Mail-in ballots are the new literacy tests

I was watching a fascinating movie on Amazon called All In. It documents voting suppression history in the US. While we have had various laws, including several Constitutional amendments, their implementation is mostly a local matter. Some local officials have done what they can to deny the vote over the years. For the most part, the documentary is accurate. It features numerous interviews with Stacey Abrams, who lost the Georgia governor’s race in 2018.

The movie comes at an interesting time. In my blog post for Avast this week, I summarize many of the voter suppression efforts that we have seen in the past several years, including leading up to the 2016 and 2018 national elections. There was a lot of data on suppression collected by Mueller. His report  showed that more than 3,500 ads on Facebook were placed by the Russian Internet Research Agency to try to convince potential Black voters to stay home during the 2016 elections. The same group also posted a series of anti-Muslim ads and organized concurrent protest rallies in Texas on opposite political sides. My Avast post has more details on the recent suppression efforts seen this year.

There are efforts to try to encourage everyone to vote, including a major ad spend by a new non-profit group called National Council on Election Integrity.

In the Amazon All In documentary, one person suggests the 2016 efforts should be called “Jim Crow v2.0,” referencing the pre-60s laws (and more recent changes) that made voting difficult by instituting literacy tests and poll taxes. You can see some archived examples of 1960s-era literacy tests here. These tests are almost impossible to pass, even f you have a graduate degree in American Studies.

I want to take things a step further: I think we are now in the Jim Crow v3.0 era. The new literacy test is the result of a confusing series of mail-in and absentee ballot regulations and shifting court challenges that are now happening across our country. My wife and I voted via mail-in ballots in Missouri: it took a lot of re-reading the various instructions, figuring out the steps involved, getting our ballots notarized and then mailed in. Each ballot has to be returned in a matching envelope and is tagged with a QR code that you can scan to check on its progress, to ensure that the elections board received it. (They did.) A good resource is what the Washington Post has put together that tells you when and how you can vote in your state.

But there is a subtle difference between mail-in (which anyone in Missouri can do) and absentee (which you have to certify that you aren’t going to make it to the polls). They have different deadlines and other requirements. For my Avast blog, I got to talk directly to Trevor Timmons, the CIO for the Colorado Department of State, the agency that supervises its elections. In its June 2020 primary, more than 99% of registered voters submitted mail-in ballots. Colorado is one of those “universal” mail-in states, meaning that every registered voter will receive a mail-in ballot. You can come and vote in person, but most people don’t. You can also register and vote on election day, something only a few states have.

After I had mailed in our ballots, I had a senior moment where I thought I swapped my ballot and put it in my wife’s return envelope, and vice-versa. Timmons told me that they specifically look out for these situations and still validate both ballots: “It is a common error that takes manual intervention to resolve, but it is resolved quickly.”

What about fraud with mail-in votes? If you examine this page from the Heritage Foundation, you can see their dashboard of fraud has found 1,300 cases. That sounds like a lot but not when you compare that with the hundreds of millions of votes cast. Timmons is more worried about election security, and has put a series of measures in place, such as MFA required for all election judge since 2013), applying current software patches and using other endpoint detection tools to stop malware attacks. “We have seen ransomware incidents in some of our counties that compromised other agencies. We detected them when the attacks attempted to move to the elections boards and we were able to stop their spread.”

Meanwhile, October hasn’t been without its election systems hiccups. Voter registration systems were overwhelmed in Florida. Georgia’s electronic voting machines had some issues on the first days of early in-person voting, and Virginia’s and Pennsylvania’s online registration systems were both down thanks to a construction crew cutting a fiber cable and a systems crash in a data center, respectively.

Network Solutions blog: How Microsoft Teams Enhancements Protect Collaboration

As remote working has increased in popularity, better collaboration tools have become more of a necessity. Microsoft has been paying attention to this trend of course and recently announced numerous enhancements to its Teams platform. Teams has been around for more than a year and combines chat and instant messaging with video conferencing. Most of its newest features are only available on the latest version of its Windows desktop app that was released at the end of July: the web browser and Mac versions are not yet at feature parity.

If you think of Teams as just being a mind-meld between Slack and Webex, you would be underestimating what Microsoft is trying to do with this software. And with the latest update, Microsoft aims to make Teams more of the connective tissue that will bring together its various Office applications, as well as a platform that can enable better collaboration among office workers. This post for Network Solutions’ blog goes into the details.


CSOonline: Homomorphic encryption tools find their niche

Organizations are starting to take an interest in homomorphic encryption, which allows computation to be performed directly on encrypted data without requiring access to a secret key. While the technology isn’t new (it has been around for more than a decade), many of its implementations are, and most of the vendors are either startups or have only had products sold within the past few years. While it’s difficult to obtain precise pricing, most of these tools aren’t going to be cheap: Expect to spend at least six figures and sign multi-year contracts to get started.

I review the early products in this market for CSOonline, describe some of the typical use cases, and provide some suggestions on how to evaluate them for enterprise uses.

Network Solutions blog: How to Counter Darkweb Threats With Proactive Security

Most of us tend to think about the web as a single destination, available through our browsers on our laptops and phones. But over the years there is a much more sinister portion of the web, called the dark web that isn’t easily discoverable by traditional search engines and could contains threats to your business operations and harm your reputation. I describe this shady underbelly and what kinds of information is available there, along with suggestions of tools that you can use to be more proactive about your security such as EchoSec Beacon,  Dark Owl ScannerSixGill’s DarkfeedRecorded FutureZeroFox and Digital Shadows’ Searchlight. These tools can help to provide near real-time access to threat data that is being shared on the darkweb on a variety of discussion forums and other places, again as a way to learn about the early stages of an attack.

Read my post on Network Solutions blog here.

Avast blog: Zerologon is a Nasty Windows Server Domain bug: Patch now!

A new vulnerability in Windows domain controllers has been discovered by security researchers at Secura. In a published paper in September, they found the cryptographic flaw and called it Zerologon. It takes advantage of the Netlogon Remote Protocol that is used in the authentication process. All that is to exploit this flaw – and compromise a wide variety of Active Directory identity services — is a TCP-level connection to the domain controller itself. Secura published a test tool on Github that can tell you whether a domain controller is vulnerable or not. Researchers have seen evidence of its use in the wild already, which is why you want to patch your servers asap.

You can read more about this scourge on my Avast blog post.

Internet Protocol Journal: Selling my IPv4 block

If your company owns a block of IPv4 addresses and is interested in selling it, or if your company wants to purchase additional addresses, now may be the best time to do so. For sellers, a good reason to sell address blocks is to make money and get some use out of an old corporate asset. If your company has acquired other businesses, particularly ones that have assets from the early Internet pioneers, chances are you might already have at least one range that is gathering dust, or is underused.

So began an interesting journey for me and my range of class C addresses. It took months to figure out the right broker to list my block and to work through the many issues to prove that I actually was assigned it back in the mid 1990s. Thus began my own journey to correct this information and get it ready for resale. The process involved spending a lot of time studying the various transfer webpages at ARIN, calling their transfer hotline several times for clarifications on their process, and paying a $300 transfer fee to start things off. ARIN staff promises a 48-hour turnaround to answer e-mails, and that can stretch out the time to prepare your block if you have a lot of back-and-forth interactions, as I did.

You can read my report in the current issue of the Internet Protocol Journal here. I review some of the historical context about IPv4 address depletion, the evolution of the used address marketplace, the role of the block brokers and the steps that I took to transfer and sell my block.

Avast blog: When not to accept cookies

Nearly any website you visit asks you to accept cookies, and most of us don’t even think about this choice — we just click “yes” to rid ourselves from the pain of the pop-up. But what are we really agreeing to? What is a cookie, anyway? These small text files were first used in browsers back in 1994 and soon became ubiquitous. Cookies can be used for both productive and evil reasons, and I try to sort them out and show you how to avoid them.

You can read more in my blog post for Avast here.

Avast blog movie review: The Social Dilemma

Earlier this month, Netflix started streaming the movie The Social Dilemma. It was first screened at Sundance earlier this year, and now is widely available. Since its release, it has been widely reviewed.

The film combines documentary-style interviews with leading nerds behind Facebook, Twitter, Uber, Instagram, etc. along with star turns from Shoshana Zuboff, Jaron Lanier and Renee Diresta. The thesis is that the social giants have sold us and our data down the river, and we now are stuck with them. The New York Times review is mostly positive, saying the interview subjects are “conscientious defectors from these companies who explain that the perniciousness of social networking platforms is a feature, not a bug.” The best interview subject is Tristan Harris, a former design ethicist at Google who now runs a non-profit called the Center for Humane Technology.

You can read my extensive review of the film on the Avast blog here. The film could be one small step to help understand the role that social media plays in our lives. It could  also help start some conversations with the less tech-savvy family members and friends.

You can also listen to my podcast as Paul Gillin and I discuss our reactions to the movie and what B2B marketers can takeaway from it.

Network Solutions blog: How to protect your organization from ransomware attacks

Ransomware attacks are still very much a threat, and the ease of perpetuating them is a big reason why. All it takes for a ransom attack to begin is for a single employee to click on a phishing email. Sadly, these attacks aren’t going away anytime soon. Your organization doesn’t have to be such a tempting target for ransomware attacks. There are a few simple ways to minimize your exposure and make it more difficult for attackers to gain a foothold.

You can read my post for Network Solutions blog here and review several practical suggestions on how to prepare your network for the eventual attack.


Avast blog: Election hacking updates

As we approach the November general U.S. elections, things are heating up, with both candidates now making actual campaign appearances. We have also seen an increase in cyberattacks and other threats to our elections. This includes efforts to hack into campaign staff’s accounts by foreign governments, physical threats during these campaign stops, and changes to how votes will be recorded.

You can read my full post on Avast’s blog here,where I review the latest in election interference news.