Comment I weep for the future of corporate America (Score 1) 106
... actually I fear for the future of all Americans, but that's a much deeper story.
Submission + - Breach of Software Maker Used To Backdoor Ecommerce Servers (arstechnica.com)
An anonymous reader writes: FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems. The unknown threat actors used their control of FishPig's systems to carry out a supply chain attack that infected customer systems using FishPig's fee-based Magento 2 modules with Rekoobe, a sophisticated backdoor discovered in June. Rekoobe masquerades as a benign SMTP server and can be activated by covert commands related to handling the startTLS command from an attacker over the Internet. Once activated, Rekoobe provides a reverse shell that allows the threat actor to remotely issue commands to the infected server.
"We are still investigating how the attacker accessed our systems and are not currently sure whether it was via a server exploit or an application exploit," Ben Tideswell, the lead developer at FishPig, wrote in an email. "As for the attack itself, we are quite used to seeing automated exploits of applications and perhaps that is how the attackers initially gained access to our system. Once inside though, they must have taken a manual approach to select where and how to place their exploit."
FishPig is a seller of Magento-WordPress integrations. Magento is an open source e-commerce platform used for developing online marketplaces. The supply-chain attack only affects paid Magento 2 modules. Tideswell said the last software commit made to its servers that didn't include the malicious code was made on August 6, making that the earliest possible date the breach likely occurred. Sansec, the security firm that discovered the breach and first reported it, said the intrusion began on or before August 19. Tideswell said FishPig has already "sent emails to everyone who has downloaded anything from FishPig.co.uk in the last 12 weeks alerting them to what's happened." Tideswell declined to say how many active installations of its paid software there are. This post indicates that the software has received more than 200,000 downloads, but the number of paid customers is smaller.
"We are still investigating how the attacker accessed our systems and are not currently sure whether it was via a server exploit or an application exploit," Ben Tideswell, the lead developer at FishPig, wrote in an email. "As for the attack itself, we are quite used to seeing automated exploits of applications and perhaps that is how the attackers initially gained access to our system. Once inside though, they must have taken a manual approach to select where and how to place their exploit."
FishPig is a seller of Magento-WordPress integrations. Magento is an open source e-commerce platform used for developing online marketplaces. The supply-chain attack only affects paid Magento 2 modules. Tideswell said the last software commit made to its servers that didn't include the malicious code was made on August 6, making that the earliest possible date the breach likely occurred. Sansec, the security firm that discovered the breach and first reported it, said the intrusion began on or before August 19. Tideswell said FishPig has already "sent emails to everyone who has downloaded anything from FishPig.co.uk in the last 12 weeks alerting them to what's happened." Tideswell declined to say how many active installations of its paid software there are. This post indicates that the software has received more than 200,000 downloads, but the number of paid customers is smaller.
Submission + - California Governor Signs Law Requiring Social Networks To Post Moderation Rules (theverge.com)
An anonymous reader writes: California Governor Gavin Newsom has signed a law aimed at making web platforms monitor hate speech, extremism, harassment, and other objectionable behaviors. Newsom signed AB 587 after it passed the state legislature last month, despite concerns that the bill might violate First Amendment speech protections. AB 587 requires social media companies to post their terms of service online, as well as submit a twice-yearly report to the state attorney general. The report must include details about whether the platform defines and moderates several categories of content, including “hate speech or racism,” “extremism or radicalization,” “disinformation or misinformation,” harassment, and “foreign political interference.” It must also offer details about automated content moderation, how many times people viewed content that was flagged for removal, and how the flagged content was handled. It’s one of several recent California plans to regulate social media, also including AB 2273, which is intended to tighten regulations for children’s social media use.
Newsom’s office billed the law as a “first-of-its-kind social media transparency measure” aimed at fighting extremism. In a statement, he said that “California will not stand by as social media is weaponized to spread hate and disinformation that threaten our communities and foundational values as a country.” But the transparency measures are similar to those of several other proposals, including parts of two currently blocked laws in Texas and Florida. (Ironically, the other parts of these bills are aimed at preventing companies from removing conservative content that frequently runs afoul of hate speech and disinformation rules.) Courts haven’t necessarily concluded that the First Amendment blocks social media transparency rules. But the rules still raise red flags. Depending on how they’re defined, they could require companies to disclose unpublished rules that help bad actors game the system. And the bill singles out specific categories of “awful but lawful” content — like racism and misinformation — that’s harmful but often constitutionally protected, potentially putting a thumb on the speech scale.
Newsom’s office billed the law as a “first-of-its-kind social media transparency measure” aimed at fighting extremism. In a statement, he said that “California will not stand by as social media is weaponized to spread hate and disinformation that threaten our communities and foundational values as a country.” But the transparency measures are similar to those of several other proposals, including parts of two currently blocked laws in Texas and Florida. (Ironically, the other parts of these bills are aimed at preventing companies from removing conservative content that frequently runs afoul of hate speech and disinformation rules.) Courts haven’t necessarily concluded that the First Amendment blocks social media transparency rules. But the rules still raise red flags. Depending on how they’re defined, they could require companies to disclose unpublished rules that help bad actors game the system. And the bill singles out specific categories of “awful but lawful” content — like racism and misinformation — that’s harmful but often constitutionally protected, potentially putting a thumb on the speech scale.
Submission + - SPAM: Judge Allows McFlurry Machine Repair Lawsuit to Proceed
An anonymous reader writes: The McDonald’s McFlurry is a delicious treat that people have a hard time finding because the machine breaks down all the time. Thanks to a third-party device made by an independent company called Kytch, the machines can be made to be easier to maintain and break down less. Taylor, the company that makes the McFlurry machine, has been engaged in a long-running legal dispute about whether Taylor could prevent Kytch devices from being used on the machines. Kytch just won an important victory in that long-running legal battle.
Before Kytch came along, Taylor had a repair monopoly on the McFlurry machine. When the thing broke down or hadn’t been cleaned, the machine would shut down, and only a certified Taylor technician could get it going again. That’s why it can be so hard to find McFlurries: the machines often break down and a tech has to be dispatched to get them running again. Kytch invented a device that allows McDonald’s franchise owners to do basic repairs on the machines and get them running again. Taylor didn’t like that and, according to a lawsuit filed by Kytch, started telling its franchise partners that Kytch devices could cause “serious human injury.”
In July 2021, Kytch filed a restraining order against Taylor claiming that the company had stolen Kytch’s trade secrets. Taylor had begun selling a device similar to Kytch’s and Kytch has alleged that Taylor stole one of their devices and reverse-engineered it. Taylor pushed back on these allegations and the lawsuit, filing what’s called a demurrer, a formalized objection to Kytch’s request for a restraining order. In a court document filed on August 26, 2022, a judge allowed Kytch’s restraining order to proceed. In its original filing, Kytch alleged 10 different claims against Taylor, including that it had falsely advertised its product and engaged in unfair competition. The judge agreed with Kytch on seven of these points. “The court will sustain Taylor’s demurrer as to the second (tortious interference), sixth (intentional interference with business expectancy), and seventh (negligent interference with business expectancy) causes of action,” the filing said. “The court rejects Taylor’s other arguments and will overrule its demurrer on those grounds.”
Link to Original Source
Before Kytch came along, Taylor had a repair monopoly on the McFlurry machine. When the thing broke down or hadn’t been cleaned, the machine would shut down, and only a certified Taylor technician could get it going again. That’s why it can be so hard to find McFlurries: the machines often break down and a tech has to be dispatched to get them running again. Kytch invented a device that allows McDonald’s franchise owners to do basic repairs on the machines and get them running again. Taylor didn’t like that and, according to a lawsuit filed by Kytch, started telling its franchise partners that Kytch devices could cause “serious human injury.”
In July 2021, Kytch filed a restraining order against Taylor claiming that the company had stolen Kytch’s trade secrets. Taylor had begun selling a device similar to Kytch’s and Kytch has alleged that Taylor stole one of their devices and reverse-engineered it. Taylor pushed back on these allegations and the lawsuit, filing what’s called a demurrer, a formalized objection to Kytch’s request for a restraining order. In a court document filed on August 26, 2022, a judge allowed Kytch’s restraining order to proceed. In its original filing, Kytch alleged 10 different claims against Taylor, including that it had falsely advertised its product and engaged in unfair competition. The judge agreed with Kytch on seven of these points. “The court will sustain Taylor’s demurrer as to the second (tortious interference), sixth (intentional interference with business expectancy), and seventh (negligent interference with business expectancy) causes of action,” the filing said. “The court rejects Taylor’s other arguments and will overrule its demurrer on those grounds.”
Link to Original Source
Hollywood Accounting — How Harry Potter Loses Money 447
An anonymous reader writes "Techdirt has the details on how it was possible for the last Harry Potter movie to lose $167 million while taking in nearly $1 billion in revenue. If you ever wanted to see 'Hollywood Accounting' in action, take a look. The article also notes two recent court decisions that may raise questions about Hollywood's ability to continue with these kinds of tricks. For example, the producers of 'Who Wants To Be A Millionaire' now have to pay $270 million for its attempt to get around paying a partner through similar tricks."
Comment Well, that means jobs (Score 1) 510
Don't know if it's better or worse, or I like it or not, but in any case, it means more work for techies. Lots of databases, middleware, disk systems, etc to upgrade to comply with the new laws. In fact there's likely to be a whole category of security and law compliance consulting...
Comment Re:Doesn't sound so bad (Score 1) 510
If you have any data that is important to your business and isn't backed up, then I have no sympathy for you when (and it is 'when', not 'if') you lose it.
Comment Re:Maybe they're scared of us too? (Score 1) 1015
I understand that nay-saying humanity is a popular pastime around here, but it's largely irrelevant. Our wars and monstrosities may simply be a natural course for a growing intelligent race it's way through cultural adolescence. Simply assuming that humanity must be "much worse" than anything else out there is kind of like saying that America is much worse than anything else out there. I'm no gung-ho "America is the greatest country on the planet!" whore, but from various subjective and objective standpoints, there is much worse out there.
Don't let your "human guilt" cloud your intelligence. There's nothing to say that humanity's atrocities are any better or worse than any other sapient race. You're right, they could be like the aliens from "The Abyss", and judge that our fighting is a horrible problem to be ended before we become more powerful, or they could also be empathetic enough to realize that we have other sides as well (like the aliens from The Abyss finally did). Who knows.
Human guilt is silly, just as White guilt is.
Comment Re:ok (Score 1) 510
And then when they do "cause distress" to a user who sues for massive damages, people like you are going to cry and whine about tort reform and frivolous lawsuits.
It's just more efficient to set up "best practices" in a sufficiently general way so that the standards can be met freely; welcome to reality. It's either this; the status quo; or a massive "coffee burn"-type lawsuit.
Comment Re:Asshole Mario (Score 1) 114
Comment Re:The Soviets really WERE behind, but in other ar (Score 1) 183
What I do wonder about, really, is that after your headlong demonstration of the inferiority of Soviet material, you come to the next conclusion: "One lesson is that the technological capabilities of Chinese weaponry today shouldn't be underestimated." Underestimated?
Well, China is manufacturing most of the electronics used in the West nowadays, is it not? If shit hits the fan and international trade stops, it's us who'll be without, not them.
I guess that makes offshoring a form of treason...
Comment Re:From what I've heard, it really is that bad... (Score 1) 673
Modern 2-engined aircrafts are designed to be able to cope with only one working engine. It's part of the tests.
Isn't that irrelevant in this scenario? Modern two engine aircraft are designed to be able to cope with one engine failure when flown by experienced pilots. PERIOD.
Here's now why your statement (and my emphasis on the PERIOD portion of my paraphrase) is irrelevant:
Modern two engine aircraft are NOT designed to be able to cope with one engine failure, various equipment failures, windshields with damaged/limited visibility, possible skin damage, possible mechanical damage (for instance to the flight control surfaces/devices) all at the same time due to flying through volcanic ash.
Basically, you simply forgot that there are a lot of other parameters involved here than simply an engine failure.
And additionally, even if no engine fails, that does not mean that sufficient damage has not happened to create an engine failure on a later flight. Very similar to how some bird strikes and such have not caused immediate failure, but failure at a later time. Add to that the fact that the airplanes may not be inspected again until a substantial period of time/miles has passed since their encounters with volcanic ash.
Comment So far, nothing to see here (Score 2, Funny) 1015
I've been monitoring my Sub-Etha Sens-O-Matic iPad application, bought from the Sirius Cybernetic Corporation and it hasn't indicated the presence of any spacecraft in Earth orbit for some weeks now. And if and when it does, I won't panic. I'll switch to the Guide app, with its large friendly letters and it will tell me everything that I need to do.
Comment Re:There WILL be unbreakable DRM, heres how: (Score 1) 443
And this is why we need mandatory economics education for every student.
Price is not based on "greed", price is based on supply and demand. Companies charge what you are willing to pay, which is influenced by the quality of the product and the price of the alternatives.
That's why electronic books are not significantly cheaper than paper books. The price of the paper and distribution is only a baseline lowest cost, it has nothing to do with what someone is willing to pay.
Comment Re:"the end" "continues"? (Score 1) 472
"we used to think 1.44 Megabytes of storage was extremely generous"
Ummm in the 1990's I was using 100mb Zip Disks and cursing how small 1.44mb was. I also purchased one of the early 2x CD Burners available for over $600 for data archiving.
I do have a couple of USB Floppy Drives for when I need to access something that I have archived on 3.5" disks. However I am going to start backing those up to CD/DVD soon for 2 reasons. Floppies will not last forever, and they take up lots of space.
Slashdot Top Deals
Your good nature will bring you unbounded happiness.
