Last Week’s Quote was “A major source of objection to a free economy is precisely that it … gives people what they want instead of what a particular group thinks they ought to want. Underlying most arguments against the free market is a lack of belief in freedom itself. “- Milton Friedman and David got it right!

This Week’s Quote:  “All progress comes from those who do not take the accepted views, nor accept the world as it is” …by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.

In this issue:

• GoFundMe shuts down Trucker Convoy fundraise
• Hacker takes down North Korea’s internet while watching the Alien saga in pajamas
• Microsoft and Amazon executives warn of China’s AI threat while growing AI hubs in the country
• Tracking Global Online Censorship: A project against social media censorship
• WordPress plug-in has RCE flaw that makes tens of thousands of websites vulnerable
• FBI confirms testing NSO’s spyware

Elsewhere online:
 

• A functional overview of impervious browser
• An unprecedented satellite picture captures never-before-seen aircraft at Area 51
• Hacker steals $322 million worth of crypto-assets from Wormhole Portal
• Online users can be tracked by GPU fingerprinting
• WhiteSource discovered 1,300 malicious JavaScript npm packages in 2021
  

GoFundMe shuts down Trucker Convoy fundraiser

The rally by Canadian truckers to end the vaccine mandates for travel is into its second week now, despite all efforts by the mainstream media to demonize them and Big Tech to hamstring their funding.

On Friday, GoFundMe announced that they had suspended the FreedomConvoy’s funding, which had exceeded $10 million CAD. To make matters worse, they  put a time limit on refund requests and said that they would then simply redistribute the funds unclaimed to other “approved charities.”

Needless to say, this set off a rather rapid chain of events, including a backlash against GoFundMe (I don’t know about you, but I’ll never use them again). By Sunday night they walked back the redistribution aspect of their move and said they would simply refund everybody. Other entities stepped up to facilitate the fundraiser efforts, including GiveSendGo, who reportedly came under DDoS attacks for stepping up, but have hung tough so far.

People are now also donating via crypto-currencies, which, as I wrote over the weekend, were just validated and completely vindicated by GoFundMe’s move.

It doesn’t matter if you are for or against #FreedomConvoy2022, the larger point is who gets to decide what you do with your money?

As I wrote over the weekend, the GoFundMe debacle was a preview of what we all face when governments of the world move to Central Bank Digital Currencies (CBDC). This is why cryptos are killing it. Because it’s part of the decentralized revolution that is sweeping the world.

Read: https://bombthrower.com/articles/gofundme-just-proved-bitcoins-use-case/


Hacker takes down North Korea’s internet while watching the Alien saga in pajamas

According to some observers, North Korea had been having mysterious outages in its network for the past two weeks. Although it was not entirely clear what caused the crash, there was speculation that the North Korean network may have been the victim of cyberattacks by foreign governments’ hackers. However, the responsibility lies in the hands of an American man in pajama pants that goes by the handle P4X and —as he explained to Wired— he brought down the “communist dictatorship” because some of the country’s hackers attacked him.

According to P4x, “if they do not see we have teeth, the attacks will continue.” “I want them to understand that if they come at us, it will mean some of their infrastructures will go down.”

Western security researchers, including P4x, were targeted as part of an apparent hacking campaign designed to steal their hacking tools and details of software vulnerabilities. Although the North Korean hackers didn’t manage to take anything of value, the researcher felt deeply unnerved by the state-sponsored cyberattack and by the government’s failure to respond in any obvious manner.

P4x claims to have discovered several known but unpatched vulnerabilities in North Korean systems that he has used to launch several “denial-of-service” attacks against the servers and routers that the country’s few internet-connected networks rely on. However, he declined to publicly disclose those vulnerabilities, which he believes would help North Korea to defend itself.

Read: https://www.wired.com/story/north-korea-hacker-internet-outage/ 


Microsoft and Amazon executives warn of China’s AI threat while growing AI hubs in the country

Although their executives have expressed concern about the AI threats posed by China, the two biggest U.S. cloud companies continue to expand their AI operations in the Asian country. Sadly, this is not something new, as researchers in the field of AI have historically ignored political borders and collaborated globally in the name of scientific advancement.

However, geopolitical voices are growing louder in the conversation around AI. Western governments are worried about China’s efforts to develop AI and its use in facial recognition programs, algorithmic social scoring, and the potential for powerful AI-driven armaments.

Such is the concern that leaders in the AI field —including some representatives from AWS, Microsoft, and Google— recently served on a U.S. commission that wrote a report cautioning against China overtaking the U.S. in this field. However, in contradiction to this message, AWS and Microsoft have vigorously expanded their operations to developing AI within China.

In this regard, Dan Harris, a lawyer with Harris Bricken, which works with companies doing business in China, said these companies aren’t blind to the risks that such efforts would bring; they don’t want to talk about it. “The thing is, companies generally are concerned with only their bottom line, and that’s what shareholders are concerned with, so if it’s not illegal, they’re doing it,” said Harris.

Read: https://www.protocol.com/enterprise/aws-microsoft-china-ai-cloud#toggle-gdpr


Tracking Global Online Censorship: A project against social media censorship

Last Thursday, The Electronic Frontier Foundation (EFF) launched Tracking Global Online Censorship. This multilingual web portal will enable users and researchers to understand better corporate censorship and how it affects freedom of expression around the globe.

This newly launched website aims to educate the online community about the restrictions put in place by Facebook, Twitter, and other platforms that silence the voices of marginalized groups and block dissenters from communicating, networking, and sharing their stories.

As Jillian York, Director of International Freedom of Expression at the EFF, explains, the strategy is to raise awareness about the impact of platform censorship, foster collaboration among advocacy groups that fight international speech restrictions, and empower users and marginalized groups with the tools to fight corporate suppression of freedom of speech.

Site updates will provide new resources and information regularly. The site is home to original research and commentary from EFF and curated content from allies, mainstream and niche media outlets with proven records of coverage of content moderation and freedom of expression issues, as well as other reliable sources.

Read: https://www.eff.org/press/releases/eff-launches-tracking-global-online-censorship-project-shine-light-how-content


WordPress plug-in has RCE flaw that makes tens of thousands of websites vulnerable

The Essential Addons for Elementor plug-in, widely used by WordPress sites, has a bug that allows remote code execution that could compromise thousands of websites. This plug-in — which has over a million installations worldwide — provides webmasters with the ability to add customizations to WordPress pages created using the Elementor page builder for WordPress.

According to PatchStack, this vulnerability allows the user to perform a local file inclusion attack on a portal that uses a vulnerable version of the Elementor plug-in regardless of their authentication or authorization status. As such, threat actors can exploit this vulnerability to include malicious files on the website’s file system and then execute them remotely.

Over the past few years, WordPress website operators have faced an increasing number of security vulnerabilities, most of them involving plug-ins for the platform. However, according to Pravin Madhani, CEO and co-founder of K2 Cyber Security, WordPress users can reduce the risk of exposure to these threats by implementing some basic practices.

“Keep up to date on the incidents reported by your tools, and follow up on reports regularly, especially any critical security incidents,” Madhani advises. “Make sure you have good password rules and password security (like MFA) for your WordPress site.”

Read: https://www.darkreading.com/vulnerabilities-threats/tens-of-thousands-of-websites-vulnerable-to-rce-flaw-in-wordpress-plugin 


FBI confirms testing NSO’s spyware 

The Federal Bureau of Investigation (FBI) admits to acquiring and testing Pegasus spyware from the Israeli tech company NSO but denies ever using it in investigations since its sole purpose was to keep abreast of emerging technologies. The confirmation comes after a first report published by The New York Times where it was aired that, in reality, the FBI and NSO Group would have had some commercial agreement in the past.

As reported by the Post, the FBI tested the spyware on phones using foreign SIM cards and discussed the legality of a version of Pegasus — called Phantom — that could be used in the United States.

Other details from the Times’ report, such as the allegation that NSO had racked up a $5 million bill and that it renewed a contract with Pegasus, were not confirmed by the FBI. Considering possible operational and security concerns, technical solutions and problems will be routinely identified, evaluated, and tested by the Federal Agency.

The software of the surveillance company has been surrounded by controversy after learning that fifty governments, several of them autocratic, have used it to control dissidents and journalists, according to an international investigation released in 2021. Following that complaint, the Department of Treasury added NSO to the list of companies vetoed in public contracts.

Read: https://www.theverge.com/2022/2/2/22914854/fbi-nso-pegagus-tests-us-phone-numbers-legality 


Elsewhere online:


A functional overview of impervious browser

https://newsletter.impervious.ai/impervious-browser-functionality-overview/ 


An unprecedented satellite picture captures never-before-seen aircraft at Area 51

https://www.thedrive.com/the-war-zone/44057/mysterious-aircraft-spotted-at-area-51-in-unprecedented-satellite-image 


Hacker steals $322 million worth of crypto-assets from Wormhole Portal

https://therecord.media/cryptocurrency-platform-wormhole-hacked-for-an-estimated-322-million/ 


Online users can be tracked by GPU fingerprinting

https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online/ 


WhiteSource discovered 1,300 malicious JavaScript npm packages in 2021

https://www.darkreading.com/attacks-breaches/whitesource-threat-report-reveals-massive-uptick-in-cyberattacks-related-to-javascript-npm