Archive for July 31, 2023

BREAKING: The “X” Above Twitter Headquarters Has Been Removed

Posted in Commentary with tags on July 31, 2023 by itnerd

Over the last ten minutes I’ve been bombarded by readers letting me know that the “X” that was at the top of the Twitter building that had ticked off the city and neighbours was gone. Here’s proof via “X” or Twitter or whatever the hell Elon calls it this week:

The “X” was on the building for a whole three days before being removed. As for why, this will help to explain things:

Thirteen complaints have been initiated with San Francisco’s Department of Building Inspections. In the complaints, critics said the sign was put up without a permit, is unsafe, and is a nuisance; one complaint said that its flashing lights made it hard for residents to sleep.

And:

City officials Friday issued a notice of violation to X Corp. for installing the sign without approval. According to public records on the department’s website, representatives for X Corp. repeatedly declined to “provide access” to inspectors who visited the building.

City officials said in a complaint they were told by Twitter the structure was a “temporary lighted sign for an event.”

It’s possible that the sign is only being temporarily dismantled for improvements or to get city approval.

An alternate view is that Elon didn’t want to deal with the blow back from this and nuked the sign. Though given how impulsive this clown is, I am guessing that something else will pop up and be equally as annoying. Count on it.

Leave a comment »

Reddit Announces New CISO

Posted in Commentary with tags on July 31, 2023 by itnerd

Fredrick “Flee” Lee has been announced as Reddit’s new Chief Information Security Officer, reporting to CTO Chris Slowe. Flee has over 20 years of experience leading global information security and privacy efforts at major financial services companies and technology startups, including as Chief Security Officer at Square and most recently as Chief Security Officer and Head of IT at GustoFlee will oversee the Privacy and Security teams at Reddit responsible for identifying and mitigating risks and challenges around information security, privacy, and compliance. 

The security of Reddit platform and Reddit continues to be one of their core trust pillars, and over the past several years, they have continued to bolster their Safety and Security efforts, expanding teams focused on these areas and reinforcing existing measures that protect the platform. As part of their commitment to transparency with their users, they launched a new Transparency Center on RedditInc.com and regularly share their practices, updates, and findings with their community, including in r/redditsecurity. These efforts are central to Reddit’s goals of bringing community and belonging to users around the world. 

Flee is a proud Southerner, raised in Mississippi, and holds a bachelor’s degree in computer engineering from the University of Oklahoma. In his spare time, Flee enjoys rock climbing, snowboarding, mountain biking, road cycling, and powerlifting, and is a passionate Redditor, lurking in r/MMA, r/Awwducational, r/selfhosted, and r/netsec. 

Leave a comment »

Mark Hamill Surfaces An Attempt To Boycott Twitter #August1stTweetOutDay

Posted in Commentary with tags on July 31, 2023 by itnerd

Mark Hamill who is better known as Jedi Master Luke Skywalker from the Star Wars movie franchise has surfaced a move to boycott Twitter tomorrow in order to send a message to Elon Musk. Here’s the Tweet that surfaced this move:

Hamill is known to be outspoken and his followers like him for that. Thus I suspect that by him getting behind this move, it will gain a lot of attention. And chances are a lot of hate from Elon Musk. Which I’m sure he’s fine with. After all he’s taken on the Dark Side of the Force and emerged victorious. Thus I’ll be watching closely tomorrow to see if #August1stTweetOutDay gains the traction that it deserves.

Leave a comment »

Elon Musk Threatens To Sue A Non-Profit That Tracks Hate Speech On Twitter

Posted in Commentary with tags on July 31, 2023 by itnerd

Twitter has become a cesspool of hate speech. And you know that the fact that groups tracking this must bother Elon Musk to no end. Which is why he’s reacting like a two year old and is now serving up threats to sue a specific non-profit for tracking hate speech on Twitter:

X Corp., the parent company of the social media company, sent a letter on July 20 to the Center for Countering Digital Hate, a nonprofit that conducts research on social media, accusing the organization of making “a series of troubling and baseless claims that appear calculated to harm Twitter generally, and its digital advertising business specifically” and threatening to sue.

The letter cited research published by the Center for Countering Digital Hate in June examining hate speech on Twitter, which Mr. Musk has renamed X.com. The research consisted of eight papers, including one that found that Twitter had taken no action against 99 percent of the 100 Twitter Blue accounts the center reported for “tweeting hate.” The letter called the research “false, misleading or both” and said the organization had used improper methodology.

The letter added that the center was funded by Twitter’s competitors or foreign governments “in support of an ulterior agenda.”

What this is really about is that Elon has been called out in public for not only having hate speech on Twitter, but doing nothing to stop it. What Elon really needs to do is to change course on that. But he’s not going to do that as he’s fine with hate speech being on Twitter. And I suspect that he’s not actually going to sue as he has a track record of threatening to sue, but not actually doing so. Thus Elon can be as mad as he wants. His latest outburst is not going to change the fact that Twitter is a cesspool of hate under the watch of Elon Musk.

1 Comment »

Researchers Discover Novel P2Pinfect Malware Campaign Targeting Redis

Posted in Commentary with tags on July 31, 2023 by itnerd

Cado Security will publish a new blog revealing that Cado Security Labs has discovered a novel malware campaign.

Cado Security Labs researchers recently encountered a novel malware campaign targeting publicly-accessible deployments of the Redis data store. The malware, named “P2Pinfect” by the developer, is written in Rust and acts as a botnet agent. The sample analyzed by Cado researchers includes an embedded Portable Executable and an additional ELF executable, suggesting cross-platform compatibility between Windows and Linux.

In the time between encountering P2Pinfect and publishing this blog, Unit42 researchers also published an in-depth analysis of the Windows variant of the malware. According to their findings, the variant they encountered was delivered via exploitation of CVE-2022-0543, an LUA sandbox escape vulnerability present in specific versions of Redis. Cado researchers witnessed a different initial access vector, which will be detailed further in this blog. Which you can read here.

Leave a comment »

A Spotify Email #Scam Is Making The Rounds

Posted in Commentary with tags on July 31, 2023 by itnerd

Having just returned from vacation, I see that a number of scams have entered my inbox. The one that I will speak about today is a Spotify scam that claims that they can’t bill you for using Spotify:

As usual the quality of the English in this email is suspect. Which should be the first hint that this is a scam. The second sign that this is a scam is this:

This isn’t sent from Spotify as the email domain is “app.mail.com” rather than Spotify.com.

But if you take those two things out of the mix, the look of the email mostly fits the style that Spotify uses in their communications. Thus I can see how someone might fall for it.

Now, if you don’t have a Spotify account, and you get this email, the correct response should be to delete it and move on with your day. And even if you do use Spotify, those two things that I pointed out should make you delete this email anyway. But what do the threat actors want? I’m betting that this is a phishing email to steal your personal information or financial details. So let’s find out if that’s true (which by the way you should never, ever do).

This is a pretty good copy of the Spotify page. There are some errors but I can see if someone isn’t looking closely enough that they could fall for this. And by closely enough, I mean this:

This should be Spotify.com. But it isn’t. Which means that this is a phishing page.

And as I expected, here’s where the threat actors try to steal your credit card details. I typed in a bogus credit card number and it let me get to this page:

This makes you think that it’s doing something. But it’s not. If you’ve typed in your actual credit card details, you’ve been pwned. I believe that this and the next page are just for show to keep you on the hook:

You’re supposed to get a text message via the “Verified By Visa” service that Visa has. And this is where things get interesting. I entered a bogus credit card number earlier in this process which the website identified as being a Visa card. And that would be correct as the number that I entered was a Visa card. But I found it interesting that they didn’t validate that the credit card number was valid up front. I am guessing that they are doing the validation on the back end of this scam by using the “Verified By Visa” service to do that. I assume that they has similar checks for MasterCard, Discover, and AMEX.

Crafty.

So now that we know what the threat actors in this scam are up to, my usual advice applies. If you see this email or one like it, look for the things that I pointed out earlier in this article to confirm that it’s a scam, and then delete the email and move on with your day.

UPDATE: The same threat actor has put out a new version of this email. It looks like this:

They also made one other change to the email. Which is the email address that it was sent from:

Clearly they made that adjustment to make the scam more convincing. The rest of the scam remains the same.

Leave a comment »

Rogers May Actually Be Fixing Their Email Issues… Please Help Me To Confirm This

Posted in Commentary with tags on July 31, 2023 by itnerd

Here’s a quick update to the Rogers email issues which have been ongoing for months with seemingly no resolution. But before I get to that, here’s a quick refresher in case you’re new to this fiasco that Rogers has inflicted upon their customers:

  • I first reported on issues with Rogers email, and the inability to generate app specific passwords to allow users of Rogers email to use email clients like Outlook and Thunderbird on March 7th.  
  • This issue dragged on for months. There is a workaround, but that workaround is sub optimal to say the least. And as this issue dragged on into April, I was left with no other option than to recommend to my many clients who are affected by this to dump Rogers as their email provider.
  • Rogers has sort of admitted that there is an issue. But it took them a very long time to do that.

That last update was in the middle May. We’re now in July and I still have a number of clients who have been suffering from this issue. Some of them just got fed up and stopped using Rogers email. Or they got fed up and stopped using Rogers entirely. But some have hung on using Rogers Webmail which is the only way they can get email from Rogers.

However this might be changing. At this point I have only tested this once so I need a bigger sample size to confirm the this is a workable and reliable solution. But here’s what I did with a client yesterday.

Using Microsoft Outlook, I walked through the wizard to create a new email account. Instructions for using that wizard can be found here. As part of that process, this popped up:

Now the credentials that they are asking for are your email address (yournamehere@rogers.com for example), and your password. Specifically the same password that you would use for Rogers webmail. If you enter those credentials, it will do some work in the background and set up an IMAP email account that works perfectly. Though I will note that I had to try this three times before I got to that point, which implies that this does not work perfectly. But based on the sample size of one, it did work.

I would like to hear from others who have issues Rogers email. Does the above instructions work for you? Or has your email just “magically” started to work again? I encourage you to leave a comment below with your feedback as I would like to enhance the above instructions and get a better idea of how well this works for users of Rogers Email.

2 Comments »

US Is Afraid Of Chinese Malware Hidden In Key Infrastructure

Posted in Commentary with tags on July 31, 2023 by itnerd

Alarm bells are ringing in the US with fears that the Chinese have planted a “ticking time bomb” inside key US infrastructure according to the New York Times:

The Biden administration is hunting for malicious computer code it believes China has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world, according to American military, intelligence and national security officials.

The discovery of the malware has raised fears that Chinese hackers, probably working for the People’s Liberation Army, have inserted code designed to disrupt U.S. military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.

The malware, one congressional official said, was essentially “a ticking time bomb” that could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to U.S. military bases. But its impact could be far broader, because that same infrastructure often supplies the houses and businesses of ordinary Americans, according to U.S. officials.

That’s not good if that’s actually true. Joe Saunders, CEO, RunSafe Security had this comment:

The threat of a ticking time bomb like this malware means we need to double-down our efforts to achieve not just memory safety in software in the long term, but memory protection in software immediately. Otherwise we take the risk of losing our ability to support our warfighters and maintain a normal sense of operation in society.

Hopefully this “ticking time bomb” is identified and countermeasures are created to stop it. Because a “ticking time bomb” like this cannot be allowed to go off. Period.

Leave a comment »

Elon Musk Put A Flashing “X” On Top Of The Twitter Building…. And The City Of San Fransisco Along With His Neighbours Are Not Happy About It

Posted in Commentary with tags on July 31, 2023 by itnerd

Proving once again that Elon Musk doesn’t think before he acts, Elon put a flashing “X” on top of the Twitter building over the weekend.

I have to admit that this is pretty obnoxious. And The City Of San Fransisco sees things that way as this happened next:

San Francisco’s Department of Building Inspection launched a complaint against the company on Friday, saying the sign had been installed without a permit. The city agency said that an inspector “spoke with Tweeter [sic] representatives and Building maintenance engineer representatives,” who declined access to the sign but said that it’s “a temporary lighted sign for an event.”

The city inspector said they explained to the company representatives that the structure had to be taken down or legalized to be allowed to remain up.

The inspector returned to the site on Saturday in an attempt to regain access to the sign.”However, upon arrival access was denied again by the tenant,” the city complaint says.

And anyone living in the area isn’t happy about this either:

Video from San Francisco resident and digital journalist Christopher Beale shows the lights in the sign pulsing brightly across the street of his home, saying, “this is my life now.” At another point, the lights of the giant “X” were seen strobing.

“It’s hard to describe how bright it made this intersection,” he said in a video shared by CBS News Bay Area reporter Betty Yu. “But it’s way up off the street and it’s still just like a flash of lightning going off. We came home and tried to watch a movie and it was flashing through this window so bright that even with the shades down, it was so distracting that we had to leave the room and go to the side of the apartment that doesn’t face their building.”

This highlights what an inconsiderate, narcissistic twit Elon is. I’m expecting that the city is going to force him to take the “X” down which will continue to highlight that his “ready, fire, aim” style of doing things doesn’t help his cause.

1 Comment »