Normal view
Farage says Zelenskiy should seek Ukraine peace deal with Russia
President should rethink goal of reclaiming all lost territory, says Reform UK leader in latest remarks about war
Nigel Farage has urged Volodymyr Zelenskiy to seek a peace deal with Russia, “otherwise there will be no young men left in Ukraine”.
The Reform UK leader, who has been criticised for suggesting the west provoked Russian aggression against Ukraine, said it was time for the Ukrainian president to rethink his goal of reclaiming all territory lost to Vladimir Putin’s invasion, as such a mission was going to be “incredibly difficult”.
Continue reading...© Photograph: Finnbarr Webster/Getty Images
© Photograph: Finnbarr Webster/Getty Images
-
The Guardian
- Reform on student fees and Labour on 'fleeceholds' – could we build a better Britain using party manifestos? | Zoe Williams
Reform on student fees and Labour on 'fleeceholds' – could we build a better Britain using party manifestos? | Zoe Williams
I read them all so you don’t have to. None in isolation would set the world alight, but look closely and there are some good ideas
It is true that election manifestos can’t be compared like with like – and in recent years, the variation of detail, trustworthiness and meaning has become more pronounced than ever. But it is also true that there are things to be gleaned from their recurring themes. Moreover, there are objectively good ideas which may emanate from a party that will never be able to enact them, but nevertheless deserve exposure.
Looked at that way, it’s a great year to be a dentist, or in construction. Every party (bar Reform and the SNP) talks a great game on dental provision – even, ironically, the Conservatives, who have a £200m “recovery plan”. Toothache doesn’t feel very metaphorical when you have it, but the issue speaks to a broader truth that Keir Starmer made explicit in his manifesto launch speech: that the real-life impacts of degraded public services are too stark to ignore – which is precisely why everyone is pledging that the nothing-works years are over.
Continue reading...© Composite: Guardian Design – Getty images/Alamy
© Composite: Guardian Design – Getty images/Alamy
Nigel Farage outperforms all other UK parties and candidates on TikTok
Exclusive: Videos on Reform leader’s account show more engagement and average views than any other candidate
Nigel Farage is outperforming all other parties and candidates on TikTok throughout the general election campaign, analysis shows, eclipsing politicians considered most popular among young people.
Since the election was called, videos posted to the Reform leader’s personal account had more engagement and views on average than any other candidate – as well as the main channels of other parties.
Continue reading...© Photograph: Finnbarr Webster/Getty Images
© Photograph: Finnbarr Webster/Getty Images
Election Extra: Farage doubles down – podcast
Rishi Sunak has heavily criticised comments from Nigel Farage that the west provoked Russia’s invasion of Ukraine. Archie Bland reports
Continue reading...© Photograph: Jordan Pettitt/PA
© Photograph: Jordan Pettitt/PA
Data Dump of Patient Records Possible After UK Hospital Breach
Read more of this story at Slashdot.
Microsoft Admits No Guarantee of Sovereignty For UK Policing Data
Read more of this story at Slashdot.
-
Cybersecurity News and Magazine
- UK’s Sellafield Nuclear Waste Site Pleads Guilty To Cybersecurity Failings
UK’s Sellafield Nuclear Waste Site Pleads Guilty To Cybersecurity Failings
Sellafield Nuclear Waste Site's Cybersecurity Failings
Concerns over the site's security implementations grew after a 2012 report warned of "critical security vulnerabilities" requiring urgent attention. Due to the extreme sensitivity of the issues, problems were referred to with the codename "Voldemort." While Sellafield stated there has never been a successful cyberattack, revelations of IT failures last year raised alarms. In an investigative report last year, the Guardian uncovered that the site had been attacked by threat actors affiliated with the Russian and Chinese governments. The report found out that the site's authorities were not aware of when Sellafield's systems began to be compromised, but breaches may have gone as far back as the year 2015. In 2015, security experts had realized that Sellafield's computer systems had been compromised by sleeper malware. Sellafield had been earlier forced into “special measures” for regular cybersecurity failings by the UK's Office for Nuclear Regulation (ONR) and security services. The status of the compromised systems are unknown, but may have possibly led to the theft of sensitive information regarding moving of radioactive waste, monitoring for leaks of dangerous material, and fire checks. Sellafield stated that current protections on critical systems are robust, with isolated networks preventing external IT breaches from penetrating operational controls. An ONR spokesperson stated to the Guardian: “We acknowledge that Sellafield Limited has pleaded guilty to all charges," but emphasized that there was no evidence the vulnerabilities led to compromise. A Sellafield spokesman stated in the report, “We have pleaded guilty to all charges and cooperated fully with ONR throughout this process. The charges relate to historic offences and there is no suggestion that public safety was compromised."Concerns of GMB Trade Union
With attention now focused on improving cyber resilience, officials are working to prevent sensitive materials or dangerous nuclear operations from potential disruption by hackers. Earlier the GMB trade union, which represents tens of thousands of workers across the energy industry, also expressed concerns over the security of Sellafield, with its national secretary Andy Prendergast noting a “lack of training and competence among staff, inadequate safety procedures and a culture of fear and intimidation.” Prendergast added, “GMB has repeatedly raised concerns over safety and staffing levels, which are mainly due to turnover and the age and demographic of the workforce.” Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.How's it going, Rishi? The 2024 UK general election thread
...Laura Saunders' husband turned out to be the Conservatives' director of campaigning, Tony Lee, who is also facing questions from the Gambling Commission and has taken a leave of absence two weeks out from the election. Tory campaign resources are being moved out of constituencies with majorities of around 10,000 because they are no longer viewed as winnable. The Conservatives deleted an unfortunately timed social media post that warned "if you bet on Labour, you can never win" alongside a video of a roulette wheel, that had already been viewed 1.4m times. Promotion started for Boris Johnson's forthcoming book, with a picture of the former prime minister looking like a particularly monstrous horror movie villain, and the tagline: "UNLEASHED". Where do the Tories go from here? The answer appears to be the Hurlingham Club, where they are holding their summer party tonight. Tables cost £12,000." [Previouslyer][Countdown] Politico: Betting scandal engulfs UK election. Metro: What happens if a prime minister loses their seat in a General Election? The National: Polls may be wrong and Tories could win the election, claims Michael Gove Highest-rated comment: Must have changed his dealer, the new blow has addled what's left of his very limited intellect.
Officials Query if Any Deaths Directly Linked To UK Hospital Hack
Read more of this story at Slashdot.
London Underground Hosts Tests For 'Quantum Compass' That Could Replace GPS
Read more of this story at Slashdot.
Pride month small press books roundup
The Ace and Aro Relationship Guide: Making It Work in Friendship, Love, and Sex by Cody Daigle-Orians (Jessica Kingsley Publishers, 21 Oct 2024): Whether we're talking about friendships, romantic relationships, casual dates or intimate partners, this guide will help you not only live authentically in your ace and aro identity, but joyfully share it with others. (Amazon; Bookshop) And Then There Was One by Michele Castleman (Bold Strokes Books, 1 June 2024): Six weeks after Lyla Smith dragged her sister's dead body onto the Lake Erie shore, she escapes her small Ohio town to work as a nanny for distant relatives on their remote private island. (Amazon; Bookshop) Antiquity by Hanna Johannson, trans. Kira Josefsson (Catapult, 6 Feb 2024): Elegant, slippery, and provocative, Antiquity is a queer Lolita story by prize-winning Swedish author Hanna Johansson—a story of desire, power, obsession, observation, and taboo. (Amazon;
- All-Night Pharmacy (Ruth Madievsky, Catapult, Winner of the National Jewish Book Award for Debut Fiction)
- Birthright (George Abraham, Button Poetry, "every pronoun is a Free Palestine," Bisexual Poetry Finalist in the 2021 Lambda Literary Awards; Button Poetry also has a 3 for $36 Pride Month deal going on, including Birthright and poetry by Blythe Baird, Sierra DeMulder, Andrea Gibson, Ebony Stewart, and more)
- Boulder (Eva Baltasar, trans. Julia Sanches, And Other Stories, a queer couple struggles with motherhood, shortlisted for the 2023 International Booker Prize)
- Brown Neon: Essays (Raquel Gutiérrez, Coffee House Press, "part butch memoir, part ekphrastic travel diary, part queer family tree")
- Cecilia (K-Ming Chang, Coffee House Press, an "erotic, surreal novella")
- Corey Fah Does Social Mobility (Isabel Waidner, Graywolf, "A novel that celebrates radical queer survival and gleefully takes a hammer to false notions of success")
- A Dream of a Woman (Casey Plett, Arsenal Pulp Press, short stories by the author of the Lambda Literary Award-winning Little Fish)
- Everything for Everyone: An Oral History of the New York Commune, 2052-2072 (Eman Abdelhadi & M. E. O'Brien, Common Notions, speculative fiction)
- Feed (Tommy Pico, Tin House Books, fourth book in Teebs tetralogy, "an epistolary recipe for the main character, a poem of nourishment, and a jaunty walk through New York's High Line park, with the lines, stanzas, paragraphs, dialogue, and registers approximating the park's cultivated gardens of wildness")
- Females (Andrea Long Chu, Verso, provocative genre-defying investigation into femaleness)
- The Free People's Village (Sim Kern, Levine Querido, a novel of "eat-the-rich climate fiction")
- The Future Is Disabled: Prophecies, Love Notes and Mourning Songs (Lambda Literary Award-winning Leah Lakshmi Piepzna-Samarasinha, Arsenal Pulp Press, disability justice, care and mutual aid)
- Her Body and Other Parties: Stories (Carmen Maria Machado, Graywolf Press, "blithely demolishes the arbitrary borders between psychological realism and science fiction... to shape startling narratives that map the realities of women's lives and the violence visited upon their bodies")
- High-Risk Homosexual: A Memoir (Edgar Gomez, Soft Skull, "a touching and often hilarious spiralic path to embracing a gay, Latinx identity against a culture of machismo")
- Homie: Poems (Danez Smith, Graywolf Press, finalist for the National Book Critics Circle Award for Poetry and the NAACP Image Award for Poetry)
- How to Fuck Like a Girl (Vera Blossom, Dopamine/Semiotext(e), a how-to guide)
- I Love This Part (Tillie Walden, Avery Hill Publishing, graphic novel of teen queer love)
- It Came from the Closet: Queer Reflections on Horror (ed. Joe Vallese, Feminist Press, essays by Carmen Maria Machado, Bruce Owens Grimm, Richard Scott Larson)
- Love Is an Ex-Country: A Memoir (Randa Jarrar, Catapult, "Queer. Muslim. Arab American. A proudly Fat femme.")
- Mrs. S (K. Patrick, Europa Editions, a butch English boarding school matron begins an illicit affair with the headmaster's wife)
- Outwrite: The Speeches That Shaped LGBTQ Literary Culture (eds. Julie R. Enszer, Elena Gross, Rutgers UP, 27 of the most memorable speeches from the OutWrite conference)
- Playboy (Constance Debre, trans. Holly James, Semiotext(e), the first volume of the renowned trilogy on the author's decision to abandon her bourgeois Parisian life to become a lesbian and writer)
- Sluts: Anthology (ed. Michelle Tea, Dopamine Books, anthology of essays and stories on sexual promiscuity in contemporary American culture)
- Stone Fruit (Lee Lai, Fantagraphics Books, a queer couple opens up to their families in this 2022 Lambda Literary Award winner for Comics)
- Survival Takes a Wild Imagination: Poems (Fariha Róisín, Andrews McMeel Publishing, "Who is my family? My father? How do I love a mother no longer here? Can I see myself? What does it mean to be Bangladeshi? What is a border?")
- Time Is the Thing a Body Moves Through (T. Fleischmann, Coffee House Press, "an autobiographical narrative of embodiment, visual art, history, and loss")
- Thunder Song: Essays (Sasha Lapointe, Counterpoint LLC, what it means to be a proudly queer indigenous woman in the USA)
- The Tradition (Jericho Brown, Copper Canyon Press, Pulitzer Prize-winning poetry that examines black bodies, desire, privilege and resistance)
- When We Were Sisters (Fatimah Asghar, One World, "traces the intense bond of three orphaned siblings," longlisted for the National Book Award)
- You Exist Too Much (Zaina Arafat, Catapult: Palestinian American queer coming-of-age novel)
- Your Emergency Contact Has Experienced an Emergency (Chen Chen, BOA Editions, "What happens when everything falls away, when those you call on in times of need are themselves calling out for rescue?")
The UK General Election: 25 more days of ... this ... to go
LockBit Victim? Ask FBI for Your Ransomware Key
![Bryan Vorndran, assistant director of the FBI’s Cyber Division, standing in front of a U.S. flag, looking stern](../themes/icons/grey.gif)
Spy warez: Assistant director of the FBI’s Cyber Division Bryan Vorndran (pictured) might have the key to unscramble your files.
The post LockBit Victim? Ask FBI for Your Ransomware Key appeared first on Security Boulevard.
The UK Bans Default Passwords
The UK is the first country to ban default passwords on IoT devices.
On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted.
The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.
The UK may be the first country, but as far as I know, California is the first jurisdiction. It banned default passwords in 2018, the law taking effect in 2020.
This sort of thing benefits all of us everywhere. IoT manufacturers aren’t making two devices, one for California and one for the rest of the US. And they’re not going to make one for the UK and another for the rest of Europe, either. They’ll remove the default passwords and sell those devices everywhere.
Another news article.
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years.
Onerep’s “Protect” service starts at $8.33 per month for individuals and $15/mo for families, and promises to remove your personal information from nearly 200 people-search sites. Onerep also markets its service to companies seeking to offer their employees the ability to have their data continuously removed from people-search sites.
![](../themes/icons/grey.gif)
A testimonial on onerep.com.
Customer case studies published on onerep.com state that it struck a deal to offer the service to employees of Permanente Medicine, which represents the doctors within the health insurance giant Kaiser Permanente. Onerep also says it has made inroads among police departments in the United States.
But a review of Onerep’s domain registration records and that of its founder reveal a different side to this company. Onerep.com says its founder and CEO is Dimitri Shelest from Minsk, Belarus, as does Shelest’s profile on LinkedIn. Historic registration records indexed by DomainTools.com say Mr. Shelest was a registrant of onerep.com who used the email address dmitrcox2@gmail.com.
A search in the data breach tracking service Constella Intelligence for the name Dimitri Shelest brings up the email address dimitri.shelest@onerep.com. Constella also finds that Dimitri Shelest from Belarus used the email address d.sh@nuwber.com, and the Belarus phone number +375-292-702786.
Nuwber.com is a people search service whose employees all appear to be from Belarus, and it is one of dozens of people-search companies that Onerep claims to target with its data-removal service. Onerep.com’s website disavows any relationship to Nuwber.com, stating quite clearly, “Please note that OneRep is not associated with Nuwber.com.”
However, there is an abundance of evidence suggesting Mr. Shelest is in fact the founder of Nuwber. Constella found that Minsk telephone number (375-292-702786) has been used multiple times in connection with the email address dmitrcox@gmail.com. Recall that Onerep.com’s domain registration records in 2018 list the email address dmitrcox2@gmail.com.
It appears Mr. Shelest sought to reinvent his online identity in 2015 by adding a “2” to his email address. The Belarus phone number tied to Nuwber.com shows up in the domain records for comversus.com, and DomainTools says this domain is tied to both dmitrcox@gmail.com and dmitrcox2@gmail.com. Other domains that mention both email addresses in their WHOIS records include careon.me, docvsdoc.com, dotcomsvdot.com, namevname.com, okanyway.com and tapanyapp.com.
![](../themes/icons/grey.gif)
Onerep.com CEO and founder Dimitri Shelest, as pictured on the “about” page of onerep.com.
A search in DomainTools for the email address dmitrcox@gmail.com shows it is associated with the registration of at least 179 domain names, including dozens of mostly now-defunct people-search companies targeting citizens of Argentina, Brazil, Canada, Denmark, France, Germany, Hong Kong, Israel, Italy, Japan, Latvia and Mexico, among others.
Those include nuwber.fr, a site registered in 2016 which was identical to the homepage of Nuwber.com at the time. DomainTools shows the same email and Belarus phone number are in historic registration records for nuwber.at, nuwber.ch, and nuwber.dk (all domains linked here are to their cached copies at archive.org, where available).
Update, March 21, 11:15 a.m. ET: Mr. Shelest has provided a lengthy response to the findings in this story. In summary, Shelest acknowledged maintaining an ownership stake in Nuwber, but said there was “zero cross-over or information-sharing with OneRep.” Mr. Shelest said any other old domains that may be found and associated with his name are no longer being operated by him.
“I get it,” Shelest wrote. “My affiliation with a people search business may look odd from the outside. In truth, if I hadn’t taken that initial path with a deep dive into how people search sites work, Onerep wouldn’t have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I’m aiming to do better in the future.” The full statement is available here (PDF).
Original story:
Historic WHOIS records for onerep.com show it was registered for many years to a resident of Sioux Falls, SD for a completely unrelated site. But around Sept. 2015 the domain switched from the registrar GoDaddy.com to eNom, and the registration records were hidden behind privacy protection services. DomainTools indicates around this time onerep.com started using domain name servers from DNS provider constellix.com. Likewise, Nuwber.com first appeared in late 2015, was also registered through eNom, and also started using constellix.com for DNS at nearly the same time.
Listed on LinkedIn as a former product manager at OneRep.com between 2015 and 2018 is Dimitri Bukuyazau, who says their hometown is Warsaw, Poland. While this LinkedIn profile (linkedin.com/in/dzmitrybukuyazau) does not mention Nuwber, a search on this name in Google turns up a 2017 blog post from privacyduck.com, which laid out a number of reasons to support a conclusion that OneRep and Nuwber.com were the same company.
“Any people search profiles containing your Personally Identifiable Information that were on Nuwber.com were also mirrored identically on OneRep.com, down to the relatives’ names and address histories,” Privacyduck.com wrote. The post continued:
“Both sites offered the same immediate opt-out process. Both sites had the same generic contact and support structure. They were – and remain – the same company (even PissedConsumer.com advocates this fact: https://nuwber.pissedconsumer.com/nuwber-and-onerep-20160707878520.html).”
“Things changed in early 2016 when OneRep.com began offering privacy removal services right alongside their own open displays of your personal information. At this point when you found yourself on Nuwber.com OR OneRep.com, you would be provided with the option of opting-out your data on their site for free – but also be highly encouraged to pay them to remove it from a slew of other sites (and part of that payment was removing you from their own site, Nuwber.com, as a benefit of their service).”
Reached via LinkedIn, Mr. Bukuyazau declined to answer questions, such as whether he ever worked at Nuwber.com. However, Constella Intelligence finds two interesting email addresses for employees at nuwber.com: d.bu@nuwber.com, and d.bu+figure-eight.com@nuwber.com, which was registered under the name “Dzmitry.”
PrivacyDuck’s claims about how onerep.com appeared and behaved in the early days are not readily verifiable because the domain onerep.com has been completely excluded from the Wayback Machine at archive.org. The Wayback Machine will honor such requests if they come directly from the owner of the domain in question.
Still, Mr. Shelest’s name, phone number and email also appear in the domain registration records for a truly dizzying number of country-specific people-search services, including pplcrwlr.in, pplcrwlr.fr, pplcrwlr.dk, pplcrwlr.jp, peeepl.br.com, peeepl.in, peeepl.it and peeepl.co.uk.
The same details appear in the WHOIS registration records for the now-defunct people-search sites waatpp.de, waatp1.fr, azersab.com, and ahavoila.com, a people-search service for French citizens.
A search on the email address dmitrcox@gmail.com suggests Mr. Shelest was previously involved in rather aggressive email marketing campaigns. In 2010, an anonymous source leaked to KrebsOnSecurity the financial and organizational records of Spamit, which at the time was easily the largest Russian-language pharmacy spam affiliate program in the world.
Spamit paid spammers a hefty commission every time someone bought male enhancement drugs from any of their spam-advertised websites. Mr. Shelest’s email address stood out because immediately after the Spamit database was leaked, KrebsOnSecurity searched all of the Spamit affiliate email addresses to determine if any of them corresponded to social media accounts at Facebook.com (at the time, Facebook allowed users to search profiles by email address).
That mapping, which was done mainly by generous graduate students at my alma mater George Mason University, revealed that dmitrcox@gmail.com was used by a Spamit affiliate, albeit not a very profitable one. That same Facebook profile for Mr. Shelest is still active, and it says he is married and living in Minsk [Update, Mar. 16: Mr. Shelest’s Facebook account is no longer active].
Scrolling down Mr. Shelest’s Facebook page to posts made more than ten years ago show him liking the Facebook profile pages for a large number of other people-search sites, including findita.com, findmedo.com, folkscan.com, huntize.com, ifindy.com, jupery.com, look2man.com, lookerun.com, manyp.com, peepull.com, perserch.com, persuer.com, pervent.com, piplenter.com, piplfind.com, piplscan.com, popopke.com, pplsorce.com, qimeo.com, scoutu2.com, search64.com, searchay.com, seekmi.com, selfabc.com, socsee.com, srching.com, toolooks.com, upearch.com, webmeek.com, and many country-code variations of viadin.ca (e.g. viadin.hk, viadin.com and viadin.de).
Domaintools.com finds that all of the domains mentioned in the last paragraph were registered to the email address dmitrcox@gmail.com.
Mr. Shelest has not responded to multiple requests for comment. KrebsOnSecurity also sought comment from onerep.com, which likewise has not responded to inquiries about its founder’s many apparent conflicts of interest. In any event, these practices would seem to contradict the goal Onerep has stated on its site: “We believe that no one should compromise personal online security and get a profit from it.”
Max Anderson is chief growth officer at 360 Privacy, a legitimate privacy company that works to keep its clients’ data off of more than 400 data broker and people-search sites. Anderson said it is concerning to see a direct link between between a data removal service and data broker websites.
“I would consider it unethical to run a company that sells people’s information, and then charge those same people to have their information removed,” Anderson said.
Last week, KrebsOnSecurity published an analysis of the people-search data broker giant Radaris, whose consumer profiles are deep enough to rival those of far more guarded data broker resources available to U.S. police departments and other law enforcement personnel.
That story revealed that the co-founders of Radaris are two native Russian brothers who operate multiple Russian-language dating services and affiliate programs. It also appears many of the Radaris founders’ businesses have ties to a California marketing firm that works with a Russian state-run media conglomerate currently sanctioned by the U.S. government.
KrebsOnSecurity will continue investigating the history of various consumer data brokers and people-search providers. If any readers have inside knowledge of this industry or key players within it, please consider reaching out to krebsonsecurity at gmail.com.
Update, March 15, 11:35 a.m. ET: Many readers have pointed out something that was somehow overlooked amid all this research: The Mozilla Foundation, the company that runs the Firefox Web browser, has launched a data removal service called Mozilla Monitor that bundles OneRep. That notice says Mozilla Monitor is offered as a free or paid subscription service.
“The free data breach notification service is a partnership with Have I Been Pwned (“HIBP”),” the Mozilla Foundation explains. “The automated data deletion service is a partnership with OneRep to remove personal information published on publicly available online directories and other aggregators of information about individuals (“Data Broker Sites”).”
In a statement shared with KrebsOnSecurity.com, Mozilla said they did assess OneRep’s data removal service to confirm it acts according to privacy principles advocated at Mozilla.
“We were aware of the past affiliations with the entities named in the article and were assured they had ended prior to our work together,” the statement reads. “We’re now looking into this further. We will always put the privacy and security of our customers first and will provide updates as needed.”