While The Last One Was A Hoax 123-reg Has Actually Deleted People’s Websites

A few days ago we reported on the fact that a company had apparently deleted itself, news which later turned out to be a hoax as part of a bad marketing scheme. For people who used 123-reg, a website hosting company in the UK, the joke may be on them as the company has actually deleted people’s websites.

123-reg has around 800,000 customers within the UK, hosting around 1.7 million sites, said that similar to the hoax, an error was made during “maintenance”, resulting in data from one of their servers being deleted.

The firm issued a statement saying that the company they were working on “restoring … packages using data recovery tools”, a process that is slow and not always effective, as people noted to the previous hoax. 123-reg has recommended that those with backups of their sites should use them to rebuild their sites, as the company itself didn’t have backups of the customers sites.

While the fault is reported to have only affected “67 out of 115,000” servers, it was caused by an automated script. An audit of 123-reg’s scripts is now being conducted and any deletion will now require human approval in the future, something that I’m sure the many companies that have lost business because of this blunder are less than comforted by.

The Company Deleted by One Line of Code Was a Hoax!

Yesterday we reported that a man had mistakenly deleted his entire company using just one line of faulty code. Now it turns out that the entire thing appears to have been made up by the poster as a publicity stunt.

Marco Marsala posted on the Server Fault forums asking for help earlier this week, explaining that his careless use of the “rm -rf” command in Unix had caused him to accidentally delete the contents of all of his servers, including the backups. The story became incredibly popular online and was reported by a number of major news sources as well as garnering a large number of responses to his original post, with a variety of sympathy, pity, and derision.

On Friday, the post was deleted by Stack Overflow, the parent forum of Server Fault and later a post made by a moderator, Sven, brought to light that the story was, in fact, a hoax. The poster, Sven, a Server Fault moderator, pointed to an Italian news report that detailed that the story was part of a marketing stunt by Marsala in order to promote his company and gain visibility. Marsala told the paper that the whole thing was “just a joke”. A statement by Stack Overflow revealed they did not find it quite as funny, saying “The moderators on Server Fault have been in contact with the author about this, and as you can imagine, they’re not particularly amused by it.”

In many ways, it could be surprising how many people believed the story, especially on a forum populated almost entirely by those knowledgeable in technology. It is yet to be decided how Server Fault will deal with the hoax topic, with Sven currently allowing the community in question to decide its fate.

One Line of Code Accidentally Deletes Entire Company

As far as code mistakes go, few can claim that their careless coding practices caused the deletion of their entire company. Marco Marsala ran a small web hosting company that carried the websites of a number of clients until he unwittingly instructed the servers to delete their entire contents, effectively wiping out his business and the websites of his clients.

In response to the tragedy that befell his servers, Marsala took to the Server Fault forum to explain his plight and perhaps hope that some of the forum’s denizens would be able to help him with his predicament. Instead of help, most of the advice he received simply informed him that the chance he had forever deleted his company was high and his code had completely destroyed both his own data and that of his clients.

I run a small hosting provider with more or less 1535 customers and I use Ansible to automate some operations to be run on all servers. Last night I accidentally ran, on all servers, a Bash script with a rm -rf {foo}/{bar} with those variables undefined due to a bug in the code above this line.

The reason why Marsala lost all of his data stems from his use of the “rm -rf” command, which can be broken down to “rm”, removing files, “-r” meaning it will delete recursively into every subfolder and “-f” for force, meaning no warning will be given. Due to the two variables surrounding the / being empty, this caused the system to delete from the root directory, essentially wiping out everything on the machine. To make matters worse, while he had taken backups, the backup devices had been mounted just before the erroneous script ran, causing them to also be wiped.

Responses to Marsala’s post ranged from pity to insulting, however, all agreed that the data on the servers was almost certainly gone for good with no recovery. Most focused on pointing out the mistakes he had made, instead of being able to offer him any help, “This is not bad luck: it’s astonishingly bad design reinforced by complete carelessness” wrote user Massimo.

For Marsala, there doesn’t look to be a good end to this story. There are very few options open to him that would allow the data to be recovered and even those, such as contacting professional data recovery experts, are expensive, time-consuming and have no guarantee of success. This should serve as a cautionary tale for those wishing to start their own online businesses to be very careful over what you run on your servers and the care you take of your backups.

Bash for Windows 10 Unfazed by Deadliest Linux Command

Linux Bash shell came to Windows 10 recently as part of the latest Windows Insider preview build. Immediately, people began to experiment, some to see how well the shell was implemented, while others went straight for a command capable of wiping the entire system on a Linux operating system “rm -rf /”.

For those not familiar with Linux and the Bash shell, the reason this command is so deadly can be broken down into its three parts. “rm” is the command for removing or deleting files. “-rf” contains the additional commands for recursive and force. In combination, this causes all files, folders, and subfolders to be removed, without providing any prompt for the user, even those which are write protected. Finally, “/” represents the root location of the file system, where all files and folders are stored and where the command will look for files to delete. Often usage of this command is restricted or generates a warning on modern Linux systems as, should it be executed, everything will be deleted.

This danger made it an obvious choice to try out on Windows 10’s Bash shell though you would hope it was tried from the safety of a virtual machine or throwaway installation. Fortunately (or unfortunately), this command doesn’t cause anywhere near the damage it does to Linux, although the Bash terminal itself is not so lucky, being reduced to a useless black window when started up.

https://twitter.com/shanselman/status/717846035515584512

Windows isn’t fully safe from misuse of the Bash shell, as if you run the terminal as administrator and target the /mnt/c directory, the C drive can be deleted. Although, with the lengths you have to go to in order to wipe your operating system, if it happens then it’s likely your own fault, and really, it’s no more dangerous than the command line already in Windows.

Windows 10 May Be Removing Programs Without Telling You

Windows 10 is designed to be the next step for Microsoft’s operating system, with internet functions built-in alongside apps and new gaming technologies designed to help users make the choice to move that little bit easier. With Windows 10 now a recommended update you would expect that some users would be hopeful of the new operating system, something that may not be the case if it keeps removing programs from your system without telling you.

So the major benefit of the internet is that you can quickly update your system, no longer do you have to wait weeks for the latest security patch or game update as you can quickly update anything you need or download something entirely new within hours or even minutes. It may come as a surprise then with groups like LifeHacker noticing that some programs they have on their system seem to be removed after doing an update. In this case, they found the system information tool Speccy had been removed, giving you only an empty file icon and a question of why?

The current theory is that it is removing outdated apps and drivers when it does an update, a good theory but still one that should worry people. Hopefully, this is not an intentional feature, otherwise, users could soon find their programs and software removed from the system, finding out only days later when they need them the most.

I’ve yet to upgrade to Windows 10 personally, and with “features” like this, I can’t say I will be anytime soon.

Steam Adds the Option to Permanently Delete Games from your Library

There’s always that one game in your Steam library. Whether you got it on sale thinking it would be good for the price, as a joke with you racking up hundreds of hours on it only for your friends to ridicule you, or even the one a friend got you, just so it’d be in your library forever after you dared play it once. Well now there’s a way to hide your game shame beyond just stashing it in a folder and hoping for it to never see the light of day again, with Valve adding the new option to permanently remove games entirely from your Steam account to their customer support.

Easily accessed by visiting Steam’s support page, followed by ‘games, software, etc’ and then the entry in your library you want to wish a permanent goodbye to. Go through the motions and you’ll find yourself free of it for good. Keep in mind that this isn’t a hide function, nor a refund, anything you remove here is gone for good with no compensation. The feature isn’t perfect either, with any games gotten through bundles requiring you to remove the entire bundle along with it, so the folder of shame may not be retired just yet.

Are you planning to purge any stains on your Steam library? Let us know in the comments below if you want to give that purchase of shame one last moment of light before it’s gone for good.

Judge Says Stingrays “Are Simply Too Powerful” Without Rules

Stingrays have become one of the most contested ways of digital surveillance since they became public knowledge last year. The devices act like mobile phone towers, simulating their actions while allowing them to intercept and identify the devices connecting to them. The problem many have seen with this device is that they are not selective, they do not target a specific person or phone because the technology does not work like that, this means that when one goes up all mobile devices in the area send their information to the tower. This provides the tower with their location but can also be used to intercept calls and text messages sent by any devices in the nearby area. A judge in Illinois has made a stand and said that unless his three requirements are met, he will not authorise the use of a stingray.

The first requirement is that the stingrays require a warrant to be used, a claim that has been highly contested and was originally an issue given that some law enforcement agencies have used the device hundreds of times without any government oversight.

The second requirement is that the data collected (which is not relevant or approved by the warrant) is “immediately destroyed” and this action is proven to the court.

The third requirement is that the devices cannot be used in areas where a large number of mobile phones will be active, such as at a public sporting event or large gathering.

These steps could be the first sign of a powerful device being controlled and monitored rather than deployed without thought of the freedom and privacy of others around it.

Google Photo Update Helps Save Space On Your Device

We all love taking pictures, first it was that camera you took around and wound up after every shot. These days though you either have that high-definition camera or if you are caught unprepared for the moment you use your mobile phone. The only problem with using your mobile phone to take all those life changing moments on camera is that you often store other things, such as your music or apps on there too. With so many things on your phone, Google Photo hopes to make keeping those memories slightly easier.

Stated in a post on Google+, Google Photos gets several new features in an update released today. First up is its ability to “Free Up Space” via a new button on the settings screen. This button starts to bulk-delete copies of photos, but don’t worry, it only does this to photos that have been backed up.

Users can now also downgrade their photos from “Original Quality” to “High Quality”,  a process which will create a smaller file by compressing your photo, this means you can store more photos, as long as you don’t want to view them in their full glory all the time.

How often do you find your space running out on your phone or tablet? Are these changes welcome additions or just options for those holidays pictures you might take next year?

Green Dispensing Malware to ATM Machines

A downside of technical innovation lies in the unfortunate ability to hack devices with the aim of stealing information and scamming consumers out of their savings. ATM’s are not immune to this threat and a new breed of malware has the ability to allow an attacker the option to drain the ATM’s cash vault before erasing the evidence.

The malware in question is coined “Green Dispenser” and it implements an out of service message on the ATM, but, all is not well as attackers with access to the correct pin codes can then drain the ATM’s cash vault and erase Green Dispenser using a deep delete process, leaving little if any trace of how the ATM was robbed. Let’s take a look at the deployment and operation process of this greedy piece of malware.

Deployment and Operation

The only way this malware can be installed is via physical access to the machine, therefore it is not possible to walk up to an ATM which is situated in a shop or sunk into a bank wall and attempt to install such code, therefore this raises the option of a compromised employee with access to said machines. Green Dispenser has the ability to target “ATM hardware from multiple vendors using the XFS standard. It achieves this by querying for peripheral names from the registry hive before defaulting to hardcoded peripheral names”.

An operational functionality in the coded run date is “2015” with the month being earlier than September. This suggests to analysts that Green Dispenser was employed in a limited operation and designed to deactivate itself to avoid detection. A second layer which the attackers have implemented with the aim of hiding their activities lies in the authentication using a hardcoded pin which is then followed by a second pin which this time is dynamic.

It is believed the attacker in question derives this second PIN from a QR code which is displayed on the screen of the infected ATM, which is then read by an application that can be scanned onto a smart phone. Think of this as similar to logging into your favourite website, you input in a password before using a second two factor authentication method to unlock your account, by implementing this method it makes it more secure so that only the person in question can use the malware, provided they have the correct authentication.

Once the malware is run it attempts to verify if the month is earlier than September and the current year is 2015, if it finds the year to be say 2014, it simply shuts down. If the details are correct, Green Dispenser “creates a second desktop environment on the ATM called “dDispW” and creates a window in the second desktop called “Dispenser”. This is with the aim of overlaying an “Out Of Order” message within the ATM screen; it is worth noting that the message has appeared in Spanish as well as English.

Below is the QR code screenshot, “If the dispense cash option is selected, Green Dispenser attempts to query the registry location “HKEY_USERS\ .DEFAULT\XFS\LOGICAL_SERVICES\class=CDM” to find the peripheral name for the cash dispenser. If not found, it defaults to “CurrencyDispener1” which is the cash dispenser peripheral name on specific ATMs. It then makes a call to WFSExecute with the command set to “WFS_CMD_CDM_DISPENSE” and a timeout of 12000 to dispense cash”.

As you can see, it’s a complex piece of malware which aims to offer the option to take as much money as you would like, which is good, (Disclaimer – please don’t take as much money as you want, it may sound good but it is not) Manufactures and banks would need to work together to counteract these threats with updated modern security upgrades, if not, expect these methods to become a standard in attacks against machines.

Thank you proofpoint for providing us with this information.

Image courtesy of hacer

Researcher Found Flaw Which Could Have Been Used to Erase Every Video on YouTube

Software developer Kamil Hismatullin has discovered a security flaw in YouTube that apparently granted him the power to delete any video he wanted. This means that he had the power to delete each and every video on the website, but don’t be alarmed, he had no desire to do so.

The developer reported the flaw to Google and apparently collected $5000 through the company’s Vulnerability Research Grants that launched back in January. For those unaware, the program offers anyone who finds significant vulnerabilities in specific applications a reward as an incentive for researchers to find and reports bugs and security flaws, having Google quickly swiping in and fixing them.

Hismatullin is said to have been offered $1337 back in February to dig into YouTube Creator Studio and after just six or seven hours, he found “a logical bug that let me delete any video on YouTube with just one following request.”

“Although it was an early Saturday’s morning in SF when I reported issue, Google sec team replied very fast, since this vuln could create utter havoc in a matter of minutes in the bad hands who can used this vulnerability to extort people or simply disrupt YouTube by deleting massive amounts of videos in a very short period of time,” he wrote. “It was fixed in several hours, Google rewarded me $5k and luckily no Bieber videos were harmed :D”

A Google representative has confirmed what Hismatullin reported, having the exploit be one of or even the most destructive one found so far on the streaming giant’s website. Can you imagine a world where you go to YouTube and all of a sudden you are greeted with 0 videos on the entire webpage?

Thank you PCGamer for providing us with this information

Daimler Allows Employees to Delete all Incoming Emails When on Vacation

Car manufacturer Daimler are trying to make their employee’s holidays a little more stress-free. They’ve opted in the ability to remove the general “out of office reply” for a much simpler task – deleting every incoming email throughout the whole duration of their leave. The program is adequately named their “Mail On Holiday” option.

The New York Times reported:

“The program, called Mail on Holiday, politely informs senders that their messages were instantly deleted, but they can contact a designated alternate worker if necessary. The email blackout is optional for the company’s 100,000 workers, but “the response is basically 99 percent positive,” a Daimler spokesman, Oliver Wihofszki, told BBC Radio. “Everybody says, ‘That’s a real nice thing.'”

With some basic mail knowledge, you could do something similar yourself – just set a rule to send all incoming mail to your trash as it arrives in your inbox, shame if someone has something very important to contact you about however.

According to Daimler this is a bid to promote a healthier holiday lifestyle for their employees – removing any opportunity for them to look at their work emails whilst resting on holiday. As the incoming emails are removed, a simple return email will be sent to the sender letting them know they should remain contact after the holiday period has ended.

I wonder what will happen if two companies with the same policy have an email sent to one another. Does it just spit automatically generated out of office emails at one another for all eternity or is there some kind of failsafe put in place for this?

What do you think of this opt-in program? It’s a good idea for employee peace of mind and certainly will make day one back in the office run quite a lot smoother, but it begs the question – what if you miss something very important?

Image courtesy of Techsupport Pro

Google’s Gmail Performs Magic Tricks, Deletes Random User Emails

We had Google Services down for more than 30 minutes, randomly selected email addresses pasted in the “To” field when searching Gmail on Google’s Search Engine, and now we hear that there are even more problems cropping up on Google’s services, namely Gmail (again).

A recent Gmail bug has been uncovered, as The Verge reports, which results in some users accidentally deleting emails and reporting others as spam when applying the latter actions on other selected emails. Google has made a statement and told that the issue has been present in a software update on just a few platforms.

The iOS application, mobile browsers and the offline version of Gmail experienced the above mentioned issue, although the company giant currently states it has since fixed it. A notice has been sent to user urging them to have a look at their spam/trash folders for misplaced emails. It is currently unclear how many users have been affected by the ‘disappearing act’ issue.

Things are not looking up for Google, having its error ‘mysteriously’ repaired itself, sending random e-mails when clicking Gmail related links, filling up people’s e-mail addresses with hundreds of empty emails, and now deleting and sending random emails to the bin or respectively marking them as junk.

Thank you The Verge for providing us with this information
Image courtesy of The Verge