Apscitu masthead
Apscitu motto

Expert IT News tab

IT Incompetents Hall of Shame logo.

GSA Lies About Its CISO's In FOIA, Especially Salary

Bad programming climate scientist clown.

Climate of Incompetence

By Duane Thresher, Ph.D.     January 3, 2019

The first thing some people looking at Apscitu.com do is Google me, Duane Thresher (use DuckDuckGo instead since they don't track you like Google). What they find is that according to Google I am most famous for climate, particularly my website RealClimatologists.org. I am one of the most qualified climate modelers in the world. Reading what Google tells them to, these people soon discover that I am also a global warming skeptic. Some of the less intelligent of these people quickly label me a climate change denier and dismiss anything I have to say after that. Then they go back to taking scientific and political advice from high school dropout celebrities. On Apscitu.com I talk a lot about IT incompetence and how it is destroying America, particularly government, business, and the media. But another part of this destruction is climate science, the most political science there is. Let me tell you my story (the names are unchanged to damn the guilty).

NSA = Snowden = DHS = FAKE = SEC = Bandit Clown = Booz.

Booz Hacks Fed IT, Makes It Incompetent, Insecure, Bankrupt

By Duane Thresher, Ph.D.     November 15, 2018

Booz Allen Hamilton (a.k.a. Booz) was just awarded a $2.5 billion 10-year IT (which includes cybersecurity) contract by the Securities and Exchange Commission (SEC), with the help of the IT incompetent SEC Chief Information Officer (CIO) Chuck Riddle and the IT incompetent SEC Chief Information Security Officer (CISO) Andrew Krug, who are both former Booz employees (a.k.a. Boozers). High school dropout and traitor Edward Snowden, who hacked the National Security Agency (NSA) then fled to Russia to avoid capture and execution for espionage, was also a Booz employee at the time. IT incompetent Jeanette Manfra, Department of Homeland Security (DHS) Assistant Secretary for Cybersecurity, is also a former Booz employee. All, except possibly Snowden, are in line to be rewarded with high-paid executive positions at Booz after they go through the government-business revolving door once again.

Enron's Arthur Andersen = Accenture = GSA and Fed IT = Fake.

Fed IT Run By Enron's Corrupt Accountant, IT Incompetent Accenture

By Duane Thresher, Ph.D.     October 24, 2018

I am investigating the General Services Administration (GSA) for my IT Incompetents Hall of Shame (ITIHOS). The GSA notoriously does procurement, including IT services, for the U.S. Government. As usual this investigation yielded IT incompetents responsible for GSA's IT. But I also discovered another connection to IT incompetence -- and corruption -- as so often happens while investigating for the ITIHOS. The GSA's longtime but retiring Chief Information Security Officer (CISO), Kurt Garbars, who knows far more about drinking wine than cybersecurity, is essentially having his job outsourced to IT incompetent Accenture (CISO Nicole Dean), which has taken over much of federal IT, including the GSA's. Accenture used to be part of Arthur Andersen, Enron's top-five accounting firm that was dissolved after its criminal complicity in Enron's massive fraud. Suzette Kent, the Federal Chief Information Officer (CIO), who I wrote about in You're Fired! Trump's Worst Hire Ever: IT Incompetent Fed CIO Suzie Kent, worked for Accenture, in Financial Services, for almost 15 years before becoming Fed CIO, including during the Enron scandal. She will be making decisions about federal IT infrastructure. With GSA IT run by Accenture and with the Fed CIO a longtime Accenture employee -- and probably a future Accenture executive -- there is no question what corporation will be running federal IT, no matter how IT incompetent it is.

Facebook CEO and founder Mark Zuckerberg reading emails.

Facebook Reads Your And Government Officials'/Politicians' Email

By Duane Thresher, Ph.D.     October 11, 2018

Continuing my investigation of massive invasions of privacy by Facebook (see my previous three articles in Apscitu Expert IT News), I discovered that Facebook reads the emails of you and millions of other Facebook users, including government officials/politicians. This may be where many of the unexplained leaks in government and politics are coming from.

Recently, while I was easily creating another fake Facebook account, I quickly came to yet another scary Facebook demand:

Fake passport for Mark Zuckerberg, Facebook CEO.

Insecure Facebook Demands Your Passport, Bank Statements, Medical Records, ...

By Duane Thresher, Ph.D.     October 8, 2018

As I reported in Facebook Has A Database Of User ID Photos, Facebook has been demanding users upload their ID photos (not profile photos) for account verification, assuring users the photos were secure and would be deleted after use. In the meantime, as I reported in Yahoo-Then-Facebook CISO Alex Stamos Allows Yet Another Massive Data Breach, Facebook admitted to a data breach that compromised 50 million user accounts. Continuing the investigation into Facebook's demand for user ID, I discovered that insecure Facebook is demanding that you upload your passport, birth certificate, driver's license, marriage certificate, green card, voter ID card, bank statements, credit card, medical records, Social Security card, ... Further, Facebook is keeping your entire search and location history forever. If Congress really cared about the security of the American people, and not just its access to free Facebook advertising -- see Fake Federal Facebook Fury Finally Finished -- it would make Mark Zuckerberg testify about this outrageous invasion of privacy and the FBI would investigate it.

Yahoo then Facebook dunce CISO Alex Stamos.

Yahoo-Then-Facebook CISO Alex Stamos Allows Yet Another Massive Data Breach

By Duane Thresher, Ph.D.     September 29, 2018

Yesterday, Facebook admitted to yet another massive data breach; 50 million user accounts compromised. Alex Stamos was (Jun 2015 - Aug 2018) Facebook's Chief Information Security Officer (CISO a.k.a. CSO) when the hole that allowed the breach was introduced into Facebook's code (Jul 2017). Stamos was (Mar 2014 - Jun 2015) also CISO of Yahoo during their two massive data breaches (late 2014); 500 million and 1 billion user accounts compromised. Stamos staggeringly exemplifies another aspect of IT incompetence: being overwhelmingly more interested in imposing his political beliefs on customers than in being competent at his high-paid IT job.

According to Facebook, in their current massive data breach:

Photos of Big Brother from Apple's 1984 commercial and Facebook's Mark Zuckerberg.

Facebook Has A Database Of User ID Photos

By Duane Thresher, Ph.D.     September 25, 2018

Recently, Facebook has demanded that some users upload an ID photo (not profile photo) before they can log into their Facebook accounts, supposedly so users can prove they are who they say they are. The only way this can work is if Facebook already has ID photos of the users for comparison, i.e., has (or has access to) a database of user ID photos. Big Brother Zucker is indeed watching you.

As Facebook founder Mark Zuckerberg has admitted, many Facebook accounts are fake. As I've mentioned, I even have a fake Facebook account, since it's foolish to have one under your real name but access to Facebook can be useful, although usually only for harming a real Facebook user.

Photos of Jesus Christ Superstar, Mark Zuckerberg, Antichrist Damien, Elon Musk.

Artificial Intelligence: Savior, Antichrist, or Hyperbole?

By Duane Thresher, Ph.D.     September 11, 2018

Artificial intelligence is going to save humanity! Artificial intelligence is going to destroy humanity! Artificial intelligence is going to sell magazines and get research funding! Which is it? And what is it?

Artificial Intelligence (AI) has been in the news a lot recently, including from my alma mater MIT, where I got a BS in Electrical Engineering and Computer Science and where I used to hang out at the AI Lab (which was funded by the military). I later wrote parts of some of the most sophisticated computer programs in existence -- climate models (for example, see NCAR's climate model and search for "Thresher") -- and AI is just programming (which will make it another victim of IT incompetence).

Gov Inc. IT FAKE and a British clown.

Announcing Apscitu's IT Incompetents Hall of Shame

By Duane Thresher, Ph.D.     May 15, 2018

Apscitu Inc. is proud to announce its IT Incompetents Hall of Shame, which is part of our mission to stop IT incompetence to the highest levels of government and business, including media. This mission requires shaming individuals who are IT incompetent, particularly IT leaders like CIOs. For the full explanation read our Stop IT Incompetence page, which has been completely rewritten, expanded, and improved for our IT Incompetents Hall of Shame (some notes are also provided in the Hall).

The IT Incompetents Hall of Shame actually has three wings: Government, Business, and Media. (Conceivably there could be an Education wing, and there may be in the future, but for now we just blanket shame for-profit and community colleges; see Stop IT Incompetence page.)

Left: Twitter logo bird wearing dunce cap and hash mark.  Right: A can of ro\
ast beef hash.

How Twitter Made a Hash of Passwords

By Duane Thresher, Ph.D.     May 4, 2018

Yesterday it was reported that Twitter user passwords may have been exposed, at least to Twitter employees, which may be a bigger security risk than you think, and any Twitter hackers. The descriptions of the technical aspects of this story in the IT incompetent media have been awful, to say the least. Here is the best description, one boiled down to its understandable essentials, from an actual IT expert.

When you are at your computer or smartphone and want to log in to Twitter you enter your password into the browser or app. (Probably you have your computer or smartphone remember the password for you but that is not important here.)

To allow you to log in, Twitter then has to compare this password with the correct password on file with Twitter. By "on file" I mean in a file on a Twitter hard drive. But if this correct password is on file with Twitter that means Twitter employees, or any Twitter hackers, can read this password, which should not be the case. So how is this prevented?

Photos of Hoover Dam and Vladimir Putin

Handing Over America's Electrical Grid to the Russians

By Duane Thresher, Ph.D.     April 26, 2018

Despite recent massive data breaches like Equifax and Facebook, Americans seem to have become inured to having their most personal data stolen by foreign hackers, particularly Russia, probably because most don't see an effect immediately. This "hacking fatigue" will end dramatically when America's electrical (power) grid is "pwned". That's hacking slang for taken over. Actually, given the embrace of IT incompetence by government and business it is more like America just handed over its electrical grid to the Russians. I use the past tense because America's electrical grid is probably already pwned by the Russians, but being smart they are just waiting for an important event, like a war, before using and thus exposing their powerful secret weapon. Where will you be when the lights go out?

Photos of Allan Thomson and a British clown

Secret Service Outsources IT to IT Incompetent Foreign-Influenced Company

By Duane Thresher, Ph.D.     April 23, 2018

The Secret Service is tasked with protecting President Trump's life. Like it or not, President Trump is hated even by our closest allies, who make no secret about wanting him dead. These days protecting the President involves a lot of Internet work. You would reasonably expect that this work would be done by the highest-grade IT people, people not from foreign countries. But incredibly, the Secret Service outsources this work to an IT incompetent foreign-influenced company, LookingGlass Cyber Solutions.

Recently, I was looking at the web logs for Apscitu's website. This is basic critical IT security practice since websites are the leading attack vector for hackers.

Photos of Mark Zuckerberg and Mary Surratt

Fake Federal Facebook Fury Finally Finished

By Duane Thresher, Ph.D.     April 16, 2018

Last week the much-hyped testimony by Mark Zuckerberg, Facebook's supposed creator, in front of the United States Senate Committee on Commerce, Science, and Transportation and the Senate Judiciary Committee finally finished. It was supposed to be a grilling by a furious Senate on Facebook's selling of its user data to outside unscrupulous companies, as well as other Facebook violations, like political censorship, but was more of a softball questioning publicity stunt. That it was a publicity stunt was further confirmed by the redundant anticlimactic "me too" questioning by the House a day later, which I thus don't cover here.

I tweeted last week -- see them at bottom -- making some important points, which is what Twitter is good for, but after the testimony and some careful thought is the time to write an article like this one.

Photos of President Trump and Suzie Kent with You're Fired!

You're Fired! Trump's Worst Hire Ever: IT Incompetent Fed CIO Suzie Kent

By Duane Thresher, Ph.D.     April 10, 2018

There has been endless ignorant talk about President Trump's hirings (and firings). Whatever else his appointments have been, most have at least been somewhat qualified. Not so with his appointment of IT incompetent Suzette Kent as Federal Chief Information Officer (CIO), the CIO of CIOs. Suzie Kent is Trump's worst hire ever and should be fired.

A CIO is not just any management position. It requires a specific education, exactly like judges being educated in the law or doctors being educated in medicine. If a CIO does not have to have an IT education then neither should a judge have to have a law education or a doctor a medical education.

Photo of Equifax's tombstone

Equifax Dead: Hacked So Credit Reports Worthless

By Duane Thresher, Ph.D.     April 5, 2018

Last year Equifax allowed the worst data breach in history and the legal fallout continues. Everyone assumes that the worst result of the Equifax hacking was that hundreds of millions of people, including those at sensitive government agencies, had their most personal financial information given to hackers. That is indeed horrendous but that may not be the worst of it. No one has considered that with Equifax hacked its credit reports are worthless, even illegal, since the Equifax hacking may have been to change credit reports to cause harm to individuals, not just steal data.

Everyone knows how important credit reports are. They are essentially used to determine where you can work and live. Even before the hacking, Equifax had major problems making sure the data it gathered was correct, and had been successfully sued numerous times for getting it wrong and harming people. Trying to discover what data for hundreds of millions of people has been changed by hackers is well beyond the capabilities of Equifax IT.

Photos of James Comey and Michael Horowitz

FBI Hacking Investigation Negligence Lawsuit, Part 1

By Duane Thresher, Ph.D.     February 22, 2018

My family and I, particularly our young daughter, were the victims of not one but two(!) health insurance company data breaches: Montana Department of Public Health and Human Services and Premera Blue Cross. At the time (2013 - 2015) these were two of the worst data breaches ever.

It was officially pretended that identity theft was the only concern from these so only cheap credit monitoring (probably using the now-hacked Equifax) for a couple of years needed to be offered as a remedy. However, child abductors, including pedophiles, find this information invaluable since it includes names, addresses and medical records, which is personal information that greatly aids a child abductor.

Mike Hamburg LinkedIn photo, Trump photo, Mike Hamburg ShiftLeft blog photo, Spectre logo, Google logo

Secret Service, Spectre Hacker Threatens Trump With God's Justice

By Duane Thresher, Ph.D.     February 15, 2018

I've written about the infamous Spectre computer security vulnerability in Meltdown and Spectre Security Vulnerabilities -- Deck Chairs on the Titanic and about the hackers who developed and distributed exploits for it in Google -- Illegal Competitor or National Security Threat.

The Spectre exploit could be a devastating weapon -- it has the power of anything it can hack into -- but currently there are only a few people who know how to use it. Mike Hamburg, one of the Spectre hackers, is one of these.

As I wrote about Mike Hamburg in Google -- Illegal Competitor or National Security Threat:

Fake Trump tweeting, Twitter logo, nuclear explosion

Trump Using Twitter is a National Security Risk

By Duane Thresher, Ph.D.     February 8, 2018

There has been a lot of condemnation of President Trump using Twitter, but mostly by his opposition because he has used it so successfully. No IT expert thought has been given to whether Trump using Twitter is a national security risk. CIA Director Mike Pompeo has said that Trump's use of Twitter is not a national security risk. Unfortunately, and with all due respect, IT incompetence is rampant in government and business and analysis by an IT expert gives the opposite answer: Trump using Twitter is a national security risk. It is imperative however that President Trump be able to speak directly to the people, since not being able to is a national security risk itself, so a Twitter alternative is required.

Whatever appears on Twitter from Trump's account, @realDonaldTrump, has extreme and immediate believability the world over. It is well-known that Trump uses Twitter -- he currently has 47.5 million followers, some of them probably heads of state and other higher-ups in foreign governments.

Photos of Sergey Brin and Edward Snowden

Google -- Illegal Competitor or National Security Threat

By Duane Thresher, Ph.D.     January 25, 2018

If the Meltdown and Spectre security vulnerabilities are relatively unimportant as I argued in Meltdown and Spectre Security Vulnerabilities -- Deck Chairs on the Titanic, then they are illegal attacks by Google on its competitors and Google should be investigated by the SEC and DOJ. If they are as catastrophic as they have been made out to be, then Google is a national security threat and should be investigated by the FBI (or higher DOJ) and DHS.

If Meltdown and Spectre are unimportant security vulnerabilities then they are illegal competition by Google.

When the Meltdown and Spectre security vulnerabilities were announced, before the affected companies like Apple and Intel had time to fully prepare, the value of those companies lost billions and their reputations were harmed, probably permanently. Google paid for the discovery and exploit development ("proof of concept") of these security vulnerabilities and helped publicize them. Google is a competitor with Apple and possibly Intel so has a strong motive to harm their reputations. (It will be revealing to see if Google comes out with hardware or software that doesn't have these security vulnerabilities and uses that as a selling point.) This tactic is classic stock manipulation and unfair competition and should be investigated by the SEC and DOJ (Antitrust Division).

Meltdown logo, Spectre logo, Titanic deck chair

Meltdown and Spectre Security Vulnerabilities -- Deck Chairs on the Titanic

By Duane Thresher, Ph.D.     January 18, 2018

I have a BS in Electrical Engineering and Computer Science from MIT, among much other relevant education and experience. Panicking about the Meltdown and Spectre computer security vulnerabilities is like panicking about the arrangement of the deck chairs on the Titanic.

The arrangement of the deck chairs on the Titanic was a safety issue -- theoretically passengers could be blocked by them -- but the actual giant hole in the side of the ship was the much bigger concern. (For simplicity I won't make the analogy using the design flaw in the Titanic that actually caused it to sink -- the bulkheads did not reach high enough and make watertight compartments.)

The Meltdown and Spectre security vulnerabilities are the big Information Technology (IT) news recently. These were announced together but are two separate security vulnerabilities, similar in that they result from CPU design flaws ("bugs") at the intersection of electrical engineering and computer science. I won't go into the technical details because the media and most of the public does not have the background to begin to understand them and it's not important.

GoDaddy logo guy and GoDaddy logo guy with black hat

GoDaddy Hacks Its Own Customers

By Duane Thresher, Ph.D.     January 11, 2018

A web page is created by program code -- usually HTML, JavaScript, and CSS together -- that tells a web browser how to display it and what user-interactive action to take, like user information entry. Cross-site scripting (XSS) is a hacking technique in which code is secretly added to a web page's code so that it runs in the web browser of anyone looking at the web page just like the authentic web page code but performing possibly-malicious actions. GoDaddy, a leading web hosting (web page serving) provider, was discovered using XSS on some of its customers.

Scripting in cross-site scripting refers to web page code, typically JavaScript code inside <script> tags of the HTML code of the web page. Cross-site refers to the code secretly added from elsewhere, like another website, running as if it were from the authentic website. This has serious implications because as a primary security measure, browsers will not allow code from one website, possibly malicious, to access the data, possibly sensitive user-supplied information, stored by code from another website, like a banking website. XSS defeats this browser primary security measure and is one of the most commonly used hacking techniques.