Welcome to Codebook, the cybersecurity newsletter that did not win the NCAA football championship.
Tips? Sending me story ideas is as easy as replying to this email.
Welcome to Codebook, the cybersecurity newsletter that did not win the NCAA football championship.
Tips? Sending me story ideas is as easy as replying to this email.
Photo: Jorge Villalba/Getty
The government is on hiatus. Enemies of the United States are not.
Why it matters: During the government shutdown, essential personnel are exempt from the furlough — so in theory, anyone preventing cybersecurity calamities is still showing up for work. But experts believe the loss of support staff makes the cybersecurity effects of a shutdown bad in the short term and worse in the long term.
The fallout: Consider the difficulty of maintaining security in government networks before a government shutdown. Now try doing that with fewer people.
Those problems will stick around after the shutdown. It's likely, say multiple former federal employees Codebook spoke to, that federal networks will fall behind on basic hygiene tasks.
In the long term, this could do irreparable damage to the federal government's ability to hire cybersecurity talent.
Departments devoted to cybersecurity policies will grind to a halt.
Security-related investigations and prosecutions at the FBI and Department of Justice will continue with all employees carried over.
The bottom line: Furloughing cybersecurity staff creates both short-term and long-term vulnerabilities.
A German man has confessed to releasing documents on German politicians, journalists and other high-profile individuals under the guise of a Twitter advent calendar.
Details, including the suspect's name, are still hazy, but what is known is this:
Germany reached out to the NSA for help investigating the data leaks.
Photo: Tony Savino/Getty
WikiLeaks sent reporters a "confidential" document Sunday to tell them not to say certain things about the site or its head, Julian Assange.
The intrigue: One thing no one can say about WikiLeaks — because it isn't true, not because it's in the document — is that the site has been particularly straightforward with the public about the document, which was quickly leaked by independent reporter Emma Best.
Best published the document as it was sent to reporters. WikiLeaks followed suit Monday, tweeting "FULL DOC: WikiLeaks' legal letter of media myths and falsehoods, in the news today, has, unsurprisingly, leaked" with a link.
But, but, but: The document WikiLeaks shared by tweet was not the same as the list it sent to reporters. As Best noted, the tweeted link (labeled version 1.3 of the document) edited a number of the lines that WikiLeaks was being mocked for — including:
While WikiLeaks edited parts of the document that related to the site, it did not correct a portion of the document misidentifying the gender of Chelsea Manning, convicted of leaking diplomatic cables to WikiLeaks.
USA Really — a site recently sanctioned by the Treasury Department as a Russian influence operation — lost its security certificate over the weekend, according to McClatchy News.
Why it matters: Security certificates allow sites to open "https" connections, which are often necessary to prevent browser warnings that sites are not secure.
Details: Treasury's move apparently led USA Really's certificate issuer, Let's Encrypt, to revoke its certificate.
Codebook will return on Thursday