It was recently discovered that during the hijacking of Tesla’s Twitter account, more may have been compromised than previously thought. It is now thought that the Tesla machine had been accessed in the midst of all these hacking’s and that the Install.pgsql.txt and Install.mysql.txt files were modified. The hacking was thought to have been performed by the Lizard Squad (the team mentioned in previous blogs of mine).
As usual, groups of scripters are always trying to find a way to get attention. There’s a reason they are targeting big name twitter accounts in the tech world and nothing something separate from social media. Or perhaps the reason I hear about social media attacks so often is just because of the fact that it is social media in the first place?
There are times when a company should really do a better job of listening to the customers who attempt to show off flaws in your system. This is one of those times. Mojang (the gaming developers who created the massive title “Minecraft”) have a massive security flaw in their software. Two years ago, back in July of 2013, a flaw was discovered which allows users to crash any given server through means of sending malformed packets which causes the system to run out of memory. Ammar Askar had sent this information to Mojang back in 2013 and had awaited a response patiently. He waited a month before sending another message. Then another, 3 months later. This pattern continued for 2 years. Two entire years of Mojang ignoring the issues until it finally started seeing light on the mainstream social media sites such as Reddit. It wasn’t until the issue was hitting the front page of major media sites before Mojang actually did something about it. Once again, companies really need to be listening to their customers.
I know I’ve written before about companies that provide their customers with a masked middle finger. In some cases, more masked than in others. This is a case of a heavily masked middle finger. D-Link has released a patch to fix some security flaws in their system, this patch not only didn’t fix the issues but managed to introduce a new security flaw. As paraphrased by the writer:
“patch to prevent an unauthenticated sprintf stack overflow includes a new unauthenticated sprintf stack overflow.”
I always find it amusing when a company does this kind of crap because, most of the time, they get away with it and more. It just makes me wonder how much crap we’re missing as a tech community.
We’ve been constantly hearing about hits on freedom of speech lately. Whether it’s a comic in France or changes to laws here at home, it seems we’re always under attack. This is another case. Github has been under attack, big time.
Using network monitoring tools, this man was able to discover just what is going on with github: