1. Very few of the emails are DKIM signed. Check for yourself.
2. Even where DKIM is signed, it relies on the following assumtions.
A: The attacker has not compromised the Google private key
B: The attacker has not compromised DKIM or any of the technologies it relies on
C: The attacker had not compromised the sending account at the time of sending.
The requirement of assumption C is applicable regardless of who the attacker is. Assumptions A and B fail when considering a highly motivated state actor. It should go without saying that everyone here knows that major powers actively work on things like A & B, and C is their bread and butter.
Do I think that a power like, say, Russia, has compromised DKIM itself, or any of the technologies it relies on? Probably not, but I certainly wouldn't put it past them. Do I think that said entity has compromised the Google private key? Probably not, but again, I certainly wouldn't put it past them. I absolutely would not put C past them - but it depends on the importance attached to the topic at hand.
To reiterate: the majority of the leak will be real. But there is an active, demonstrable history this cycle, of the attackers salting the leaks with fakes, using the real content to try to legitimize the fakes, so try not to be naive about all this.
Right. Keep denying our reality.
Right. So let's take a look at how this "excerpt the gotcha" plays into that.
Slashdot writes about Zuckerberg:
a later exchange between Sandberg and Podesta showed that Mark Zuckerberg was looking to get in on the action a bit, and perhaps curry favor with Podesta and the Clinton camp in shaping public policy.
Except that the email from Shelly about Zuckerberg very clearly begins:
Mark is meeting with people to learn more about next steps for his philanthropy and social action and it’s hard to imagine someone better placed or more experienced than you to help him. He’s begun to think about whether/how he might want to shape advocacy efforts to support his philanthropic priorities and is particularly interested in meeting people who could help him understand how to move the needle on the specific public policy issues he cares most about
Likewise on the other email from Cheryl. They mention the "She came over and was magical with my kids" re. Clinton. They don't bother mentioning the reason for Hillary's visit, which can be seen in what she's replying to:
To: Sheryl Sandberg
Subject: At a loss for words
Can't imagine your pain, but know that you are surrounded by people who love you. Mary and I are praying for you, the kids and, in our Catholic way also for Dave.
Thank you – means a lot to me that you reached out.
And I like that you are praying for Dave. I have to believe in heaven now.
This wasn't some buddy-buddy campaign visit, this was a "person I know's husband just died" visit. Likewise, the implication that they're supposed to give here is that they know her because of Facebook. No bothering to mention that the reason that they actually know her is because she was Larry Summers' Chief of Staff during the Clinton administration.
Almost anything can be made to look sinister when you take it completely out of context. Which is the whole purpose of these emails.
Furthermore, do you honestly think you couldn't do the exact same thing by picking through the Trump campaign's internal messaging? Do you have any clue how many people of note a major campaign interacts with, how many people work for them, etc? We know given Trumps record on server security that hacking him would have been a breeze, but miraculously nobody bothered. Why do you think that is?
Lastly: take everything you read with a grain of salt. I know everyone's reaction to statements that emails could have been altered (and scattered amongst real ones) is going to be "You just don't want to discuss them!" No, the reason you should take things with a grain of salt is that the other anti-Clinton hacks this year have done exactly that. Leaks posted by the hackers in different places involved cases where they had involved changing the same file to say different things (such as a donation list where they added a donation from Soros to a Russian democracy activist, but had different values for the donation in different versions of their release), cases where files were dated to after the hack occurred, and cases where file metadata showed the changes they'd been making. Salting real data with fake is something that they've been doing this year, so it'd be naive to think that they're just going to stop doing it now. Come on, even the most die-hard Clinton hater is going to be hard pressed to actually believe that the Clinton Foundation has a directory sitting around literally called "Pay for Play".
Yes, the majority will be real. But don't be naive when viewing them and assume that you can just take everything at face value.
Because we hate Wall Street, let's instead put a billionaire real estate scammer whose entire adult life has been spent trying to kiss up to investors and banks to get loans for his businesses, and who refuses to reveal what banks he's in debt to in power.
Because we oppose the Libyan conflict, let's put in power someone who wants to bomb the children of terrorists, insists that waterboarding isn't harsh enough, wants more nations to have nuclear weapons, wants to build a new generation of nuclear weapons, and spent his first security briefing repeatedly asking why we're bothering to have nuclear weapons if we're not going to use them.
Because we oppose free trade, let's put in power someone who spent his entire career - up until he decided to rebrand himself as a populist for this election - championing free trade, built his empire on dumped steel and undocumented workers, and - until it was shut down as a scam - championed the benefits of outsourcing on his Trump University page.
I'm not even sure where you're getting that Clinton has been big "drill baby drill" champion, but Trump has literally called for "drill baby drill" in speeches, including lifting all federal restrictions on offshore drilling and elimination of the EPA.
So if you want to cut off your nose to spite your face, go right ahead, but please understand why many people will not be joining at you.
And if your argument is "I'm not supporting either of them" - if you don't vote for one, you're supporting the other. Not to the degree of voting directly for the other, but you're still supporting them. Because that's the way the US electoral system works.
So you get a permit once, and then every flight of the drone is legal regardless of whether or not you're actually using the drone within the guidelines that the permit was approved for, is that what you're saying?
Let's help make it a bit clearer. Let's say you're the average US male height, weight and build - 176cm / 59" and 83kg/184lbs and a bench press of 165lbs. Picture an environment where everywhere you go, you're surrounded by men who average 192cm (64"), 105kg (231lbs) - with the weight difference being primarily muscle - with a bench press of 400lbs. On average. Basically, the average person around you is a NFL linebacker. Now picture that a good number of them are sexually attracted to you. That they're much more likely to be involved in violent crime than you. That a disturbingly high percentage of your friends and family have been molested or raped by them. Perhaps you yourself.
Try to understand the difference in what the world is like for others.
Your typical phone stylus causes a change in capacitance when touched to a phone's screen, which is good enough for it to register that there's something touching it and trigger an event.
The sensors in the fingerprint scanner on a phone are much more accurate than the rest of the screen, to the degree that it's easy to tell the difference between the changes in capacitance caused by rubber vs. human skin, and also it can detect the gaps between ridges on your fingers, which a stylus doesn't have.
Do people have trouble fingerprint-unlocking their phones?
The false negative rate is actually quite high. When calibrating a phone's fingerprint scanner, it'll typically have you place your finger on the scanner several times at several different angles so that it can see what your finger's response is like in a variety of positions; even with all of those measurements, it's not uncommon for it to take two or three attempts for your finger to be accepted if you don't put your finger down in just the right place at the right angle.
Why can't you apply for a permit for each drone before starting?
"Images"? Thorn is a letter.
And the intent would be to film the criminal activity, hence a fully legitimate use of the drones
Unless support wasn't part of the deal that was signed, then it clearly is Microsoft's fault. And the NFL's. They are the ones who agreed to the deal.
And these three words: User Acceptance Testing
I have a feeling this was technical people saying "it should work" and sales people saying "it's flawless" and the NFL saying "this will be great" and people getting bonuses and high-fiving each other.... and NOBODY actually trying it out in a real setting ahead of time.
Serves them right.
Any program which runs right is obsolete.