Weekly Axis Of Easy #36
In this issue:
- China to block overseas VPNs
- Domain hijack strands thousands of businesses
- Twitter’s mysterious astroturfing tools
- This little start-up sells hacks to government agencies
- WordPress update breaks WordPress updates
At the end of March all non-Chinese VPN services will be blocked within China. An official of that country’s Ministry of Industry and Information Technology told reporters that all VPN services must be licensed by the government. After March 31st, clampdowns will commence against use of foreign, unlicensed VPN providers which “unlawfully conduct cross-border operational activities”. (Such as what? Accessing non-state news sources, or otherwise circumventing the Great Firewall of China)?
Just before press time we got an update from Krebs on Security about a domain hijacking affecting thousands of business customers of publicly traded web conglomerate Newtek Business Services Corp (NASDAQ:NEWT). Over the weekend, three of the company’s key domains were hijacked, stranding thousands of client websites and cutting off email services. If there’s one thing we’ve learned from being in this business 20 years: people can remain calm when even their business websites are down, but cut off their email and it’s like cutting off the supply of oxygen. Very painful.
It will be interesting to learn more about how the domain hijacks were facilitated. NEWT inexplicably trading up 2%+ on the day as I pen this.
“Astroturfing” is the practice of using sock puppets, robots and shill accounts to create a false impression of widespread support for something, be it an idea, a person or product.
It turns out that Twitter has a paid tweets program called “Ads Without Profiles” that enables you to create an ad campaign that is not linked to any permanent Twitter profile, and thus, opaque. The article author posits that this is in essence a turnkey astroturfing service.
An Australian security start-up called “Azimuth” is in the business of creating 0-day vulnerabilities and cracks for smartphone encryption. Not to report these vulnerabilities and strengthen these products, but rather to sell them, primarily to the intelligence agencies of the “Five Eyes” democracies (The US, The UK, Canada, Australia and New Zealand) so that they can break into targeted devices.
WordPress issued 4.9.3 last week which contained a bug which broke automatic core updates. So if you have auto-updates on, and it upgraded you to 4.9.3, future updates will no longer work until you manually upgrade to 4.9.4. All of our customer easyPress installations were upgraded to 4.9.4 over the weekend.