Ace of Spades HQ

« Saturday Overnight Open Thread (3/30/24) | Main | EMT 24 Mar 31 »

March 31, 2024

Daily Tech News 31 March 2024

Top Story

A little more background on that security disaster that almost was. (Substack)

It looks like it started with "social engineering" - a confidence scam - two years ago, with one person attacking the maintainer of the xz utility and another one offering to help, and then actually helping. That warped over time into slipping more and more suspect code into the package, until they got caught.

It's a bit of an odd one because it took a lot of care and planning but was guaranteed to get caught and removed if it ever went mainstream. So it's not a targeted attack on particular groups, and not subtle enough to pass unnoticed long-term.

If you infect one server you're likely to get away with it, but if you infect every server in the world, there are literally hundreds of honeypot servers set up by security researchers specifically to detect weird stuff like this.

Purely speculation but I'm wondering if this was North Korea rather than China or Russia. It looks like the kind of miscalculation they would make.

Tech News

Software needs to be more expensive. (Glyph)

There's a well-known XKCD cartoon illustrating that the modern world is utterly dependent on some random bit of code maintained by one guy in Nebraska since 2003.

Not specifically true, but true in general; we nearly had a global disaster with a small but useful library called xz because the maintainer wasn't getting paid anything despite the code being used on hundreds of millions of computers. (If it's included in iOS or Android, which it probably is, billions.)

The solution proposed here is to make it easy to pay these people.
Meanwhile AT&T is resetting customer passcodes after millions of customers' account details were leaked... In 2019. (Tech Crunch)

Or possibly earlier. AT&T doesn't know or isn't saying. But yeah, the data has been out there for five years and they're responding now.
The world needs more gadgets like this (checks notes) overpriced underwhelming 27" 1080p monitor in a briefcase. (The Verge)

The world needs fewer websites like The Verge. If that leaves me with nobody to mock, so be it.
Banning TikTok could harm blah blah blah. (Tech Crunch)

Don't care, didn't ask.

Disclaimer: I think "Don't care, didn't ask" would make a great state motto.

posted by Pixy Misa at 04:00 AM

| Access Comments


Advertise Here! Intermarkets' Privacy Policy Support Donate to Ace of Spades HQ! Recent Entries Sunday Overnight Open Thread (11/24/24) Doof Gun Thread: Almost Thanksgiving Edition! Food Thread: Weird But Good, Or Just Weird...It's All Fun On Thanksgiving First-World Problems... Americans Are Amazingly Generous, But... Sunday Morning Book Thread - 11-24-2024 ["Perfessor" Squirrel] Daily Tech News 24 November 2024 Open Thread Saturday Night Movie Thread [moviegique]: Potpourri Hobby Thread - November 23, 2024 [TRex] Absent Friends Bandersnatch 2024 GnuBreed 2024 Captain Hate 2023 moon_over_vermont 2023 westminsterdogshow 2023 Ann Wilson(Empire1) 2022 Dave In Texas 2022 Jesse in D.C. 2022 OregonMuse 2022 redc1c4 2021 Tami 2021 Chavez the Hugo 2020 Ibguy 2020 Rickl 2019 Joffen 2014 AoSHQ Writers Group A site for members of the Horde to post their stories seeking beta readers, editing help, brainstorming, and story ideas. Also to share links to potential publishing outlets, writing help sites, and videos posting tips to get published. Contact OrangeEnt for info: maildrop62 at proton dot me Cutting The Cord And Email Security Cutting The Cord [Joe Mannix (not a cop)] Cutting The Cord: It's Easier Than You Think [Blaster] Private Email and Secure Signatures [Hogmartin] Moron Meet-Ups	« Saturday Overnight Open Thread (3/30/24) \| Main \| EMT 24 Mar 31 » March 31, 2024 Daily Tech News 31 March 2024 Top Story A little more background on that security disaster that almost was. (Substack) It looks like it started with "social engineering" - a confidence scam - two years ago, with one person attacking the maintainer of the xz utility and another one offering to help, and then actually helping. That warped over time into slipping more and more suspect code into the package, until they got caught. It's a bit of an odd one because it took a lot of care and planning but was guaranteed to get caught and removed if it ever went mainstream. So it's not a targeted attack on particular groups, and not subtle enough to pass unnoticed long-term. If you infect one server you're likely to get away with it, but if you infect every server in the world, there are literally hundreds of honeypot servers set up by security researchers specifically to detect weird stuff like this. Purely speculation but I'm wondering if this was North Korea rather than China or Russia. It looks like the kind of miscalculation they would make. Tech News Software needs to be more expensive. (Glyph) There's a well-known XKCD cartoon illustrating that the modern world is utterly dependent on some random bit of code maintained by one guy in Nebraska since 2003. Not specifically true, but true in general; we nearly had a global disaster with a small but useful library called xz because the maintainer wasn't getting paid anything despite the code being used on hundreds of millions of computers. (If it's included in iOS or Android, which it probably is, billions.) The solution proposed here is to make it easy to pay these people. Meanwhile AT&T is resetting customer passcodes after millions of customers' account details were leaked... In 2019. (Tech Crunch) Or possibly earlier. AT&T doesn't know or isn't saying. But yeah, the data has been out there for five years and they're responding now. The world needs more gadgets like this (checks notes) overpriced underwhelming 27" 1080p monitor in a briefcase. (The Verge) The world needs fewer websites like The Verge. If that leaves me with nobody to mock, so be it. Banning TikTok could harm blah blah blah. (Tech Crunch) Don't care, didn't ask. Disclaimer: I think "Don't care, didn't ask" would make a great state motto. posted by Pixy Misa at 04:00 AM \| Access Comments <script language="javascript" src="http://adserver.adtechus.com/addyn/3.0/5235/1131537/0/170/ADTECH;loc=700;cookie=info;target=_blank;key=key1+key2+key3+key4;grp=[group]"></script><noscript><a href="http://adserver.adtechus.com/adlink/3.0/5235/1131537/0/170/ADTECH;loc=300;key=key1+key2+key3+key4;grp=[group]" target="_blank"><img src="http://adserver.adtechus.com/adserv/3.0/5235/1131537/0/170/ADTECH;loc=300;key=key1+key2+key3+key4;grp=[group]" border="0" width="300" height="250"></a></noscript>	Recent Comments Adriane the Technically Inept Critic . . .: "[i] Until 1912, there was no official arrangement ..." Hour of the Wolf: " I always liked the Lion Rampant as a shield devic ..." Ciampino - Kiwi launch: "T - 11 minutes ..." Hadrian the Seventh: " Doof's going to get initiated. "You get it strai ..." "Perfessor" Squirrel: "I always liked the CO flag. As a kid growing u ..." Notorious BFD: "[i]Dr. Janette Nesheiwat, nominee for Surgeon Gene ..." [/i][/b]andycanuck (hovnC)[/s][/u]: "George Russell finishes ahead of teammate Lewis Ha ..." OrangeEnt: "Posted by: TRex at November 24, 2024 10:36 PM (IQ6 ..." scampydog: "Hagerstown, MD here, and there's a guy in the neig ..." Doof: "[i]Doof Why yes. Yes I have. I'm just hoping so ..." Cosda: ""I wouldn't drive through Maryland for any reason. ..." tankdemon: "139 Something I learned while visiting Charleston ..." Recent Entries Sunday Overnight Open Thread (11/24/24) Doof Gun Thread: Almost Thanksgiving Edition! Food Thread: Weird But Good, Or Just Weird...It's All Fun On Thanksgiving First-World Problems... Americans Are Amazingly Generous, But... Sunday Morning Book Thread - 11-24-2024 ["Perfessor" Squirrel] Daily Tech News 24 November 2024 Open Thread Saturday Night Movie Thread [moviegique]: Potpourri Hobby Thread - November 23, 2024 [TRex] Search Search this site: Polls! Polls! Polls! Frequently Asked Questions What is the Deal with the Cowbell? Why is the Ace of Spades called "the Death Card"? The (Almost) Complete Paul Anka Integrity Kick Primary Document: The Audio Paul Anka Haiku Contest Announcement Integrity SAT's: Entrance Exam for Paul Anka's Band AllahPundit's Paul Anka 45's Collection AnkaPundit: Paul Anka Takes Over the Site for a Weekend (Continues through to Monday's postings) George Bush Slices Don Rumsfeld Like an Fckin' Hammer Top Top Tens Democratic Forays into Erotica New Shows On Gore's DNC/MTV Network Nicknames for Potatoes, By People Who Really* Hate Potatoes Star Wars Euphemisms for Self-Abuse Signs You're at an Iraqi "Wedding Party" Signs Your Clown Has Gone Bad Signs That You, Geroge Michael, Should Probably Just Give It Up Signs of Hip-Hop Influence on John Kerry NYT Headlines Spinning Bush's Jobs Boom Things People Are More Likely to Say Than "Did You Hear What Al Franken Said Yesterday?" Signs that Paul Krugman Has Lost His Frickin' Mind All-Time Best NBA Players, According to Senator Robert Byrd Other Bad Things About the Jews, According to the Koran Signs That David Letterman Just Doesn't Care Anymore Examples of Bob Kerrey's Insufferable Racial Jackassery Signs Andy Rooney Is Going Senile Other Judgments Dick Clarke Made About Condi Rice Based on Her Appearance Collective Names for Groups of People John Kerry's Other Vietnam Super-Pets Cool Things About the XM8 Assault Rifle Media-Approved Facts About the Democrat Spy Changes to Make Christianity More "Inclusive" Secret John Kerry Senatorial Accomplishments John Edwards Campaign Excuses John Kerry Pick-Up Lines Changes Liberal Senator George Michell Will Make at Disney Torments in Dog-Hell Greatest Hitjobs The Ace of Spades HQ Sex-for-Money Skankathon A D&D Guide to the Democratic Candidates Margaret Cho: Just Not Funny More Margaret Cho Abuse Margaret Cho: Still Not Funny Iraqi Prisoner Claims He Was Raped... By Woman Wonkette Announces "Morning Zoo" Format John Kerry's "Plan" Causes Surrender of Moqtada al-Sadr's Militia World Muslim Leaders Apologize for Nick Berg's Beheading Michael Moore Goes on Lunchtime Manhattan Death-Spree Milestone: Oliver Willis Posts 400th "Fake News Article" Referencing Britney Spears Liberal Economists Rue a "New Decade of Greed" Artificial Insouciance: Maureen Dowd's Word Processor Revolts Against Her Numbing Imbecility Intelligence Officials Eye Blogs for Tips They Done Found Us Out, Cletus: Intrepid Internet Detective Figures Out Our Master Plan Shock: Josh Marshall Almost Mentions Sarin Discovery in Iraq Leather-Clad Biker Freaks Terrorize Australian Town When Clinton Was President, Torture Was Cool What Wonkette Means When She Explains What Tina Brown Means Wonkette's Stand-Up Act Wankette HQ Gay-Rumors Du Jour Here's What's Bugging Me: Goose and Slider My Own Micah Wright Style Confession of Dishonesty Outraged "Conservatives" React to the FMA An On-Line Impression of Dennis Miller Having Sex with a Kodiak Bear The Story the Rightwing Media Refuses to Report! Our Lunch with David "Glengarry Glen Ross" Mamet The House of Love: Paul Krugman A Michael Moore Mystery (TM) The Dowd-O-Matic! Liberal Consistency and Other Myths Kepler's Laws of Liberal Media Bias John Kerry-- The Splunge! Candidate "Divisive" Politics & "Attacks on Patriotism" (very long) The Donkey ("The Raven" parody) Syndicate this site (XML) Powered by Movable Type 2.64