Weekly Axis Of Easy #123
Last Week’s Quote was “The liberties of none are safe unless the liberties of all are protected.” by William O. Douglas. Winner was Lucien.
This Week’s Quote: “Secrecy is the keystone to all tyranny. Not force, but secrecy and censorship.”
THE RULES: No searching up the answer, must be posted to the blog
The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.
Happy US Thanksgiving to our friends, colleagues and clients south of the 49th.
Listen to the podcast edition of #AxisOfEasy here: https://vimeo.com/375682975
-
Erstwhile non-profit .ORG TLD has been sold to VCs
-
Canadian court issues ban on IPTV provider
-
How cybercrooks profit by tapping your email
-
Monero CLI binaries compromised
-
Iran shuts down internet in response to uprisings
-
Tale of two huge data breaches over 1B records each
-
Macy’s online store suffers credit card hack
-
Goodbye Microsoft Office, Hello LibreOffice
-
Potpourri: lost stories from #AoE
Erstwhile non-profit .ORG TLD has been sold to VCs
The .ORG Top Level Domain (TLD) which was owned and operated as by the Internet Society in the interests of public groups and non-profits has sold the TLD to a venture capital / private equity fund called Ethos Capital. In July, ICANN removed all price caps from .ORG governance, despite only 6 of 3,000 public comments received being in favour of that (those six commentators then went and started a VC fund called…. Just kidding. I think.).
Recall, .ORG’s original mandate was to serve non-profit entities and that initial mission carries a lot of inertia to this day. This segment may be particularly sensitive to cost increases so we’ll have to see what the new owners decide to do with it.
(Disclosure, I sit on the board member of the Internet Society Canada Chapter. A lively discussion regarding this transaction has ensued. We were as surprised as everybody else when we heard the news).
Canadian court issues ban on IPTV provider
Last week a federal court issued a nationwide ban to block the IPTV (Internet TV) website GoldTV.ca. It’s the first order of its kind and has drawn criticism from across the board. University of Ottawa legal professor Michael Geist wrote a lengthy explanation from a legal standpoint on how the decision is orthogonal to other / previous forays into the question of content blocking within Canada. My beef with it concerns the operational implementation of it, in which the technical term for it is: stupid.
Instead of ordering the web host or the registrar or DNS provider to take down the website (who could then oppose it on some of the grounds Geist outlines), the judge has put the onus on all national ISPs to block access to the site and given them 15 days to comply.
Read: http://www.michaelgeist.ca/2019/11/fools-gold-why-a-federal-court-judge-was-wrong-to-issue-a-website-blocking-order-against-goldtv/
How cybercrooks profit by tapping your email
After last week’s issue where we mentioned the Calgary man who was defrauded out of $800,000 when cybercrooks stepped into he middle of a real estate transaction using a look-alike email domain, somebody else on Twitter DMed me that his company had the exact same attack run against them, twice.
I wrote up a longer piece about this attack vector and what you can do about it.
Read: https://easydns.com/blog/2019/11/20/how-cybercriminals-profit-by-tapping-your-email/
Monero CLI binaries compromised
Major buzzkill for the Monero team as their website was compromised and for a period of about 24 hours the crypto-currency’s command line interface (CLI) was infected with malware. Anybody who downloaded the Monero CLI on or about November 18 or 19th should blow that out and start over with a clean install.
The event was reported and analyzed by Bart Blaze and confirmed via an announcement from the Monero team.
Read: https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html
Iran shuts down internet in response to uprisings
I find the following to be under-reported in the mainstream press. Why? In the face of widespread uprisings triggered by rising fuel prices, the government of Iran shut down internet access across the entire country for a period of 5 days. Access started being restored on Thursday Nov 21st after the unrest subsided. Amnesty International says over 100 protestors have been killed.
In the course of looking into this one I discovered the @netblocks Twitter account, which actually reported on the outage (and any other outages of this nature) as it happened.
Tale of two huge data breaches over 1B records each
Came across two separate stories last week, both bandying the number “1.2 billion records” by some coincidence.
The first, isn’t really a breach. It’s a study into something called the Picture Archiving and Communication Systems (PACS) that healthcare providers all over the world use to store images from X-rays, CT scans and MRIs. Researchers have been keeping track of the security (or lack of) around these images and finding that the number of them that can be accessed over the internet, in some cases without any authentication, has been steadily rising. The number is now put at 1.19 billion, with 786 million being located in the US.Other data within the image repositories includes social security numbers and military personnel IDs.
Read: https://www.helpnetsecurity.com/2019/11/20/confidential-medical-images/
The other one was security researchers Bob Diachenko and Vinny Troia discovering a data trove of, again, 1.2 billion people spanning 4 billion user accounts (LinkedIn, Facebook, Twitter, and 4 TB of data, sitting on a singe unprotected Elasticsearch server and accessible without authentication via any web browser.
Read: https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
Macy’s online store suffers credit card hack
Retail institution of yore, Macy’s, suffered a Magecart attack on their website storefront. Magecart is a type of malware injected via javascript that snags credit card data input into web forms and sends it to an offsite server. The hack occurred on Oct 7th but the notice of data breach is dated November 14th.
On the bright side, “Macy’s told BleepingComputer that only a small amount of customers were affected” which could be because, very few people still shop at Macy’s.
Read: https://www.documentcloud.org/documents/6552530-MACY-S-NOTICE-OF-DATA-BREACH.html
I tried unsuccessfully to order a new Microsoft Office license to put on my new laptop. It was such an unwieldily and customer antagonistic process I ended up giving up and going with the open source LibreOffice instead. This post is the debut piece in a new category on our blog called “Customer-centric”, wherein I rant (and sometimes rave) about the customer service experiences we’re all subjected to in our daily and business lives.
HackerNews Thread: https://news.ycombinator.com/item?id=21628573
Potpourri: lost stories from #AoE
After a hiccup with one of the apps I use to compile #AxisOfEasy every week, a bunch of items I had collected were misfiled and disappeared out of my awareness whenever I sat down to write this. Then I found them. Some of these are aged a few weeks, but I wanted to get them out to you nonetheless:
Florida judge grants police access to over 1 million DNA profiles on website database:
https://www.thetelegraph.com/news/article/Florida-judge-grants-police-warrant-to-access-14823041.php
US Department of Homeland Security will have biometric data on 260 million people by 2022:
https://qz.com/1744400/dhs-expected-to-have-biometrics-on-260-million-people-by-2022/
Google is getting into the banking business:
India to force global takedowns of offending content:
https://www.medianama.com/2019/10/223-social-media-global-removal-delhi-hc/
This week’s quote is from Robert Anson Heinlein.
Robert Heinlein — my favourite SF author.
With Bill Gates no longer actively involved into the day to day operations of the company he co-founded, it’s apparent Microsoft’s DNA is “evolving” into a very unlikeable species. That company recently solicited me to “try out” MileIQ. The signup process was easy and fast. I tried it for a few weeks but it doesn’t work well for me. I tried to close the account. What a pain in the rear. There is no “close account” option, I contacted their support and after 3 back and forth emails with them asking probing questions that had little to do with my request and probably more of an exercise to keep me from leaving, they advised I had to jump through a bunch of hoops to unsubscribe! At this point I lost it and told them that they are the IT MAFIA – easy to get in, impossible to get out. I then advised that I had asked to be removed from their databases and all mailing lists and if I received any further communication, I would deem is spam. It appears they listened…in part. I didn’t hear from them again, a week later a tried to login to the account and was greeted with the message, “No such account”. Great…except I still receive email from their marketing system even AFTER I’ve clicked “unsubscribe” 5 times! Bottom line is that I’ve had it with Microsoft. I’ll keep using their O/S but outside of that, I’m no longer patronizing them because of the extreme lack of customer care.