San Diego Comic-Con — like just about every large conference, convention, and gathering in 2020 — has had to switch to an online-only, virtual format this year due to the continuing pandemic. Media companies that usually have a large presence at events like SDCC worked hard to create streaming alternative content — but it seems they forgot to tell their copyright bots.
ViacomCBS kicked things off today with an hour-long panel showing off its current slew of current and upcoming Star Trek projects: Discovery, Picard, Lower Decks, and Strange New Worlds.
The panel included the cast and producers of Discovery doing a read-through of the first act of the season 2 finale, “Such Sweet Sorrow, Part 2.” The “enhanced” read-through included sound effects, effects shots, and storyboard images meant to bolster the actors as they delivered lines from their living rooms and home offices.
Even if the presentation didn’t look like a real episode of Discovery to the home viewer, it apparently sounded close enough: after the Star Trek Universe virtual panel began viewers began to lose access to the stream. In place of the video, YouTube displayed a content ID warning reading: “Video unavailable: This video contains content from CBS CID, who has blocked it on copyright grounds.”Source: arstechnica
A compelling case of suicide among bots.
Users on the Facebook-owned Instagram in the United States whose activity on the app suggested they were Black were about 50 percent more likely under the new rules to have their accounts automatically disabled by the moderation system than those whose activity indicated they were white.Source: NBC News
Hong Kong-based VPN provider UFO VPN exposed a database of user logs and API access records on the web without a password or any other authentication required to access it. The exposed information includes plain text passwords and information that could be used to identify VPN users and track their online activity.
Bob Diachenko, who leads Comparitech’s security research team, uncovered the exposure, which affects both free and paid users of UFO VPN. He immediately alerted the company upon discovering the exposed data on July 1, 2020.Source: Comparitech
“Use a VPN!”, they said, “It’s secure and anonymous and there are no logs ever.”
What if I told you that all this VPN stuff is actually crap you should not trust? Oh wait, I did!
Hundreds of unsecured databases exposed on the public web are the target of an automated ‘meow’ attack that destroys data without any explanation.
The activity started recently by hitting Elasticsearch and MongoDB instances without leaving any explanation, or even a ransom note. Attacks then expanded to other database types and to file systems open on the web.
A quick search by BleepingComputer on the IoT search engine Shodan initially found dozens of databases that have been affected by this attack. Recently, the number of wiped databases increased to over 1,800.Source: Bleeping Computer
First off all overwriting exposed databases is better than selling that data to scammers and spammers. Second destroying data which may harm those whose data has been (maybe illegally) collected (or at least without their knowledge or consent) is also a good thing. But what about destroying data in order to hide evidence? I’m not sure what to think about these meow attacks.
However putting unsecured databases into the web is always bad practice. Don’t do that. Never. If you need data to be publicly available properly secure the database and create an API to securely access and/or manage that data. It’s not that hard.