Security News for the Week Ending July 9, 2021
Flash – The Gift That Keeps on Giving
Flash, that piece of garbage software that Adobe finally killed a few months ago and which, I have said, should have been killed 20 years ago, it turns out, is at the root of another supply chain hack. For many people, supply chain attacks first came to their attention after the Russians compromised SolarWinds and hacked 9 government agencies and hundreds, if not thousands, of companies. But supply chain attacks have been around for a long time. One of the earliest ones was the compromise of RSA’s secure token back in 2011. For those not familiar with that attack, it compromised every RSA secure token in the world, affecting banks, businesses and even the Pentagon. After a 10 year NDA expired, the story is now being told to Wired. And yes, the root was a Flash vulnerability. One reason this is an interesting learning experience is that RSA sort of accidentally detected the hack within a few days and played cat and mouse the hackers after that. That whole story is a lesson for all companies. Credit: Wired
Team Trump Launches Buggy Twitter Competitor
Last week former Trump spokesman Jason Miller launched a right-wing oriented social media platform called Gettr. While visually it is a Twitter clone, technically is has some work to do. The app apparently uses Twitter’s API to allow you to import your Tweets.
Apparent Trump supporter (NOT!) Ashkan Soltani said this of the app:
“This app looks like a dumpster fire that was coded from the lavatory of Donald Trump,” Soltani told Motherboard. “It literally took me longer to copy the screenshot images off of my test phone than it did to find the actual bug.”
GETTR Is the Trump Team’s Buggy, Leaky Twitter Clone (vice.com)
He also demonstrated that GETTR is already well set up to be a haven for bots and fake accounts.
Don’t be surprised if they get Parlered. I don’t think Parler ever recovered from that event. Credit: Vice
Chain Gangs Are Back Again
No not that kind of chain gang. Apparently hackers in Texas and other states have decided that stealing construction equipment, attaching chains to ATMs and then connecting the two while pulling hard is a good strategy. Some ATMs can hold a quarter million dollars, but you have to pick wisely. The FBI has made more than 50 arrests in Texas and has documented at least 139 chain gang attacks. Wow! Credit: Brian Krebs
Biden Issues EO on Right to Repair, Net Neutrality
President Biden issued an EO today including 72 initiatives by more than a dozen agencies to tackle some major competition issues. In some cases, the EO asks federal agencies to do things that he cannot order them to do, so stay tuned for more action. Among the 72 items are banning or limiting non-competes that stop people from changing jobs, supporting state efforts to lower drug prices by allowing them to import drugs, allowing hearing aids to be sold over the counter at drug stores, barring manufacturers from stopping self-repairs or third party repair services, calling on the DoJ and FTC to strictly enforce antitrust laws and other requirements. This will take a while to digest, but definitely attacks some sacred cows. Credit: The White House