Archive for June 18, 2023

Elon Musk’s New Problem Of The Day: The National Music Publishers’ Association Are Suing Twitter For $250 Million

Posted in Commentary with tags on June 18, 2023 by itnerd

Elon Musk has a never ending series of problems when it comes to Twitter. And his latest one is that the National Music Publishers’ Association is suing him for $250 million. Why? Here’s what the complaint says:

This is a civil action seeking damages and injunctive relief for Twitter’s willful copyright infringement. Twitter fuels its business with countless infringing copies of musical compositions, violating Publishers’ and others’ exclusive rights under copyright law. While numerous Twitter competitors recognize the need for proper licenses and agreements for the use of musical compositions on their platforms, Twitter does not, and instead breeds massive copyright infringement that harms music creators.

And what doesn’t help is the fact that this lawsuit cites this Tweet from Elon Musk:

Well, this is an example of Elon’s habit of Tweeting before thinking is coming back to haunt him. But the larger issue is this. I’m old enough to remember Napster. For those of you who weren’t around in the late 90’s or early 2000’s, Napster was a file sharing service that focused on a then new digital music format called MP3. The problem was, literally everything shared on Napster was illegally obtained music. Or put another way, the service facilitated copyright infringement. And as a result, The Recording Industry Association of America sued Napster. And those lawsuits pretty much destroyed Napster because they not only kept losing those lawsuits, but even when they tried to police the sharing of copyrighted material on the platform, they couldn’t do it in any meaningful way. And as a result they were dead by 2002 having started up in 1999. At a very basic level, this case with Twitter is the same. And while I am not a lawyer, I can see Twitter losing this lawsuit in epic fashion. Especially since according to the lawsuit, Twitter has flipped off calls from the National Music Publishers’ Association for it to obtain the licenses or other agreements needed for musical compositions to be lawfully used on its platform.

For Elon Musk, this may become the best example of F.A.F.O..

Leave a comment »

Reddit Is Forcing Subreddits Open And Forcibly Replacing Moderators

Posted in Commentary with tags on June 18, 2023 by itnerd

The train wreck next to a dumpster fire that is Reddit is getting worse. Word is getting out that Reddit has now taken the rather stupid decision to force open subreddits that are still closed and replacing moderators that won’t do what Reddit says. Here’s an example of this from Mastodon:

The only reason that I can think of for this is that Reddit is hurting because of the API protests, and hurting big time. So as a result Reddit is doing dumb stuff like this. But all that this is going to accomplish is that that Reddit will generate bad press, and they will drive people off the platform. For a business that wants to do an IPO in the second half of this year, this situation is not going to end well. So perhaps Steve Huffman who is Reddit’s CEO should take another approach to address the reasons why people are mad at him rather than adding gasoline to the train wreck next to a dumpster fire that he created? Just a thought.

1 Comment »

Bad News… MOVEit Has More Vulnerabilities

Posted in Commentary with tags on June 18, 2023 by itnerd

You’ve likely seen the news that threat actors are pwning people left and right via a vulnerability in the MOVEit file transfer software. But it now seems that there’s another vulnerability that is out there. This new vulnerability is tracked as CVE-2023-35708 and has put out a document on this vulnerability:

Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment. In Progress MOVEit Transfer versions released before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content.

And:

All MOVEit Transfer customers must take action and apply the patch to address the June 15th CVE-2023-35708 vulnerability discovered in MOVEit Transfer

So the good news is that patches are already out there that addresses this. But I’m going back to the bad news. If you use  MOVEit Cloud, this is the news that the company has for you:

Yesterday we reported the public posting of a new SQLi vulnerability that required us to take down HTTPs traffic for MOVEit Cloud and to ask MOVEit Transfer customers to take down their HTTP and HTTPs traffic to safeguard their environments. We have now tested and deployed a patch to MOVEit Cloud, returning it to full service across all cloud clusters. We have also shared this patch and the necessary deployment steps with all MOVEit Transfer customers. 

All MOVEit Transfer customers must apply the new patch, released on June 16. 2023. Details on steps to take can be found in the following Knowledge Base Article.

Yeah. This keeps getting better and better. It’s as if MOVEit is the gift that keeps on giving for threat actors.

Leave a comment »

US Government Goes After Clop Via A $10 Million Bounty

Posted in Commentary with tags on June 18, 2023 by itnerd

The U.S. State Department’s Rewards for Justice program has decided to go after Clop who are the people behind ransomware attacks via the MOVEit vulnerability. The news was posted on Twitter:

This is bad news for these threat actors because Rewards of Justice is a U.S. Department of State program that offers monetary rewards for information on threat actors and attacks impacting the national security of the USA. So that means that the US Government really wants to get these guys because they’ve been launching attacks over the last two weeks or so, and they’re getting a lot of press because of it. Which means that law enforcement will be spending a lot of time and a lot of effort trying to catch these threat actors. Let’s see how much of an incentive this is to rat these guys out.

Leave a comment »