Web dev in DC http://ross.karchner.com
767 stories
·
16 followers

Evictions ramp up in Virginia as local courts decline governor’s request to continue moratorium

1 Share

Courts around Virginia began working their way through a backlog of more than 12,000 eviction cases last week as a statewide moratorium expired, with many judges apparently declining a last-minute request from Gov. Ralph Northam to continue the stay at the local level.

“It’s a total patchwork,” said Christie Marra, the director of housing advocacy at the Virginia Poverty Law Center, which has asked Northam to use his executive authority to intervene more decisively. She said the current approach of leaving the decision to local courts is “absolutely not working.”

Meanwhile landlord groups said they were pleased that judges had resumed hearing the cases. “I think the worry with any moratorium is you start to cross a point where a moratorium starts to become an unconstitutional taking,” said Patrick McCloud, executive director of the Virginia Apartment Management Association. He said most tenants are continuing to pay rent, which he credited to federal unemployment and stimulus programs. “Rent collections are not terribly far off from where they would be absent a pandemic.”

District courts docketed more than 1,600 eviction lawsuits last week, with judges awarding $1.4 million in cash judgments to landlords, according to online docket information compiled by open government group virginiacourtdata.org.

That’s 600 more cases than courts heard the same week last year, according to the data. But the numbers also show a slight shift in the outcome of the cases in favor of tenants, with landlords winning judgments in 23 percent of cases, down from 41 percent at the same time last year.

It’s unclear precisely how many of the 129 district courts in the state agreed to Northam’s request that they continue to delay the cases, but the count appears to be low. The Supreme Court of Virginia’s administrative office said it didn’t track that information. Northam’s spokeswoman, Alena Yarmosky, said the administration didn’t have a full list but is aware of only two: Arlington General District Court and Fairfax General District Court.

“Gov. Northam is grateful that these courts have complied with his request, and he continues to strongly urge all General District Courts to follow suit,” she said in an email, noting Northam is seeking millions in additional federal funding to shore up a rent and mortgage relief program launched by his administration.

Of the cases that were heard last week, the outcomes varied dramatically by jurisdiction. Virginia Beach, Hampton and Portsmouth recorded the largest share of judgments in favor of landlords, according to court records analyzed by virginiacourtdata.org. In other cities and counties, including Richmond, Albemarle and Henrico, the numbers favored tenants, with more cases continued or dismissed.

Protesters at the John Marshall Courthouse in Richmond on Wednesday opposed the end of a statewide eviction moratorium. (Ned Oliver/Virginia Mercury)

In Richmond, the decision to resume hearing cases prompted several hundred people to protest Wednesday outside the courthouse. The rally ended in a clash with sheriff’s deputies that saw three people detained and a courthouse window smashed, according to the Richmond Times-Dispatch.

During the afternoon eviction docket the next day, Judge Claire Cardwell granted continuances to all the tenants who appeared in court under a new state law that guarantees people facing financial hardship related to the pandemic at least two extra months to pay rent.

Among them was Barbara Zahniser, one of the 22 residents called to court that afternoon by St. John’s Wood Apartments in South Richmond. She explained to the judge that she had lost her job after a car crash and her unemployment insurance had run out in March as the pandemic began. She is eligible for extended benefits because of the pandemic, she testified, but Virginia has been slow to set up the program. Meantime, she said she wasn’t able to find work.

“I’m in home health care,” she said. “The elderly, they’re afraid to let people into their homes.”

Many tenants who didn’t appear in court benefited in absentia from eviction protections written into the federal CARES Act, which bars landlords with federally backed mortgages or who participate in certain government programs from initiating evictions until the end of July.

“There have been some default judgments when people did not show up and it was determined that their property didn’t fall under the CARES Act,” said Janae Craddock, a housing attorney with the Central Virginia Legal Aid Society who works out of an office in the courthouse and has been monitoring dockets to ensure property owners covered by the CARES Act didn’t seek eviction judgments. “For the most part though, there have been a lot of continuances.”

But advocates worried that CARES Act protections are set to expire soon and that not all courts are requiring landlords to proactively testify that they are not prohibited from pursuing evictions under the law, meaning tenants might only benefit from the protection if they both appear in court and know about the new law. And they argue tenants shouldn’t have to come to court amid a pandemic to exercise their right to a two-month continuance under state code.

“It’s encouraging that judges are granting continuances liberally in individual cases,” said Marra at the Virginia Poverty Law Center. “But that doesn’t help people who can’t show up for whatever reason or were turned away at the courthouse because they had a fever.”

But Richard Knapp, a longtime housing lawyer who was representing St. John’s Wood in court that day, noted landlords have their own bills to pay. “My concern is some of the smaller landlords are going to have to go bankrupt because they’re not getting rent,” he said.

That’s presumably where Northam’s rent and mortgage relief program comes in. It launched last week and aims to address the financial needs of both tenants and landlords by covering unpaid back rent.

But it remains to be seen how many tenants will seek aid and how many landlords will agree to the attached terms, which require a commitment to either waive some unpaid rent or wait at least six months before pursing an eviction again.

The state Department of Housing and Community Development says it’s seen high interest, but won’t have firm numbers until next week.

The post Evictions ramp up in Virginia as local courts decline governor’s request to continue moratorium appeared first on Virginia Mercury.

Read the whole story
rosskarchner
20 hours ago
reply
DC-ish
Share this story
Delete

E-Verify’s “SSN Lock” is Nothing of the Sort

1 Share

One of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online.

A reader who was recently the victim of unemployment insurance fraud said he was told he should create an account at the Department of Homeland Security‘s myE-Verify website, and place a lock on his Social Security number (SSN) to minimize the chances that ID thieves might abuse his identity for employment fraud in the future.

DHS’s myE-Verify homepage.

According to the website, roughly 600,000 employers at over 1.9 million hiring sites use E-Verify to confirm the employment eligibility of new employees. E-Verify’s consumer-facing portal myE-Verify lets users track and manage employment inquiries made through the E-Verify system. It also features a “Self Lock” designed to prevent the misuse of one’s SSN in E-Verify.

Enabling this lock is supposed to mean that for the next year thereafter, if an unauthorized individual attempts to fraudulently use a SSN for employment authorization, he or she cannot use the SSN in E-Verify, even if the SSN is that of an employment authorized individual. But in practice, this service may actually do little to deter ID thieves from impersonating you to a potential employer.

At the request of the reader who reached out (and in the interest of following my own advice to plant one’s flag), KrebsOnSecurity decided to sign up for a myE-Verify account. After verifying my email address, I was asked to pick a strong password and select a form of multi-factor authentication (MFA). The most secure MFA option offered (a one-time code generated by an app like Google Authenticator or Authy) was already pre-selected, so I chose that.

The site requested my name, address, SSN, date of birth and phone number. I was then asked to select five questions and answers that might be asked if I were to try to reset my password, such as “In what city/town did you meet your spouse,” and “What is the name of the company of your first paid job.” I chose long, gibberish answers that had nothing to do with the questions (yes, these password questions are next to useless for security and frequently are the cause of account takeovers, but we’ll get to that in a minute).

Password reset questions selected, the site proceeded to ask four, multiple-guess “knowledge-based authentication” questions to verify my identity. The U.S. Federal Trade Commission‘s primer page on preventing job-related ID theft says people who have placed a security freeze on their credit files with the major credit bureaus will need to lift or thaw the freeze before being able to answer these questions successfully at myE-Verify. However, I did not find that to be the case, even though my credit file has been frozen with the major bureaus for years.

After successfully answering the KBA questions (the answer to each was “none of the above,” by the way), the site declared I’d successfully created my account! I could then see that I had the option to place a “Self Lock” on my SSN within the E-Verify system.

Doing so required me to pick three more challenge questions and answers. The site didn’t explain why it was asking me to do this, but I assumed it would prompt me for the answers in the event that I later chose to unlock my SSN within E-Verify.

After selecting and answering those questions and clicking the “Lock my SSN” button, the site generated an error message saying something went wrong and it couldn’t proceed.

Alas, logging out and logging back in again showed that the site did in fact proceed and that my SSN was locked. Joy.

But I still had to know one thing: Could someone else come along pretending to be me and create another account using my SSN, date of birth and address but under a different email address? Using a different browser and Internet address, I proceeded to find out.

Imagine my surprise when I was able to create a separate account as me with just a different email address (once again, the correct answers to all of the KBA questions was “none of the above”). Upon logging in, I noticed my SSN was indeed locked within E-Verify. So I chose to unlock it.

Did the system ask any of the challenge questions it had me create previously? Nope. It just reported that my SSN was now unlocked. Logging out and logging back in to the original account I created (again under a different IP and browser) confirmed that my SSN was unlocked.

ANALYSIS

Obviously, if the E-Verify system allows multiple accounts to be created using the same name, address, phone number, SSN and date of birth, this is less than ideal and somewhat defeats the purpose of creating one for the purposes of protecting one’s identity from misuse.

Lest you think your SSN and DOB is somehow private information, you should know this static data about U.S. residents has been exposed many times over in countless data breaches, and in any case these digits are available for sale on most Americans via Dark Web sites for roughly the bitcoin equivalent of a fancy caffeinated drink at Starbucks.

Being unable to proceed through knowledge-based authentication questions without first unfreezing one’s credit file with one or all of the big three credit bureaus (Equifax, Experian and TransUnion) can actually be a plus for those of us who are paranoid about identity theft. I couldn’t find any mention on the E-Verify site of which company or service it uses to ask these questions, but the fact that the site doesn’t seem to care whether one has a freeze in place is troubling.

And when the correct answer to all of the KBA questions that do get asked is invariably “none of the above,” that somewhat lessens the value of asking them in the first place. Maybe that was just the luck of the draw in my case, but also troubling nonetheless. Either way, these KBA questions are notoriously weak security because the answers to them often are pulled from records that are public anyway, and can sometimes be deduced by studying the information available on a target’s social media profiles.

Speaking of silly questions, relying on “secret questions” or “challenge questions” as an alternative method of resetting one’s password is severely outdated and insecure. A 2015 study by Google titled “Secrets, Lies and Account Recovery” (PDF) found that secret questions generally offer a security level that is far lower than just user-chosen passwords. Also, the idea that an account protected by multi-factor authentication could be undermined by successfully guessing the answer(s) to one or more secret questions (answered truthfully and perhaps located by thieves through mining one’s social media accounts) is bothersome.

Finally, the advice given to the reader whose inquiry originally prompted me to sign up at myE-Verify doesn’t seem to have anything to do with preventing ID thieves from fraudulently claiming unemployment insurance benefits in one’s name at the state level. KrebsOnSecurity followed up with four different readers who left comments on this site about being victims of unemployment fraud recently, and none of them saw any inquiries about this in their myE-Verify accounts after creating them. Not that they should have seen signs of this activity in the E-Verify system; I just wanted to emphasize that one seems to have little to do with the other.

Read the whole story
rosskarchner
3 days ago
reply
DC-ish
Share this story
Delete

General-purpose OS, special-purpose OS, and now: vendor-purpose OS

1 Share

There have, historically, been two kinds of operating systems: general-purpose, and special-purpose. These roles are defined by the function they serve for the user. Examples of general-purpose operating systems include Unix (Linux, BSD, etc), Solaris, Haiku, Plan 9, and so on. These are well-suited to general computing tasks, and are optimized to solve the most problems possible, perhaps at the expense of those in some niche domains. Special-purpose operating systems serve those niche domains, and are less suitable for general computing. Examples of these include FreeRTOS, Rockbox, Genode, and so on.

These terms distinguish operating systems by the problems they solve for the user. However, a disturbing trend is emerging in which the user is not the party whose problems are being solved, and perhaps this calls for a new term. I propose “vendor-purpose operating system”.

I would use this term to describe Windows, macOS, Android, and iOS, and perhaps some others besides. Arguably, the first two used to be general purpose operating systems, and the latter two were once special-purpose operating systems. Increasingly, these operating systems are making design decisions which benefit the vendor at the expense of the user. For example: Windows has ads and excessive spyware, prevents you from making a local login without a Microsoft account, and aggressively pushes you to switch to Edge from other web browsers, as well as many other examples besides.

Apple is more subtle from the end-user’s perspective. They eschew standards to build walled gardens, opting for Metal rather than Vulkan, for example. They use cryptographic signatures to enforce a racket against developers who just want to ship their programs. They bully vendors in the app store into adding things like microtransactions to increase their revenue. They’ve also long been making similar moves in their hardware design, adding anti-features which are explicitly designed to increase their profit — adding false costs which are ultimately passed onto the consumer.

All of these decisions are making the OS worse for users in order to provide more value to the vendor. The operating system is becoming less suited to its general-purpose tasks, as the vendor-purpose anti-features deliberately get in the way. They also become less suited at special-purpose tasks for the same reasons. These changes are making improvements for one purpose: the vendor’s purpose. Therefore, I am going to start refering to these operating systems as “vendor purpose”, generally alongside a curse and a raising of the middle finger.

Read the whole story
rosskarchner
12 days ago
reply
DC-ish
tingham
12 days ago
nice insight
Share this story
Delete

Why you should capitalize Black as a proper adjective

1 Share

In the past, I didn’t capitalize “Black” in text, when referring to a group of people. Now I will. The question of why it’s a proper adjective (derived from a proper noun) is worth discussing. A number of publications have made the switch from “black” to “Black” when referring to people (as opposed to just … Continued

The post Why you should capitalize Black as a proper adjective appeared first on without bullshit.

Read the whole story
rosskarchner
19 days ago
reply
DC-ish
Share this story
Delete

Apple's statement about EU antitrust

2 Shares

I have long argued for fixing the 2 most fundamental problems with the App Store: exclusive distribution and exclusive payment. With Apple’s monopoly on iOS app distribution, we should have more options such as side-loading, reduced payment fees, and flexibility to sell subscriptions outside the store without hiding external links from potential users.

See my blog posts from 2011, 2016, 2018, 2019, and my broader essay on open gardens.

Now the EU is investigating Apple. Apple’s response:

It’s disappointing the European Commission is advancing baseless complaints from a handful of companies who simply want a free ride, and don’t want to play by the same rules as everyone else… We don’t think that’s right — we want to maintain a level playing field where anyone with determination and a great idea can succeed.

This is the worst, most insulting statement from Apple that I’ve ever seen. Everything in it is backwards.

Read the whole story
acdha
19 days ago
reply
Washington, DC
rosskarchner
22 days ago
reply
DC-ish
Share this story
Delete

Eavesdropping on Sound Using Variations in Light Bulbs

2 Comments and 6 Shares

New research is able to recover sound waves in a room by observing minute changes in the room's light bulbs. This technique works from a distance, even from a building across the street through a window.

Details:

In an experiment using three different telescopes with different lens diameters from a distance of 25 meters (a little over 82 feet) the researchers were successfully able to capture sound being played in a remote room, including The Beatles' Let It Be, which was distinguishable enough for Shazam to recognize it, and a speech from President Trump that Google's speech recognition API could successfully transcribe. With more powerful telescopes and a more sensitive analog-to-digital converter, the researchers believe the eavesdropping distances could be even greater.

It's not expensive: less than $1,000 worth of equipment is required. And unlike other techniques like bouncing a laser off the window and measuring the vibrations, it's completely passive.

News articles.

Read the whole story
rosskarchner
22 days ago
reply
well shit
DC-ish
Share this story
Delete
1 public comment
zippy72
19 days ago
reply
The lesson being: close your curtains.
FourSquare, qv
Next Page of Stories