Newsworthy but not its own thread worthy

[pelham456]

Code:

http://en.wikipedia.org/wiki/Bubble_tea#History

i get that nobody added lumps into their drinks until the 80s or 90s, but taiwan didn't even have ICED COFFEE or ICED TEA until then?!

seriously?

[alexora]

Quote:

Originally Posted by pelham456

"Market Watch reported that a national survey following the lockdown last May found that bubble tea was the most popular delivery item in California, Hawaii, and Michigan."

THE most popular delivery item?! more than PIZZA??

i find that hard to believe. is there a qualifier missing there (such as "the most popular delivery item FROM BOBA TEA SHOPS")?

Pizza appears to be Nº1 in Connecticut, Idaho, Illinois, New Jersey, New York, and Ohio.

Code:

http://marketwatch.com/story/spam-biscuits-and-crawfish-2020-05-22

[pelham456]

i don't buy it. first off, it's only covering orders placed via APPS. i bet a huge %age of pizza orders still happen by telephone. landline, even.

secondly, is it really via yelp's OWN app? article is inconsistent on this point, but if so, they are hardly representative of the general populace. just read some of the comments there. i mean, poke bowls -- which no one over 40 prolly even knows -- as #1 among average indianans?! that's just nutty.

much less general tso's chicken in massachusetts...the one state which DOESN'T USE THAT NAME!!!! i'd be hard pressed to find a single restaurant in boston calling it that.

also, "unique to every state" in the caption is misleading. if several states share "tacos", say, then it is "unique" to none of them.

-----
still, it is a very CUTE chart, and one which i will be passing along.

[JustKelli]

The FBI Takes a Drastic Step to Fight China’s Hacking Spree

The agency's approach to protecting vulnerable victims of the recent Hafnium attack manages to be at once controversial and refreshingly restrained.*

April 14, 2021

ON MARCH 2, Microsoft warned the world that a Chinese state-sponsored hacking group called Hafnium had infected what would turn out to be tens of thousands of Microsoft Exchange servers in a weeks-long hacking blitz. While Microsoft soon released a patch, not every victim updated their systems, and hundreds of servers remained exposed. A little over a month later, the Department of Justice has now revealed, the FBI took extraordinary steps to protect those still at risk.

Court documents unsealed this week reveal that the FBI obtained a warrant to copy and delete so-called web shells—essentially a foothold into a system that hackers can use to send remote commands or malware—from hundreds of Hafnium victims. While the operation seems straightforward on a technical level, it establishes a precedent that manages to be at once both controversial and refreshingly restrained.*

“This is a novel approach,” says April Doss, a former NSA lawyer who currently directs the Institute for Technology Law and Policy at Georgetown Law. “I think we’ll see it used again, but I would hope we see it used again with really careful analysis.”

Ticking Bombs

Rather than carefully select valuable targets, Hafnium scoured the internet for vulnerable Microsoft Exchange servers and infected as many as it could, amassing at least 30,000 victims in the United States alone and hundreds of thousands worldwide. It was a mess.*

But it also wasn’t quite as bad as those numbers make it sound. Hafnium used its access in that initial sweep to plant web shells, which would allow it to come back later to cause real damage. It essentially left itself 30,000 keys under 30,000 doormats, and would figure out which of those targets it actually cared about later. A disproportionate number of Hafnium victims appear to have been small- to medium-sized businesses, which are more inclined to run a dedicated on-premises Exchange server for their email needs. Most large corporations run their email in the cloud. So Hafnium likely wouldn't care much about many of the entities it hit. (Opportunistic ransomware hackers, though, leapt at the opening Hafnium created.)

By all accounts, the rush to patch Exchange servers has been largely successful, thanks in part to a*one-click tool*Microsoft released about a month ago. But again, the victims are mostly small- and medium-sized businesses. Many of them don’t have the resources to fix a gaping cybersecurity threat; some may not even realize they have an exposed Exchange server in the first place. Meanwhile, patching protects from future infection, but it doesn’t get rid of the web shell that already snuck through. And so those web shells have lurked, patiently awaiting instructions from the hackers who put them there, ready to cause harm.

“You can imagine if there were a circumstance in which some criminal syndicate planted physical bombs in properties spread across half a dozen states,” says Doss. “If the property owners couldn’t be reached, or were off-site and couldn’t get there to take any action, or didn’t have the technical ability to find or defuse the explosive materials, what would DOJ do? They would get a warrant for the FBI to go in.”

Which is what happened last Friday, when a judge granted the FBI a warrant to uninstall those web shells, which turned out not to be an especially difficult task. “The technical part of it is like .5 percent of the work,” says Matt Tait, a former British intelligence analyst who is now the chief operating officer at Corellium, a virtualization and security research company. A web shell has a URL and, in this case, a password associated with it. The FBI had access to both, presumably through threat intelligence and other partners. All the agency had to do was access the web shell, enter the password, and send a command to the server that essentially said “delete me.” Problem solved.

“If the Microsoft Exchange servers they interacted with were fully patched and they actually deleted any and all web shells on the backdoor servers, it should be quite effective,” says Steven Adair, founder of security firm Volexity, which first identified the Hafnium attack. “Assuming these Microsoft Exchange servers were just backdoor with web shells, they were essentially sitting ducks. These actions potentially save these organizations from future harm.”

There are two important caveats here. First, removing a web shell doesn’t get rid of any malware that may already have snuck through, or return any data that has been stolen. Second, if the underlying vulnerabilities remain on a system, someone could always just plant another web shell.

In those limitations, Tait sees an encouraging degree of restraint on the part of the FBI. “What they’re doing is actually unusually narrow,” he says. The FBI could have asked to scan for ransomware or illicit materials that might be present on the server, or to proactively patch servers that were still vulnerable. “Then I think you would have more serious privacy concerns, like is the FBI piggybacking on this to look for other crimes?”*

Instead, the agency got in, defused the bombs, and got back out.

New Rules

Five years ago, an operation like this would have been highly unlikely, if not impossible. In December 2016, however, the Federal Rules of Criminal Procedure was updated to make search and seizure orders more applicable to cybercrime. Rather than having to get a warrant in every individual court district where suspected illegal activity occurred, law enforcement could instead get sign-off for broader efforts from a single judge, as long as officials could demonstrate that the activity took place in five or more districts.

“The big mismatch has always been between the way that legal rules are tied to physical geography and that cyberoperations extend beyond it,” says Doss. A target’s vulnerabilities are more important to a hacker than what state they’re in, especially for large-scale hacks, like Hafnium’s Exchange server assault or SolarWinds or the creation of a botnet.*

In fact, the FBI has used this authority before, although seemingly sparingly. In previous cases that have become public, it focused on disrupting active botnets rather than preemptive protections. The FBI also typically targeted the botnet controller to send the signal out, while in the Hafnium case, the agency used the web shells on private servers to send one back home.*

“In general, these operations involve law enforcement seizing control of a command-and-control server with the help of their partners and issuing commands to cut off access to the infected machines that make up the botnet,” says Katie Nickels, director of intelligence at the security firm Red Canary. “In this case, the FBI is gaining access to victim-owned Exchange servers, copying web shells from them, and then deleting those web shells. The distinction is important because the web shell actions are more invasive.”*

“The FBI will continue to use all tools available to us as the lead domestic law enforcement and intelligence agency to hold malicious cyber actors accountable for their actions,” said Tonya Ugoretz, acting assistant director of the FBI’s Cyber Division.

Anytime law enforcement tries something new—or at least puts a new spin on an old script—slippery slopes naturally become a concern. This time is no different. Future flexes will merit scrutiny, but this time the FBI at least appears to have taken the narrowest possible scope for the greatest possible good.

“This is the government saying the private sector can’t protect itself here,” says Doss, “so we’re going to.”

[LongTimeLu]

Quote:

Originally Posted by JustKelli

The FBI Takes a Drastic Step to Fight China’s Hacking Spree

Apparently the FBI are also trying to contact these wayward admins to advise them how to patch their systems...

Code:

http://theregister.com/2021/04/14/fbi_exchange_server_malware_deletion/

The FBI said it will try to send emails to the operators of all the servers it discovered the web shells on, advising them how to patch their equipment.

[LongTimeLu]

fashion outcry as Canada brings back jean jackets for Tokyo

For sports fans, there are many reasons to be thankful that the Tokyo Olympics look like they will take place – a year late – despite concerns about coronavirus: the chance to see supreme athletes compete at the highest level, an opportunity to deliver your definitive opinion on the Montenegro water polo team and marvel at the proxy superpower struggle at the top of the medal table. But the biggest treat of all could happen on the final night of the Games when the Canadian team walk out for the closing ceremony.

The athletes will be clad in graffiti-splashed denim jackets that would have been very current at the 1992 Olympics in Barcelona or on Degrassi Junior High at its peak, but haven’t quite passed muster among 21st-century critics on social media.

The Canadian uniforms were released in August last year but they have been picked up in all their glory this week as Team USA released its rather more conservative Ralph Lauren effort.

Canada has gone freestyle with its Olympic outfits before. At the 1972 Munich Olympics they walked out in wide brim hats and polka dots. They subsequently failed to win any gold medals at the following two Games.

Team uniforms have often proved interesting. At the 1992 Winter Olympics in Albertville, France, the Russian team turned up in costumes that appeared to be borrowed from 1930s private eyes. And this year’s hosts, Japan, were the perpetrators in 2000 at the Sydney Olympics when they wore rainbow capes in tribute to the city’s “carefree nature and the city’s deep blue sky”.

Code:

http://theguardian.com/sport/2021/apr/15/cancel-the-olympics-fashion-outcry-as-canada-brings-back-jean-jackets-for-tokyo

[JustKelli]

^^^^^ I like them and the whole point of the closing ceremony at any Games is to cut loose and celebrate the world coming together as one. These Jackets are from the Hudson's Bay Company which is an institution in Canadian history. Japan will enjoy them I'm sure as they pay homage to Japanese street art which echoes these jackets. So fucking what that a minority dislikes them, they are probably the same ones that cried when Melania Trump wore her graffiti style jacket during that trip that was so highly publicized. Her only crime was time and place. Interestingly the USA has worn Canadian made products at previous closing ceremonies more than once but they are moving back to a protectionist country as far as trade. They need something to be proud about as they slowly fall apart and become irrelevant in the world's eyes.

Canada is more a Winter Olympics country so most wont even know we are there lol. We still hold the world record for the most gold medals at a Winter Olympics

I would sooner walk out naked though than wear these preppy rags from Ralph Lauren. YUCK lol.

Quote:

Originally Posted by LongTimeLu

Apparently the FBI are also trying to contact these wayward admins to advise them how to patch their systems...

Code:

http://theregister.com/2021/04/14/fbi_exchange_server_malware_deletion/

The FBI said it will try to send emails to the operators of all the servers it discovered the web shells on, advising them how to patch their equipment.

They and others have tried to "bruteforce" our firewalls at my investment company but couldn't penetrate them this time or any other time they tried. There is a 100K reward to anyone that can crack through all four levels. No one has collected to date. We have our own patented OS but it has access to Microsoft servers even though Microsoft cant access us coming in. They tried suing us for years and finally gave up 5 years ago. We never allowed them because their firewalls are weak and vulnerabl.

It's funny, my guy wrote some code for the company that powers this website when he helped start it in 2011, his focus was more on the Xenforo template and program but he wrote for vBulletin as well. He helped write "patches" for sites, this one included but mainly for Avast. I still have his admin privilege on DragonByte and could make a terrible mess if I was pushed hard enough and weren't as honest as I tend to be. He subscribed to the "Do No Harm" theory and I grudgingly honor his wishes.

Planetsuzy uses third party servers...

[alexora]

Quote:

Originally Posted by LongTimeLu

fashion outcry as Canada brings back jean jackets for Tokyo

[INDENT]The athletes will be clad in graffiti-splashed denim jackets that would have been very current at the 1992 Olympics in Barcelona or on Degrassi Junior High at its peak, but haven’t quite passed muster among 21st-century critics on social media.

Italy's Olympic outfit, designed by Armani:

[pelham456]

italy's decision to use a faux asian font is gonna blow up in their faces. mark my words.

[JustKelli]

^^^^^ You need to understand that all of this is as a thank you to Japan for inviting the world to their backyard for a party.

If nothing else these will he the most stylish Olympics in history as Patriatism reigns.

Let's update that original story from a real perspective and Twitter is abuzz with excitement with mostly positive tweets... you can Google the headline for the tweets

New USA Olympic uniforms have everyone talking about Canada’s badass look

Rob Williams

Apr*15*2021

We are two countries with a lot in common.

We share the same language, a similar culture, and the world’s longest undefended international border.

But when it comes to Olympic fashion, Canada and the United States couldn’t be more different.

Case in point, Team USA unveiled its Olympic uniforms that they’ll wear during the Closing Ceremony in Tokyo this summer.

While the US went Ralph Lauren preppy, Team Canada is going Hudson’s Bay badass.

Choosing an entirely different path, our athletes will be rocking Canadian tuxedos during the Closing Ceremony, with a touch of Japanese street art mixed in.

Canada stole the Americans’ thunder, it seems, as the Canadian tuxedo was seemingly all anyone could talk about on both sides of the border. Even the official Team Canada Twitter account noticed.

The Team Canada Collection by Hudson’s Bay was unveiled last summer and features many traditional stylings, including a red jacket with a big maple leaf on the back for the Opening Ceremony.

“The clothing included in the Team Canada Collection is not only stylish, but functional, featuring sweat-wicking, light fabrics to keep athletes cool and comfortable, no matter the weather,”*Team Canada says on its website.

But the Closing Ceremony jean jacket is the showstopper.

“We aimed to achieve a balance of respect for the host country and celebration of our Canadian athletes,”*according to the design team at Hudson’s Bay. “We designed a harmonious graphic that pays tribute to both countries’ national flags and it is used across all elements of the athlete kit.

“Tokyo is also known for its street art and fashion. We paid tribute to this in the must-have piece of the Collection – the forever cool jean jacket. The graffiti graphic and unexpected patch placements capture a youthful and celebratory feel.”

But enough about that.

You came here for the internet reviews, didn’t you?

Take it away, Twitter: