Weekly Axis Of Easy #179
Last Week’s Quote was “Only simple ideas can be held by large groups of people, so the commonly held ideas are almost always dumbed down to the point where they are practically lies,” was Bill Bonner, winner was Joe Goldblatt.
This Week’s Quote: ” Throughout human history, humans have been their own worst enemies, and whenever someone is oppressing someone else, the oppressor seeks to control the tools of communication”… by???
THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.
In this issue:
|
|
German police, in conjunction with various other police forces internationally, have shut down the world’s largest dark market, called DarkMarket. The takedown was announced by Europol last week, involving law enforcement from Germany, Australia, Denmark, Moldova, Ukraine, the UK and USA.
The operator of the site has been arrested and authorities seized and shut down 20 servers physically colocated in Ukraine and Moldova.
DarkMarket reportedly had 500,000 users, 2,400 sellers and conducted over 320,000 transactions amounting to over 4,650 BTC and 12,800 Monero.
Pop-up dark market selling Solar Winds source code
Speaking of dark markets, we’re now seeing “pop-up” dark markets coming into existence to sell contraband materials around specific hacks. In this case, the ole Solar Winds fiasco just keeps rolling, and Solarleaks has hung out a shingle, offering to sell material obtained via the hack.
A single PGP signed web page, with a corresponding .onion address as backup is offering Microsoft Windows (partial) source code and various repositories for $600K, Cisco multiple products source code for $500K, Solarwinds product source code for $250K and the FireEye red team tools which mentioned in AxisOfEasy 178 for $50K. I don’t know why anybody would pay for that last one since FireEye, in the face of the breach, went ahead and released that source code via GitHub.
The perpetrators are describing this as a “first batch” with more to come at a later date.
Mimecast trust cert hacked in Microsoft supply chain hack
Hot on the heels of the Solarwinds hack, which facilitated further penetrations against other tech giants and government agencies, including Microsoft, come another hit.
In this case an Advanced Persistent Threat (APT) actor hacked the trust certificate used by Mimecast, an email security service, in its connections to Microsoft’s Office 365 email suite.
It means the hackers were in a position to conduct man-in-the-middle (MITM) attacks against Microsoft O365 clients, or even worse, possibly directly authenticate their own servers against Microsoft’s cloud. This provides the attackers methods through which they could intercept email traffic into and out of O365.
This hasn’t been attributed to the Solarwinds hack, but it is being likened to it, in that the attackers are deemed to be of a similar level of sophistication (either that or Microsoft’s private keys were secured with a password like “Micros0ft123”).
Ubiquiti Networks data breach
What happens when a large IoT device manufacturer forces their customers to authenticate into said IoT devices via the company’s cloud service? For one, it tends to alienate the customers since a lot of people distrust centralized cloud services. For another, it opens up a potential security hole that may then impact all deployed devices, especially if that company outsources their cloud implementation to some other company… that then gets hacked.
That’s pretty well what happened to Ubiquiti, a publicly traded IoT company (NYSE: UI) that makes routers, web cams and access control systems. They sent out an email to all customers last week urging them to change their passwords and enable 2FA on their accounts because one of their vendors had been breached. While the company says they don’t know for certain that this breach affects them, one of the customer comments in their support forums states that their Ubiquiiti creds have already been circulating in the wild since at least last September. The company has also been hit with prior breaches and suffered a $46M cyberheist in 2015.
Parler sues Amazon as it tries to get back online
Earlier today I saw this post by Michele Neylon (who’s a guy, btw, a super-cool jovial Irishman who runs the registrar Blacknight) about Parler’s efforts to get back online. Parler, for their part has gone ahead and sued Amazon AWS for breach of contract. Amazon’s filing in response to the suit makes for interesting reading. Note that Amazon does attempt a bit of a wriggle out by stating that they haven’t terminated Parler’s services, they’ve suspended them. Apparently they feel that makes a difference legally, but effectively, when your company is offline at the bottom of a smoking crater, it probably doesn’t.
In the filing they list examples of tweets that violated the AWS AUP around violent content. Given that Twitter is moving certain aspects of their backend to AWS, one wonders if Amazon will be as diligent and aggressive in policing some of the more unhinged hostile tweets on Twitter, of which there are plenty to choose from.
As I write this Sunday night word has come in that Parler is crawling back online, with their domain over on Epik (which handles Gab) and a placeholder website behind DDoS-Guard. Yes that DDoS-Guard, the one we mentioned last week as being located in Russia and currently protecting the likes of Hamas, 8Chan and various Qanon sites. This is what cancel-culture does – it drives the targets of cancel culture into the murkiest back alleys of the internet and I don’t see it as in any way de-escalating anything.
Read: https://www.theepochtimes.com/parlers-website-back-online-with-a-message-from-its-ceo_3660235.html
Rumble sues Google over search results (antitrust thing)
Alternative video hosting site Rumble is suing Google alleging that the search giant is abusing its market dominance, and ownership of Youtube, by putting Youtube links higher up in search results, even when searchers are specifically looking for material on Rumble.
Rumble is a Canadian company, based right here in Toronto, started in 2013 specializing in pet videos and weddings. More recently it has been a destination for Conservative voices who
The suit, filed in the US, alleges that users searching, for example such as “dog videos on Rumble” will be presented with results from Youtube.
I can duplicate this fairly casually using the terms: “dog videos on rumble”
And even “dog videos on rumble.com”
The only way I can get Rumble videos to show up first is to use the more obscure advanced search method: “dog videos site:rumble.com,” which tells the search engine to specifically confine its results to the stated site (this is also how you can tell if your site has been delisted from Google, that will return zero results).
Facebook suspends Ron Paul
Those fsckers at Facebook suspended Ron Paul, citing “repeated violations of its Community Standards” despite that Dr. Paul states he had never received any prior warnings from them.
He hasn’t been terminated, and the Ron Paul page is still up, but for a time he was unable to post any updates to the page. As I revisited this item to write AoE on Sunday the 17th, it looks as though Dr. Paul’s access has been restored, with Facebook calling the suspension “an error.”
Read: https://www.facebook.com/ronpaul/
In this excellent talk between Tom Woods and former NYU professor (and ex-Marxist) Michael Rectenwald, the latter made the case for no matter how egregious and imperious these social media giants behave, we shouldn’t cancel our accounts on these systems and try to maintain as many footholds as possible in the battle to maintain free and open discourse.
NSA recommends blocking 3rd party DNS resolvers
The US National Security Agency (NSA) issued a memo encouraging the use of encrypted DNS resolvers such as DNS-over-Https (DoH) or DNS-over-TLS (DoT). Encrypted DNS resolvers protect your DNS lookups from being monitored and scrutinized. The agency recommends against using third-party resolvers in an enterprise environment – this is assuming an organization can set up DoH or DoT internally.
In case you’re wondering, easyDNS is in the authoritative DNS business, we’re on the other side of the DNS lookup equation in that we answer DNS queries from resolvers.
Having said that, there are third-party resolvers out there that make this their business and are up to speed, even cutting edge, on providing encrypted DNS. Quad9, for example, 9.9.9.9 supports DoT and DoH, and has all kinds of threat detection built into their systems.
Read: https://media.defense.gov/2021/Jan/14/2002564889/-1/-1/0/CSI_ADOPTING_ENCRYPTED_DNS_U_OO_102904_21.PDF
Coalition of Cancelholics sues Apple to deplatform Telegram
In this late-breaking item for AoE we have a Coalition of Cancelholics filing a lawsuit against Apple seeking to have the Telegram app removed from the App Store. Encrypted apps such as Telegram, Signal and Keybase are enjoying a boom as normal, everyday people (not to mention law enforcement and intelligence agency personnel) flock to apps and devices designed to thwart surveillance capitalism and restore some semblance of privacy to citizens and facilitate channels of communication free from the subjective and often one-sided and inconsistent pronouncements of Big Tech.
According to The Coalition For a Safer Web (a.k.a Karens for Stalin), Telegram is being used to plot violence and organize attacks in the US capital, and, I suppose by logical extension, Facebook and Twitter, somehow, aren’t. Or at least when the incumbent social media platforms are used to organize attacks, as long as the target is approved by the cancelholics, then it’s ok. (What we don’t know is what these people had against places like Portland, Oakland and Kenosha et al, as Twitter and Facebook were used almost exclusively to organize recurring violent riots that practically levelled those cities for weeks).
Read: https://appleinsider.com/articles/21/01/18/apple-sued-for-not-removing-telegram-from-app-store-over-violent-content
What can be done in legacy DNS with ENS and IPFS
I wrote an article today about the current state of supporting the decentralized web (Ethereum Name Service) and IPFS from within the legacy DNS system (including easyDNS’ own ENS integration for .XYZ domains). It was in response to Cloudflare’s announcement that their Distributed Web Proxy will be incorporating gateways to both ENS and IPFS
Over on the #AxisOfEasy we had our first salon of 2021 with the three of us convening to discuss the problem that nobody knows what “Kuleana” means.
Leave a Reply