Archive for July 7, 2021

BREAKING: Trump Sues The CEOs Of Twitter And Facebook

Posted in Commentary with tags , on July 7, 2021 by itnerd

Former President Donald Trump, who has complained about censorship by social media giants, plans to announce class action lawsuits today against Facebook CEO Mark Zuckerberg and Twitter CEO Jack Dorsey, Axios reported today:

It’s the latest escalation in Trump’s yearslong battle with Twitter and Facebook over free speech and censorship. Trump is completely banned from Twitter and is banned from Facebook for another two years. Trump is scheduled to make an announcement at a press conference today at 11 am. Trump’s legal effort is supported by the America First Policy Institute, a non-profit focused on perpetuating Trump’s policies. The group’s president and CEO and board chair, former Trump officials Linda McMahon and Brooke Rollins, will accompany him during the announcement. Class action lawsuits would enable him to sue the two tech CEOs on behalf of a broader group of people that he argues have been censored by biased policies. To date, Trump and other conservative critics have not presented any substantial evidence that either platform is biased against conservatives in its policies or implementation of them.

I am not a lawyer, but I’m betting he’s going to lose. Here’s why.

What he is asking the court to do is violate both companies first amendment right not to be forced to carry speech they don’t want to publish. In less democratic countries, companies are frequently forced to publish things praising the government. That is not permitted in the USA. Thus he’s going to lose. By a lot.

Microsoft Sort Of Fixes PrintNightmare

Posted in Commentary with tags on July 7, 2021 by itnerd

You’ll recall that I brought you the story of a serious bug in Windows called PrintNightmare which was being exploited. Microsoft has issued out-of-band patches for this bug. Sort of. Patches are available for the following operating systems:

  • Windows Server 2019
  • Windows Server 2012 R2
  • Windows Server 2008
  • Windows 8.1
  • Windows RT 8.1
  • A variety of supported versions of Windows 10
  • Windows 7

Microsoft recommends prompt application of its patches, but its advisory also offers a workaround if you’re not able to install the software.

Here’s the bad news. Microsoft’s advisory states: “Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012.” But, they are on the way says Microsoft. So I would highly recommend that you get to patching all the things to protect yourself.

UPDATE: Microsoft has now released patches for all versions of Windows 10.

#Fail: Hackers Scrape 90,000 User Emails From Right Wing Social Media Platform GETTR Due To “Neglectful API Implementations”

Posted in Commentary with tags on July 7, 2021 by itnerd

Just days after its launch, hackers have already found a way to take advantage of GETTR’s buggy API to get the username, email address, and location of thousands of users. Motherboard reports:

Hackers were able to scrape the email addresses and other data of more than 90,000 GETTR users. On Tuesday, a user of a notorious hacking forum posted a database that they claimed was a scrape of all users of GETTR, the new social media platform launched last week by Trump’s former spokesman Jason Miller, who pitched it as an alternative to “cancel culture.” The data seen by Motherboard includes email addresses, usernames, status, and location. One of the people whose email is in the database confirmed to Motherboard that they are indeed registered to GETTR. Motherboard also verified the database by attempting to create an account with three email addresses that appear in the database. When doing that, the site displayed the message: “The email is taken,” suggesting it’s already registered. It’s unclear if the database contains the usernames and email addresses of all users on the site. 

This is a total #Fail. Here’s why:

Alon Gal, the co-founder and CTO of cybersecurity firm Hudson Rock, found the forum post with the database. 

Gal argued that this incident should be considered a data breach.

“When threat actors are able to extract sensitive information due to neglectful API implementations, the consequence is equivalent to a data breach and should be handled accordingly by the firm and to be examined by regulators,” he told Motherboard in an online chat. 

This should be lesson as to how not to do things. If you’re going to create an alternative social media platform, and it’s one that is guaranteed attract attention, make sure everything is secure. Otherwise you’ll you’ll look like a loser when you get pwned by hackers. As is the case here. The people behind this social media platform should be embarrassed.