This week in computer security

Twitter got pwned.
https://edition.cnn.com/2020/07/15/t…tes/index.html

Twitter (TWTR) accounts belonging to Joe Biden, Bill Gates, Elon Musk and Apple, among other prominent handles, were compromised on Wednesday and posted tweets that appeared to promote a cryptocurrency scam.
The accounts, along with those of former President Barack Obama, Kanye West, Kim Kardashian West, Warren Buffett, Jeff Bezos and Mike Bloomberg, posted similar tweets soliciting donations via Bitcoin to their verified profiles on Wednesday.
"Everyone is asking me to give back, and now is the time," Gates' tweet said, promising to double all payments to a Bitcoin address for the next 30 minutes.

Trumps account was not infected err affected ?

Originally Posted by Alrik Fassbauer
Trumps account was not infected err affected ?

Nobody's going to believe he's going to send double your money back.

Just a heads up for those interested.

Ubisoft & Crytek data posted on ransomware gang's site

Link - https://www.zdnet.com/article/ubisof…re-gangs-site/

Details about hackers obtained the files remain unclear. Ransomware gang also threatened to leak the source code of Watch Dogs: Legion, an upcoming Ubisoft game.

I thought this was worth a watch, on Ransomware.



Some slight adult content. Maximum points for the phrase, "Arseholes are like opinions - it's a really bad idea to put the Internet in charge of yours."

I figured it would be a good idea to run a log4j scanner on our server, given all the news about it. But it wasn't really needed as Java is not installed on our server.
Then again, log4j might be somewhere on the server but not running and would start to run once Java would be installed, for whatever reason, but I suppose the log files would have a report of failing to run log4j and there wasn't anything.
Better safe than sorry, I decided to run the scanner anyway and it found no security issues.

So, for now we continue to be safe. Onwards to the next security issue.

Ive been doing it for two weeks now, im not even an IT person by trade, just the guy in the office that has access to some affected servers.

It is not so difficult to create functionality, it is quite difficult to do it in a secure way.

I read that this little program (the original Java thing) was writen by a lone guy for Open Source who had not even get paid for that ?
In that article, it was described by an xkcd comic of a huge, insanely fragile pyramid which is standing upside down, on a single, little thing.

It is possible that the use of Google Analytics will become illegal in Europe, due to the European GDPR.
A decent overview of what the issue is can be found here: https://smartocto.com/blog/google-analytics-gdpr/

Originally Posted by Myrthos
It is not so difficult to create functionality, it is quite difficult to do it in a secure way.

This is so true and why I eventually had to move out of IT in my job. Not because I asked to be but because of time.

I kept getting other duties as assigned and so I had less and less time to manage the code on our web server, database, and other IT areas.

People would ask - why can't you make this simple … form? collect this data? make this interactive and dynamic?

And I would explain, yes those things are easy to make functionally but making, and keeping, them secure is very difficult and time consuming … and you need to always stay up on patches, the code, etc.

As I kept getting more work I had less time to focus on doing coding, let alone keep up on security. So finally had to tell the bosses that either we move everything over to central IT resources or they would need to free up my time again.

Everything got moved to central IT Not complaining though as keeping up with security was a never ending and frustrating battle for me. I know some really enjoy it … and when I was younger I did. Now at 58 I just want to survive another few years and retire.