Weekly Axis Of Easy #10
Greetings from beautiful Vancouver Island. It’s wonderful out here.
In this issue:
- Hackers target email accounts of UK parliament
- Canadian Supreme Court deals blow to Facebook
- Upgrade your Drupal sites right now
- Amazon patents system to prevent online price checking
- Ethereum flash crashes over 99%
After reports that usernames and passwords of British MPs where being traded around the Russian hacker underground, things culminated in an actual attack on IT systems housing said emails. Security personnel shut off all remote access to the systems in an effort to defend the attack, resulting in cutting off all remote MPs from their email.
The online world revolves around “take it or leave it” Terms of Service and “Contracts of Adhesion”. Even our own Plain English Terms of Service include a contract of adhesion because our ICANN accreditation requires it. Michael Geist reports on a Canadian Supreme Court decision which struck down Facebook’s ability to “contract out” BC privacy rules. The case dealt with a narrow context of where potential litigants can file suit against the behemoth, it has wider implications and speaks to the asymmetry between the power of an end-user citizen and the mega-walled-garden.
(h/t to easyDNS member George Kirikos for the heads up on this one)
Security firm GravityScan has analyzed three new critical vulnerabilities in the Drupal content-management system, including CVE-2017-6920, which can enable remote execution on servers hosting vulnerable sites.
As The Verge reports, Amazon has obtained a patent on a system that prevents “showrooming”, where shoppers in bricks-and-mortar stores compare prices online. Amazon is widely credited with enabling the practice in the first place. Of course now that Amazon owns Whole Foods, we can’t have people using the internet to figure out that almost everything in a Whole Foods can be obtained cheaper elsewhere…
The Ethereum crypto-currency, which has been on a steeper climb in value than even Bitcoin lately, suddenly “flash-crashed” this past Thursday, plunging from it’s $360/ether level to as low as 0.10(!). A flaw in the programming behind the Status Initial Coin Offering (ICO) was one explanation for why. Another, which I find more likely, a hapless trader tried to unload 96,000 ethers in one shot (roughly $36 million worth) using a “market sell” order, blowing out the entire Ether order book on the exchange, including all the stink bids.
I find all this crypto-currency stuff fascinating and I’ve been following developments for years. Reply to this email if you want to sign up for a separate newsletter I’m considering to follow blockchain technology and crypto-currencies.
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
• June 19, 2017: Failure To Renew A Domain Put Millions At Risk
• Jun 12, 2017: Does easyDNS Know Your Passwords?
• Jun 5, 2017: Discover Your Odds Of Being Replaced By A Robot
• May 29, 2017: Google Now Tracks Your Offline Credit Card Purchases, Linking Them To Your Online Profile
• May 22, 2017: The world’s most important resource is: your data