Not sure if anyone posted this yet, but the youtube-dl takedown also screwed over journalists who relied on it for archival and analysis purposes:

Loginizer < 1.6.4 - Unauthenticated SQL Injection

This is serious. Over 1m WordPress sites have this plugin running.

If you are using WordPress, check if this plugin is installed - and update now.

NSA publishes list of top vulnerabilities currently targeted by Chinese hackers

Pulse Secure VPN servers, F5 BIG-IP, Citrix ADC, Oracle, Atlassian Confluence, ...

Plus a bunch undisclosed/currently unknown vulnerabilities I assume.

QAnon/8Chan Sites Briefly Knocked Offline

All it took was one phone call to their DDoS mitigation provider...

My response to this popular thread on Twitter (link and image attached for those not on Twitter)

Crazy! It's more than a theoretical threat...

AGPL partially protects from these parasitical moves. Amazon would need to open source their modification which would probably prevent them from trying.

Relevant to our license change earlier this week:


The level of blatant censorship occurring on all social platforms, regardless of where you sit on the political spectrum, should worry us all. Social platforms should not be arbiters of truth, and it's just getting worse.

Robinhood estimates that ~2,000 accounts were compromised in a recent hack:

Robinhood said a "limited number" were affected by personal email breaches...

Iranian state hacker group linked to ransomware deployments

"Security researchers said they found clues linking recent attacks with the Thanos ransomware to a group of Iranian state-sponsored hackers.

While investigating security incidents at several Israeli prominent organizations, security researchers from ClearSky and Profero said they linked the intrusions to MuddyWater, a known Iranian state-sponsored hacking group..."

New Filter Alert:

We're happy to announce our new filter: "Academic Fraud". With kids going back to school, both schools and parents are looking for ways to combat the plethora of do-it for you online service (e.g., essays, homework).

Available in Beta to all paid plans.

Microsoft and others orchestrate takedown of TrickBot botnet

"A coalition of tech companies has announced today a coordinated effort to take down the backend infrastructure of the TrickBot malware botnet.

Companies and organizations which participated in the takedown included Microsoft's Defender team, FS-ISAC, ESET, Lumen's Black Lotus Labs, NTT, and Broadcom's cyber-security division Symantec.


Pretty good team work.

I really hate it when IP address fields are coded this way. You can't just copy and paste an IP address in, and they usually behave in non-standard ways.

-2m scanned websites contained outdated software which could potentially lead to an exploit.

-70k sites were infected with SEO spam, accounting for 39.59% of website infections.

-19k scanned websites contained malicious scripts or iframes from blacklisted domains.

-11% of infected sites were found to include scripts and iframes from blacklisted domains.

Pretty good report from Sucuri:

Nakabonne/ali: Generate HTTP load and plot the results in real-time (from your terminal):

Testing it out, seems like a great tool.

Superb (and, interesting, too) historical context to counter the argument for the state's demand for intrusion into our privacy:


Did you know that back in 2003, Verisign thought that it was a good idea to hijack NXDOMAIN answers for all .com and .net domains?

And pushed all those domain typos to their sitefinder product?

Glad that did not last.

Show more

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Managed by the team.