Google blocks percentage of Canadian users from accessing the news online in light of Canadian bill C-18

In light of the Canadian government passing the Online News Act (better known as Bill C-18) in December 2022, Google has temporarily blocked a percentage of Canadian users from accessing the news online. The controversial bill requires companies like Google and Meta to compensate Canadian media companies (such as Bell, Rogers, Shaw, Postmedia, and the Globe and Mail) for reposting their work online. It does this by asking tech giants to pay for links that refer users back to a Canadian news website.

Canadian Heritage Minister, Pablo Rodriguez, says that the government will not be intimidated by Google and Facebook’s threats to reduce or block access to the news on their platforms in Canada. However, according to Canadian academic Michael Geist, the Canada Research Chair in Internet and E-Commerce Law at the University of Ottawa, this threat must be taken very seriously. Geist believes that Bill C-18 is a poorly crafted law that poses great risks to Canadian press freedoms, is inconsistent with international copyright law, and is actively harming innovative digital news services.

According to the government, by mandating the payment of third-party links, Google and Meta alone could cover up to 35% of Bell, CBC, Postmedia, Torstar, and hundreds of other news outlets’ news expenditures. Yet Geist argues that Bill C-18 is actually giving economic value to links when there isn’t any and that the same effect could have been achieved more effectively by establishing a journalism fund backed by Internet companies. As it stands, the government’s expectations for payments are exorbitant, estimated at slightly lower than $215m.

With a company like Google that already has a history of stopping news services in response to government legislation, Geist warns that it may very well soon stop offering its services in Canada should that service prove of low economic value.

Read: https://www.michaelgeist.ca/2023/02/googletestsblocking

Chinese cybersecurity company, Pangu Lab, alleged to have identified “against the west” hacking group members

In a report published last Sunday, researchers from the Chinese cybersecurity company, Qi An Pangu Lab, claim to have identified 6 members of the pro-western intelligence hacking group, Against the West (ATW). Tabloid paper, The Global Times, reports that of the 6 identified members, 3 are from France and 1 is from Canada.

The only identified ATW member to be named is Swiss national Tillie Kottmann, who goes online by “maia arson crimew.” The Global Times reports that crimew was charged in March 2021 by the US DoJ for hacking into more than 100 US companies and leaking their data online. However, since her case was abruptly suspended at the end of March, “China has been one of Kottmann’s main targets.”

According to a 2022 interview with Databreaches.net, ATW claims to be “ex-intelligence.” Members have claimed that the organization’s targets are “Russia, Belarus, China, Iran and North Korea, and it is willing to share files with the US and the EU,” says the Global Times. The group is now best known for releasing source code from several Chinese organizations.

The Pangu report mainly describes ATW’s activities as including “large-scale scanning and attacks against technical vulnerabilities on SonarQube, Gogs, Gitblit and other open-source network systems. They would then steal related source code and data, which can be used to further exploit and penetrate the network information system.”

Chinese cybersecurity companies have recently doubted the authenticity of claims surrounding Western hacking activities published in The Global Times, as these are often under the sponsorship of the Chinese Communist Party.

Read: https://therecord.media/against-the-west-hackers-allegedly-identified-pangu-lab/

The case for adopting DNSSEC, and why it’s so unpopular

The early days of the Internet saw a rapid churn in technology. However, one protocol has remained relatively constant across more than forty years of the Internet: the Domain Name System and the associated DNS name resolution protocol.

One of the most significant and innovative changes is the security framework for DNS, namely the Domain Name System Security Extensions (DNSSEC). The DNSSEC is a set of protocols that allows DNS servers to digitally sign DNS records. Signatures can then be validated by DNS resolvers. This helps prevent various DNS attacks like spoofing, cache poisoning, and man-in-the-middle attacks.

However, the adoption of DNSSEC has largely been unenthusiastic. Despite its potential security benefits, adoption has been slow, and many clients and DNS servers do not support it. To understand why it is crucial to explore the main drawbacks of deploying DNSSEC.

The biggest turn-off is its added complexity and the labor it requires. DNSSEC requires DNS zone administrators to perform additional tasks, including key management, regular key updates, key rollovers, and coordination of keys with the parent zone and delegates. The issue of how to sign larger zones is a logistic accomplishment.

Response sizes are another major issue for DNSSEC. DNS responses with large sizes affect the DNS performance and reliability, causing latency and slower resolution times. Adding DNSSEC digital signatures to a response may cause the response size to exceed its limits.

So while DNSSEC might be an essential part of a robustly secure Internet, it is still debated whether it is worth the effort and its downsides. The argument for DNSSEC lies in the weaknesses of the existing Internet name infrastructure, which is based on a trust model. Our experience with bad-faith actors shows that this may not be good enough.

Read: https://blog.apnic.net/2023/02/20/opinion-to-dnssec-or-not/

Twitter faces backlash for removing SMS two-factor authentication for non-paying users

Elon Musk’s Twitter has stirred controversy by disabling the text message/SMS method of two-factor authentication (2FA) for non-subscribers to its paid Twitter Blue service.

Twitter claims that this decision is due to security concerns, as bad actors have previously exploited this method. Instead, the company is pushing users to consider using authentication apps or security keys as alternatives.

Twitter has given non-Twitter Blue subscribers who are already enrolled in the SMS method of 2FA 30 days to disable this method and enroll in another. After March 20, 2023, Twitter will no longer allow non-Twitter Blue subscribers to use text messages as a 2FA method.

However, security experts criticize this move, arguing that text-based 2FA is better than having no 2FA. They also say that this decision may create a false sense of security among paying subscribers who may believe that the weakest form of 2FA is a premium feature.

Twitter’s data revealed that only 2.3% of all its active accounts enabled at least one two-factor authentication method between July and December 2020.

Furthermore, out of that percentage, 80% used the weaker SMS-based authentication, which is known to be susceptible to phishing and SIM-hijacking attacks.

Twitter has acknowledged the low adoption rate of 2FA and the industry-wide challenge it poses. The company stated that there is a need to encourage broader adoption of 2FA and to improve the ease with which accounts can use it to increase security on Twitter.

Elon Musk’s acquisition of Twitter last year was seen as an opportunity to promote cybersecurity tech innovation, especially around identity, multi-factor authentication, and botnet detection. However, this recent move by Twitter has generated criticism from security professionals, who are calling for greater emphasis on improving security practices, including 2FA adoption.

Read: https://www.securityweek.com/twitter-shuts-off-text-based-2fa-for-non-subscribers/

GoDaddy confirms sophisticated cyber attack on servers, leading to intermittent website redirections

Website hosting giant GoDaddy has confirmed that a hacker gained access to its servers, causing some of its customer websites to intermittently redirect.

The company said it first became aware of the issue when customers reported problems in early December 2022.

GoDaddy then confirmed that the intrusion was the result of a “sophisticated and organized group” that targeted several hosting services. GoDaddy took remedial action to solve the issue and has implemented new security measures to prevent future attacks.

According to GoDaddy, the group intended to infect websites and servers with malware, allowing them to launch phishing campaigns and distribute malware for malicious purposes.

Instead of hacking their way in, the attackers used known compromised credentials to log in and leave vectors for re-entry. GoDaddy has urged its customers to perform their own website audits and to trust the company’s security team in the wake of the breach.

The company also offered its customers free website security and malware removal services. The breach occurred a few weeks after a malicious campaign was discovered, which targeted victims across the Middle East and North Africa.

Using public cloud hosting services to host malicious CAB files and themed lures to trick Arabic speakers into opening infected files.

Read: https://www.infosecurity-magazine.com/news/godaddy-source-code-stolen-malware/


Mark Jeftovic on Red Jacket Capital podcast: “Buying Bitcoin is like buying the whole internet in 1990”

Dave Sanderson (redjacket.ca)  interviews Mark Jeftovic about all things Bitcoin.

Watch: https://www.youtube.com/watch?v=ph4JUDpxscM&t=17s&ab_channel=RedJacketCapital

Elsewhere online:

New MyloBot Botnet compromising over 50k computer systems daily in the US, Indonesia, India, and Iran
Read: https://thehackernews.com/2023/02/mylobot-botnet-spreading-rapidly.html

Indian ticketing platform RailYatri hacked, exposes 12GB worth of data, including location points of millions of travelers
Read: https://www.hackread.com/indian-ticketing-platform-railyatri-hacked/

New Zealand government document reflects plans to deal with disinformation surrounding response to the pandemic
Read: https://www.zerohedge.com/political/how-new-zealand-dealt-disinformation

Cybercriminals launch ransomware attacks using old bugs
Read: https://cyware.com/news/threat-actors-weaponize-old-bugs-to-launch-ransomware-attacks-8d882f83/

European Commission phones are now banned from using TikTok, amid cyber security concerns
Read:https://www.darkreading.com/endpoint/tiktok-ban-hits-eu-commission-phones-cybersecurity-worries-mount