Steve Wozniak interviewed for CBS:

"I gave all my Apple wealth away because wealth and power are not what I live for. I have a lot of fun and happiness. I funded a lot of important museums and arts groups [...] I never look for any type of tax dodge. I earn money from my labor and pay something like 55% combined tax on it. Life to me was never about accomplishment, but about Happiness. I developed these philosophies when I was 18-20 years old and I never sold out."

He turned 75 4 days ago.

Wishing the best to our friends at BSides Colorado Springs with their annual conference event on . Definitely some quality talks lined up, including our own Boulder-based security researcher @jacoblatonis whose 8-bit presentation deck is going to make the nostalgia factor hit hard.

For those who weren't able to make it out to @bsidesden earlier this week, they have already posted the talks to their YouTube channel under the "live" section. https://www.youtube.com/@bsidesdenvideos

For those around the Denver/Boulder/FoCo area, consider joining the #BoulderInfoSec Slack channel (https://join.slack.com/t/boulderinfosec/shared_invite/zt-2qgv2asn7-xl8r~2_LCOB31u5FpaUC8Q) for information on other #cybersecurity events taking place in the area like the re-invigorated @owasp Boulder chapter's first meet up on 25 September (https://www.meetup.com/owasp-boulder/events/303357869/).

It's the end of the line for my campaign for #SchoolBoard and my attempt to #ElectMoreHackers

Tomorrow is election day in Colorado, and 24 hours from now, the race will be over.

I was out canvassing at the University of Colorado campus in #Boulder today (and I will be back out there tomorrow). I met a lot of students who were busy and hadn't yet voted, and were grateful for the information. I also met a bunch who I would characterize as actively, maybe in some cases gleefully disinterested in participating in democracy. Not only could they just not be bothered, they seemed pleased to tell me they weren't voting. I cannot fathom that level of nihilism and I could not reach them. That's a failure mode we need to address.

I also met the folks who have been campaigning for city council, and for ballot measures I deeply oppose. We were all not just civil, but slightly joyous about this being the end of a grueling four months of forums and questionnaires and ordering signs and designing literature and doorknocking and lit-dropping and canvassing. It's a lot! People were really nice face to face. Even if I disagree with someone's policies, we can treat our fellow humans with dignity and joke about the things we have in common.

I did meet a lot of people who were extremely positive about my campaign and a few who were so vitriolically negative that the hostility took me aback when I encountered it. The latter has been, fortunately, very rare.

Some of the volunteers for a campaign I am not allied with were very pleasant when I introduced myself, but I caught two of them mocking the shirt I was wearing and its meaning as they walked away. "Hackers! That's just what we need on the school board," one sarcastically joked to the other.

Not wanting to come across like a gigantic asshole, I thought to myself (rather than shouting it out loud), thanks for the endorsement!

Yeah, I worked on a project that contributed to law enforcement agencies around the world shutting down one of the most pernicious and harmful botnets. Sure, I helped Microsoft find and begin to repair a problem that affected literally every Windows computer and completely broke their trust model.

Goodness knows, perish the thought of what might happen if someone with that level of community engagement and a desire to help others might get elected to public office!

It has been a long, difficult, and emotional rollercoaster of an election campaign. Win or lose I will stand proud of the work I did to highlight the best of what my community of hackers and makers has to offer the world.

Hackers can and do make the world a better place every single day, in small ways and big ways, for individuals and whole populations.

Even if a couple of arrogant old rich white dudes don't appreciate it, hackers are saving their butts, too.

So yeah, hackers: Just what we need on the school board.

Hackers: Just what we need on city council. Hackers, just what we need in the mayor's office. Hackers, just what we need in the state house and senate. Hackers, just what we need in the federal house and senate, and in seats of power up and down the chain of command until we even have a hacker president. Hail to the hacker chief!

This is just the beginning. We are going to #ElectMoreHackers and pentest and red team and blue team and patch the shit out of our politics and our country until we eliminate bugs large and small from the system. We're going to do it our way, not by coloring inside the lines but by looking for the best place to jump over them to get things done. And I hope people can suppress their nihilism and disdain for politics long enough to see that we can make this a success, and change the world for the better.

We can only go up from here.

Hi folks. Yesterday I posted on my other Mastodon account about a pretty stupid gift card #scam that was sent to an email address I use as a political candidate for my run for #SchoolBoard (https://toot.bldrweb.org/deck/@andrewbrandt/111326617529695469)

Tonight, I received a more ominous, targeted #spearphishing email against that same campaign address.

It appears to be some form of Adobe e-signature message. The text content was weird and off.

The email has a file attachment that, if you double-click it, opens a browser window and displays a form that looks like a login dialog box. The login box is a #phishing attack, designed to steal credentials that you enter into it.

What was distinctive about this is the fact the attackers customized the login form so it has my campaign logo embedded within the form. It also pre-populated the username field with the email address that they sent the original email to. It was not generic; This was targeted.

The form will permit you to enter data into the password field three times, appearing to fail each time, and then redirects you back to your own website. It collects the IP address you were using at the time you submitted the form, and any of the passwords you submitted, and sends them to a #Telegram bot account.

I have captured the network traffic of the phishing attempt, in which I entered bogus data, and have identified the owner of the Telegram bot account and other identifiable information. I'll be reporting it to Telegram for shutdown as soon as possible.

I guarantee, if this is happening to me -- a relative nobody in my lowly, local school board race -- it is happening all over the country to political candidates of any stature.

There is less than one week until election day in the United States. Colorado voters already have their ballots and can turn them in by dropping them in a ballot collection box anytime between now and election day.

Just another reason why we need to #ElectMoreHackers

Also, once again: nice try, losers. Keep going. You're sure to hit pay dirt at some point. ​

#Boulder #BVSD #COpolitics