Archive for December 3, 2022

Twitter Alternative Hive Goes Offline After HUGE Data Breach

Posted in Commentary with tags on December 3, 2022 by itnerd

People who weren’t happy about Elon Musk taking over Twitter have run to Hive which saw massive amounts of growth recently. But Hive is now offline after a stunningly huge data breach:

A report published earlier this week alleges that Hive had a massive—and I do mean massive—problem on its hands. According to the German security collective Zerforschung, Hive had grievous software vulnerabilities that exposed pretty much all of its users’ personal data to the internet. A cybercriminal aware of the bugs would have been able to steal Hive users’ kit and caboodle—everything from private messages to registered account information. Researchers claim the bugs were so serious that they refrained from sharing technical details about them—fearing that hackers would exploit them.

According to Zerforschung’s blog:

“The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login. Attackers can also overwrite data such as posts owned by other users…”

Zerforschung researchers say they reached out to Hive last Saturday about the security vulnerabilities but that the company failed to fix a majority of the issues in the report. After a couple of days, researchers decided to publish their findings, labeling their blog “Warning: do not use Hive Social.” It was only after the research went live that Hive publicly acknowledged the security issues and subsequently took its service offline.

On Thursday, Hive put out a statement, ironically posting it to the platform’s Twitter account. It reads: “The Hive team has become aware of security issues that affect the stability of our application and the safety of our users. Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience.” In an additional post, Hive optimistically quipped: “Our server is temporarily shut down. You’ll be able to sign up once we’re back online!”

Whatever is going on, it must be pretty bad to take the entire site down. As I type this, it appears that Hive might be slowly coming back online. Though a check of their Twitter account indicates that it isn’t online. But when they do pop up, I hope that they have their security situation sorted out because you can bet that everyone and their dog will be looking for holes because of this incident.

Leave a comment »

Twitter Massively Misses Ad Revenue Targets Further Adding To Elon Musk’s Troubles

Posted in Commentary with tags on December 3, 2022 by itnerd

Elon Musk’s troubles with Twitter are really starting to mount. And that’s being illustrated by this New York Times article that a reader pointed me towards were Twitter is massively missing its ad revenue targets at a time that Twitter should not only be hitting them, but exceeding them:

The World Cup has historically been a boon for Twitter, bringing in record traffic and an influx of advertising dollars.

But this time, when the global soccer tournament started on Nov. 20, Twitter’s U.S. ad revenue was running at 80 percent below internal expectations for that week, three people with knowledge of the figures said.

In tandem, Twitter was rapidly cutting its revenue projections. The company previously forecast that it would generate $1.4 billion in the last three months of the year, down from $1.6 billion a year ago because of the global economic downturn. But as Twitter kept missing its weekly advertising targets, that number slid to $1.3 billion, then to $1.1 billion, two people said.

Elon Musk, Twitter’s new owner, has warned repeatedly that his social media company faces dire financial straits. Interviews with seven former employees and internal documents seen by The New York Times paint a fuller picture of Twitter’s financial woes.

Here’s why this is happening according to the Times:

Many of the company’s troubles can be traced to Mr. Musk’s takeover in late October. Since then, advertisers — which provide 90 percent of Twitter’s revenue — have paused some spending on the platform, citing concerns about how Mr. Musk might change the service. The billionaire, a self-described “free speech absolutist,” has reinstated banned accounts and dropped at least one misinformation policy. Hate speech on Twitter has soared in recent weeks, researchers found.

At the same time, Mr. Musk has alternated between wooing advertisers and blasting them. Last month, he threatened a “thermonuclear name & shame” of brands that halted their spending on Twitter. This week, he briefly picked a fight with Apple, which was on track to spend more than $180 million on Twitter ads this year, three people said.

Elon has really painted himself into a corner here with no clear way to get himself out of the situation that he’s in. His behavior has sent Twitter into free fall. And at some point he’ll have to make a call as to what he will do to salvage the situation. Because the longer that this goes on, the less options that Elon has at his disposal. Which means that it is more likely that Twitter crashes and burns under his watch.

Leave a comment »

Eufy Needs To Be Banned Because They Can’t Be Trusted

Posted in Commentary with tags , on December 3, 2022 by itnerd

This week it came to light that Eufy has been lying about the security of their cameras. That’s not a surprise to me as when I reviewed their cameras last year, they were dealing with similar issue where users could see other people’s cameras without any effort. The issue was corrected quickly. But it wasn’t the first time something like this has happened.

Now in case you didn’t want to read any of that, here’s the TL:DR (too long, didn’t read) on this: Eufy’s cameras aren’t as secure as they have claimed for years. Threat actors with the right information can watch video from your Eufy camera. If that’s not bad enough, Eufy also uploads some data to the cloud that customers were previously unaware of. Now the company has issued an apology and has updated its product language in the Eufy app to better clarify which settings will trigger a cloud upload. Though, in a bizarre twist, Eufy issued a second statement on December 2 that from a PR and customer confidence standpoint sucks:

“eufy Security adamantly disagrees with the accusations levied against the company concerning the security of our products. However, we understand that the recent events may have caused concern for some users. We frequently review and test our security features and encourage feedback from the broader security industry to ensure we address all credible security vulnerabilities. If a credible vulnerability is identified, we take the necessary actions to correct it. In addition, we comply with all appropriate regulatory bodies in the markets where our products are sold. Finally, we encourage users to contact our dedicated customer support team with questions.”

Now where I sit, I can’t say if Eufy is just lazy when it comes to security, or if they are trying to do something nefarious. But seeing as they are a Chinese company, issues like these have to be treated with some degree of extra suspicion. And seeing as this has happened more than once, I think we’re at a point where retailers should not only stop selling their gear, but I would argue that governments should ban this company from being able to sell their gear. Just like Huawei has been banned from many telcom networks.

Eufy keeps saying that that they will do better going forward. But we’re not seeing evidence of that seeing as this keeps happening. At this point I am through giving them chances. And so should governments around the world because there is no way that this sort of behavior by Eufy should be tolerated. A ban will send the message to Eufy and others that they need to talk the talk and walk the walk when it comes to security. Plus if Eufy or others really want to have the confidence of consumers, they need to have their claims validated by a third party. But I suspect that Eufy won’t subject themselves to that level of scrutiny. Thus they need to be banned. And the sooner the better.

Now if you ask me what you should do if you have an Eufy camera? My advice would be to rip them out because your privacy and security is invaluable. That is true for both indoor cameras and outdoor ones too. I would even go as far as to say that you shouldn’t even resell them as you’re just passing along a major problem to someone else which is not fair on that person. My advice is to recycle them at your local electronics recycling facility and take these security and privacy nightmares out of circulation forever.

Finally, if Eufy is reading this, I have to say that you’ve created this mess and it’s way too late for you to say sorry for it. Consumers put a lot of trust in the vendors of this sort of gear and you’ve burned through that trust. And since you can’t fix your issues, hopefully governments around the world will fix it for you by banning you out of existence.

Game over Eufy.

2 Comments »