Weekly Axis Of Easy #103
Last Week’s Quote was “You never know how strong you are until being strong is your only choice”, ja, it was Bob Marley mon. Winner, Paul Packbier
This Week’s Quote: “Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth.” … by ????
THE RULES: No searching up the answer, must be posted in the comments below:
The Prize: First person to post, gets their next domain or hosting renewal on us.
In This Issue:
- Are you inadvertently paying for an Apple Music Subscription?
- Google wants to “prevent the next Trump situation” in 2020
- Millions of Exim servers vulnerable to remote exploits
- Politicians the world over want to slam the brakes on Facebook’s Libra
- Pentagon has lasers that can ID you by your heartbeat
- Grubhub snatching thousands of restaurant domain variants
- NSA exposed for improperly collecting citizens phone records (again)
- Tesla critics domains seemingly blocked across social media platforms
Are you inadvertently paying for an Apple Music Subscription?
Short version right now is I discovered I have been being billed for Apple Music Subscription after I ostensibly commenced a “3 month free trial” in December. I have Spotify so I have no reason to subscribe to another music service. Calls to Apple support say they can’t tell me how I opted into the program but they refunded me 2 of the 3 months I’ve been billed for this (roughly $10/month).
From asking around on social media, I’m not the only person being billed for a music subscription that I was completely unaware of. Right now I’m trying to get a read on the extent of this issue, so:
If you think you are not a subscriber to Apple’s Music Subscription service:
- Check your iTunes Account Purchase History
- Are there charges for “Apple Music Membership” ?
- IF YES: do you remember ever opting into a free trial for this?
IF you didn’t think you had a subscription to Apple Music Membership, and
IF you are being billed for this (about $10/month)
AND you have no memory of opting into this.
THEN: reply to this email and tell me or let me know in this poll I have running on Twitter
Details to follow, if there’s anything to talk about.
Google wants to “prevent the next Trump situation” in 2020
To put this in context, one has to remember that Google had a company town hall in 2016 where they ruminated about the wrong candidate winning the election. Ordinarily a non-issue as people and companies should be able to favour whomever they want.
Where it gets tricky is when that company has a quasi-monopoly over what the majority of the population sees in response to whatever they search for. Recall, Google previously testified before the US Congress that they don’t manually intervene in search results, only to have it revealed later that they… manually intervene search results.
The latest is another Project Veritas undercover video of a senior Google executive, Jen Gennai, head of “Responsible Innovation” opining on camera that Google should use its AI technologies in a responsible manner, so that “another situation like 2016 cannot happen again”. Gennai also criticized Democratic presidential front-runner Elizabeth Warren’s recommendation to break up the search giant as “misguided”. I find the relevant quote of Jen Gennai with both Warren and “Trump situation” in context highly informative:
“Elizabeth Warren is saying we should break up Google. And like, I love her but she’s very misguided, like that will not make it better it will make it worse, because all these smaller companies who don’t have the same resources that we do will be charged with preventing the next Trump situation, it’s like a small company cannot do that.”
Quizzically, hours after the Project Veritas video was released to the public, it disappeared from (Google owned) Youtube. Weird.
(And in case you’re thinking it, no, we are not “normalizing Trump”, whatever that means. We’re saying that GOOGLE shouldn’t be deciding who should or shouldn’t win an election.)
Millions of Exim servers vulnerable to remote exploits
This one is nearly a month old but I had it earmarked for a few weeks and still want to get it in here: if you are running an Exim mail server version 4.87 or 4.91 then you need to be aware of a critical vulnerability in the deliver_message() function that allows remote attackers to execute arbitrary commands on the server for some non-default configurations. The attackers can execute remote commands (not code) using the exec() function, which will run, as root (of course).
The flaw, assigned CVE-2019-10149 is also “trivially” exploitable locally and could be used as a privilege escalation vector.
Read: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10149
Politicians the world over want to slam the brakes on Facebook’s Libra
I’ve been working on a much bigger blog post about Facebook’s digital currency, Libra because I think the ramifications of this move are far reaching and indicative of a major tectonic shift that began, depending on who you listen to, as far back as 1989 when the Berlin Wall came down and Soviet Empire collapsed. Yes, it’s that big.
There are two books that correctly anticipated that some huge shift had happened – Francis Fukuyama’s “The End of History”, who I think got it wrong for the right reasons, and James Dale Davidson and Lord Rees-Mogg’s “The Sovereign Individual”, who got it right for the wrong reasons. In either case, Libra is a major confirmation of both books’ underlying premise: which is that the nation state as we understand it is being disrupted beyond recognition, right now, at this very moment in history.
I don’t want to put the entire essay here. This is supposed to be a weekly briefing. Suffice it to say… I get it. I get why politicians from both sides of the aisle in the US like Maxine Waters (D) and Patrick Henry (R), and national ministers like France’s Finance Minister, are throwing flags and want to slam the brakes on this.
(I personally think that this is sort of stuff our descendants will read about in their history books. Trump, Clinton, Warren, Biden, et al will be footnotes).
Pentagon has lasers that can ID you by your heartbeat
Everybody has unique fingerprints, retinas, earlobes and I suspected a long time ago which was recently confirmed, gait (which can be tracked via your smart phone, as it happens). Turns out, we also have unique heartbeats, and the US Special Forces have the technology now which can identify people by their heartbeats, through clothes, from a distance of 200 meters.
Grubhub snatching thousands of restaurant domain variants
Maybe this one deserves a longer post as well, because this came up with some crypto-currency exchanges we were doing phishing site detection for in our soon-to-launch Domainsure security platform. Publicly traded Grubhub has been registering thousands of variations of client restaurants domain names, then setting up shadow sites on those domains, which then crowded out the restaurants’ own websites for traffic.
There are a couple of ways to look at this: with the crypto exchanges, when we found similar variations that were then using affiliate links to route that traffic to the client site we encouraged them to let it be. The third-parties were footing the bills for the domains, they were keeping those variants out of the hands of the phishing gangs, and ultimately the traffic was sent where it likely was intended: to the client. Any referral fees earned were out of “found money” (who knows where those users would end up in lieu of those domain variants steering the traffic to them) and that acted as an incentive to furnish that function. With over 1500 live TLDs combined with all the typo variants of a single core domain, this isn’t necessarily a bad arrangement.
BUT, as you read the Grubhub article it seems like Grubhub may be going past that healthy type of symbiosis, and cannibilizing the organic traffic and search engine placement of the client sites themselves, then hitting them with inflated commissions when customers ordered through the knock-off sites. Some restaurants have purportedly been driven out of business as a result. In cases like this, we’d probably recommend action against the knockoff domains because I think they would fit the definition of “bad faith” that is a requirement in a dispute process.
NSA exposed for improperly collecting citizens phone records (again)
The WSJ wrote a piece on how via records obtained by the ACLU and reviewed by the WSJ revealed that the US NSA collected metadata about phone calls and texts from a US phone carrier without authorization. The collection encompassed millions of records and took place in October, 2018, months after the agency said it had purged its database of millions of records it previously collected, also unauthorized, in 2015.
The NSA claims the data was furnished to it in error by an unnamed telecom who was responding to a legal request, authorized by a FISA court, to furnish data pertaining to a foreign country engaged in terrorism (Saudi Arabia? Probably not) began sending data beyond the scope of the warrant, and that the excessive data stopped after the NSA asked the telecom to investigate the anomaly.
Read: https://www.wsj.com/articles/nsa-improperly-collected-u-s-phone-records-a-second-time-11561541520 (paywall)
Tesla critics domains seemingly blocked across multiple platforms
I came across this article in the Financial Times about how the website elonmusk.today, created by software engineer Ted Stein was mysteriously blacklisted by McAfee’s SiteAdvisor even though its own output stated there was no malware present. The purpose of Elonmusk.today is to catalog timelines of various Elon Musk promises alongside counters, in days for how long said promise has gone unfulfilled.
Examples include:
- 71 days since Musk declared there be a million fully autonomous Tesla robotaxis within a year
- 174 days since Musk said the new Roadster will use rocket technology that will enable it to fly
- 153 days since Musk said Telsa would be profitable in all quarters going forward (Tesla announced a 702 million dollar loss 70 days ago).
- 15 days since Elon Musk used Twitter to announce that he’s deleted his Twitter account
That sort of thing. I’ve run several scans on the website, there is no malware there.
So what’s weird about this is I’ve been comparing notes with the guy (who wishes to remain anonymous) who runs the tesladeaths.com website, which is really just a redirect to a Google spreadsheet that catalogs Tesla fatalities, including the ones where autopilot is enabled and then the car does something zany like drive into an 18-wheeler. At various times Facebook was preventing anybody from posting the tesladeaths.com domain in one’s timeline, then that went away. But more recently it was blocked by Twitter. That seems gone now too, as I write this.
It’s almost as if somebody is running a reverse astroturfing campaign to dampen the spread of websites that highlight information critical of Tesla.
The quote is from Marcus Aurelius
Derrida?