[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

The malicious software that unknown thieves used to steal credit and debit card numbers in the data breach at Home Depot this year was installed mainly on payment systems in the self-checkout lanes at retail stores, according to sources close to the investigation. The finding means thieves probably stole far fewer cards during the almost five-month breach than they might have otherwise.

A self-checkout lane at a Home Depot in N. Virginia.

A self-checkout lane at a Home Depot in N. Virginia.

Since news of the Home Depot breach first broke on Sept. 2, this publication has been in constant contact with multiple financial institutions that are closely monitoring daily alerts from Visa and MasterCard for reports about new batches of accounts that the card associations believe were compromised in the break-in. Many banks have been bracing for a financial hit that is much bigger than the exposure caused by the breach at Target, which lasted only three weeks and exposed 40 million cards.

But so far, banking sources say Visa and MasterCard have been reporting about far fewer compromised cards than expected given the length of the Home Depot exposure.

Sources now tell KrebsOnSecurity that in a conference call with financial institutions today, officials at MasterCard shared several updates from the ongoing forensic investigation into the breach at the nationwide home improvement store chain. The card brand reportedly told banks that at this time it is believed that only self-checkout terminals were impacted in the breach, but stressed that the investigation is far from complete.

MasterCard also reportedly relayed that the investigation to date found evidence of compromise at approximately 1,700 of the nearly 2,200 U.S. stores, with another 112 stores in Canada potentially affected.

Officials at MasterCard declined to comment. Home Depot spokeswoman Paula Drake also declined to comment, except to say that, “Our investigation is continuing, and unfortunately we’re not going to comment on other reports right now.”

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

How much are your medical records worth in the cybercrime underground? This week, KrebsOnSecurity discovered medical records being sold in bulk for as little as $6.40 apiece. The digital documents, several of which were obtained by sources working with this publication, were apparently stolen from a Texas-based life insurance company that now says it is working with federal authorities on an investigation into a possible data breach.

The "Fraud Related" section of the Evolution Market.

The “Fraud Related” section of the Evolution Market.

Purloined medical records are among the many illicit goods for sale on the Evolution Market, a black market bazaar that traffics mostly in narcotics and fraud-related goods — including plenty of stolen financial data. Evolution cannot be reached from the regular Internet. Rather, visitors can only browse the site using Tor, software that helps users disguise their identity by bouncing their traffic between different servers, and by encrypting that traffic at every hop along the way.

Last week, a reader alerted this author to a merchant on Evolution Market nicknamed “ImperialRussia” who was advertising medical records for sale. ImperialRussia was hawking his goods as “fullz” — street slang for a package of all the personal and financial records that thieves would need to fraudulently open up new lines of credit in a person’s name.

Each document for sale by this seller includes the would-be identity theft victim’s name, their medical history, address, phone and driver license number, Social Security number, date of birth, bank name, routing number and checking/savings account number. Customers can purchase the records using the digital currency Bitcoin.

A set of five fullz retails for $40 ($8 per record). Buy 20 fullz and the price drops to $7 per record. Purchase 50 or more fullz, and the per record cost falls to just $6.40 — roughly the price of a value meal at a fast food restaurant. Incidentally, even at $8 per record, that’s cheaper than the price most stolen credit cards fetch on the underground markets.

Imperial Russia's ad on Evolution pimping medical and financial records stolen from a Texas life insurance firm.

Imperial Russia’s ad pimping medical and financial records stolen from a Texas life insurance firm.

“Live and Exclusive database of US FULLZ from an insurance company, particularly from NorthWestern region of U.S.,” ImperialRussia’s ad on Evolution enthuses. The pitch continues:

“Most of the fullz come with EXTRA FREEBIES inside as additional policyholders. All of the information is accurate and confirmed. Clients are from an insurance company database with GOOD to EXCELLENT credit score! I, myself was able to apply for credit cards valued from $2,000 – $10,000 with my fullz. Info can be used to apply for loans, credit cards, lines of credit, bank withdrawal, assume identity, account takeover.”

Sure enough, the source who alerted me to this listing had obtained numerous fullz from this seller. All of them contained the personal and financial information on people in the Northwest United States (mostly in Washington state) who’d applied for life insurance through American Income Life, an insurance firm based in Waco, Texas.

American Income Life referred all calls to the company’s parent firm — Torchmark Corp., an insurance holding company in McKinney, Texas. This publication shared with Torchmark the records obtained from Imperial Russia. In response, Michael Majors, vice president of investor relations at Torchmark, said that the FBI and Secret Service were assisting the company in an ongoing investigation, and that Torchmark expected to begin the process of notifying affected consumers this week.

“We’re aware of the matter and we’ve been working with law enforcement on an ongoing investigation,” Majors said, after reviewing the documents shared by KrebsOnSecurity. “It looks like we’re working on the same matter that you’re inquiring about.”

Majors declined to answer additional questions, such as whether Torchmark has uncovered the source of the data breach and stopped the leakage of customer records, or when the company believes the breach began. Interestingly, ImperialRussia’s first post offering this data is dated more than three months ago, on June 15, 2014. Likewise, the insurance application documents shared with Torchmark by this publication also were dated mid-2014.

The financial information in the stolen life insurance applications includes the checking and/or savings account information of the applicant, and is collected so that American Income can pre-authorize payments and automatic monthly debits in the event the policy is approved. In a four-page discussion thread on Imperial Russian’s sales page at Evolution, buyers of this stolen data took turns discussing the quality of the information and its various uses, such as how one can use automated phone systems to verify the available balance of an applicant’s bank account.

Jessica Johnson, a Washington state resident whose records were among those sold by ImperialRussia, said in a phone interview that she received a call from a credit bureau this week after identity thieves tried to open two new lines of credit in her name.

“It’s been a nightmare,” she said. “Yesterday, I had all these phone calls from the credit bureau because someone tried to open two new credit cards in my name. And the only reason they called me was because I already had a credit card with that company and the company thought it was weird, I guess.”

ImperialRussia discusses his wares with potential and previous buyers.

ImperialRussia discusses his wares with potential and previous buyers.

More than 1.8 million people were victims of medical ID theft in 2013, according to a report from the Ponemon Institute, an independent research group. I suspect that many of these folks had their medical records stolen and used to open new lines of credit in their names, or to conduct tax refund fraud with the Internal Revenue Service (IRS).

Placing a fraud alert or freeze on your credit file is a great way to block identity thieves from hijacking your good name. For pointers on how to do that, as well as other tips on how to avoid becoming a victim of ID theft, check out this story.

The Colors, Man. THE COLORS.

Sep. 18th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Three words, bakeries:

Mandatory Drug Testing.

I mean, I'm not saying anything - I'm NOT - but I'm just saying.

It's a butt. That sprouted a face. With pigtails.

Any questions?

 

Because if not, *I* have one:

Why is this cake trying to slap me?

"Up high?" Yeeeeah, I think someone's high enough, thank you.

 

I should mention that none of today's cakes are special orders, btw; they were all found hanging out in the regular display case, like it weren't no thang, chicken wang!

Aaaand now I will never use that phrase again.

 

Hey, you know that thin line between genius and insanity?

Yeah, we crossed that MILES back:

I call it, "Surrealistic Post-Modern Plastic Flotsaminism."

OH BOY!

 

These cookies taunt me, you guys. They taunt me with their smug presence, defying rational explanation and blowing virtual raspberries in the face of all common sense.

Plus they won't stop staring.

 

Of course we can all debate the merits of bakery drug testing, but in the end, it is the bakers themselves who get the final word:

Ahh, excellent choice.

 

Thanks to Jen & Jake, Steph H., Jeffrey A., Cinthya F., Sarah S., & Lauren L. for giving us something to squack about.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] epbot_feed

Posted by Jen

 I'm coming up for air from work and cosplay photos to remember there IS a world outside my office.

 A world... soon to be filled with Ghostbuster Krispy Kreme donuts:

 They're filled with marshmallow goo, and they just went on sale this week. WOOT!

I do love it when my two blogs collide, but my Cake Wrecks experience can assure you: they will never look this good in-store. [evil chuckle] Poor StayPuft.

Hey, just realized I'm wearing a StayPuft shirt right now! But then, I have at least half a dozen different StayPuft shirts, so... (It's a sickness. A wonderful, wonderful sickness.)

I'm mostly posting those to assure you guys I *have* seen them, since I'm being bombarded - albeit in a good way - from all social media sides. Heh.

Similarly, yes, I'm SUPER psyched about Hullaballoo, the 2D animated feature being put together by Disney animators (but not for Disney):



 
They've already raised nearly FOUR TIMES their goal amount, and the campaign runs through October 1st, so, YAY STEAMPUNK. (Doesn't it look gorgeous? I'd love to see this turned into a whole series!)


Speaking of Disney-related stuff, Cori S. reminded me that Dapper Day at WDW is coming up again on the 27th, so for you locals or well-timed vacationers:


I like how they call it the "Fall" Soirée, when it's still 91 degrees over here. If last year was any indication, there are going to be some sweaty fur stoles and wool suits over at DHS that day. :( We really should stick to Winter Dapper Days in Florida, don't you think?

That said, I looooove seeing all the fabulous clothes and Disney-Bounding, so I'll try to make it out for the 6PM meetup for photos, at least. (Here are my photos from last year, if you're looking for fashion inspiration!)



Also on the Epbot Facebook page, Teresa M. found me the perfect t-shirt:


 YES.

On average I think I leave the house once a week, and the only times I enjoy leaving the house are for conventions or dates with friends and/or readers. So, yep, gonna need this shirt. (Aha! Finally found it on Look Human for $20.)


And finally, 'fess up, you commenters: John Strangeway paid you all to convince me to watch Tucker & Dave Vs Evil, didn't he? DIDN'T HE? Because he's been pestering me for ages, but it took all your comments on my last post to finally get me to watch it. (That, and John wanted to. ;)

And my verdict?

Absolutely hilarious (I thought John was going to sprain something,) and screamingly gory. (Two words: wood chipper). Fortunately the gore wasn't too psychologically disturbing, if that makes sense, so I just hid behind a couch pillow and yelled my way through it. And you guys are right: Alan Tudyk is a genius. Both guys are, but some of his lines... 


It also helps that you can usually tell when the bloody stuff is coming; no surprise decapitations or anything. Still: SO GORY.  o.0



John and I are already hard at work (him actually working, me "consulting") on another big geeky project, but no pics yet, for fear of the Epbot Project Jinx. Maybe soon, though?

'Til then, Happy Thursday, everyone!
[syndicated profile] evopropinquitous_feed

There may come a time when, late one night deep in the forests of Madagascar, you stumble upon something that is magnificent in its diminution. A creature so glorious in its eensiness that you must steel every nerve to keep the squee at bay. But this encounter was no accident… you spent months of planning, weeks of waiting for permits and equipment, and so many long nights setting traps to ensnare this single, miniscule beast…

And now it is time.

Time to make the decision that will either bring these months to their most glorious fruition, or leave you bitter and empty-handed.

Will you…

1) Gingerly rub the soft mound of its belly… gently! Ever so gently…

2) Daub its tiny ventrum with rubbing alcohol? Cooling sensations help!

Or

3) Delicately squeeze it? It is, after all, roughly the size of a travel-sized toothpaste tube.

Choose, but choose wisely:

There are only so many ways to convince a mouse lemur (Microcebus spp.) to urinate.

And you NEED that urine.

Because science.

image

Special thanks to my one of my favorite partners in gimlet-soaked-Jesus-hosted-glittery-burlesque crime for this post (and the International Primatological Society meetings in Hanoi for bringing us together again). Keep gingerly rubbing those fuzzy bellies, Luca. Keep gingerly rubbing.

[syndicated profile] geekfeminism_feed

Posted by Annalee

When Jim C Hines read the Code of Conduct during the opening ceremonies of this year’s North American Science Fiction Convention, I nearly stood up and cheered. I was so, so grateful to Con Chair Tammy Coxen and safety officer Jesi Pershing–and to Tom Smith and Jim, the Masters of Ceremony–for working to make DetConOne a safe and welcoming environment.

Mary Gardiner and Val Aurora of the Ada Initiative

I was also grateful to the Ada Initiative, who wrote the template anti-harassment policy in effect at the conference. The Ada Initiative is dedicated to increasing the participation of women in open technology and culture–including fan culture. One of their biggest victories has been drastically increasing the adoption of strong, clear, specific anti-harassment policies at conventions. I’m a proud supporter of the Ada Initiative and a member of their Advisory Board. Will you join me in supporting their vital work?

Donate now

Authors Mary Robinette Kowal and N.K. Jemisin–both tireless advocates for safety and diversity in Science Fiction–are supporting the Ada Initiative’s annual fundraiser this year.

Mary Robinette Kowal

The first time I saw Mary Robinette Kowal fight harassment was at a science fiction convention where a guy had just made a gross comment about a cosplayer in front of a packed room. While I was still trying to process what the guy had said, Mary fixed him with the most withering “what on earth just came out of your mouth” stare I have ever seen. The guy literally winced. Then he apologized–and for the rest of the night, he watched his mouth.

I remember thinking that I wished she’d been around when I was a thirteen-year-old cosplayer, getting propositioned for sex in the middle of the dealers’ room. Back then, harassment was so endemic to the Science Fiction community that I thought it was just the price of admission. No one else seemed to mind grown men following me around making gross comments, photographing me without permission, or inviting me to ‘private’ room parties, so I assumed it was a norm I had to adjust to.

I’m grateful for the progress the science fiction community has made since then. If science fiction fandom still looked–and acted–like it did back when I was that awkward thirteen-year-old girl, I’m pretty sure my aspirations of becoming a science fiction writer would be gathering dust on a shelf next to my old convention programs. Now a young professional breaking into the industry, I benefit enormously from the work the Ada Initiative, Mary Robinette, N.K. Jemisin, and others have put into making fandom a safer and more welcoming place.

I strongly recommend the Ada Initiative’s detailed timeline of the anti-harassment movement in science fiction. Part of feminist advocacy is giving credit where it is due, and the Ada Initiative’s timeline documents much of the hard work–and hard workers–behind making fandom a safer and more welcoming space.

NK Jemisin

I’m especially grateful to the writers and fans of color, including NK Jemisin (who’s fantastic Guest of Honor speech from this year’s Wiscon should pretty much be required reading), whose hard work and perseverance in the face of cluelessness, blatant racism, and ongoing threats and harassment has finally begun to change the discourse around race in fandom.

We still have a long way to go before organized fandom truly reflects the vibrance and diversity of the fan community. While this work will never get done without hundreds of volunteers carrying the banner, leaving the fight for diversity exclusively to volunteers is an unfair burden–a ‘second shift’ that falls disproportionately on women and marginalized fans. That’s why I’m proud to support the Ada Initiative, which pays advocates a fair wage to do this vitally important work.

Will you join me?

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Adobe has released a security update for its Acrobat and PDF Reader products that fixes at least eight critical vulnerabilities in Mac and Windows versions of the software. If you use either of these programs, please take a minute to update now.

adobeshatteredUsers can manually check for updates by choosing Help > Check for Updates. Adobe Reader users on Windows also can get the latest version here; Mac users, here.

Adobe said it is not aware of exploits or active attacks in the wild against any of the flaws addressed in this update. More information about the patch is available at this link.

For those seeking a lightweight, free alternative to Adobe Reader, check out Sumatra PDF. Foxit Reader is another popular alternative, although it seems to have become less lightweight in recent years.

Here's Your Sprinkles

Sep. 17th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Sprinkles:

Doin' it wrong:

"Wow, that's a lot of sprinkles."

 

Doin' it wronger:

"Wow, that's a lot of...

"Waaait a minute.

"Is that... paper?"

It IS!!

Not cool, man. Not. Cool.

 

Sorry, Anne-Marie and Katie W.; I guess one of you still can't have any.

Note: If you can't tell, the bottom cake is an edible photocopy of sprinkles. Yupperdoodles.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

Kissing tiger cubs

Credit: Flickr / Tambako The Jaguar

Like a lot of people, I took the Code of Conduct pledge (so I was really pleased to see GHC add one this year), firstly because I see it as a sign that the event is committed to making it a welcoming space for women, and I do really only want to attend events where that is the case. Secondly, because I want to support the general idea that events should have Code of Conducts.

A common thing to hear when organisers are thinking about a Code of Conduct is that it can be taken as a sign that things do happen there and make people more worried about stuff happen.

This blows my mind, because as a woman in a male dominated industry I’ve found the default to be that something happens. I expect something to happen. That doesn’t mean that it’s something appalling, or dangerous, or that I am constantly braced for it (although in certain situations or after a bad run of events I have totally been in this place – and it is not healthy). It usually mean that whenever something does happen, I’m unsurprised.

Honestly, the surprise is usually when the organisers deal with it really well.

I have called out things to organisers at three conferences. Two as a speaker, one as an attendee. Every time, I’ve been really happy with how things were dealt with and found the experience reassuring.

The Code of Conduct may have little effect on what happens. The process and rationale for calling things out is the valuable part. And for me at least, a well handled minor incident actually makes me feel safer than nothing at all.

[syndicated profile] adulting_feed

Just because you love the pungent, long-lasting scent of pickled herring doesn’t mean everyone else will. 

Confidential to my coworkers: I’m really sorry. I had no idea that microwavable pork rinds would make that smell. 

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

C&K Systems Inc., a third-party payment vendor blamed for a credit and debit card breach at more than 330 Goodwill locations nationwide, disclosed this week that the intrusion lasted more than 18 months and has impacted at least two other organizations.

cksystemsOn July 21, 2014, this site broke the news that multiple banks were reporting indications that Goodwill Industries had suffered an apparent breach that led to the theft of customer credit and debit card data. Goodwill later confirmed that the breach impacted a portion of its stores, but blamed the incident on an unnamed “third-party vendor.”

Last week, KrebsOnSecurity obtained some internal talking points apparently sent by Goodwill to prepare its member organizations to respond to any calls from the news media about the incident. Those talking points identified the breached third-party vendor as C&K Systems, a retail point-of-sale operator based in Murrells Inlet, S.C.

In response to inquiries from this reporter, C&K released a statement acknowledging that it was informed on July 30 by “an independent security analyst” that its “hosted managed services environment may have experienced unauthorized access.” The company says it then hired an independent cyber investigative team and alerted law enforcement about the incident.

C&K says the investigation determined malicious hackers had access to its systems “intermittently” between Feb. 10, 2013 and Aug. 14, 2014, and that the intrusion led to the the installation of “highly specialized point of sale (POS) infostealer.rawpos malware variant that was undetectable by our security software systems until Sept. 5, 2014,” [link added].

Their statement continues:

“This unauthorized access currently is known to have affected only three (3) customers of C&K, including Goodwill Industries International. While many payment cards may have been compromised, the number of these cards of which we are informed have been used fraudulently is currently less than 25.”

C&K System’s full statement is posted here.

ANALYSIS

C&K Systems has declined to answer direct questions about this breach. As such, it remains unclear exactly how their systems were compromised, information that could no doubt be helpful to other organizations in preventing future breaches. It’s also not clear whether the other two organizations impacted by this breach have or will disclose.

Here are a few thoughts about why we may not have heard about those other two breaches, and why the source of card breaches can very often go unreported.

Point-of-sale malware, like the malware that hit C&K as well as Target, Home Depot, Neiman Marcus and other retailers this past year, is designed to steal the data encoded onto the magnetic stripe on the backs of debit and credit cards. This data can be used to create counterfeit cards, which are then typically used to purchase physical goods at big-box retailers.

The magnetic stripe on a credit or debit card contains several areas, or “tracks,” where cardholder information is stored: “Track 1″ includes the cardholder’s name, account number and other data. “Track 2,” contains the cardholder’s account, encrypted PIN and other information, but it does not include the account holder’s name.

An example of Track 1 and Track 2 data, together. Source:  Appsecconsulting.com

An example of Track 1 and Track 2 data, together. Source: Appsecconsulting.com

Most U.S. states have data breach laws requiring businesses that experience a breach involving the personal and financial information of their citizens to notify those individuals in a timely fashion. However, few of those notification requirements are triggered unless the data that is lost or stolen includes the consumer’s name (see my reporting on the 2012 breach at Global Payments, e.g.).

This is important because a great many of the underground stores that sell stolen credit and debit data only sell Track 2 data. Translation: If the thieves are only stealing Track 2 data, a breached business may not have an obligation under existing state data breach disclosure laws to notify consumers about a security incident that resulted in the theft of their card data.

ENCRYPTION, ENCRYPTION, ENCRYPTION

Breaches like the one at C&K Systems involving stolen mag stripe data will continue for several years to come, even beyond the much-ballyhooed October 2015 liability shift deadline from Visa and MasterCard.

Much of the retail community is working to meet an October 2015 deadline put in place by MasterCard and Visa to move to chip-and-PIN enabled card terminals at their checkout lanes (in most cases, however, this transition will involve the less-secure chip-and-signature approach). Somewhat embarrassingly, the United States is the last of the G20 nations to adopt this technology, which embeds a small computer chip in each card that makes it much more expensive and difficult (but not impossible) for fraudsters to clone stolen cards.

That October 2015 deadline comes with a shift in liability for merchants who haven’t yet adopted chip-and-PIN (i.e., those merchants not in compliance could find themselves responsible for all of the fraudulent charges on purchases involving chip-enabled cards that were instead merely swiped through a regular mag-stripe card reader at checkout time).

Business Week recently ran a story pointing out that Home Depot’s in-store payment system “wasn’t set up to encrypt customers’ credit- and debit-card data, a gap in its defenses that gave potential hackers a wider window to exploit.” The story observed that although Home Depot “this year purchased a tool that would encrypt customer-payment data at the cash register, two of the former managers say current Home Depot staffers have told them that the installation isn’t complete.”

The crazy aspect of all these breaches over the past year is that we’re only hearing about those intrusions that have been detected. In an era when third-party vendors such as C&K Systems can go 18 months without detecting a break-in, it’s reasonable to assume that the problem is much worse than it seems.

Avivah Litan, a fraud analyst with Gartner Inc., said that at least with stolen credit card data there are mechanisms for banks to report a suspected breached merchant to the card associations. At that point, Visa and MasterCard will aggregate the reports to the suspected breached merchant’s bank, and request that the bank demand that the merchant hire a security firm to investigate. But in the case of breaches involving more personal data — such as Social Security numbers and medical information — very often there are few such triggers, and little recourse for affected consumers.

“It’s usually only the credit and debit card stuff that gets exposed,” Litan said. “Nobody cares if the more sensitive personal data is stolen because nobody is damaged by that except you as the consumer, and anyway you probably won’t have any idea how that data was stolen in the first place.”

Maybe it’s best that most breaches go undisclosed: It’s not clear how much consumers could stand if they knew about them all. In an opinion piece published today, New York Times writer Joe Nocera observed that “seven years have passed between the huge T.J. Maxx breach and the huge Home Depot breach — and nothing has changed.” Nocera asks: “Have we become resigned to the idea that, as a condition of modern life, our personal financial data will be hacked on a regular basis? It is sure starting to seem that way.” Breach fatigue, indeed.

The other observation I’d make about these card breaches is that the entire credit card system in the United States seems currently set up so that one party to a transaction can reliably transfer the blame for an incident to another. The main reason the United States has not yet moved to a more secure standard for handling cards, for example, has a lot to do with the finger pointing and blame game that’s been going on for years between the banks and the retail industry. The banks have said, “If the retailers only started installing chip-and-PIN card readers, we’d start issuing those types of cards.” The retailers respond: “Why should we spend the money upgrading all our payment terminals to handle chip-and-PIN when hardly any banks are issuing those types of cards?” And so it has gone for years.

For its part, C&K systems says it was relying on hardware and software that met current security industry standards but that was nevertheless deficient. Happily, the company reports that it is in the process of implementing point-to-point encryption to block any future attacks on its payment infrastructure.

“What we have learned during this process is that we rely and put our trust in many systems and individuals to help prevent these kinds of things from happening. However, there is no 100% failsafe security solution for hosting Point of Sale environments,” C&K Systems said. Their statement continues:

“The software we host for our customers is from a leading POS company and meets current PCI-DSS requirements of encrypted data in transit and data at rest. Point of sale terminals are vulnerable to memory scraping malware, which catches cards in memory before encryption can occur. Our software vendor is in the process of rolling out a full P2PE solution with tokenization that we anticipate receiving in October 2014. Our experience with the state of today’s threats will help all current and future customers develop tighter security measures to help reduce threat exposure and to make them more cognizant of the APTs that exist today and the impact of the potential threat to their businesses.”

Too many organizations only get religion about security after they’ve had a serious security breach, and unfortunately that inaction usually ends up costing the consumer more in the long run. But that doesn’t mean you have to be further victimized in the process: Be smart about your financial habits.

Using a credit card over a debit card, for example, involves fewer hassles and risks when your card information inevitably gets breached by some merchant. Pay close attention to your monthly statements and report any unauthorized charges immediately. And spend more time and energy protecting yourself from identity theft. Finally, take proactive steps to keep your inbox and your computer from being ravaged by cybercrooks.

[syndicated profile] geekfeminism_feed

Posted by Mary

In 2012, Geek Feminism founder Alex Skud Bayley founded Growstuff, a website and multi-purpose database for food-growers to track what they have planted and harvested and connect with other growers in their local area. Growstuff is now two years old and has launched a crowdfunding campaign to fund API development, which will help outside developers of tools like a harvesting calculator to show you how much money you save by growing food or emailed planting tips and reminders based on your location and climate.

Skud uses open source software and related technologies to effect social and environmental change. She lives in Ballarat, Victoria, where she works on a variety of open tech projects for social justice and sustainability. Skud and I have talked in the past about how Growstuff is among the projects that Geek Feminism contributors have built on principles we brought to and out of Geek Feminism, and I’m kicking off the second week of Growstuff’s fundraiser by asking her more about this.

Q. Which communities is Growstuff modelled on, and what principles has it inherited from them? In particular, how have Geek Feminism and other social justice communities and your work within them influenced Growstuff?

Growstuff open data campaign

Skud: When I started Growstuff, I’d been running Geek Feminism for about 3–4 years, and involved in a few other “women in open source” groups before that. This had led me to watch really closely as different open source communities worked on how to be welcoming and supportive, and to attract participants from different backgrounds and demographics. One thing I saw was that projects founded by women attracted women — no big surprise there I suppose! And, unsurprisingly, Growstuff has attracted a lot of women as developers: roughly half of the 40ish people who’ve made code contributions have been women, and we have lots who’ve volunteered for things like testing and data wrangling as well.

Initially we modeled Growstuff quite heavily on Dreamwidth, which has a majority of women. (Dreamwidth was one of the projects I focused on in my 2009 OSCON keynote, Standing Out in the Crowd.) I also took inspiration from the Agile software development movement.

Extreme Programming, which is the variant of Agile I grew up on, had a lot to say about having real conversations with people involved in the project, working at a sustainable pace, and using introspection to think about the process. I think some of the more recent versions of agile (like Scrum) have made it more business-friendly and, dare I say, macho. But to me, developing software the agile way is about working on the things that are most important, and about honouring each participant’s expertise and their time and energy they bring to the project. So Growstuff has a policy of working closely with our members, getting them involved in the project, and in some ways blurring the lines between tech/non-tech roles. Our choice not to use the term “users” is part of this; we use “members” instead because we feel like “users” distances the people who use Growstuff from the people building the code, and treats them more as consumers rather than collaborators.

Agile development methodologies are probably not what you were thinking about when you asked about social justice movements, but to me, my feminism and the way I work on projects are closely connected. I certainly find agile development (which I do with clients as well as on Growstuff) to be a more egalitarian way of working together than traditional/non-agile approaches.

Q. Your crowdfunding campaign will pay a developer, Frances Hocutt, to work on Growstuff’s API? Why is Growstuff moving towards a paid development model, at least in this case?

Growstuff's Lettuce crop page

Screenshot of Growstuff’s page for the Lettuce crop.

So far, Growstuff’s been built by volunteers. My work on other projects (mostly doing tech contracting for sustainability non-profits) has funded my work on Growstuff, and other volunteers have generally been funded by their own day jobs. Unfortunately, requiring people to volunteer their time not only means you’re relying on their rather variable availability, but those who are likely to have the most availability are generally relatively privileged. That means that the contributor pool will be demographically tilted towards those who happen to be the most affluent and time-rich. In the feminist tech community, we’ve been talking for a while now about labor issues in open source: Ashe Dryden’s The Ethics of Unpaid Labor and the OSS Community is important reading on the subject.

As a matter of principle, I want to be able to pay people to work on Growstuff. Maybe not all people all the time — it’s still an open source project, and our volunteer community is important to us — but I want our contributors to know that they’re not expected to go to extraordinary lengths without remuneration. That includes myself! I guess like many women I find it hard to ask for money for my own work, especially work for a “social good” that is so often undervalued and unpaid. It’s easier for me to ask for money on other people’s behalf.

Frances is exactly the sort of developer I want to work with on Growstuff. She’s come from a career in organic chemistry and switched to open tech. I got to know her through her co-founding Seattle Attic (a feminist hackerspace in Seattle, Washington), and through her Outreach Program for Women internship at the Wikimedia Foundation. By the time I met her I already knew she was a developer with a strong interest in community and collaborative projects, with the right combination of high level thinking, code, documentation and outreach. Her work developing “gold standards” for Wikimedia’s APIs (including the Wikidata API) seemed like a perfect lead-in to working on improving Growstuff’s APIs and helping people build things with them. When I heard she was looking for a short-term contract, I jumped at the chance to see if we could raise the money to pay her to work on Growstuff for a bit.

What principles and techniques could other software projects adopt from Growstuff? And how does Growstuff fit in — or rather, not fit in — to the current venture funded hypergrowth model of software companies?

We’re still trying to figure that out. Growstuff is structured as a sort of hybrid business/social enterprise: the website’s direct expenses are funded by memberships, while my work as Growstuff’s lead developer and organiser is funded indirectly by consulting on other projects. We don’t have any outside investment though we have received a couple of small grants and some support from a government startup program. We’re not seeking traditional VC investment, which makes us rather at odds with most of the “startup scene”, but I would much rather that Growstuff as a whole were funded by the community it serves, than by an external party or parties (investors, advertisers, etc) whose goals and values might be at odds with ours.

The bigger-picture answer, I guess, is that 21st century western-style capitalism increases inequality. The rich get phenomenally richer, and the rest of us get screwed over. If someone offered me the chance to get super rich off Growstuff at the expense of our members and community, I sincerely hope that I’d be able to resist that temptation. Though to be honest, I think Growstuff’s insistence on copyleft licensing and other choices we made early on (such as not to serve ads) mean that nobody’s likely to make that offer anyway. I’ve intentionally set Growstuff up to be more cooperative than capitalist. The trick is to figure out how to fairly support our workers under that model.

I think it depends a lot on our members: people are used to getting online services “for free” in return for their personal information and marketing data, which is used to make a handful of people very rich indeed. Are they going to be willing to resist that easy, attractive evil and become more equal partners in supporting and developing an online service for their/our mutual good? That’s what we still have to find out.

How is food gardening a part of your feminism? (Or feminism part of your food gardening?)

Photograph of Skud wearing a sunhat

Growstuff and Geek Feminism founder Alex Skud Bayley in her garden

I think the connection, for me, is through the idea of DIY — doing it yourself. My feminism is closely tied to my dubiousness about our current capitalist system. As I said, a system that concentrates wealth in a small segment of the population increases inequality. As businesses get bigger, our choices are fewer. I think growing your own food, even in a small way, is an important area of resistance: every pot of herbs on your windowsill means one less thing you buy from a giant supermarket chain. Incidentally, I feel the same way about building our own software and online communities! And I think that those who are least well served by the mainstream capitalist system — women, for instance, who are constantly bombarded by really screwed up messages about what we eat and how we feed our families, trying to sell us highly processed foods that ultimately benefit the companies that design and package them far more than they benefit us — have the most to gain from this.

How can Geek Feminism readers contribute to or support Growstuff?

Well, of course we have the crowdfunding campaign going on at present, to support Frances and myself as we work on Growstuff’s open API.

We’re always looking for people to join our community as contributors: testers, data mavens, coders, designers, writers, and more. Even just diving in to our discussions and weighing in on some of the ideas there helps us a lot — we’re always keen to hear from food-growers (including aspiring/potential ones) about what they’re looking for in Growstuff and how we can improve, or from people who’d like to use our data, to discuss what they have in mind and how we can support them.

Apart from that, just help us spread the word :)

More about Growstuff

You can learn more about Growstuff and its philosophy in the pitch video for the crowdfunding campaign (audio transcript follows):

Hi, I’m Alex Bayley. I write software and I grow vegetables in my backyard. I founded Growstuff in 2012.

More and more people are taking up veggie gardening all over the developed world, especially in cities. That means millions of new gardeners trying to eat and live more sustainably. People are growing food in their backyards, on balconies and in community gardens.

I started to grow my own food because I want to know where it comes from and that it hasn’t been grown with environmentally damaging fertilisers and pesticides. Like a lot of people these days, I worry about food that’s not local. The costs of transportation and the waste from overpackaged food are huge. I think it’s important that we have alternatives to the big supermarkets. And of course homegrown food just tastes so much better and it’s so much better for you.

Like most gardeners, I’m always searching online for information. Most of the growing advice I find isn’t suitable for my climate. I need local information, not something from halfway around the world.

Growstuff started when I met a guy called Federico from Mexico. He’s also a software developer and a permaculturist and he has trouble finding growing information for his local area. So he asked me if I knew of any open databases that had planting information about where to plant any kind of crop anywhere in the world.

We looked around and we couldn’t find anything. Some governments release open data, but it’s usually aimed at big farms. The stuff aimed at home gardeners was usually either just for one region or else the websites had really restrictive rules about what you could use the data for.

I’m a software developer so when I look at data I want to build things. If that data’s locked up where no one can use it that stifles innovation. Growstuff crowdsources information from veggie gardeners around the world. We gather data on what they plant, when and where they plant it, and how to grow it. We use this information to provide local planting advice back to our members and anyone who visits our site.

Growstuff is 100% open source and our data is also open. You can download it straight from our website and use it for any purpose, even commercially. But we want more people to use our data. We’re raising funds to improve our API which lets third party developers use Growstuff to build apps, mashups, tools, or to do research.

With your help, we’ll be creating a new version of our API with more features, building demos, and running workshops for developers. I’ve been working with open data since about 2007 and I think making food growing information freely available is one of the most important things we can do.

Whether you’re a gardener or a software developer or you just care about sustainable food please support Growstuff’s crowdfunding campaign.

Disclosures: in addition to working with Skud on the Geek Feminism project, I’ve worked with her when she was an advisor to the Ada Initiative, an AdaCamp staffer, and in several other capacities over many years.

[syndicated profile] geekfeminism_feed

Posted by spam-spam

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Stick A Pick In It

Sep. 16th, 2014 01:01 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

"... and to avoid any possible mistakes, instead of any writing on the cake I'd like you to just use one of those plastic 'Happy Birthday' picks, please."

 

"No, no, I don't want you to write it, I want you to use one. You know, the 'Happy Birthday' sticks? Yes. One of those."

 

"Maybe I'm using the wrong word. Um... do you have a decorative plaque you put on cakes? One that says 'Happy Birthday'? Because that's all I want. Really. Just that!"

[massaging temples]

 

"See, now you just wrote 'pick' again."

 

"Aha! Well, you DID use some birthday plaques this time. But see, that's all I want! No writing, just one plain 'Happy Birthday' plaque."

 

"I feel like we're going in circles here.

 

"Tell you what, forget the sticks, picks, and plaques, k? Go ahead and write happy birthday. JUST HAPPY BIRTHDAY. That's it. Got it?"

 

Thanks to Emily H., Garret E., Dan N., Savannah W., Shelly F., Melissa W., & Evan H. for today's just desserts.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] epbot_feed

Posted by Jen

Time for more Dragon Con goodness!

And we're going to start off with a bang, because a battle-ready Cinderella holding a bazooka named "Fairy Godmother" is preeeetty much the coolest thing I've ever seen:

Look closely: the bazooka shoots pumpkins. YES. And look at all the other princesses geared up for battle! Lots of great details, but I'm especially loving Aurora's Maleficent-skull staff.

Next up, a stunning... Lady Loki, I think?

 
 That staff alone is a work of art, but also check out her filigree arm bracer, and the delicate snake on her corset! So many pretties.

Dragon Con can be quite family friendly, as this extended family of Krieger clones from Archer will attest:

 This whole group is related: I think there are two parents with their kids & kids' spouses. Now that's how you do a family reunion!

And a reference for the characters:

I'm pretty sure everyone will recognize THIS character:

 
 Remy from Ratatouille! BRILLIANT!! 

Those of you looking for Halloween costume ideas, take note; this would be relatively easy to do!

And here's another easy one, but it made me laugh with delight. Let's see how many of you recognize it:

 
His shirt says "Now I have a machine gun. Ho Ho Ho."

:D

Optimus Prime, ROLL OUT:

 I love that he has windshield wipers.


A perfect Hans & Anna:

By the time I recognized this Zealot from Bioshock Infinite, she'd passed right by me:


(Zealots carry a coffin on their backs, painted with the likeness of Lady Comstock:)


Fortunately John leaped into action, and managed to run ahead for a photo of the Zealot's front - and to my delight, the cosplayer turned out to be a lady Zealot!

 
Zealots are always men in the game, and are rarely cosplayed, so seeing a gender-swapped version made it that much cooler!

Next up, the whole gang from The Lego Movie:

Check out Metalbeard - hee! And the Unikitty Girl is adorable. Oh! And do you see the human version of Wyldstyle in the middle?


Here are four steampunked members of the Green Lantern Corp:
 
 Plus a classic Green Lantern on the right.

Green Lantern's ring was crazy bright, but I thought it looked really cool in this shot:


I saw some familiar faces, too: remember this Ronald/Joker & Wendy/Harley mashup from last year?

 

 But no matter how many times I see it, I will never get tired of Consuela from Family Guy cleaning other peoples' costumes:

And then there were two!



Next, some assorted baddies:


This one is from the video game Alice: The Madness Returns, and I immediately fell in love with her chess piece staff:

Here's the closest reference I can find - sorry it's from the back!


 Next up, a little hurdy durdy cäken schmööshing:

 Swedish Chef! I even got a complimentary "bork bork bork" for my trouble.

I'm proud to say I knew EXACTLY who this was the moment I saw him:
 It's Lt. Dangle from Reno 911! - as a Ghostbuster.

Now THAT is a mashup show I want to see.


Really loved this Strawberry Shortcake outfit:

SO SWEET. Hard to see, but her shoes had the sparkliest crystal strawberries on them.

And how cute is this 2nd Doctor with his Cyber(wo)man lady friend?!

That armor dress is SO GOOD. And look, she cut out eyelash notches in the helmet!

And while we're talking Doctor Who, here's one of The Silence:

 

I generally prefer creepy over gory, but I have to show you guys this next one:

That's my friend the infamous John Strangeway (aka Steampunk Boba Fett) as Dale, and his friend Ben as Tucker - from Tucker & Dale vs Evil.

Aaand a reference, for those of you who - like me - haven't seen it yet:
So if you're wondering, yes, that IS half a torso Strangeway's carrying around his neck up there.
(I've been assured this movie is a comedy. Still not sure I'll ever see it. o.0)

How's this for a perfect accessory - and a fun example of forced perspective?

Carl is wearing a garden hose harness - just like in the movie - and floating behind him is the house from Up! So perfect! Plus he was careful to put on his "grumpy face" for the photo.

As someone who prefers masks when cosplaying, I'm always on the lookout for new and creative ways to cover your face. These two ladies had some of the most unique examples of the whole con:

Funky cool!

I've photographed him before, but this year was the first time I got to officially meet Dave Lee, aka steampunk Darth Vader. Here he is in his diver's costume, which some of you may recognize from the DC parade:

 The back was equally impressive, with all kinds of colored lights and doo-dads:
 And here's Dave's daughter, sporting an incredible captured mermaid cosplay:


Dave tells me they'll be adding even more to this one in the future, like interior lights and more detailing on the robot. She really pulled it off beautifully; definitely one of those costumes that make you look twice!

 Awww, sad mermaid. :(

 I'm hoping to find more photos of this Warhammer Space Marine later, but for now, here's a grainy one:
 
These space marines have a zillion different color schemes & varying details, but here's a general reference:


The cosplayer did have a helmet, too, but apparently he can't really see out of it, so most of the time he left it off.


And finally, what was arguably one of the greatest costumes Dragon Con has EVER seen:

 
HE IS GROOT!

Thank goodness he was so tall, too, or else I'd never have gotten any shots at all. The crowd was glued to him, and a full-body angle was completely out of the question.

This happened when I caught another camera's flash, and I thought it was pretty cool:

 

And then ANOTHER Groot came out, and the crowd went nuts:

 *boop*

And one final shot, which almost has a kind of melancholy to it that I love:

He seems so stoic and sad. I just wanna hug him. Or water him. Or something.

Oh, and do you see the little twig sticking out of his shoulder? Love that.


K, that's it for this installment! And I think I'm just past my half-way point, so... EEK. (I'm pacing myself, so forgive me if it takes even longer for the next batch. I want to talk about things besides cosplay from time to time, too!)

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

One of the risks of using social media networks is having information you intend to share with only a handful of friends be made available to everyone. Sometimes that over-sharing happens because friends betray your trust, but more worrisome are the cases in which a social media platform itself exposes your data in the name of marketing.

leakedinlogoLinkedIn has built much of its considerable worth on the age-old maxim that “it’s all about who you know.” As a LinkedIn user, you can directly connect with those you attest to knowing professionally or personally, but also you can ask to be introduced to someone you’d like to meet by sending a request through someone who bridges your separate social networks. Celebrities, executives or any other LinkedIn users who wish to avoid unsolicited contact requests may do so by selecting an option that forces the requesting party to supply the personal email address of the intended recipient.

LinkedIn’s entire social fabric begins to unravel if any user can directly connect to any other user, regardless of whether or how their social or professional circles overlap. Unfortunately for LinkedIn (and its users who wish to have their email addresses kept private), this is the exact risk introduced by the company’s built-in efforts to expand the social network’s user base.

According to researchers at the Seattle, Wash.-based firm Rhino Security Labs, at the crux of the issue is LinkedIn’s penchant for making sure you’re as connected as you possibly can be. When you sign up for a new account, for example, the service asks if you’d like to check your contacts lists at other online services (such as Gmail, Yahoo, Hotmail, etc.). The service does this so that you can connect with any email contacts that are already on LinkedIn, and so that LinkedIn can send invitations to your contacts who aren’t already users.

LinkedIn assumes that if an email address is in your contacts list, that you must already know this person. But what if your entire reason for signing up with LinkedIn is to discover the private email addresses of famous people? All you’d need to do is populate your email account’s contacts list with hundreds of permutations of famous peoples’ names — including combinations of last names, first names and initials — in front of @gmail.com, @yahoo.com, @hotmail.com, etc. With any luck and some imagination, you may well be on your way to an A-list LinkedIn friends list (or a fantastic set of addresses for spear-phishing, stalking, etc.).

LinkedIn lets you know which of your contacts aren't members.

LinkedIn lets you know which of your contacts aren’t members.

When you import your list of contacts from a third-party service or from a stand-alone file, LinkedIn will show you any profiles that match addresses in your contacts list. More significantly, LinkedIn helpfully tells you which email addresses in your contacts lists are not LinkedIn users.

It’s that last step that’s key to finding the email address of the targeted user to whom LinkedIn has just sent a connection request on your behalf. The service doesn’t explicitly tell you that person’s email address, but by comparing your email account’s contact list to the list of addresses that LinkedIn says don’t belong to any users, you can quickly figure out which address(es) on the contacts list correspond to the user(s) you’re trying to find.

Rhino Security founders Benjamin Caudill and Bryan Seely have a recent history of revealing how trust relationships between and among online services can be abused to expose or divert potentially sensitive information. Last month, the two researchers detailed how they were able to de-anonymize posts to Secret, an app-driven online service that allows people to share messages anonymously within their circle of friends, friends of friends, and publicly. In February, Seely more famously demonstrated how to use Google Maps to intercept FBI and Secret Service phone calls.

This time around, the researchers picked on Dallas Mavericks owner Mark Cuban to prove their point with LinkedIn. Using their low-tech hack, the duo was able to locate the Webmail address Cuban had used to sign up for LinkedIn. Seely said they found success in locating the email addresses of other celebrities using the same method about nine times out ten.

“We created several hundred possible addresses for Cuban in a few seconds, using a Microsoft Excel macro,” Seely said. “It’s just a brute-force guessing game, but 90 percent of people are going to use an email address that includes components of their real name.”

The Rhino guys really wanted Cuban’s help in spreading the word about what they’d found, but instead of messaging Cuban directly, Seely pursued a more subtle approach: He knew Cuban’s latest start-up was Cyber Dust, a chat messenger app designed to keep your messages private. So, Seely fired off a tweet complaining that “Facebook Messenger crosses all privacy lines,” and that as  result he was switching to Cyber Dust.

When Mark Cuban retweeted Seely’s endorsement of Cyber Dust, Seely reached out to Cyberdust CEO Ryan Ozonian, letting him know that he’d discovered Cuban’s email address on LinkedIn. In short order, Cuban was asking Rhino to test the security of Cyber Dust.

“Fortunately no major faults were found and those he found are already fixed in the coming update,” Cuban said in an email exchange with KrebsOnSecurity. “I like working with them. They look to help rather than exploit.. We have learned from them and I think their experience will be valuable to other app publishers and networks as well.”

Cory Scott, director of information security at LinkedIn, said very few of the company’s members opt-in to the requirement that all new potential contacts supply the invitee’s email address before sending an invitation to connect. He added that email address-to-user mapping is a fairly common design pattern, and that is is not particularly unique to LinkedIn, and that nothing the company does will prevent people from blasting emails to lists of addresses that might belong to a targeted user, hoping that one of them will hit home.

“Email address permutators, of which there are many of them on the ‘Net, have existed much longer than LinkedIn, and you can blast an email to all of them, knowing that most likely one of those will hit your target,” Scott said. “This is kind of one of those challenges that all social media companies face in trying to prevent the abuse of [site] functionality. We have rate limiting, scoring and abuse detection mechanisms to prevent frequent abusers of this service, and to make sure that people can’t validate spam lists.”

In an email sent to this reporter last week, LinkedIn said it was planning at least two changes to the way its service handles user email addresses.

“We are in the process of implementing two short-term changes and one longer term change to give our members more control over this feature,” Linkedin spokeswoman Nicole Leverich wrote in an emailed statement. “In the next few weeks, we are introducing new logic models designed to prevent hackers from abusing this feature. In addition, we are making it possible for members to ask us to opt out of being discoverable through this feature. In the longer term, we are looking into creating an opt-out box that members can choose to select to not be discoverable using this feature.”

[syndicated profile] geekfeminism_feed

Posted by Tim Chevalier

The following quasi-anonymous comment was received and acknowledged on the Geek Feminism Wiki’s article about the Gittip crisis.

If I understand the editing policies here (I just read them), lies or heresay [sic] can be printed as fact, because you don’t take an NPOV, you take a feminist point of view. That implies that feminism involves lies or hearsay otherwise you would recognize that incorrect information (whether it supports a feminist viewpoint or not) doesn’t belong in an article of any merit.

“NPOV” stands for “neutral point of view”, a notion that Wikipedia editors take as a governing principle. NPOV is useful in some contexts, but also can be abused to camouflage specific ideologies — especially those that happen to dominate discourse in a particular place and time. Like “meritocracy“, NPOV is an abstraction that may or may not be realizable, but in practice often serves as neutral clothing for the decidedly non-neutral opinions of those who power structures currently happen to serve.

The inimitable Rick Scott took the time to craft a patient reply, which I’m reproducing in its entirety here (with Rick’s permission) because it deserves to reach a broader audience. I think it’s a good companion to Skud’s “Feminist Point of View” talk from July. It also serves as an illustration in a specific case of the general points we make in the Geek Feminism wiki editorial guidelines.

The remainder of this post is Rick’s words, not mine.


You have read the editorial guidelines (for which I thank you), but not understood them. Perhaps I can clarify.

NPOV properly applies to opinions and analysis, not facts. We convey the facts as accurately as we can ascertain them—there’s no such thing as “feminist facts” and “non-feminist facts”.

Having gained our best understanding of the facts at hand, we analyse and interpret those facts from a feminist perspective—one which is informed by the substantial research, scholarship, and critique that the field encompasses. For instance, if a woman is harassed by a male colleague, her supervisor may deny that sexism played a role, explaining the incident in other ways: “He’s just a jerk”; “He’s not good with people”; “Are you sure you aren’t imagining it”, etc. A feminist perspective, however, draws on the considerable research documenting gendered patterns of harassment in the workplace, and points out that this incident is likely part of the larger pattern—that the woman’s gender probably played a significant role in how her colleague elected to treat her.

What you actually take issue with is our approach to matters addressed by Wikipedia’s two other core content policies, namely Verifiability and No Original Research. Our editorial guidelines, which you so kindly read, state (emphasis added):

While citations are preferred wherever possible, we do not require them. Much of our wiki is primary source material, sometimes added anonymously in order to avoid backlash against the whistleblower. Original research is welcome.

To take but one example, harassment and abuse often occur in ways which leave no artifact save the accounts of those involved. Turning our back on these accounts would eliminate our ability to document what happened and undermine our work. Moreover, in the face of a society which tries to silence marginalized people and casts them as liars when they talk about their actual lives, we push back against this erasure by respecting their integrity, taking them at their word, and treating the facts, as they describe them, as facts. This may offend some people’s utopian notions of epistemological purity, but in a world where speaking truth while female can invite significant retribution, this is what we have.

On the topics of truth, fact, whom we presume to be telling the truth, and whom we presume to be lying, you may find some of the articles linked from the Innocent until proven guilty page to be illuminating: specifically, Christie Koehler’s post on Community Safety, and Jill Filipovic’s article The ethics of outing your rapist.

Finally, and separately from all of the generalities above: I can affirm that the information described as “heresay” (sic) comes from an impeccable source, and so am content to leave the description of events as they are. Since nobody has deigned to present any evidence to the contrary, I consider the matter closed. — RickScott, 18:01, September 4, 2014 (UTC)

ABBA-Tastic!

Sep. 15th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Sharyn

"Introducing our new 'Take a Chance' Cake Reclamation Program!"

("Cue music!")

 

If they change their MINDS!

Pipe on thick white lines.

 

Wait, that's not 3?

Cross it out! Who'll see?

 

Don't want your mistakes to show?

Slap some frosting down!

 

Go on fix it, THEY won't know!

Everyone likes brown!

 

If you're all a-LONE!
'cause the bak'ry staff has gone.
Get a piping plea?

Try a black Sharpie!

 

Wanna do your VERY best?
Scrape it off, bye-bye!

Transform that MINNIE mess!
Now it's a bow tie.

 

Take a chance, you'll see...

(That's all I ask of you... Buddy?)

 

All this cake ain't free!

[music screeches to a halt]

 

Er, that'll be $37.50, please.

 

Thanks to Christina B., Limmuel B., Katie T., Stephanie P., Chay H., Kristin A., Kris, & Wendy B for the Money Money Money.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • [warning for discussion of violence, rape threats, suicide] They Are Not Trolls. They Are Men. | Rosie at Make Me a Sammich (Sept 9): “By calling these people “trolls,” we are basically letting them off the hook. It’s a lot like the “boys will be boys” mentality that helps to keep rape culture thriving, but it’s also different, because boys are expected to be human. By calling these people “trolls,” we relegate them to non-human status, and we make it clear that we don’t expect them to live up to the same behavioral standards as human beings.”
  • Researcher loses job at NSF after government questions her role as 1980s activist | Jeffrey Mervis at ScienceInsider (Sept 10): “In August 2013 she took a leave from Union College to join the National Science Foundation (NSF) as a program director in its Division of Undergraduate Education. And that’s when her 3-decade-old foray into political activism came back to haunt her. [...] Barr was grilled for 4.5 hours about her knowledge of three organizations [Women's Committee Against Genocide, the New Movement in Solidarity with Puerto Rican Independence, May 19 Communist Organization] and several individuals with ties to them, including the persons who tried to rob the Brink’s truck [in 1981 near Nyack, New York].”
  • [warning for discussion of sexual harassment] After the Shermer Article: What Do You Decide? | Stephanie Zvan at FreeThoughtBlogs (Sept 11): “This news story contains accounts of three women, named and well-known in skeptic and atheist circles, who say that Michael Shermer engaged in sexual behavior aimed at them without their consent. How many incidents of that sort are you willing to put your reputation behind? That’s what you do when you continue to employ Shermer, entwine your name and reputation with his. If now is not the point when you feel having that name and behavior associated with yours is bad for you, when does that happen?”
  • 17 Rare Images Tell the Real Story of Women in Tech | Michael McCutcheon at Mic (Sept 9): “Tech isn’t a male dominated field, in many respects. Women are responsible for some of the core innovations that drive the Internet today. It’s increasingly important to remember as we read the disquieting stats about the industry. Diversity seeds creativity and it’s possible that women approach the development of tech in slightly different ways that, when combined with others’, helps produce a more powerful Internet. It’s why having more women in tech, and recognizing and celebrating their accomplishments that began over a century ago and continue today, is vital to producing a more powerful future.”
  • [potentially NSFW content] Breasts without Photoshop violate community standards | Sam B at Fit Is a Feminist Issue (Sept 11): “We were banned from Facebook, sent to the virtual time out chair in the corner, for 24 hours. I was also forced to scroll through pages of rules about content and about community standards and then tick boxes promising my photos didn’t contain nudity. Mostly tedious. But I confess I’m a bit riled about what got me banned: ‘Bare Reality: 100 women and their breasts’ A hundred women have bared their breasts and their souls as part of a project to further understanding of how women really feel about their breasts, and how they really look.”
  • Women’s education in Hogwarts (before the first wizarding war) | The Postmodern Potter Compendium (Aug 6): “Question: What are your thoughts on the education of women in the wizarding world? Authorial assumption: Possibly antiquated, similar in nature to education of non-magical British women in the 1800s or so – most conservative people with the least contact with muggle world did not develop that much when women are concerned – given that the wizarding world separated from the muggle world in 1689-1693.”
  • Mother Gothel’s design makes me uncomfortable | Not Your Ex/Rotic (Sept 10): “Her dark, thick, curly hair, her sharp nose, and the way her features are generally perceived as more “ethnic” in comparison to all the other human characters in Tangled – it all reminds me of an archetype for Jewish women”
  • [potentially NSFW content] 23 Female Cartoonists On Drawing Their Bodies | Kristen Radtke at Buzzfeed (Aug 12): [illustrations] “So what happens when women draw their own bodies in a medium that has represented them so poorly? While graphic books published by men each year still outnumber those by women, the exclusionary landscape of American comics has been called into question. From blockbuster successes like Alison Bechdel’s Fun Home and Marjane Satrapi’s Persepolis, to rising indie artists and vibrant online communities, female cartoonists are producing some of the most exciting work in the genre.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Sunday Sweets: Flowery Praise

Sep. 14th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Today? No sculpting. Just beautiful cakes-that-look-like cakes, plus gorgeous sugar flowers.

LET'S DO THIS.

(By Cakes by Mifa)

Those soft ombré ruffles are like a dream vacation for my eyes. Ahhhh. And isn't it amazing how that one sugar branch makes the whole cake?

 

I love how the lilies pop on this monochromatic number:

(By Dream Cake Factory)

Like a line drawing come to life!

 

I've seen wedding cakes modeled after the bride's gown, but here's a first for me: one that matches the Flower Girl!

(By HapiCakes, now renamed Hazel Wong Cake Design)

Ah! So perfect!

 

The baker calls this next one "coffee and cream":

(By Marlene of CakeHeaven)

Fantastic brush embroidery on the flowers, and those soft ruffles & flower sprays are putting the "chic" in "shabby chic."

 

Or, for a more modern look:

(By Ames Cake Creations)

If this were an art exhibit I'd call it, "Flower, Deconstructed." So cool!

 

And if you really want to amp up the drama:

(By White Rose Bakery [now closed], via The Perfect Palette)

It doesn't get more timeless than this! Wowza.

 

Most sugar flowers are technically edible, but of course you wouldn't really WANT to eat them.
Buttercream flowers, on the other hand?

(By Arty Cakes)

Delicious *and* delightful.

 

Here's another cool design: the bottom tier looks like one giant flower:

(By But A Dream Custom Cakes)

Or maybe more like four giant flowers, put together. Whichever, I LIKE.

 

And these bright colors & little corkscrew vines = instant summertime fun.

(Google can't find this one at all, so I think it must be from Facebook. Anyone recognize it?)

Looking at this, I almost don't mind that it's still 93 degrees outside. Almost.

 

And this cool blue beauty has a retro flair to it that I'm really digging:

(Photo by Captured Moments Photography, but there are so many I can't tell which one, and baker unknown. Anyone recognize it?)

Really love the modern shapes to the tiers, though, which complement each other beautifully.

 

And finally, a pastel rainbow so stunning I had to look three times to make sure they weren't real flowers:

(By Sylvia Weinstock Cakes)

Mmmmm. Rainbowy flower goodness. And the quilting! And gold leaf stripes! Definitely my happy place for the day.

Hope you guys found some happy here, too! Happy Sunday!

Be sure to check out our Sunday Sweets Directory to see which bakers in your area have been featured here on Sweets!

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

This Week

Sep. 14th, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

Click to view slideshow.

Life

Lots of interesting meetings, NativeSummit (which was cool), Women in Tech meetup at Facebook, and a meetup for the Nesta Hack my friend and I are taking part in next weekend.

Starting to prep talks for next year, which is fun. Confirming two more conferences to speak at soon! And playing with AutoLayout.

Media

Watching Drop Dead Diva (wow I love that show), and I’m all caught up with the Kardashians. Still reading The Profitable Side Project for non-fiction. Novels, read Friends Like Us, and reading Going Dutch.

Places

Dinner at Addie’s Thai (amazing as always), Giant Robot (terrible), Bamboo Box (cheap and fast sushi), Wahaca (tasty), desert at Workshop Coffee and J+A, breakfast at Pret a Manager (surprisingly delicious), lunch at KIN Street Food (wonderful) and Dragon Palace (BBQ pork buns).

Published

On The Internet

[syndicated profile] hypatia_dot_ca_feed

Posted by Leigh Honeywell

There’s a great piece of Old Internet Culture called Charles’ Rules of Argument. I’ve found it to be extremely useful in how I discuss difficult issues online, in particular in deciding how to pick my battles, what I’m trying to get out of an argument, and how to fight burnout and manage my energy.

You can read the original version if you’re interested in a good yarn, but there’s a wonderful precis of it in the Ada Initiative’s Ally Skills Workshop, which I’ve been teaching a lot over the past few months. Here it is, with my notes in brackets:

  • Don’t go looking for an argument [there will always be enough of those headed your way]
  • State your position once, speaking to the audience [it's hard to convince people to change their minds, but you can often sway observers who are less invested in Being Correct]
  • Reply one more time to correct any misunderstandings of your first statement [Do this after waiting a bit for replies to roll in]
  • Do not reply again [IMPORTANT]
  • Spend time doing something fun instead [Self care! It's a thing! You should do! Eat some ice cream, watch trashy TV, hug a friend.]

I find that I often underestimate the toll that Arguing On The Internet takes on my energy levels. It seems amusing at first and then I look up and it’s two hours later and I’m exhausted. Charles’ Rules are incredibly helpful as a tool to keep you mindful of the impact on your life that online debate can have.

If you liked this post, please consider supporting the Ada Initiative’s work during our annual fundraising drive.


[syndicated profile] geekfeminism_feed

Posted by Leigh Honeywell

A quick last minute note: The Baffler’s “Feminism for What? Equality in the Workplace after Lean In” conference is being livestreamed today, and being livetweeted on #bafflerfemconf. A bit about the event:

For over a year Sheryl Sandberg’s blockbuster of feminist self-help, Lean In, has been setting the agenda for leading-edge discussions about women, men, and work—and with Lean In for Graduates appearing this year, this gospel of empowerment doesn’t seem finished with us yet.

For more awesome social criticism with feminist flair, follow the Baffler on Twitter at @bafflermag.

Tampa Fanboy Expo!

Sep. 13th, 2014 02:17 am
[syndicated profile] epbot_feed

Posted by Jen

John and I took a day trip today (er, Friday) over to Tampa for a little local con called Fanboy Expo. It's one of those small cons that remind me why I love small cons. No crowds! Small panels! Friendly people! Amazing "junk" bins full of cheap toys & collectibles!

So if you're here in central Florida, try to get out there today or tomorrow. Jewel Staite is there, PLUS... James Hance. You know, the artist behind Wookiee the Chew? And this is his first convention EVER, and he brought SO MUCH STUFF, and it is all SO CHEAP.

 My very own original James Hance! Of Sir Didymus & Ambrosius from Labyrinth! Ah! [faints]

So I spent the afternoon being THAT fangirl. You know, the one who kept coming back? And buying more stuff? And finding new people to bring over, and then upselling THEM on his stuff? Yeah. Awk. Ward.

Hance was crazy sweet about it, though, even trying to give me some free stuff for the give-away board here. (But I still paid.) And he was wearing a black Ghostbusters jumpsuit with HANCE embroidered on it, so... yeah. THE COOLEST.

The rest of the shopping at Fanboy is fantastic, too. John and I spent more money in 6 hours there than we did in 4 DAYS at Dragon Con. And it wasn't all to James Hance, I promise.


For example, John got this adorable killer bunny - which I've already displayed next to his "it's just a flesh wound!" Black Knight mini-painting by Katie Cook, because how perfect are they together?? -  from The Monster Cafe. The monsters are handmade by two sisters, who also make GIANT fluffy versions over two feet tall, and I want them all.

(Pictures of John's newly renovated Man Cave will be coming soon, btw. I have a hunch you guys will approve.)

And finally, I have to show you our favorite convention souvenir, which seriously made me a little teary.

What started as a joke with our friend Charlie - "wouldn't it be funny to start an artists' version of Telephone? Where everyone sketches for five minutes before passing it on?" - turned into a real thing, as Charlie immediately started drawing. Then he passed it on to Danny. Who passed it on to Nathan. Who passed it on to Bianca.

Bianca brought it back to us, at which point there was much squealing, and then John & I took over, quickly enlisting more artists to fill in the remaining spaces. 

Aaaannnnd... here it is:



Now I want to do this at every con. (What have you done, Charlie?!)

A million thanks to all our artist friends - some of whom we just met today! - for doing this. If any of you go to Fanboy today or tomorrow, give 'em all a smooch for me... but say it's from John. ;)

And here's a list of everyone who contributed:

Epbot - Charles Thurston
Claptrap - Danny Haas
Wall-E & Eve - Nathan Szerdy
Iron Giant - John Pinto
R2 - James Hance
Batteries Not Included - Bianca Roman-Stumpff
K-9 - Kate Carlton
Portal Turret - Josh Dykstra
Dalek - Victoria Gedvillas
V.I.N.CENT & B.O.B. - Andrew "Drone" Cosson


Ok, nerdy weekend projects are calling my name! Happy Saturday, everyone!
[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • Why gender disaster data matters: ‘In some villages, all the dead were women’ | Global Development Professionals Network | The Guardian: “When we do look at the data, the gender dimension is clear. For example, when it comes to deaths in disasters, women tend to be affected significantly more than men. A household survey carried out by Oxfam in Aceh, Indonesia, following the 2004 Indian Ocean tsunami found that in the most affected areas, up to four women died for every male. “
  • Ursula K. Le Guin wins honorary National Book Award | Star Tribune: “‘Well, it’s taken the literary/critical/academic establishment 60 or 70 years to learn to respect good science fiction and fantasy,’ [LeGuin] told The Associated Press, ‘but hey, you’ve come a long way, baby!'”
  • Meet Black Girls Code, The 2014 TechCrunch Include Grant Recipient | TechCrunch: “As the Include recipient, Black Girls Code will receive tickets and exhibiting space at upcoming events. TechCrunch will also provide coverage of the nonprofit as it grows and serves our community.”
  • Scientist Says Men and Women’s Brains Aren’t Hardwired Differently | XOJane: “’There is quite a lot of thoughtless science being done and quite a lot of overenthusiastic presenting,’ [Rippon] told the Daily Mail. ‘If you just look at gender differences — and not their experiences in life — then yes you might find differences … People who could study these subjects or do these jobs are choosing not to…This must not be explained away by misguided and misleading explanations in terms of unchangeable biological characteristics, or references to ‘the natural order of things.’'”
  • Reddit is a failed state | The Verge: [CW: discusses harassment, victim-blaming] “Reddit wants to be a techno-libertarian’s wet dream, but in practice it’s a weak feudal system that’s actually run by a small group of angry warlords who use ‘free speech’ as a weapon. Reddit is mostly a nice place filled with nice people who run nice little communities, but there’s virtually nothing keeping them safe from bullies like ‘John,’ a 33-year-old man who brazenly dispersed stolen private photos and then cried foul when The Washington Post published information about him. Reddit’s government is more interested in protecting John than the women he harassed.”
  • Tinder Settles Sexual-Harassment Suit With Co-Founder: “Dating-app startup Tinder and its parent company, IAC, have quickly settled a sexual harassment lawsuit filed by one of their co-founders.”
  • Take Back the Fedora — The Archipelago — Medium: “I want to take the fedora back,  because it’s fun to tell MRAs that they can’t have something. They get so mad. But I don’t just want to take it back—I want to earn it.”
  • Penny Red | Why We’re Winning: Social Justice Warriors and the New Culture War: “Games and pickup artistry gave a formal structure to that mindset for this generation, but it’s older than that. The gamification of misogyny predates the internet, but right now, in this world full of angry, broken, lost young men convinced that women have robbed them of some fundamental win in life, it’s rampant.”
  • An update on ‘Humanity or GTFO’: [CW: IRC harassment] ‘ “guys” is not abusive; “boobs or gtfo”, however, is. “please remember that not everyone in the IRC channel is a guy” is not an “attack”; “fuck lindsey”, however, is.’
  • CERIAS : What is wrong with all of you? Reflections on nude pictures, victim shaming, and cyber security: [CW: Discussion of violations of sexual consent and privacy; victim-blaming in comments following the piece] “If we give users lousy technology and tell them it is safe, they use it according to directions, and they do not understand its limitations, they should not be blamed for the consequences. That is true of any technology. The fault lies with the providers and those who provide vague assurances about it. Too bad we let those providers get away with legally disclaiming all responsibility.”
  • We need to talk about the sexual abuse of scientists: [CW: sexual assault, abuse] “A common theme in many cases of sexual assault is that the abusers are known to the people, and are usually in positions of power or trust. Yet a culture of silence allows the abuse to continue with the abusers unchallenged… Scientists rely heavily on their supervisors for recommendations and career advancement. Our peers also become an important part of our professional network for grant reviewing and research collaborations.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Pipe Dreams

Sep. 12th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by john (the hubby of Jen)

"Okay, Tiger, you can do this. It's just an engagement cake, nothing to be afraid of.

"Here goes..."

"Steady... steeeeady..."

"Perfect!

 

"Now to finish up the delicate vine-work on this wedding cake."

[grunting]

 

"This next one calls for 'Cornelli Lace'. Huh."

 

"NAILED IT."

 

And for my piece de resistance, a magical Cinderella coach for the bride and groom's table!!

 

WITNESS THE MAJESTY OF MY CREATION!

HAHAHAHAHAHAHAHAHAHAH!!!!!!!

HAHA!

Heh. Aheh.

I should probably go back to the deli now.

 

Thanks to Jenna P., Jade C., Catherine C., and Vanessa S. for letting me play with clipart again.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Book: Gravitas

Sep. 12th, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

gravitasI read Gravitas (Amazon) really slowly, and part of the reason for that was that I wanted to take the time and process each chapter. The “gravitas” eqation of

Knowledge + purpose + passion (- anxiety) = Gravitas

 is what I think of as “poise”, and as I’ve mentioned before is my goal as a speaker.

There were a couple of tips I found particularly helpful. The first, on being present. FOFBOC, or feet on floor, bum on chair. It’s about being where you are, getting out of your head and back into you body and being where you are. With your feet on the floor, and your bum on the chair.

The other answered a question I had been asking myself. I was wondering why I wasn’t as charismatic in certain situations as I am in other areas of my life. Why is it in some areas people open up to me and tell me things, and in others… the opposite? I wondered if I less able to project warmth in those situations.

So the second thing that I found helpful was the section on gremlins. One of which is the gremlin of feeling threatened, or got at. And I realised, that my charisma was sapped, yes because I feel less warm, but really, because I feel braced for threat.

All in all, I recommend it. I think women need help walking that fine line between being a bitch, and being a pushover. This book, I think, helps us walk it.

Profile

terriko: (Default)
terriko

September 2014

S M T W T F S
 123456
78 910111213
141516 17181920
21222324252627
282930    

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 18th, 2014 07:42 pm
Powered by Dreamwidth Studios