FBI deletes web shells from hundreds of compromised Microsoft Exchange servers

Found on The Register on Thursday, 29 April 2021
Browse Internet

The Feds were given approval by the courts to carry out the deletions, which occurred without first warning the servers' owners, following the discovery and exploitation of critical vulnerabilities in the enterprise software.

“Although many infected system owners successfully removed the web shells from thousands of computers, others appeared unable to do so, and hundreds of such web shells persisted unmitigated,” the Justice Department noted in an announcement. “Today’s operation removed one early hacking group’s remaining web shells, which could have been used to maintain and escalate persistent, unauthorized access to US networks.”

It still sounds like illegal access to computer networks. Intentions might be good, but the road to hell is paved with them.

ISP imposes data cap, explains it to users with condescending pizza analogy

Found on Ars Technica on Saturday, 10 April 2021
Browse Internet

Cable company WideOpenWest (which markets itself as WOW!) yesterday told customers that it is imposing a data cap and explained the change with a pizza analogy that would seem more appropriate for a kindergarten classroom than for an email informing Internet users of new, artificial limits on their data usage.

But how can you send slices of pizza through a series of tubes?

OVH says some customer data and configs can’t be recovered after fire

Found on The Register on Monday, 05 April 2021
Browse Internet

The good is that it has backups of some systems impacted by last week’s fire that destroyed one of its four data centres in the French city of Strasbourg.

The bad news is that it doesn’t have backups of some systems impacted by last week’s fire that, is yet to determine if it has viable backups for plenty of services and can’t be sure that it has backups for some services it has classified as “recoverable”.

NAS-HA storage cannot be recovered. That's some high availability.

Ransomware operators are piling on already hacked Exchange servers

Found on Ars Technica on Thursday, 01 April 2021
Browse Internet

The ransomware—known as Black Kingdom, DEMON, and DemonWare—is demanding $10,000 for the recovery of encrypted data, security researchers said. The malware is getting installed on Exchange servers that were previously infected by attackers exploiting a critical vulnerability in the Microsoft email program. Attacks started while the vulnerability was still a zero-day. Even after Microsoft issued an emergency patch, as many as 100,000 servers that didn’t install it in time were infected.

More interesting are hidden backdoors which stay unnoticed even after admins have rolled in all available updates. Pretty much every network with an accessible Exchange should be considered possibly compromised.

Wordpress plans to drop support for Internet Explorer 11

Found on Bleeping Computer on Tuesday, 30 March 2021
Browse Internet

The most well-known and popular blogging platform, WordPress, is considering dropping support for Internet Explorer 11 as the browser's usage dips below 1%.

In August 2020, Microsoft announced that they would no longer support Internet Explorer on the Microsoft Teams web app, and Microsoft 365 would no longer support it starting on August 17th, 2021.

WordPress should also clean up its codebase. It looks like such an aweful hack.

There’s a vexing mystery surrounding the 0-day attacks on Exchange servers

Found on Ars Technica on Sunday, 21 March 2021
Browse Internet

The Microsoft Exchange vulnerabilities that allow hackers to take over Microsoft Exchange servers are under attack by no fewer than 10 advanced hacking groups, six of which began exploiting them before Microsoft released a patch, researchers reported Wednesday. That raises a vexing question: how did so many separate threat actors have working exploits before the security flaws became publicly known?

Researchers say that as many as 100,000 mail servers around the world have been compromised, with those for the European Banking Authority and Norwegian Parliament being disclosed in the past few days.

That means serious trouble for a lot of people. Exchange servers are used a lot, and many are not properly secured, if online.

Google’s FLoC Is a Terrible Idea

Found on EFF on Saturday, 20 March 2021
Browse Internet

FLoC is meant to be a new way to make your browser do the profiling that third-party trackers used to do themselves: in this case, boiling down your recent browsing activity into a behavioral label, and then sharing it with websites and advertisers.

Your FLoC ID will be like a succinct summary of your recent activity on the Web.

We emphatically reject the future of FLoC. That is not the world we want, nor the one users deserve. Google needs to learn the correct lessons from the era of third-party tracking and design its browser to work for users, not for advertisers.

If you run a webserver, add the header "Permissions-Policy: interest-cohort=()".

ICANN Refuses to Accredit Pirate Bay Founder Peter Sunde Due to His ‘Background’

Found on Torrentfreak on Thursday, 18 March 2021
Browse Internet

Peter Sunde is one of the original Pirate Bay founders, but in recent years he's mostly known for his role in various Internet-related startups. This includes domain registrar Sarek, for which Sunde tried to get ICANN accreditation. However, this request was denied, apparently due to Sunde's 'uncomfortable' background.

Over the phone, ICANN explained that the matter was discussed internally. This unnamed group of people concluded that the organization is ‘not comfortable’ doing business with him.

That has nothing to do with being "comforable". He is not in jail right now, and he is officially allowed to do business.

AdGuard names 6,000+ web trackers that use CNAME chicanery

Found on The Register on Tuesday, 16 March 2021
Browse Internet

Privacy researchers recently found that the presence of CNAME trackers has increased 21 per cent over the past 22 months and that CNAME trackers show up on almost 10 per cent of the top 10,000 websites. Worse still, 95 per cent of websites that fiddle with their domain records in this manner leak cookies, which sometimes contain sensitive information.

More and more reasons to run your own local DNS so you can null the final targets.

WhatsApp to go ahead with changes despite backlash

Found on BBC News on Sunday, 14 March 2021
Browse Internet

The Facebook-owned platform previously said it had been the victim of "misinformation" around the change.

"In its efforts to clarify that [it] isn't doing anything wrong, Whatsapp has in fact inadvertently highlighted that it was already harvesting huge amounts of data for Facebook," said Ray Walsh, a digital privacy expert at ProPrivacy.

It is pretty safe to assume that everyhing is logged and analyzed. It's Facebook after all.