset taxes as intended by the tax code.

Last month, Biden cited a 2019 study showing 91 Fortune 500 companies, “the biggest companies in the world, including Amazon… pay not a single, solitary penny of federal income tax,” adding, “that is just wrong.”

Bezos’s support for raising corporate taxes was echoed Thursday by the Chamber of Progress, a self-described “center-left” tech industry coalition whose roster of members includes Amazon, Facebook, Google and Twitter.

“Many tech industry leaders view corporate taxes as a patriotic duty and a wise investment in a well-functioning society,” chamber chief Adam Kovacevich said in message posted online.

“President Biden’s proposal to raise corporate tax rates to make major investments in infrastructure is a tradeoff that many in the tech industry can support.”

Meanwhile, political will to regulate internet giants whose power has grown dramatically during the pandemic has seemed to increase.

US House Antitrust Subcommittee Chairman David Cicilline said Thursday that a 16-month investigation makes it clear that Congress must act.

“Amazon, Apple, Google and Facebook each hold monopoly power over significant sectors of our economy,” Cicilline said in a statement.

FBI Wanted To Unlock US Shooter’s iPhone. It Turned To A Little-Known Firm

The iPhone used by a terrorist in the San Bernardino, Calif., shooting was unlocked by a small Australian hacking firm in 2016, ending a momentous standoff between the U.S. government and the tech titan Apple.

Azimuth Security, a publicity-shy company that says it sells its cyber wares only to democratic governments, secretly crafted the solution the FBI used to gain access to the device, according to several people familiar with the matter. The iPhone was used by one of two shooters whose December 2015 attack left more than a dozen people dead.

The identity of the hacking firm has remained a closely guarded secret for five years. Even Apple didn’t know which vendor the FBI used, according to company spokesman Todd Wilder. But without realizing it, Apple’s attorneys came close last year to learning of Azimuth’s role – through a different court case, one that has nothing to do with unlocking a terrorist’s device.

Five years ago, Apple and the FBI both cast the struggle over the iPhone as a moral battle. The FBI believed Apple should help it obtain information to investigate the terrorist attack. Apple believed that creating a back door into the phone would weaken security and could be used by malicious actors. The FBI sought a court order to compel Apple to help the government. Weeks later, the FBI backed down after it had found an outside group that had a solution to gain access to the phone.

The tale of the unlocking of the terrorist’s iPhone, reconstructed through Washington Post interviews with several people close to the situation, shines a light on a hidden world of bug hunters and their often-fraught relationship with the creator of the devices whose flaws they uncover. Azimuth is a poster child for “white hat” hacking, experts say, which is good-guy cybersecurity research that aims to disclose flaws and disavows authoritarian governments.

Two Azimuth hackers teamed up to break into the San Bernardino iPhone, according to the people familiar with the matter, who like others quoted in this article, spoke on the condition of anonymity to discuss sensitive matters. Founder Mark Dowd, 41, is an Australian coder who runs marathons and who, one colleague said, “can pretty much look at a computer and break into it.” One of his researchers was David Wang, who first set hands on a keyboard at age 8, dropped out of Yale, and by 27 had won a prestigious Pwnie Award – an Oscar for hackers – for “jailbreaking” or removing the software restrictions of an iPhone.

Apple has a tense relationship with security research firms because it wants them to disclose all vulnerabilities to Apple – helping preserve its reputation as having secure devices – rather than sell them to law enforcement, according to Apple executives who testified in the court case. But by unlocking the terrorist’s iPhone, some say, Azimuth came to Apple’s rescue by ending a case that could have led to a court-ordered back door to the iPhone.

“This is the best possible thing that could have happened,” said Will Strafach, an iOS security researcher. The vendor that unlocked the phone, far from being unethical, potentially averted “a very bad precedent” for Apple “where everyone’s phone would have weakened security.”

Wilder said Apple supports “good faith” security research. “Our engineers work closely with the security community in numerous ways,” he said.

When contacted by The Post, the FBI, Azimuth, Wang and Dowd declined to provide a comment for this story.

In September, 2015, Apple released its new operating system, iOS 9, which it billed as having enhanced security to “protect customer data.” The new iOS was running on the iPhone 5C used by Syed Rizwan Farook, a public health inspector for San Bernardino County.

The FBI suspected the iPhone 5C might have valuable clues about why Farook and Tashfeen Malik opened fire on a holiday party at Farook’s office. Both Farook and Malik were killed in a shootout with police.

Before the attack, Malik had posted a message on her Facebook page, pledging loyalty to Abu Bakr al-Baghdadi, the leader of the Islamic State. (Baghdadi died in a U.S. Special Forces raid in Syria in 2019.) The FBI had few leads on whether the couple had accomplices or whether it was directed by the Islamic State, which was directing similar attacks around the world at the time. The FBI thought the contents of Farook’s iPhone 5C might provide useful information, such as who he had been communicating with in the lead-up to the attack.

But the phone, which belonged to Farook’s employer, was locked with Apple’s new security. In the past, the FBI could use software to quickly guess every possible combination of numbers for the four-digit passcode, a “brute force” effort that would normally take about 25 minutes. But the 5C included a feature that erased itself if the wrong password was entered more than 10 times.

Months of effort to find a way to unlock the phone were unsuccessful. But Justice Department and FBI leaders, including Director James Comey, believed Apple could help and should be legally compelled to try. And Justice Department officials felt this case – in which a dead terrorist’s phone might have clues to prevent another attack – provided the most compelling grounds to date to win a favorable court precedent.

In February 2016, the Justice Department obtained a court order directing Apple to write software to bypass the security feature. Apple said it would fight the order. Its argument: the government was seeking to force the company to break its own security, which could pose a threat to customer privacy.

“The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” Apple CEO Tim Cook wrote in a statement at the time. “The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

All sophisticated software contains “bugs” or flaws that cause computer programs to act in unexpected ways. Not all bugs are significant, and on their own they don’t pose a securityrisk. But hackers can seek to take advantage of certain bugs by writing programs called exploits. Sometimes they combine a series into an “exploit chain” that can knock down the defenses of a device like the iPhone one-by-one.

Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called “the Mozart of exploit design,” had found one in open-source code from Mozilla that Apple used to permit accessories to be plugged into an iPhone’s lightning port, according to the person. He found it even before Farook and his wife opened fire at the Inland Regional Center, and thought it might be useful at some point to develop into a hacking tool. But Azimuth was busy at the time with other projects.

Mozilla declined to comment.

Two months after the attack, Comey testified to Congress that investigators were still unable to unlock the terrorist’s iPhone. Seeing the media reports, Dowd realized he might have a way to help. Around that time, the FBI contacted him in Sydney. He turned to 30-year-old Wang, who specialized in exploits on iOS, the people said.

Using the flaw Dowd found, Wang created an exploit that enabled initial access to the phone – a foot in the door. Then he hitched it to another exploit that permitted greater maneuverability, according to the people. And then he linked that to a final exploit that another Azimuth researcher had already created for iPhones, giving him full control over the phone’s core processor – the brains of the device. From there, he wrote software that rapidly tried all combinations of the passcode, bypassing other features, such as the one that erased data after 10 incorrect tries.

Wang and Dowd tested the solution on about a dozen iPhone 5Cs, including some bought on eBay, the people said. It worked. Wang dubbed the exploit chain “Condor.”

In mid-March, Azimuth demonstrated the solution at FBI headquarters, showing Comey and other leaders how Condor could unlock an iPhone 5C. Then, one weekend, the FBI lab did a series of forensic tests to be sure it would work without destroying data. The tests were all successful, according to the people. The FBI paid the vendor $900,000, according to remarks by Sen. Dianne Feinstein, D-Calif., in May 2017.

FBI officials were relieved but also somewhat disappointed, according to people familiar with the matter. They knew they were losing an opportunity to have a judge bring legal clarity to a long-running debate over whether the government may compel a company to break its own encryption for law enforcement purposes.

On March 21, 2016, the government canceled a hearing scheduled for the following day on the legal case in California.

Soon after, the FBI unlocked the phone. Nothing of real significance – no links to foreign terrorists – was found.

The government subsequently abandoned its legal bid to force Apple to unlock the phone.

Apple sought to recruit Wang to work on security research, according to the people. Instead, in 2017 he co-founded Corellium, a company based in South Florida whose tools help security researchers. The tools allow researchers to run tests on Apple’s mobile operating system using “virtual” iPhones. The virtual phones run on a server and display on a desktop computer.

In 2019, Apple sued Corellium for copyright violation. As part of the lawsuit, Apple pressed Corellium and Wang to divulge information about hacking techniques that may have aided governments and agencies like the FBI.

Apple subpoenaed Azimuth, Corellium’s first customer, according to court documents. Apple wanted client lists from Azimuth, which is now owned by L3 Harris, a major U.S. government contractor, that might show malign entities. L3 and Azimuth said they were “highly-sensitive and a matter of national security,” according to court documents.

Last April, Apple also made a document request in the lawsuit for “[a]ll documents concerning, evidencing, referring to, or relating to any bugs, exploits, vulnerabilities, or other software flaws in iOS of which Corellium or its employees currently are, or have ever been, aware.”

Those employees included Wang. The request would have turned up Condor.

The judge denied the request in part.

During a deposition, Apple questioned Wang about the morality of selling exploits to governments, according to court records. A lawyer pressed him during the deposition on whether he was aware of any bugs that were not reported to Apple but were later found by malicious hackers.

Apple “is trying to use a trick door to get [classified information] out of him,” Corellium attorney Justin Levine said, according to a transcript. Corellium declined to comment for this story.

In its statement, Apple said the case “is about Corellium attempting to profit by selling access to Apple’s copyrighted works.”

In its lawsuit, Apple argued that Corellium has “no plausible defense” for infringing on Apple’s copyright, in part because it “indiscriminately markets its iPhone replicas to any customer, including foreign governments and commercial enterprises.”

Corellium has denied the allegation. It has countered that the lawsuit is an attempt to put it out of business following a failed effort by Apple in 2018 to purchase the company.

“If Apple wants to make their phones more secure against these government-affiliated bug hunters, then they should make their phones more secure,” said Matthew Green, a computer scientist at Johns Hopkins University, who has led research that found holes in Apple’s encryption. “They shouldn’t be going after people in a courtroom.”

In December, U.S. District Judge Rodney Smith in Fort Lauderdale, Fla., dismissed Apple’s copyright claims against Corellium. He ruled Corellium’s virtual iPhones do not violate Apple’s copyright because they are used to find security vulnerabilities, not compete with Apple sales. He deemed “puzzling” Apple’s allegation that Corellium’s products are sold indiscriminately.

The legal fight is far from over. Apple can appeal Smith’s ruling. And Apple has lodged another claim: that Corellium’s tools illegally bypass Apple’s security measures. That trial, which will be closely watched by security researchers, is set for the summer.

Meanwhile, Corellium can keep selling tools that help researchers find iOS bugs.

But all exploits have a shelf-life.

A month or two after the FBI unlocked the terrorist’s iPhone, Mozilla discovered the flaw in its software and patched it in a routine update. So did vendors that relied on the software, including Apple.

Mass Shooting At FedEx Unit In Indianapolis, US, Gunman Dead: Police

Washington, United States: 

Multiple people were shot in an incident Thursday in the US city of Indianapolis, according to police, although the severity of the victims’ injuries was not immediately clear.

Police spokeswoman Genae Cook told reporters officers found an “active shooter incident” at a Fedex facility near the city’s international airport, and believe the gunman died by suicide.

Police said multiple people had been shot but did not confirm the number or their status.

Sgt John Perrine, an Indiana State police public information officer told relatives of Fedex employees to gather at a local Holiday Inn.

Live video showed police tape at the scene of the incident, which follows several mass shootings in recent weeks.

At the end of last month, four people, including a child, were shot dead in an office building in southern California.

On March 22, 10 people were killed in a shooting at a grocery store in Boulder, Colorado.

That came less than a week after a man shot and killed eight people, including six women of Asian descent, at spas in Atlanta, Georgia.

Nearly 40,000 people in the United States die each year from guns, more than half of those being suicides.

The issue of gun regulation in the United States is politically fraught.

President Joe Biden this month announced six executive measures he said would help stem the gun violence crisis.