Weekly Axis Of Easy #123
Last Week’s Quote was “The liberties of none are safe unless the liberties of all are protected.” by William O. Douglas. Winner was Lucien.
This Week’s Quote: “Secrecy is the keystone to all tyranny. Not force, but secrecy and censorship.”
THE RULES: No searching up the answer, must be posted to the blog
The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.
Happy US Thanksgiving to our friends, colleagues and clients south of the 49th.
Listen to the podcast edition of #AxisOfEasy here: https://vimeo.com/375682975
- Erstwhile non-profit .ORG TLD has been sold to VCs
- Canadian court issues ban on IPTV provider
- How cybercrooks profit by tapping your email
- Monero CLI binaries compromised
- Iran shuts down internet in response to uprisings
- Tale of two huge data breaches over 1B records each
- Macy’s online store suffers credit card hack
- Goodbye Microsoft Office, Hello LibreOffice
- Potpourri: lost stories from #AoE
The .ORG Top Level Domain (TLD) which was owned and operated as by the Internet Society in the interests of public groups and non-profits has sold the TLD to a venture capital / private equity fund called Ethos Capital. In July, ICANN removed all price caps from .ORG governance, despite only 6 of 3,000 public comments received being in favour of that (those six commentators then went and started a VC fund called…. Just kidding. I think.).
Recall, .ORG’s original mandate was to serve non-profit entities and that initial mission carries a lot of inertia to this day. This segment may be particularly sensitive to cost increases so we’ll have to see what the new owners decide to do with it.
(Disclosure, I sit on the board member of the Internet Society Canada Chapter. A lively discussion regarding this transaction has ensued. We were as surprised as everybody else when we heard the news).
Last week a federal court issued a nationwide ban to block the IPTV (Internet TV) website GoldTV.ca. It’s the first order of its kind and has drawn criticism from across the board. University of Ottawa legal professor Michael Geist wrote a lengthy explanation from a legal standpoint on how the decision is orthogonal to other / previous forays into the question of content blocking within Canada. My beef with it concerns the operational implementation of it, in which the technical term for it is: stupid.
Instead of ordering the web host or the registrar or DNS provider to take down the website (who could then oppose it on some of the grounds Geist outlines), the judge has put the onus on all national ISPs to block access to the site and given them 15 days to comply.
After last week’s issue where we mentioned the Calgary man who was defrauded out of $800,000 when cybercrooks stepped into he middle of a real estate transaction using a look-alike email domain, somebody else on Twitter DMed me that his company had the exact same attack run against them, twice.
I wrote up a longer piece about this attack vector and what you can do about it.
Major buzzkill for the Monero team as their website was compromised and for a period of about 24 hours the crypto-currency’s command line interface (CLI) was infected with malware. Anybody who downloaded the Monero CLI on or about November 18 or 19th should blow that out and start over with a clean install.
The event was reported and analyzed by Bart Blaze and confirmed via an announcement from the Monero team.
I find the following to be under-reported in the mainstream press. Why? In the face of widespread uprisings triggered by rising fuel prices, the government of Iran shut down internet access across the entire country for a period of 5 days. Access started being restored on Thursday Nov 21st after the unrest subsided. Amnesty International says over 100 protestors have been killed.
In the course of looking into this one I discovered the @netblocks Twitter account, which actually reported on the outage (and any other outages of this nature) as it happened.
Came across two separate stories last week, both bandying the number “1.2 billion records” by some coincidence.
The first, isn’t really a breach. It’s a study into something called the Picture Archiving and Communication Systems (PACS) that healthcare providers all over the world use to store images from X-rays, CT scans and MRIs. Researchers have been keeping track of the security (or lack of) around these images and finding that the number of them that can be accessed over the internet, in some cases without any authentication, has been steadily rising. The number is now put at 1.19 billion, with 786 million being located in the US.Other data within the image repositories includes social security numbers and military personnel IDs.
The other one was security researchers Bob Diachenko and Vinny Troia discovering a data trove of, again, 1.2 billion people spanning 4 billion user accounts (LinkedIn, Facebook, Twitter, and 4 TB of data, sitting on a singe unprotected Elasticsearch server and accessible without authentication via any web browser.
On the bright side, “Macy’s told BleepingComputer that only a small amount of customers were affected” which could be because, very few people still shop at Macy’s.
I tried unsuccessfully to order a new Microsoft Office license to put on my new laptop. It was such an unwieldily and customer antagonistic process I ended up giving up and going with the open source LibreOffice instead. This post is the debut piece in a new category on our blog called “Customer-centric”, wherein I rant (and sometimes rave) about the customer service experiences we’re all subjected to in our daily and business lives.
HackerNews Thread: https://news.ycombinator.com/item?id=21628573
Potpourri: lost stories from #AoE
After a hiccup with one of the apps I use to compile #AxisOfEasy every week, a bunch of items I had collected were misfiled and disappeared out of my awareness whenever I sat down to write this. Then I found them. Some of these are aged a few weeks, but I wanted to get them out to you nonetheless:
Florida judge grants police access to over 1 million DNA profiles on website database:
US Department of Homeland Security will have biometric data on 260 million people by 2022:
Google is getting into the banking business:
India to force global takedowns of offending content: