Elon Musk Gets Even More Desperate To Boost Engagement On Twitter

Posted in Commentary with tags on February 11, 2023 by itnerd

Elon Musk is clearly desperate to boost engagement on Twitter. I say that because of this Tweet from Korean car maker Hyundai that he responded to:

I am guessing that he means that he wants users to press the heart so it increases engagement. Elon then did this:

So why is Elon doing this. My guess is that it has to do with this CNN report which states that about half of Twitter’s top 1,000 advertisers in September were no longer spending on the platform in the first weeks of this year:

Some 625 of the top 1,000 Twitter advertisers, including major brands such as Coca-Cola, Unilever, Jeep, Wells Fargo and Merck, had pulled their ad dollars as of January, according to estimates from Pathmatics, based on data running through January 25. 

Wells Fargo said it “paused our paid advertising on Twitter” but continues to use it as a social channel to engage with customers. The other brands did not immediately respond to a request for comment.

As a result of the pullback, monthly revenue from Twitter’s top 1,000 advertisers plummeted by more than 60% from October through January 25, from around $127 million to just over $48 million, according to the data.

That has to alarm Elon and it’s clearly making him do some very unconventional things to get engagement up. Because if engagement goes up, he then has something to sell to advertisers. And it ensures that he has cash rolling into Twitter’s bank account. Which based on the CNN report isn’t happening at present. Thus I have a sneaking suspicion that you’re going to see more of this sort of behaviour from Elon as he gets more desperate.

Leave a comment »

CISA Issues Warning About North Korea Hacking Health Care Facilities To Fund Other Cyberattacks

Posted in Commentary with tags on February 10, 2023 by itnerd

Yesterday, the CISA released a waring that North Korean government-backed hackers have conducted ransomware attacks on health care providers and other key sectors in the US and South Korea. Then they used the proceeds to fund further cyberattacks:

This CSA provides an overview of Democratic People’s Republic of Korea (DPRK) state-sponsored ransomware and updates the July 6, 2022, joint CSA North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector. This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.

The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments— specific targets include Department of Defense Information Networks and Defense Industrial Base member networks. The IOCs in this product should be useful to sectors previously targeted by DPRK cyber operations (e.g., U.S. government, Department of Defense, and Defense Industrial Base). The authoring agencies highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks.

Sanjay Raja, VP, Product Marketing and Solutions at Gurucul had this comment:

“Healthcare institutions have already been a target for threat actor groups as they know they have constrained resources and budgets and maintain a wealth of personal and financial information on patients, and disruption can be catastrophic. North Korea’s use of common attacks indicates that these hospitals have neither managed to patch vulnerabilities nor have implemented monitoring solutions with a strong set of threat models to detect these common attacks. North Korean threat actor groups may have also developed variants that can evade solutions, like traditional SIEMs or XDR, that fail to implement trained machine learning in their analytical models that can adapt to new and unknown attack variants.

“Constrained security teams need solutions that focus on leveraging a unified set of advanced analytics, including those that can provide an early warning to known variants of attacks through behavioral analytics, such as UEBA. Identity analytics is also critical for security teams to leverage as stolen credentials is a common method of compromising healthcare systems. These two capabilities along with more traditional endpoint, network and cloud threat detection can help these hospitals with accelerating detection and eliminating manual tasks that burden security teams and waste time.”

Lovely. This is just the latest warning about North Korea and their hacking activities. Which means that given how prolific they are at hacking all the things, you should be paying attention to this and make adjustments to protect yourself.

UPDATE: Matt Marsden, VP, Technical Account Management at Tanium added this comment:

It is not surprising to see North Korean state actors using techniques generally attributed to cybercrime and ransomware gangs. We’ve seen that North Korea will seek to use whatever methods possible to fund weapons and cyber programs.  This activity demonstrates the significance of shifting the focus of cybersecurity from traditional compliance to active defense.

A threat-informed approach to defense requires agility, comprehensive visibility, and control to properly assess the effectiveness of controls against attacks. In contrast, compliance programs seek to measure the implementation of static controls against an established baseline, which values consistency and static configuration. Attackers are creative and seek to exploit misconfigurations to identify gaps in a secure host baseline. They have the advantage of time and scale; and only need to be right once. On the flipside, defenders must be right every time and suffer the disadvantage of trying to predict their adversaries’ next move.

Cyber defenders need comprehensive awareness, and absolute control of what is happening in their environments; blind spots are unacceptable. Employing an active defense approach is critical, including protecting against known threats, scanning for indicators of compromise, performing real-time hunt activities, and preparing a response.

It is no longer a question of “will there be an attack” but “when will I be attacked?” With this sobering thought in mind, it is imperative to quickly identify the compromise, scope the incident, implement changes to stop the attacker and prevent lateral movement, and finally, quickly remediate at scale. 

Leave a comment »

Your View Counts On Twitter Are NOT Accurate… The Question Is Why And What Is Elon Going To Do To Fix This?

Posted in Commentary with tags on February 10, 2023 by itnerd

It seems that Elon Musk has a new problem on his hands. One of the things that Elon added to Twitter were view counts on Tweets to see how much engagement your Tweets are getting. Except that whatever you’re seeing might not be accurate. At least not based on an experiment by Washington Post reporter Taylor Lorenz who I became aware of because she was one of many reporters who were banned by Elon from Twitter and then reinstated after the outcry became too much for him to deal with.

https://twitter.com/TaylorLorenz/status/1623788092124704768

So let’s think about this. If you have a locked and private account, how can 59 people view your Tweets when logic suggests that the view count should be ZERO? Clearly there is something broken here. Perhaps this is somehow related to the reason that Elon locked his Twitter account a week or two ago. Or the cynic in me says that Twitter is straight up lying about view counts. Either way, I would love to see how Elon and company explains this away. Because when advertisers see this, they’ll be wondering if they can trust any analytics that Twitter provides, which in turn will make them question if they should be spending their advertising money elsewhere.

Leave a comment »

TELUS Announces A $125M Contribution To Support Youth And Build Stronger Communities

Posted in Commentary with tags on February 10, 2023 by itnerd

As Canadians face mounting economic uncertainty, devastating humanitarian crises and social injustices plaguing communities at home and abroad, TELUS continues to deliver on its commitment of being the Most Giving Company in the world, generously devoting $125 million and 1.44 million volunteer hours last year alone. While leading North American companies invest 1 per cent of pre-tax profits in society, for the third consecutive year, TELUS has invested 5 per cent of its pre-tax profits back in the community. Since 2000, the TELUS family has led with purpose, gifting $1.5 billion in cash, in-kind contributions, time and programs, including 2 million days of global volunteerism. 

As urgently highlighted in the most recent Giving Report, issued by Canada Helps, the last 15 years has seen a steady decline in charitable donations by Canadians and this is expected to decline even further as lasting effects of the pandemic, economic uncertainty, geopolitical tensions and inflation continue. Last year’s Giving Report highlighted how one in four Canadians (25 per cent) expect to give less in 2022 than they did in 2021, while in contrast, one in four Canadians (26 per cent) expect to use or are already using charitable services in 2022 for basic necessities. 

While purpose-driven initiatives are often first to see corporate cuts or underfunding during recessionary times, TELUS’ focus on putting ESG and social responsibility at the centre of its business strategy ensures that it can continue to deliver critical and sustainable support for our team, communities and Canadians who need our help now more than ever. 

Over the last three years, TELUS’ giving has steadily increased:

  • TELUS Friendly Future Foundation directly impacted the lives of more than 1 million youth in 2022 by granting $10.6 million to 548 charitable organizations. 
  • TELUS gave over $30 million in 2022 to establish a new innovative bursary fund to support economically-disadvantaged Canadian youth to get access to a post-secondary education, even if they can’t afford it.
  • TELUS enabled $6.6 million in community giving in 2022 for humanitarian and emergency relief around the world, directly helping those impacted by the conflict in Ukraine, Hurricane Fiona and Hurricane Ian, the flooding in Pakistan, and the unrest in Iran.
  • Delivering on TELUS’ $10 million commitment to support Indigenous Reconciliation, TELUS has granted donations to 15 community programs supporting food security, cultural revitalization and the health and well-being of Indigenous Peoples across Canada.
  • Launching our first-ever summer camp for Canadian youth focused on inclusivity, well-being, and customized nature experiences.
  • TELUS has expanded low cost internet, mobility, health and technology programs to support 342,000 marginalized individuals to date, including expanding Internet for Good to thousands of low-income seniors in BC, Alberta, and Quebec; expanding the reach of our Mobility for Good program for government assisted refugees and Mobility for Good for Indigenous Women at risk to Ontario.

To learn more about how TELUS is helping create a friendlier future for all, visit telus.com/purpose.

Leave a comment »

Fast Company Highlights How Twitter Being Understaffed Is Coming Back To Bite Elon Musk

Posted in Commentary with tags on February 10, 2023 by itnerd

If the Platformer story that I posted earlier today isn’t enough to highlight the fact that Elon Musk and Twitter are in deep trouble, Fast Company piles on with this story that highlights how Twitter’s staffing issues are creating a death spiral for the company:

Twitter’s outage on Wednesday, which saw the site rendered unusable for most users by blocking people from tweeting within the app, accessing or sending direct messages, and following new users, shows that the social media giant is stuck in a Sisyphean nightmare.

The company needs to update its systems to enact the changes Elon Musk wants to make to the platform (things like extending the maximum tweet length and overhauling the algorithm that presents tweets to users). But, following mass layoffs by Musk, Twitter is now short-staffed, according to former staff, some of whom have contacts still within Twitter, and has been forced to instigate frequent code freezes, preventing the deployment of iterative changes to the platform’s codebase. That means vast volumes of code changes are pushed out at once when they do happen—so if anything goes wrong, it’s difficult to unpick what’s to blame.

Musk has responded to significant outages, such as the one this week, by introducing further freezes until the underlying issue is identified—which former staff say simply kicks the problem down the road.

The problem appears to be one of Musk’s own making. By getting rid of so many long-tenured staff, it appears Twitter has routed its institutional knowledge about how the platform works and interacts with other parts of the app. 

Fast Company has seen conversations among former Twitter engineers suggesting that Twitter cannot identify what caused the most recent outage because it has tried to push out too many new code changes at once, and it’s impossible to identify which of the changes caused the issue. Other former Twitter engineers suggested to Fast Company that the problem of bundling so many changes into a single new release of the app is due to deploying so many code freezes.

This is like a house of cards where one wrong move will bring the entire platform down. And the blame lies with Elon as his “ready, fire, aim” mentality has not only created this situation, but will likely be the root cause of Twitter’s ultimate downfall. Which based on this and the Platformer story from earlier, illustrates that Twitter is doomed. It’s just a matter of when at this point.


1 Comment »

Reddit Pwned…. You May Want Change Your Password And Enable Two Factor Authentication

Posted in Commentary with tags , on February 10, 2023 by itnerd

Last night via the official r/reddit community, Reddit disclosed that they were pwned:

On late (PST) February 5, 2023, we became aware of a sophisticated phishing campaign that targeted Reddit employees. As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.

After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).

Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information. Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online.

Reddit claims that user data is secure, but:

Since we’re talking about security and safety, this is a good time to remind you how to protect your Reddit account. The most important (and simple) measure you can take is to set up 2FA (two-factor authentication) which adds an extra layer of security when you access your Reddit account. Learn how to enable 2FA in Reddit Help. And if you want to take it a step further, it’s always a good idea to update your password every couple of months – just make sure it’s strong and unique for greater protection.

Also: use a password manager! Besides providing great complicated passwords, they provide an extra layer of security by warning you before you use your password on a phishing site… because the domains won’t match!

Now I can’t tell if Reddit is saying this because there is a legitimate threat out there that they haven’t disclosed, or this is generally good advice. Which it is good advice from my view. But if you’re a Reddit user, you should likely take their advice just in case this turns into a LastPass type of situation.

UPDATE: Monti Knode, Director of Customer Success at Horizon3.ai has this comment:   

   “Another successful phishing campaign isn’t a surprise and shouldn’t be. This attack vector is successful because it can look so legit, from plausible prompts to cloning their intranet gateway. This attack further reinforces the fact that the old perceptions of a perimeter are dead and gaining access is almost trivial, while understanding the blast radius of a successful attack matters more than ever.

   “What can an attacker do if they landed on a specific asset? What could they do with a specific credential? In what scenario is our sensitive data at risk? These are the questions we should all be asking, because it’s not a matter of if, but when.”


Jesh Sax, Technical Account Manager at Tanium adds this:   

   “The techniques used at Reddit are all too familiar. Attackers are adapting to security techniques like multi-factor authentication and organizations need to take measures to mitigate potential vulnerabilities. Whether it’s physical security tokens or finding ways to authenticate both the user and the device that they’re logging in from, security teams need to continue to evolve. 

   “However, the fact that the user self-reported and the security team was able to catch things early on prevented this from becoming a much larger story. This speaks volumes to the culture that the security team has promoted at Reddit, where users feel comfortable speaking up when they’ve clicked on a phishing link. This type of security-aware culture is what every organization should strive for.”

Leave a comment »

Platformer Blows The Lid Off Of What’s Going Inside Twitter…. And It’s Not Good

Posted in Commentary with tags on February 10, 2023 by itnerd

A reader pointed me towards a Platformer story that really shows you what’s going on inside Twitter and how Twitter is being destroyed from the inside. I strongly encourage you to read the story which you can find here. But let me cover two things that made my jaw hit the ground.

#1 – Elon Musk fired engineers at Twitter because engagement counts are dropping:

On Tuesday, Musk gathered a group of engineers and advisors into a room at Twitter’s headquarters looking for answers. Why are his engagement numbers tanking?

“This is ridiculous,” he said, according to multiple sources with direct knowledge of the meeting. “I have more than 100 million followers, and I’m only getting tens of thousands of impressions.”

One of the company’s two remaining principal engineers offered a possible explanation for Musk’s declining reach: just under a year after the Tesla CEO made his surprise offer to buy Twitter for $44 billion, public interest in his antics is waning.  

Employees showed Musk internal data regarding engagement with his account, along with a Google Trends chart. Last April, they told him, Musk was at “peak” popularity in search rankings, indicated by a score of “100.” Today, he’s at a score of nine. Engineers had previously investigated whether Musk’s reach had somehow been artificially restricted, but found no evidence that the algorithm was biased against him.

Musk did not take the news well. 

“You’re fired, you’re fired,” Musk told the engineer. (Platformer is withholding the engineer’s name in light of the harassment Musk has directed at former Twitter employees.)

That’s a sure sign that Elon’s ego rather than his head is running Twitter at the moment. No to be clear, I am not shocked by that. What I am shocked about his behaviour when he doesn’t get the answer that fits his world view. Or when someone speaks truth to power. That’s just abysmal leadership.

#2 -Twitter’s outage from earlier this week is part of a larger problem.

An even more obvious reason for the decline in engagement is Twitter’s increasingly glitchy product, which has baffled users with its disappearing mentions, shifting algorithmic priorities, and tweets inserted seemingly at random from accounts they don’t follow. On Wednesday, the company suffered one of its first major outages since Musk took over, with users being told, inexplicably, “You are over the daily limit for sending tweets.”

It turns out that an employee had inadvertently deleted data for an internal service that sets rate limits for using Twitter. The team that worked on that service left the company in November.

“As the adage goes, ‘you ship your org chart,’” said one current employee. “It’s chaos here right now, so we’re shipping chaos.”

Interviews with current Twitter employees paint a picture of a deeply troubled workplace, where Musk’s whim-based approach to product management leaves workers scrambling to implement new features even as the core service falls apart. The disarray makes it less likely that Musk will ever recoup the $44 billion he spent to buy Twitter, and may hasten its decline into insolvency. 

“We haven’t seen much in the way of longer term, cogent strategy,” one employee said. “Most of our time is dedicated to three main areas: putting out fires (mostly caused by firing the wrong people and trying to recover from that), performing impossible tasks, and ‘improving efficiency’ without clear guidelines of what the expected end results are. We mostly move from dumpster fire to dumpster fire, from my perspective.”

That further explains this email from Elon trying to focus the team on making the platform stable ahead of the Super Bowl. And it highlights that the stability of Twitter is heading downhill fast. And part of this is driven by Elon’s rush to ship new features at any cost to drive revenue. Which of course has not worked. What surprises me is that not even in my wildest dreams did I think that the situation was as bad as it’s being described here.

Now you’re likely wondering why I am highlighting this report. The team at Platformer has been 100% accurate about what has been going on inside of Twitter since Elon took over. So it is beyond a safe bet that everything that you read in this article is fact. Which means that if you still have a Twitter account, you might want to make plans to be someplace else on social media as it’s crystal clear that Twitter with Elon Musk at the helm is living on borrowed time.

1 Comment »

Bell Takes Dead Aim At Cable With A New Super Bowl Ad

Posted in Commentary with tags on February 10, 2023 by itnerd

I’ve been saying for a long time that Bell has a real advantage over cable companies like Rogers by getting fibre in as many places as possible and by having speeds that destroys anything that cable can offer. And Bell is going to highlight that this Sunday during the Super Bowl with a new national English TV ad that highlights Bell’s pure fibre Internet.

The main message of the ad is that Bell fibre based gigabit speeds beat cable every time, and now’s the time to switch to Bell pure fibre Internet as anything else is terrifying. The ad follows a family as they enter their new vacation rental home, only to find out they need to escape the horror of cable Internet 

Following the premiere on Sunday, which will air on CTV and TSN here in Canada, along with the entire game, Canadians can catch the ad on TV and in select Cineplex VIP Cinemas in Toronto and Montreal starting next week.

Now you don’t have to wait for Super Bowl Sunday to see the ad. I’ve got it for you to take a look right now:

My $0.02 worth. The ad is very funny and it drives the point that Bell is better than cable home. They don’t mention Rogers by name, but the cable box with the red light is a big hint Rogers is the target of this ad. If I were Rogers, Cogeco, or Shaw, I would have no idea how any of them respond to this ad because of the fact that what any of those companies offer in terms of Internet access doesn’t measure up to what Bell offers.

1 Comment »

Elon Musk Is Making Millions From Extremist Influencers

Posted in Commentary with tags on February 9, 2023 by itnerd

The Washington Post is reporting that Twitter and by extension Elon Musk is making millions of dollars thanks to extremist influences. Here’s how:

Elon Musk’s restoration of 10 Twitter accounts that were banned under the platform’s previous management has generated enough engagement since they returned to the platform to likely generate $19 million in advertising revenue annually, a nonprofit dedicated to countering hate speech online has concluded.

The Center for Countering Digital Hate (CCDH) said the 10 accounts were among hundreds thought to have been restored under a “general amnesty” that Musk announced in late November. 

The report comes as Musk is working to generate revenue for the company, which he has said is in dire financial straits despite the layoffs of thousands of employees and the suspension of payments for a number of services including rent on Twitter’s downtown San Francisco headquarters. Twitter’s advertising revenue in December was 70 percent lower than the previous year, according to data from Standard Media Index, an advertising research firm. 

CCDH’s chief executive, Imran Ahmed, linked the drop off in ad revenue to the decision by Musk to restore formerly banned accounts. “Our research shows that there is a depressingly banal answer to why Elon Musk would reinstate the accounts of self-professed Nazis, disinformation actors, misogynists and homophobes — it’s highly profitable,” he said. 

Musk did not immediately respond to request for comment. Twitter’s communications department was eliminated in layoffs last year.

The CCDH uncovered multiple examples of advertisements from major national brands, including Amazon, Apple TV, the NFL and Fiverr, that appeared next to content from the 10 extremist influencers. In one instance, an ad for Wendy’s appeared next to a tweet by Stew Peters, an anti-vaccine influencer with 168,000 followers, where he referred to the vaccine as a “BioWeapon” and claimed people have been “murdered” by it. 

In another example, an ad for the streaming service Peacock appeared next to a tweet from Anthime Gionet, an influencer known as Baked Alaska, who was recently sentenced for his role in the Jan. 6, 2021, riot at the U.S. Capitol. The ad appeared next to a tweet where Gionet asked his followers whether he should “say the n-word.”

Brand advertisements also appeared next to tweets about election fraud, vaccine conspiracy theories, false statements about Ukraine and bio weapons, and tweets denigrating women in business, CCDH said.

This pretty much confirms what many have suspected. Which is that Elon is so desperate for cash that he will do anything including being an ally to hate in all its forms under the guise of “free speech”. The only saving grace is that $19 million in annual revenue is a drop in the bucket in terms of what Twitter likely needs to survive. But even that tiny amount of revenue may make Elon go further and do more on this front.

The best way to stop this is for major advertisers to abandon Twitter as an advertising medium. After all, if you’re a Proctor And Gamble or a Samsung or Apple, why would you want your advertising to appear amongst hateful content? Common sense says that you don’t want that to happen. Thus the only way to defend against that is to not have your advertisements on the platform. So let’s see if this report encourages those companies and companies like them to abandon Twitter en masse.

Leave a comment »

Hackers Are Selling A Service That “Bypasses” ChatGPT Restrictions On Malware Creation/Enhancement

Posted in Commentary with tags on February 9, 2023 by itnerd

Check Point has a very interesting article that they’ve posted to their website describing who cyber criminals are able to bypass restrictions placed on the ChatGPT AI to create “better” malware:

CPR researchers recently found an instance of cybercriminals using ChatGPT to “improve” the code of a basic Infostealer malware from 2019. Although the code is not complicated or difficult to create, ChatGPT improved the Infostealer’s code.

And:

However, CPR is reporting that cyber criminals are working their way around ChatGPT’s restrictions and there is an active chatter in the underground forums disclosing how to use OpenAI API to bypass ChatGPT´s barriers and limitations.  This is done mostly by creating Telegram bots that use the API. These bots are advertised in hacking forums to increase their exposure.

To top it all off, there’s this:

In an underground forum, CPR found a cybercriminal advertising a newly created service: a Telegram bot using OpenAI API without any limitations and restrictions.

As part of its business model, cybercriminals can use ChatGPT for 20 free queries and then they are charged $5.50 for every 100 queries.

The net result is that this could literally be leveraged by anyone to create extremely dangerous malware. Which frankly is quite scary if you’re on the side of the fence where you have to defend against these attacks. But is this a bypass of ChatGPT’s restrictions? Craig Burland, CISO, Inversion6 doesn’t think so:

Describing this as a bypass is a bit of an exaggeration. ChatGPT doesn’t, at this point, impose controls on the API. Abuse of the API is prohibited by policy. Hackers haven’t cleverly bypassed security or exploited a deep-seated vulnerability. They’ve simply leveraged an incomplete feature. Given what OpenAI has accomplished, I expect this control is already on their roadmap and will be implemented shortly.

ChatGPT is in the midst of the hype cycle where every success or failure is shouted from the rooftops. ChatGPT is a complex and intriguing tool, but in the end, it is just a tool. We need to temper our human emotions, be patient as it matures, and figure out how best use it.

Hopefully this is on the roadmap to be addressed sooner rather than later. Otherwise I suspect that we’re all going to be in a lot of trouble.

Leave a comment »

« Older Entries
Newer Entries »