ICYMI: SSH Server Bug Opens Vulnerabilities

Microsoft has been charged by the EU for breaking antitrust rules. The European Commission claims that by bundling Teams into the Office 365 and Microsoft 365 suites, the company disproportionately restricts competition in the market for communication apps, according to an article from TechRepublic. The primary reason for this is because Microsoft's suite of business productivity tools, like Excel, Outlook and PowerPoint, is the second most popular worldwide after Google Workspace. Therefore, when Teams is included with 365 by default, it gives the company a so-called “distribution advantage.” Customers are unlikely to seek out another communications app if they have invested in the 365 tools, and Teams comes with them automatically. Any interoperability limitation between Microsoft's offerings and Teams' competitors exacerbates this issue.

Apple has become the first tech giant to be formally charged by the European Commission for violating the Digital Markets Act, according to an article from TechRepublic. A preliminary ruling was made on June 25, 2024, and the Cupertino firm could be handed a hefty fine as a result. The Commission has found that Apple has three sets of business rules that ultimately prevent iOS app developers from directing their users towards third-party purchase options. This goes against the DMA, which states that developers should be able to steer their customers towards purchasing options outside of the App Store easily and free of charge. Apple takes a 30% commission from the revenue of any in-app purchases, so when users make app-related payments on their phone browser, for example, it eats into its profits.

On July 1, 2024, Meta became the second company charged with violating Europe's Digital Markets Act, one week after the EU threatened Apple with a $38 billion fine, according to an article from Lifehacker. While Apple's charge focuses on its treatment of outside payment methods and third-party apps, Meta's is all about its big money maker: ads on Facebook and Instagram. Throughout most of the world, Meta monetizes its sites using targeted ads, which means it harvests your data to focus your ads on your interests. To attempt to appease the DMA's privacy regulations, the company lets European users subscribe to an ad-free plan for €9.99 per month (more if you add linked accounts or subscribe using an app store), but the region is now saying this isn't enough. In a preliminary ruling posted to its site today, the European Commission said Meta must also allow users to access a third option, which should be a free plan that would still show ads but use less personal data.

Glibc-based Linux systems are vulnerable to a new bug (CVE-2024-6387) in OpenSSH's server (sshd) and should upgrade to the latest version, according to an article from The Register. Infosec researchers at Qualys published their findings today, revealing that sshd is vulnerable to a race condition that could allow an unauthenticated attacker to achieve remote code execution (RCE) on potentially hundreds of thousands of targets. Successful exploitation could give intruders root-level access to a system, allowing them to potentially get away with virtually anything. Of the 14 million possibly vulnerable sshd instances that show up on Censys and Shodan scans, Qualys believes that roughly 700,000 of these internet-facing instances could feasibly be hit by regreSSHion – the name researchers gave to the flaw based on its roots. Never fear … Texstar has already patched OpenSSH and the SSH server software the PCLinuxOS repository.

This ought to make it evident that big tech is playing with two sets of rules: one for them, and another for the “rest of us.” Content that has been posted on the open web should be treated as “freeware”, according to Microsoft's AI chief, in an article from Forbes. That being the case, he appears to have just ripped up the licensing agreement for software such as Microsoft Windows and Office. Mustafa Suleyman, the CEO of Microsoft AI since March this year, made his eyebrow-raising comments during an interview with CNBC. Asked if the training of AI models on internet content was tantamount to intellectual property theft, Suleyman made the argument that anything posted on the web was fair game. “I think that with respect to content that's already on the open web, the social contract of that content since the nineties has been that it is fair use,” said Suleyman. “Anyone can copy it, recreate with it, reproduce with it. That has been freeware, if you like, that's been the understanding. ”So all those versions of Windows and MS Office posted to the web are FREEWARE? If you try it (playing by the “rules” he proposes), be prepared to be contacted/visited by Microsoft's legions of overpaid lawyers.

Enterprise software vendor HubSpot says it's “actively investigating and blocking attempts” to hack into customer accounts and warned that at least 50 HubSpot targets have already been breached, according to an article from SecurityWeek. “While our investigation is still underway, we believe based on our initial assessment that the bad actors were able to gain unauthorized access to less than 50 HubSpot accounts,” HubSpot said in a brief notice posted online. The Cambridge, Mass.-based HubSpot, which sells specialized tools for sales and marketing teams, said the unidentified hackers are continuing to target a limited number of HubSpot customers and attempting to gain unauthorized access to their HubSpot accounts.

According to a report from Korean news agency JTBC, users of torrent-based “webhard ”services—file storage and transfer platforms that are popular in South Korea—began reporting in 2020 that they were experiencing slow transfers, busted files, and malfunctioning PCs, says an article from PC Gamer. When one of the webhard providers noticed all the users experiencing issues were KT customers, the company reported the information to Korean law enforcement. ISPs have waged war against torrent traffic for years. In the US, before those few years where the FCC decided to give things a go without net neutrality (it didn't go well), Comcast earned itself a cease-and-desist in 2008 after throttling BitTorrent transfers. Legal protections and networking advances have seen those efforts subside somewhat in recent years, making it even wilder that Korean police found evidence suggesting that KT was distributing malware to its own customers as punishment for using P2P services.

According to an article from TechRadar, threat actors are abusing a vulnerability in an outdated D-Link router to steal people's sensitive data, researchers have claimed. Cybersecurity experts from GreyNoise recently reported observing hackers in the wild, abusing a critical vulnerability in D-Link DIR-859 Wi-Fi routers. The flaw is described as a path traversal vulnerability that leads to information disclosure, and is tracked as CVE-2024-0769. It has a severity score of 9.8/10, and was first discovered in January 2024. The vulnerability has no patch available.

In a possible glimpse at future internet speeds, scientists in Japan recently powered a 402,000 Gbps connection using commercially available optical fiber, according to an article from PCMag. The research comes from Japan's National Institute of Information and Communications Technology (NICT), which has partnered with other labs to use existing optical fiber tech to deliver huge speed enhancements. In March, one of NICT's partners on the project, Aston University in the UK, beamed internet speed at 301,000 Gbps over a single, standard optical fiber. NICT has since followed up with another test, hitting 402,000. The feat was achieved by harnessing additional wavelength bands—essentially colors—within the optical fibers to increase the data transmission rate. Specifically, NICT scientists tapped the O-, E-, and S-bands to amplify the data when the C- and L-bands are typically used for long-haul transmission over fiber networks.

Billions of people use online document editors like Google Docs or Microsoft 365 to write reports, collaborate on projects, and keep track of meeting notes (The PCLinuxOS Magazine uses Google Docs for collaborative editing of its magazine articles). But there is a growing concern about Big Tech platforms having access to your content, tracking you across the web, and collecting data to train privacy-invading AI models. On July 3, 2024, Proton announced a new end-to-end encrypted, collaborative document editor that puts your privacy first, according to an announcement on the Proton blog. Docs in Proton Drive are built on the same privacy and security principles as all our services, starting with end-to-end encryption. Docs let you collaborate in real time, leave comments, add photos, and store your files securely. Best of all, it's all private — even keystrokes and cursor movements are encrypted.

Millions of WordPress websites are under threat after a critical security breach involving several popular plugins, according to an article from eSecurity Planet. Security researchers discovered malicious code injected into these plugins, granting hackers the ability to create unauthorized administrator accounts. This compromise can lead to severe consequences for website owners, including data breaches and total website takeovers. The specific number of affected plugins and websites is still under investigation. However, initial reports suggest prominent plugins with thousands of active installations might be involved, raising serious concerns about the overall security of the WordPress ecosystem and the vulnerability of websites built on the platform.

Japan FINALLY phases out floppy disks, 13 years after the country's producers manufactured them, according to an article from the New York Times. One of the world's most technologically advanced nations has held on to some of the most outmoded devices. Japan scrapped every regulation requiring the use of floppy disks for administrative purposes this week, catching up with the times 13 years after the country's producers manufactured their last units. The floppy disk, invented in the 1970s, was once a ubiquitous part of computing. Other forms of memory like flash drives and internet cloud storage have since taken over. The next target for Japan's war on outdated technology: fax machines.

Google's latest annual environmental report reveals the true impact its recent forays into artificial intelligence has had on its greenhouse gas emissions, according to an article from TechRepublic. The expansion of its data centers to support AI developments contributed to the company producing 14.3 million tonnes of carbon dioxide equivalents in 2023. This represents a 48% increase over the equivalent figure for 2019 and a 13% increase since 2022. “This result was primarily due to increases in data center energy consumption and supply chain emissions,” the report's authors wrote. “As we further integrate AI into our products, reducing emissions may be challenging due to increasing energy demands from the greater intensity of AI compute, and the emissions associated with the expected increases in our technical infrastructure investment.”

As originally reported by TechRadar, researchers say they found a text file, called rockyou2024.txt, containing nearly 10 billion unique passwords, all stored in plain text, according to an article from Lifehacker. That means anyone with access could scrape the list as they would a PDF and discover each and every password for themselves. This was not a project that happened overnight: These passwords were collected over time, from various attacks and leaks over the past 20 years. Attackers added 1.5 billion of these passwords to the file from 2021 to this year alone. The fact that these are all unique, too, means there are no repeats in the list. It's tough to wrap your head around that many passwords.

Are you concerned by what (and how much) data Google has collected about you? Would you like to have some control over that data, including the ability to delete it? If so, then this article from Lifehacker is for you! They walk you through how to view and possibly delete the data that Google has collected on you.

A lawsuit was filed on July 11, 2024, against Hershey, Walgreens and several others in the case of a Massachusetts teen who died after he participated in a spicy tortilla chip challenge that was widely promoted on social media, according to an article from the Associated Press. The teen, a 10th grader from the city of Worcester, died Sept. 1, 2023, after eating the Paqui chip as part of the manufacturer's “One Chip Challenge.” An autopsy found Wolobah died after eating a large quantity of chile pepper extract and also had a congenital heart defect.

Apple actually did send alerts to users on July 10, warning them they might be targeted by “mercenary spyware attacks.” According to Apple, it sent the alert at 12 p.m. PT on Wednesday to users in 92 countries, according to an article from Lifehacker.

Handheld phone use while driving is a major factor in vehicle crashes, according to one study recently published in the JAMA Open Network. Scalable interventions are needed to encourage drivers not to use their phones. The objective is to test whether interventions involving social comparison feedback and/or financial incentives can reduce drivers' handheld phone use. In a randomized clinical trial, interventions were administered nationwide in the US via a mobile application in the context of a usage-based insurance program (Snapshot Mobile application). Customers were eligible to be invited to participate in the study if enrolled in the usage-based insurance program for 30 to 70 days. The study was conducted from May 13 to June 30, 2019. Analysis was completed December 22, 2023.

As if you really needed it, here's something to make you feel really old. This year marks the 30-year anniversary of the grill, officially known as the George Foreman Lean Mean Fat Reducing Grilling Machine, according to an article from The Hustle. After a slow start, it became an indelible part of ‘90s consumer culture and the world's most popular product for cooking hamburgers, hot dogs, salmon, and just about everything else (Oprah Winfrey preferred it for bacon). Read the article for an interesting history of how the grill came about, rose to popularity, and remained popular.

AT&T revealed on July 12, 2024, that a cybersecurity attack had exposed call records and texts from “nearly all” of the carrier's cellular customers (including people on mobile virtual network operators, or MVNOs, that use AT&T's network, like Cricket, Boost Mobile, and Consumer Cellular), according to an article from The Verge (and widely reported on in multiple media outlets). The breach contains data from between May 1st, 2022, and October 31st, 2022, in addition to records from a “very small number” of customers on January 2nd, 2023.

Inflection AI co-founder Mustafa Suleyman joined Microsoft as CEO of Microsoft AI in March, and took “several” coworkers with him, according to an article from TechRepublic. Now, the UK's Competition and Markets Authority (CMA) has opened an inquiry into whether this and Microsoft's other deals with Inflection should be considered anti-competitive. The CMA has until Sept. 11, 2024 to decide whether to continue the investigation.

Businesses across the world are reporting IT outages, including Windows “blue screen of death” errors on their computers, in what has already become one of the most widespread IT disruptions in recent years, according to an article from TechRadar (and very widely reported on in just about every media outlet). The outage — linked to a software update from popular cybersecurity firm CrowdStrike — has affected computers running Microsoft Windows at organizations across various sectors, including airlines, banks, retailers, brokerage houses, media companies and railway networks. The travel sector seems to be one of the hardest hit, based on online chatter.

UPDATE: In a post to its website July 20, 2024, Microsoft released a file for USB drives that can quickly and near-automatically fix PCs downed by the CrowdStrike fiasco, according to an article from Lifehacker. It comes with a fix that does all the work for you but requires a BitLocker recovery key (if BitLocker is enabled), as well as one that can bypass BitLocker but needs you to do a bit more legwork. Download the file here and follow the instructions to create a recovery key, then pick one of the recovery options based on your needs. Most users will be better off with the automatic option, Recover from WinPE, so start there and only move on if you're prompted for a BitLocker key you can't get. If you need but can't get a BitLocker key, use Recover from safe mode instead. It's more involved, but finally offers a way into machines that have otherwise been closed off.

If you were looking forward to an internet free of cookies, you'll be sorry to hear this bad news: Google is officially canceling its plans to kill cookies, according to an article from Lifehacker. The company announced the decision in a blog post July 22, 2024, citing feedback from regulators, publishers, developers, and individuals in the advertising industry. Google says that, while the company still believes it can strike a balance between the online ad marketplace and user privacy, it understands the existing challenges in doing so with this many moving parts. The company says, “this transition requires significant work by many participants and will have an impact on publishers, advertisers, and everyone involved in online advertising. ”As such, Google announced it is changing tactics on its privacy plans for online advertising: While the company will be abandoning its push to retire cookies, it will be introducing a new option in Chrome that, “lets people make an informed choice that applies across their web browsing. ”Google fell short of explaining exactly how this “informed choice ”works, but users will have the option to change their choice at any time.