CVE-2020-28049

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that – for a short time period – allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.

Close US election results plunge social media into nightmare misinformation scenario

When Trump spoke early Tuesday morning, it became clear which long-dreaded election scenario an anxious nation was on the cusp of.

“This is a fraud on the American public,” Trump said in remarks delivered from the White House, mixing his campaign with the presidency. “We were getting ready to win this election. Frankly, we did win this election.”

Trump’s claim of victory is false — votes are still being counted in a close race — but they heralded his campaign’s intention to work the misinformation ecosystem he’s cultivated over the last four years. His strategy so far is what he’s long signaled: seize on the late tallies for vote-by-mail ballots, which were expected to favor Democrats, to manufacture a conspiracy.

On Wednesday, Twitter hid three of Trump’s five recent tweets behind warning labels stating that their content was “disputed and might be misleading.” Most recently, the president tweeted “They are working hard to make up 500,000 vote advantage in Pennsylvania disappear — ASAP. Likewise, Michigan and others!”

In another recent missive, he circumvented a restricted tweet’s engagement limits, amplifying it to his own follower base where it was retweeted 32,000 times. The tweet’s author issued a correction on his original conspiratorial claims about Michigan’s Democratic vote count, but by then the horse had already left the barn.

The Trump campaign’s baseless fear mongering about the integrity of vote-by-mail ballots began well before the election. In September, a campaign video showed Donald Trump Jr. rail against Democrats, who he accused of planning to “add millions of fraudulent ballots that can cancel your vote and overturn the election.” There was no evidence of that then, nor is there now. The video, and its calls for an “army for Trump” promoted Facebook to change its rules around voter intimidation.

In the months preceding the election, Trump repeatedly declined to commit to conceding the election in the event that he loses, a stance that Americans may watch play out in realtime in the coming hours and days.

Democrats have been hit with misinformation labels too, though none of their offenders are actively in a contested race (so far). Twitter labeled Center for American Progress President Neera Tanden’s tweet claiming that Biden had reached 270 electoral votes with a warning saying it was “disputed.”

Other warnings popped up as some states were called early last night. After Fox News struck out alone in calling Arizona for Biden, some political reporters tweeting about those results had their tweets paired with a label stating that the race had not yet been called.

Facebook and Twitter’s philosophies differ on how to handle a president prone to sowing political misinformation. Twitter gives rule-breaking election tweets a warning label flagging them as potentially “misleading.” It screens them behind that message and restricts replies, retweets and likes, severely limiting their viral potential.

Twitter also ditched political advertising outright a year ago. While Facebook still allows them, the company implemented a blackout on those ads after polls closed that remains in effect now.

Facebook adds its own set of “labels” to election posts that break the rules, though they are designed to mostly point users to contextual, factual information rather than to offer explicit warnings about false claims. As a direct response to Trump’s premature claims of victory, Facebook also rolled out an eye-catching set of messages across Facebook and Instagram reminding users that votes were still being counted

Of course, misinformation also thrives beyond Facebook, Twitter and even YouTube in places it’s more difficult to track, moving from obscure chans to mainstream social media and back again, mutating as it goes. Early Wednesday, Trump was happy to make his dangerous claim of unearned victory on live television — and so far, many news networks obliged by broadcasting them. That’s cause for concern too.

Both Facebook and Twitter prepared special policies for a close, ambiguous election night, but their rules will be put to the real test in the coming days as fears of political violence and challenges to the election outcome escalate.

Election Day was largely free from disruptive cyberattacks, as efforts shift to combating misinformation

Polls closed in the U.S. presidential election on Tuesday without any significant or disruptive cyberattacks, according to cybersecurity officials and experts.

Election Day wasn’t without its problems. Some voting machines in Nevada and Texas went down but were quickly back up and running, some voters in Georgia and Ohio had to use paper ballots after hand sanitizer leaked into the machines, and the FBI said it was aware of robocalls urging Americans in swing states to “stay safe and stay home.” And delays in the postal system and rules that meant no ballots could be counted until Election Day left a backlog of votes still to be counted long after the polls closed.

Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which oversees the security of U.S. elections, said Election Day went by largely without a hitch.

“What we’ve seen today is just another Tuesday on the internet,” said a senior CISA official on a call with reporters later on Tuesday. But the official admitted that “we’re not out of the woods yet,” pointing to the reporting of final vote counts, with many state election results balancing on a knife edge.

Data published by Cloudflare suggested a slight uptick in cyberattacks on government election websites on Election Day, but chief executive Matthew Prince tweeted that the rise was “relatively small” and the attacks “unsophisticated.”

Read more election coverage

In an email after the polls closed, Prince told TechCrunch: “Both Internet traffic and attack traffic to election websites spiked at times on election day, as anticipated. We don’t see everything, but again, there have been no reports of any cyberattacks that threatened the integrity of election websites or infrastructure.”

It’s a world away from the 2016 election, which saw Russian-backed misinformation actors swamp social media sites with false information and engaging in “hack-and-leak” operations, including documents and emails from Hillary Clinton’s presidential campaign and the Democratic National Committee. Since then, the government has spent billions in preparedness efforts ahead of the 2018 midterm elections, which Homeland Security saw no evidence of vote hacking or manipulation, as well as the creation of CISA to improve election security and infrastructure across the United States.

NSA director Gen. Paul Nakasone, who also oversees the government’s offensive cyber division Cyber Command, said that the government “will maintain constant vigilance” and stands ready to help Homeland Security and the FBI to “provide information to social media platforms to counteract influence operations.”

“Foreign adversaries continue to see an opportunity to undermine our nation’s elections,” said Nakasone. “However, we have the capability, capacity, and will to prevent any type of interference or influence in our elections. I’m confident the actions we’ve taken against adversaries over the past several weeks and months have ensured they’re not going to interfere in our elections. When it comes to those who threaten our democratic processes, we are equal opportunity disruptors. We’re going to take action against any nation state or actor who attempts to interfere in our elections.”

It was widely anticipated that the vote count would extend into the week, with swing states Pennsylvania and North Carolina still accepting and counting postal votes. But without a clear winner on the day — which Americans have largely become accustomed to — all eyes and efforts are on combating the spread of misinformation, including false claims of a presidential win.

Much of the efforts to filter misinformation has come from the social networks directly. Facebook and Twitter came under fire for failing to curb the spread of wrong and deliberately false information spread on their platforms during the 2016 election.

But this time around, the social networks claim to be better prepared.

President Trump’s first tweet of the day on Wednesday was blocked by Twitter after the Republican presidential incumbent claimed the Democrats were “trying to steal” the election by fighting efforts by the Trump campaign for states to stop counting ballots after Election Day. Some states, like Michigan and Pennsylvania, weren’t allowed to start counting ballots until Election Day itself. Unsurprisingly, given the pandemic-driven rise in mail-in voting and increased voter turnout, the final results are likely to take time.

Anticipating that there would be no clear winner on Election Day, Twitter put in new rules in September ahead of the election to remove or attach a warning label to any claims of an election victory prior to the results being officially announced.

Facebook and Instagram have also issued warnings advising voters that results may take time and a winner has “not been projected yet,” in an effort to counter unverified claims of a final winner.

Will new SEC equity crowdfunding rules encourage more founders to pass the hat?

The flow of venture capital in 2020 has been surprisingly strong given the year’s general uncertainty, but while investors have showered plenty of dough on growth-stage companies, seed-stage startups are down 32% last quarter compared to the year before.

There have been plenty of recent conversations about alternative funding routes for founders, and one of those oft-overlooked paths has been equity crowdfunding. While crowdfunding platforms like Kickstarter push consumers to back unrealized projects in exchange for products or other services, equity crowdfunding allows consumers to actually invest cash and receive a piece of the company. It’s not a conventional path, but it can be a viable option for companies that have a close relationship with an engaged customer base.

The Security and Exchange Commission’s Regulation Crowdfunding guidelines were adopted under Title III of the JOBS Act back in 2016, but because many entrepreneurs were unfamiliar with how to participate, many of the startups that have taken advantage of it haven’t been the highest quality. The tide could be turning: This week, the SEC updated some of its guidance on crowdfunding, eliminating some ambiguities and increasing the amount of capital companies can raise from both accredited and nonaccredited investors. Additionally, companies can now raise $5 million per year using equity crowdfunding, compared to the previous limit of $1.07 million.

But life has gotten easier in other ways as well for founders pursuing this fundraising type and the platforms that seek to simplify it.

Wefunder is one of a handful of equity crowdfunding platforms that have popped up in the last few years. Before a company can raise on its platform, Wefunder vets them before allowing them to tap into their network of amateur investors who can invest as little as $100 with the median investment sitting at $250. Last month, 40 companies launched on Wefunder and collectively raised $12 million, according to Wefunder CEO Nicholas Tommarello.