Weekly Axis Of Easy #131
Last Week’s Quote was “Life is a long lesson in humility” …was Sir James Matthew Barrie (creator of Peter Pan), nobody got it.
This Week’s Quote: “The only mistake in life is the lesson not learned” …by ????
THE RULES: No searching up the answer, must be posted to the blog
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
- Protect yourself from Deplatform Attacks and Cancel Culture
- Zerohedge suspended from Twitter after Buzzfeed hit piece
- DotOrg sale delayed after California AG starts asking questions
- Facebook’s new “clear history” button is troubling for two reasons
- High Severity WordPress RCE in Code Snippets plugin
- Tech researchers accuse Saudi’s of attempting to hack reporters phone
- Turkish hackers believed to be behind recent cyberattacks
- Interpol busts three Indonesian hackers for Magecart malware
- Canada’s BTLR report calls for licensing content creators
My new book, Unassailable, is finally out on Amazon now and the remaining platforms on Feb 7th. Sorry for the miscues in the release – if you were one of the people who preordered it in November: You probably have to open a ticket with Amazon to refresh your kindle with the correct version. I’ve found deleting it from your device and re-downloading it doesn’t seem to do it. The correct version should have a dedication page in it.
Now that that’s finally done I can get back to writing the book I started working on nearly a year ago about the dangers of techno-utopian thinking. Watch this space.
A mere days after Unassailable dropped, easyDNS client Zerohedge was banned from Twitter after a Buzzfeed hit piece on them. Not to worry if you follow ZH, it hasn’t damaged them in the least, as predicted chapter 4 of the book “Does Deplatforming Even Work?”. TL,DR: nope. It doesn’t. In fact the author of the Buzzfeed article may end up worse for wear out of the entire episode after his social media was examined and found to be… disturbing.
If you want to see an example of blue check double standard that permeates social media today, look no further.
Xavier Becarra, the California Attorney General has introduced a delay of at least two months into the .org sale on the part of the Internet Society to Ethos Capital. A letter sent to the Public Interest Registry (the subsidiary of ISOC that operates .org) dated January 30 contains 35 specific questions about proposed transaction including several questions around ICANN’s role in regulating TLD wholesale costs, and how those price limits were removed.
Facebook released a new “privacy” tool to manage your off Facebook activity. What does that mean? Off Facebook activity is anything a website or system that isn’t Facebook, but uses a Facebook component like the Facebook pixel, a like button, inline commenting or anything that references the Facebook platform. It’s all tracked and Facebook can see it all.
The idea of the tool is to give you the ability to manage this, but it is overwhelming how much data on you there is in there, and it’s unwieldily to manage them individually.
The other thing is even if you do click “clear” and blow out all that data, it doesn’t actually delete it from the Facebook system or the third-party entity. It just delinks it from your account.
Among the 417 apps and websites that have “shared your activity” were all manner of things I recognized, and a few I didn’t. For example, something simply called “SMG”, had 18 transactions of my activity, much higher than the rest which were 1, 2 or maybe 4 or 5 for sites I recognized as being regulars. SMG simply links to a Facebook page and from there to a website for a company called “Starcom Canada” which bills itself as “The Human Experience Company”. Information on the website is scant, but it appears to be some sort of data analytics company.
The tool itself accessible via https://www.facebook.com/off_facebook_activity/
Wordfence put out an alert last week that they found a Remote Code Execution (RCE) vulnerability in the Code Snippets Plugin. If your WordPress blog uses that plug in you should upgrade that right now. They found a bug that allowed any remote attacker to forge a request as if they were a site administrator and inject executable code into the site, leading to site takeover. You should be on version 2.14.0 ASAP.
All affected easyPress blogs were upgraded the night the alert came out. Please note if you are running a WordPress site on regular easyWeb hosting, we don’t handle that, you have to keep track of it. Only the easyPress blogs get the backups, the web firewall, the staging sites and we do critical upgrades like this when they become known.
The New York Times’s Ben Hubbard wrote an article describing how somebody tried to hack his mobile device. The spyware employed was created by Israeli cybersecurity firm NSO Group, which has been mentioned in #AxisOfEasy before (several times, in fact) as having their software used in state sponsored cyber-espionage attacks against journalists and dissidents. He brought in Toronto’s CitizenLab to investigate the incident and they are attributing the attempt to a state-sponsored cyber-attack by the Saudi’s.
Hubbard is the first American journalist CitizenLab has found to be targeted by the Saudi’s employing NSO Group’s Pegasus spyware, but the fifth that the group had been able to specifically identify as a target.
According to Reuters, three unnamed, but senior Western security officials suspect that recent hacking attempts against various European state and strategically important computer networks are the work of state-sponsored hackers working for Turkey. The attacks seek to intercept traffic to the targeted websites and use the info gained to gain access to sensitive systems in countries strategically important to Turkey. The suspicions are based on prior known attack signatures and points of origin.
Some good news for a change, “The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers.”
The final report from Canada’s Broadcasting and Telecommunications Legislative Review, entitled “Time to Act” dropped last week and it is, for the most part, a long-winded bag-of-mostly-shit. 235 pages with 97 recommendations. I haven’t gone through it all yet, but we have a thread going internally at the Internet Society Canadian Chapter and aside from some not horrible ideas around opening up telecom numbering resources to a wider market, the consensus is “mostly awful”.
For example it purportedly contains a recommendation that all Canadian content creators be licensed and somewhere there’s something about “truth testing”. I’ll dig into it this week and probably write a post about it.
Download the report https://www.canada.ca/en/innovation-science-economic-development/news/2020/01/broadcasting–telecommunications-panel-releases-canadas-communications-future-time-to-act.html