• Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books
Subscribe

AxisOfEasy Subscribe

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

#AxisOfEasy 287: Google Blocks Percentage Of Canadian Users From Accessing The News Online In Light Of Canadian Bill C-18

by Mark E. Jeftovic on February 28, 2023

Weekly Axis Of Easy #287


Last Week’s Quote was “People should think less about what they ought to do and more about what they ought to be,” by  Meister Eckhart.  No right answers, no winner.  

This Week’s Quote: “It does not matter how slowly you go as long as you do not stop.” By ???

THE RULES:  No searching up the answer, must be posted at the bottom of this post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of February 27th, 2023 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.
 
In this issue:
  • Google blocks percentage of Canadian users from accessing the news online in light of Canadian bill C-18
  • Chinese cybersecurity company, Pangu Lab, alleged to have identified “against the west” hacking group members
  • The case for adopting DNSSEC, and why it’s so unpopular
  • Twitter faces backlash for removing SMS two-factor authentication for non-paying users
  • GoDaddy confirms sophisticated cyber attack on servers, leading to intermittent website redirections
  • Mark Jeftovic on Red Jacket Capital podcast: “Buying Bitcoin is like buying the whole internet in 1990”


Elsewhere online:

  • New MyloBot Botnet compromising over 50k computer systems daily in the US, Indonesia, India, and Iran
  • Indian ticketing platform RailYatri hacked, exposes 12GB worth of data, including location points of millions of travelers
  • New Zealand government document reflects plans to deal with disinformation surrounding response to the pandemic
  • Cybercriminals launch ransomware attacks using old bugs
  • European Commission phones are now banned from using TikTok, amid cyber security concerns


Google blocks percentage of Canadian users from accessing the news online in light of Canadian bill C-18

In light of the Canadian government passing the Online News Act (better known as Bill C-18) in December 2022, Google has temporarily blocked a percentage of Canadian users from accessing the news online. The controversial bill requires companies like Google and Meta to compensate Canadian media companies (such as Bell, Rogers, Shaw, Postmedia, and the Globe and Mail) for reposting their work online. It does this by asking tech giants to pay for links that refer users back to a Canadian news website.

Canadian Heritage Minister, Pablo Rodriguez, says that the government will not be intimidated by Google and Facebook’s threats to reduce or block access to the news on their platforms in Canada. However, according to Canadian academic Michael Geist, the Canada Research Chair in Internet and E-Commerce Law at the University of Ottawa, this threat must be taken very seriously. Geist believes that Bill C-18 is a poorly crafted law that poses great risks to Canadian press freedoms, is inconsistent with international copyright law, and is actively harming innovative digital news services.

According to the government, by mandating the payment of third-party links, Google and Meta alone could cover up to 35% of Bell, CBC, Postmedia, Torstar, and hundreds of other news outlets’ news expenditures. Yet Geist argues that Bill C-18 is actually giving economic value to links when there isn’t any and that the same effect could have been achieved more effectively by establishing a journalism fund backed by Internet companies. As it stands, the government’s expectations for payments are exorbitant, estimated at slightly lower than $215m.

With a company like Google that already has a history of stopping news services in response to government legislation, Geist warns that it may very well soon stop offering its services in Canada should that service prove of low economic value.

Read: https://www.michaelgeist.ca/2023/02/googletestsblocking


Chinese cybersecurity company, Pangu Lab, alleged to have identified “against the west” hacking group members

In a report published last Sunday, researchers from the Chinese cybersecurity company, Qi An Pangu Lab, claim to have identified 6 members of the pro-western intelligence hacking group, Against the West (ATW). Tabloid paper, The Global Times, reports that of the 6 identified members, 3 are from France and 1 is from Canada.

The only identified ATW member to be named is Swiss national Tillie Kottmann, who goes online by “maia arson crimew.” The Global Times reports that crimew was charged in March 2021 by the US DoJ for hacking into more than 100 US companies and leaking their data online. However, since her case was abruptly suspended at the end of March, “China has been one of Kottmann’s main targets.”

According to a 2022 interview with Databreaches.net, ATW claims to be “ex-intelligence.” Members have claimed that the organization’s targets are “Russia, Belarus, China, Iran and North Korea, and it is willing to share files with the US and the EU,” says the Global Times. The group is now best known for releasing source code from several Chinese organizations.

The Pangu report mainly describes ATW’s activities as including “large-scale scanning and attacks against technical vulnerabilities on SonarQube, Gogs, Gitblit and other open-source network systems. They would then steal related source code and data, which can be used to further exploit and penetrate the network information system.”

Chinese cybersecurity companies have recently doubted the authenticity of claims surrounding Western hacking activities published in The Global Times, as these are often under the sponsorship of the Chinese Communist Party.

Read: https://therecord.media/against-the-west-hackers-allegedly-identified-pangu-lab/


The case for adopting DNSSEC, and why it’s so unpopular

The early days of the Internet saw a rapid churn in technology. However, one protocol has remained relatively constant across more than forty years of the Internet: the Domain Name System and the associated DNS name resolution protocol.

One of the most significant and innovative changes is the security framework for DNS, namely the Domain Name System Security Extensions (DNSSEC). The DNSSEC is a set of protocols that allows DNS servers to digitally sign DNS records. Signatures can then be validated by DNS resolvers. This helps prevent various DNS attacks like spoofing, cache poisoning, and man-in-the-middle attacks.

However, the adoption of DNSSEC has largely been unenthusiastic. Despite its potential security benefits, adoption has been slow, and many clients and DNS servers do not support it. To understand why it is crucial to explore the main drawbacks of deploying DNSSEC.

The biggest turn-off is its added complexity and the labor it requires. DNSSEC requires DNS zone administrators to perform additional tasks, including key management, regular key updates, key rollovers, and coordination of keys with the parent zone and delegates. The issue of how to sign larger zones is a logistic accomplishment.

Response sizes are another major issue for DNSSEC. DNS responses with large sizes affect the DNS performance and reliability, causing latency and slower resolution times. Adding DNSSEC digital signatures to a response may cause the response size to exceed its limits.

So while DNSSEC might be an essential part of a robustly secure Internet, it is still debated whether it is worth the effort and its downsides. The argument for DNSSEC lies in the weaknesses of the existing Internet name infrastructure, which is based on a trust model. Our experience with bad-faith actors shows that this may not be good enough.

Read: https://blog.apnic.net/2023/02/20/opinion-to-dnssec-or-not/

 

Twitter faces backlash for removing SMS two-factor authentication for non-paying users

Elon Musk’s Twitter has stirred controversy by disabling the text message/SMS method of two-factor authentication (2FA) for non-subscribers to its paid Twitter Blue service.

Twitter claims that this decision is due to security concerns, as bad actors have previously exploited this method. Instead, the company is pushing users to consider using authentication apps or security keys as alternatives.

Twitter has given non-Twitter Blue subscribers who are already enrolled in the SMS method of 2FA 30 days to disable this method and enroll in another. After March 20, 2023, Twitter will no longer allow non-Twitter Blue subscribers to use text messages as a 2FA method.

However, security experts criticize this move, arguing that text-based 2FA is better than having no 2FA. They also say that this decision may create a false sense of security among paying subscribers who may believe that the weakest form of 2FA is a premium feature.

Twitter’s data revealed that only 2.3% of all its active accounts enabled at least one two-factor authentication method between July and December 2020.

Furthermore, out of that percentage, 80% used the weaker SMS-based authentication, which is known to be susceptible to phishing and SIM-hijacking attacks.

Twitter has acknowledged the low adoption rate of 2FA and the industry-wide challenge it poses. The company stated that there is a need to encourage broader adoption of 2FA and to improve the ease with which accounts can use it to increase security on Twitter.

Elon Musk’s acquisition of Twitter last year was seen as an opportunity to promote cybersecurity tech innovation, especially around identity, multi-factor authentication, and botnet detection. However, this recent move by Twitter has generated criticism from security professionals, who are calling for greater emphasis on improving security practices, including 2FA adoption.

Read: https://www.securityweek.com/twitter-shuts-off-text-based-2fa-for-non-subscribers/


GoDaddy confirms sophisticated cyber attack on servers, leading to intermittent website redirections

Website hosting giant GoDaddy has confirmed that a hacker gained access to its servers, causing some of its customer websites to intermittently redirect.

The company said it first became aware of the issue when customers reported problems in early December 2022.

GoDaddy then confirmed that the intrusion was the result of a “sophisticated and organized group” that targeted several hosting services. GoDaddy took remedial action to solve the issue and has implemented new security measures to prevent future attacks.

According to GoDaddy, the group intended to infect websites and servers with malware, allowing them to launch phishing campaigns and distribute malware for malicious purposes.

Instead of hacking their way in, the attackers used known compromised credentials to log in and leave vectors for re-entry. GoDaddy has urged its customers to perform their own website audits and to trust the company’s security team in the wake of the breach.

The company also offered its customers free website security and malware removal services. The breach occurred a few weeks after a malicious campaign was discovered, which targeted victims across the Middle East and North Africa.

Using public cloud hosting services to host malicious CAB files and themed lures to trick Arabic speakers into opening infected files.

Read: https://www.infosecurity-magazine.com/news/godaddy-source-code-stolen-malware/


Mark Jeftovic on Red Jacket Capital podcast: “Buying Bitcoin is like buying the whole internet in 1990”

Dave Sanderson (redjacket.ca)  interviews Mark Jeftovic about all things Bitcoin.

Watch: https://www.youtube.com/watch?v=ph4JUDpxscM&t=17s&ab_channel=RedJacketCapital


Elsewhere online:

New MyloBot Botnet compromising over 50k computer systems daily in the US, Indonesia, India, and Iran
Read: https://thehackernews.com/2023/02/mylobot-botnet-spreading-rapidly.html

Indian ticketing platform RailYatri hacked, exposes 12GB worth of data, including location points of millions of travelers
Read: https://www.hackread.com/indian-ticketing-platform-railyatri-hacked/

New Zealand government document reflects plans to deal with disinformation surrounding response to the pandemic
Read: https://www.zerohedge.com/political/how-new-zealand-dealt-disinformation

Cybercriminals launch ransomware attacks using old bugs
Read: https://cyware.com/news/threat-actors-weaponize-old-bugs-to-launch-ransomware-attacks-8d882f83/

European Commission phones are now banned from using TikTok, amid cyber security concerns
Read:https://www.darkreading.com/endpoint/tiktok-ban-hits-eu-commission-phones-cybersecurity-worries-mount


Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

  • February 20th, 2023: Do The Secrecy Provisions Of The Cybersecurity Bill Go Too Far?
  • February 13th, 2023: Indigo Is The Latest Victim Of A String Of Cyber Attacks On Canadian Companies
  • February 6th, 2023: Canada’s ‘Cybersecurity’ Bill Is A Dangerous Overreach
  • January 30th, 2023: GoTo’s Data Breach Is Even Worse Than Previously Thought
  • January 23rd, 2023: California’s Unprecedented Data Breach Highlights Need For Privacy In Public Safety

 

 

 

 

 

2 responses to “#AxisOfEasy 287: Google Blocks Percentage Of Canadian Users From Accessing The News Online In Light Of Canadian Bill C-18”

  1. John says:
    March 1, 2023 at 9:13 am

    This Week’s Quote: “It does not matter how slowly you go as long as you do not stop.” By ???

    Oh boy… you’re slipping, this one is WAY too easy, everybody knows that’s what the turtle said to the hare at the finish line.

    Reply
  2. JP says:
    March 4, 2023 at 6:41 pm

    This Week’s Quote: “It does not matter how slowly you go as long as you do not stop.” By ???

    – Police officer explaining the ticket I got for running a stop sign

    – Or perhaps Thomas Edison?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Be informed. Be safe. Be amused, often stunned with #AxisOfEasy Weekly Enter your email below to receive a concise, insightful weekly briefing. When you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

#AxisOfEasy
#AxisOfEasy
Bombthrower
Bombthrower
Metaviews
Metaviews
Of Two Minds
Of Two Minds
Uncategorized
Venture Crapital
Venture Crapital
#AxisOfEasy is brought to you by....

easyDNS

Power & Freedom™ since 1998




easyDNS

Latest Headlines

  • #AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings
  • Welcome to the Era of Warring Elites
  • And Just Like That, The Tight Money Era Is Over
  • We’ve Forgotten That Business-Cycle Recessions Are Essential
  • Is your bank “important” enough to save? Don’t count on it.
  • Funny Things Happen on the Way to "Restoring Financial Stability"
  • #AxisOfEasy 289: Drop What You’re Doing: Update Android Edition
  • A Mismatch of Short and Long-Term Interest
  • Banks, Banks, Banks: The Elephant Nobody Even Sees
  • King of the Simps

Latest Comments

  • David Hutchinson on #AxisOfEasy 289: Drop What You’re Doing: Update Android Edition: “my guess is Ronald Reagan.”
  • Sandy on #AxisOfEasy 289: Drop What You’re Doing: Update Android Edition: “Oscar Wilde. I really like this one.”
  • Mark Nair on #AxisOfEasy 289: Drop What You’re Doing: Update Android Edition: “The quote sounds like Kafka, but it’s not dark enough. I’m going with Oscar Wilde.”

Behold The Axis

  • Epsilon Theory
  • Guerrilla Capitalism
  • James Kunstler
  • Metaviews
  • OfTwoMinds
  • Peak Prosperity
  • TTMYGH
  • Venture Crapital
  • Zerohedge

Tags

  • 2FA
  • ATW
  • Bell
  • bitcoin
  • botnet detection
  • C-18
  • CAB
  • CBC
  • China
  • Dave Sanderson
  • DNSSEC
  • Elon Musk
  • Gitblit
  • Globe and Mail
  • godaddy
  • Gogs
  • Mark Jeftovic
  • Michael Geist
  • MyloBot
  • New Zealand
  • Pablo Rodriguez
  • Pangu Lab
  • Postmedia
  • Qi An
  • RailYatri
  • Red Jacket Capital
  • redjacket.ca
  • Rogers
  • Shaw
  • SMS
  • SonarQube
  • TikTok
  • Tillie Kottmann
  • Torstar
  • twitter

Latest Headlines

#AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings

0 Comments

Welcome to the Era of Warring Elites

0 Comments

And Just Like That, The Tight Money Era Is Over

0 Comments

We’ve Forgotten That Business-Cycle Recessions Are Essential

0 Comments

Is your bank “important” enough to save? Don’t count on it.

0 Comments

Funny Things Happen on the Way to "Restoring Financial Stability"

0 Comments
  • 1
  • 2
  • 3
  • …
  • 190
  • Next »

Latest comments

#AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings

0 Comments

Welcome to the Era of Warring Elites

0 Comments

And Just Like That, The Tight Money Era Is Over

0 Comments

We’ve Forgotten That Business-Cycle Recessions Are Essential

0 Comments

Is your bank “important” enough to save? Don’t count on it.

0 Comments

Funny Things Happen on the Way to "Restoring Financial Stability"

0 Comments
  • 1
  • 2
  • 3
  • …
  • 190
  • Next »

Latest tweets

  • The weekly #AxisOfEasy (289) featuring @JoeyTweeets and @TheBTCPriceBot is now up - and in your fave podcast feeds.… https://t.co/PI3q2Upxl53 days ago
  • RT @keyvandavani: Blowing Up The Clown World with Mark Jeftovic @StuntPope https://t.co/lkbaIymPAm5 days ago
  • Drop what you’re doing: Update Android edition Lazarus Group employs BYOVD attack & fileless execution in South K… https://t.co/zYj0SSHteU6 days ago
  • RT @easyDNS: Introducing easyNostr: easily setup your #Nostr NIP-05 identifiers under one of our domains, or bring your own domain: https:/…9 days ago

Plug into the #AxisOfEasy on....

Enter your email below to receive a concise, insightful weekly briefing

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books

(c) 2017 - 2020 AxisOfEasy Media

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books