Login With Facebook data hijacked by JavaScript trackers

When a user grants a website access to their social media profile, they are not only trusting that website, but also third parties embedded on that site” writes Englehardt. This chart shows that what some trackers are pulling from users. Freedom To Tinker warned OnAudience about another security issue recently, leading it to stop collecting user info.

Source: Login With Facebook data hijacked by JavaScript trackers | TechCrunch

Don’t use Facebook.

Meltdown and Spectre: clearing up the confusion

For a typical user, the browser presents the highest risk, but we have yet to see proof of concept code that exploits this vulnerability through JavaScript – and browser vendors have started issuing patches as well (for example, Mozilla has issued a new version of Firefox, 57.0.4, where they have decreased the precision of time sources to make attacks such as Spectre more difficult or impossible). If you run stuff as Administrator: Spectre makes no difference for you really.

In other words: the world will end over the weekend.

Source: Meltdown and Spectre: clearing up the confusion – SANS Internet Storm Center

Bitcoin Miners Are Shifting Outside China Amid State Clampdown

Bitmain, which runs China’s two largest bitcoin-mining collectives, is setting up regional headquarters in Singapore and now has mining operations in the U.S. and Canada, Wu Jihan, the company’s co-founder, said in an interview. BTC.Top, the third-biggest mining pool, is opening a facility in Canada and ViaBTC, ranked No. 4, has operations in Iceland and America, their founders said.

Source: Bitcoin Miners Are Shifting Outside China Amid State Clampdown – Bloomberg

More news on Bitcoin today.

From:  Microsoft Halts Bitcoin Transactions Because It’s An “Unstable Currency

While Bitcoin price has always fluctuated, it never swung like it did in the past three months. To be widely adopted by the financial sector, a digital or fiat currency must be stable in order to be useful, something that Bitcoin is definitely not.

From:

AT&T and Comcast lawsuit has nullified a city’s broadband competition law

The court agreed with AT&T and Comcast’s argument, saying, “It is clear that the [Metro Nashville] Charter grants NES broad, unencumbered power to manage and control the properties of the Electric Power Board. It expressly denies that power to the Mayor, the Council, and any other agency of the Metro Nashville government.”

Source: AT&T and Comcast lawsuit has nullified a city’s broadband competition law | Ars Technica

Wyden Issues Warning About SESTA

“After 25 years of fighting these battles, I’ve learned that just because a big technology company says something is good, doesn’t mean it’s good for the internet or innovation. Most innovation in the digital economy comes from the startups and small firms, the same innovators who will be harmed or locked out of the market by this bill.

Source: Wyden Issues Warning About SESTA | Press Releases | U.S. Senator Ron Wyden

The Equifax Hack Has the Hallmarks of State-Sponsored Pros

The average American had no reason to notice Apache’s post but it caught the attention of the global hacking community. Within 24 hours, the information was posted to FreeBuf.com, a Chinese security website, and showed up the same day in Metasploit, a popular free hacking tool. On March 10, hackers scanning the internet for computer systems vulnerable to the attack got a hit on an Equifax server in Atlanta, according to people familiar with the investigation.

Source: The Equifax Hack Has the Hallmarks of State-Sponsored Pros – Bloomberg

The massive breach occurred even though Equifax had invested millions in sophisticated security measures, ran a dedicated operations center and deployed a suite of expensive anti-intrusion software. The effectiveness of that armory appears to have been compromised by poor implementation and the departure of key personnel in recent years. But the company’s challenges may go still deeper. One U.S. government official said leads being pursued by investigators include the possibility that the hackers had help from someone inside the company. “We have no evidence of malicious inside activity,” the Equifax spokesperson said. “We understand that law enforcement has an ongoing investigation.”

China orders bitcoin exchanges to shut down

Bitcoin is created and exchanged without the involvement of banks or governments. Transactions allow anonymity, which has made bitcoin popular with people who want to conceal their activity. Bitcoin can be converted to cash when deposited into accounts at prices set in online trading.

Source: Reports: China orders bitcoin exchanges to shut down – ABC News

The hackers who broke into Equifax exploited a flaw in open-source server software

That vulnerability, according to a report on the data breach by William Baird & Co., was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017. One was announced in March, and another was announced earlier this week on Sept. 4. At the moment, it’s unclear which vulnerability the Baird report was referring to.

Source: The hackers who broke into Equifax exploited a flaw in open-source server software — Quartz

The bug specifically affects a popular plugin called REST, which developers use to handle web requests, like data sent to a server from a form a user has filled out. The vulnerability relates to how Struts parses that kind of data and converts it into information that can be interpreted by the Java programming language. When the vulnerability is successfully exploited, malicious code can be hidden inside of such data, and executed when Struts attempts to convert it.

Equifax Breach Response Turns Dumpster Fire

I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans.

Source: Equifax Breach Response Turns Dumpster Fire — Krebs on Security

Judge Kills AT&T’s Attempt to Slow Google Fiber in Louisville

A Federal Judge has shot down an AT&T lawsuit against the city of Louisville, one of several company bids to slow down Google Fiber’s arrival to the region. AT&T sued the city back in February of last year after Louisville streamlined its utility pole attachment rules to speed up the arrival of competing broadband services to the city. Incumbent ISPs have long abused the absurdly bureaucratic pole attachment process to slow competitors, and Louisville’s “one touch make ready” reforms streamlined the process significantly.

Source: Judge Kills AT&T’s Attempt to Slow Google Fiber in Louisville