Hacker News new | past | comments | ask | show | jobs | submit | more Helithumper's comments login

Along with having some pretty goofy sound packs, https://youtu.be/xpvQ1Y27t70 in particular that to me is super eerie.


Thread from previous discussion https://news.ycombinator.com/item?id=27613217 (June 4, 2021)


In your second link, the article specifically states "McRae probably wasn’t acting as an ecosaboteur."

I don't know how you read that and came to the conclusion that "attacks by so called environmentalists" when the article comes to the opposite conclusion.


Published 18 Aug 2022

Also, Title should probably be reverted to it's original "How CISCO got Attacked by Yanluowang Ransomware Gang"


Just a note, HN edits out "why", "how" and the like from the start of submitted titles as they are usual indicators of a clickbite title.


and you can edit it back in if it's important for the title


If you ever check the average, always make sure to _at least_ add in the median. I don't know if there's any special syntax for this with symbols or whatever but having the median,average,and possibly even n together is way better than just the average.


Is is just me, or is this article missing links that it should have?

> Exactly 5 million on exactly that day? Probably not. But if not exactly, then just how large is the uncertainty? Here’s an example for how to do it right, from the economist, with a central estimate and an upper and lower estimate.

Where is the economist example? It's not linked or quoted or anything.

> Here’s an example for how not to do it from the Guardian. This work is published in the journal Physical Review Letters. This isn’t helpful. Here’s the same paper covered by the BBC. This one has a link. That’s how you do it.

The BBC Example isn't even linked (which I find hilarious bc the sentence is describing the BBC not linking the paper). I don't know what BBC example the author is discussing.

> An example is this story from 2019 about a paper which proposed to use certain types of rocks as natural particle detectors to search for dark matter.

What story? It's not linked....

Reading back to the top this appears to be a transcript, however it doesn't make much sense that only some of these parts are linked and as a result the transcript (for whatever reason) randomly includes links.


was my first thought in seeing this.


Timeline:

2021-09-22: Jetpack Scan team discovers the dropper and back door in the FotoGraphy theme, and tries to contact vendor about the initial finding.

2021-09-27: Confirm presence of dropper + back door in all current free plugins and themes downloaded from vendors website.

2021-09-28: Confirm that dropper + back door is not present on downloads from wordpress.org

2021-09-29: Trying to contact vendor again, with updates on new findings.

2021-10-14: Escalated to WordPress plugins team to try to obtain contact with the vendor.

2021-10-15: Compromised extensions are removed from the vendor’s site.

2021-10-16: Response from vendor

2022-01-17: Most plugins have been upgraded to new versions, themes have been pulled from WordPress.org.

2022-01-18 Public disclosure


That's really pathetic, to put it mildly. Three weeks between initial contact and removal of compromised themes. Four months until public disclosure.


Public disclosure by the people that found the backdoor. I couldn't find any disclosure about it by AccessPress themselves between 15. October when they pulled the compromised themes and plugins to now.


ThriveThemes still hasn't released a disclosure on an attack from March 2021.[0] This seems to be par for the course among theme developers.

0. https://www.wordfence.com/blog/2021/03/recently-patched-vuln...


That's not the timeline. It was a single day from contact to removal of compromised plugins. According to the article, the issue was that the vendor's contact form didn't work, not that the vendor didn't quickly remove the plugins.

You are also confusing plugins with themes. They are not exactly the same.


> vendor's contact form didn't work

Had this happen recently to a site. The SMTP password was set wrong and I don't know how many months/years this form just failed to submit but no one was aware of it... was for a landing page type site.


> The attack was discovered by researchers at Jetpack, the creators of a security and optimization tool for WordPress sites.

It’s a deceitful way to present it. Jetpack and WordPress are the same company.


That’s simply not true. Jetpack is owned by Automattic. Automattic has an exclusive license to the name “WordPress” from the WordPress Foundation but WordPress is owned, operated, and managed by the WordPress Foundation and is a totally separate entity.

Source: I work at Automattic and used to work on a Jetpack team.


This is true, but it's also important to note that Matt Mullenweg founded/co-founded and leads both organizations.[0][1]

0. https://www.linkedin.com/in/mattm/

1. https://www.guidestar.org/profile/20-5498932


Thanks for the clarification, it's not that easy to understand when one looks at the Automattic website.


It's not deceitful at all. Anyone who's in the WP ecosystem understands this.

Jetpack is part of Automattic. Automattic's main thing is wordpress.com (the hosted platform). Automattic and WP.org are not the same thing even though ( as with many open source projects that have commercial implications) the lines are somewhat blurred.

Presenting this as "deceitful" is really quite the over-reaction.


If the lines are somewhat blurred, you can understand my initial confusion, not being “in the WP ecosystem” myself.


Sure. but perhaps think about the use of emotive words like "deceitful" when you don't fully understand what's going on?


English as third language, so let’s say I didn’t realise it was such a strong word.


English is a mess.

Deceitful implies intention. Qualifiers help. "Unintentionally misleading" fits better. It's like the difference between manslaughter (whoopsiedeath) and murder (intentional).


You have to understand that this sort of intentional obfuscation of ownership and responsibility under a single root of ownership is in most areas of business a pretty good indication of ill intent (even if it is depressingly common).


I never download from anywhere but wordpress.org and a lot of others don't, and that wasn't attacked, so I disagree that it's "pathetic".


So isn't the reasonable deduction here that the vendor was responsible for this given it was present on their website but not on the plugins through Wordpress? They probably didn't have the back door on the wordpress plugins because those would face a higher scrutiny than the ones on their site. Finally they get caught and go silent, but then when wordpress knows they finally respond because they know the jig is up and are trying to save face.


I think the more reasonable deduction is that the vendor's website was compromised, and that's where the attacker was able to introduce new files.


I don't think that's a reasonable deduction, it seems like the contact form on the vendor's website didn't work. That could possibly be compromised by the attacker.


Ignoring the textual content of the article, the photography is really well done.


Another similar question, Why not any tablet (IPad, Android, etc...)? I've found trying to quickly browse information on an eReader to be an exercise in patience.

Genuinely wondering how this is working out for you and if you have any pictures of this setup that would be interesting.


My eReader is the only tablet I own; the big plus of it for me is that it gets about a week of battery per charge, so I don't have an extra device to remember to charge every night, put back in my backpack, etc.

Don't really have a setup worth taking pictures of, it's just a Remarkable 2 with KOReader.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: