Drupal is an open source content management system and more that powers millions of websites worldwide. Liked for its configurability and endless extension through modules, Drupal is a huge part of Web 2.0.
And it's been thoroughly rooted. The BBC is reporting:In its "highly critical" announcement, Drupal's security team said anyone who did not take action within seven hours of the bug being discovered on 15 October should "should proceed under the assumption" that their site was compromised. Anyone who had not yet updated should do so immediately, it warned. However, the team added, simply applying this update might not remove any back doors that attackers have managed to insert after they got access. Sites should begin investigations to see if attackers had got away with data, said the warning.
"Attackers may have copied all data out of your site and could use it maliciously," said the notice. "There may be no trace of the attack." It also provided a link to advice that would help sites recover from being compromised.
This one is nasty.
Security researcher Graham Cluly reports:According to the company, "automated attacks" started to hit websites running Drupal version 7 within a matter of hours of it disclosing a highly critical SQL injection vulnerability on October 15th.
Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.
If a site using a vulnerable version of the Drupal CMS is attacked, hackers could steal information from the site or open backdoors to allow them continued remote access to the system.
If your site has been compromised,
This Drupal help page gives you an answer to the question Now what do I do? But here's a tip from your friendly editor zafiro17: Step one is "pour yourself a nice glass of scotch and drink it. You're going to be wiping the site and starting over." No charge for that advice.
[Ed. note: This just in from Joomla: "Nyah nyah!"]
Wired
reports that Verizon inserts a unique identifier into all HTTP requests going over its wireless network, subverting Do Not Track, private browsing sessions, using different browsers, or moving around their network. Verizon has an
opt out page, but it only opts you out of having it being used by Verizon and its partners from targeting ads based on it. Obviously, anyone else seeing the headers are under no agreement to not use them to build a profile of you. There are anecdotal reports AT&T may be doing the same. Security researcher Kenneth White set up
a page to check for this header with more information.
Central to the functioning of the Internet as we know it is the Domain Name System (DNS), and currently at least, central to DNS is the Internet Corporation for Assigned Names and Numbers (ICANN). And now, in the context of expanding mandate of DNS names (the new global top-level domain names), the Snowden revelations that showed how the US government has abused its role in overseeing ICANN, and a few bungle-headed decisions by ICANN itself, that may be up for revision and change. The Register writes:
The future health of the internet comes down to ONE simple question: can ICANN be forced to agree to oversight of its decisions?Such is the importance of the core that ICANN has been purposefully lumbered with an organisational design that tests the limits of sanity: three supporting organisations (one of which is broken up into another four components and then sub-divided again); four advisory committees; a 20-person board; and a permanent staff. Just like the internet, however, this global and decentralised organisation has a potential flaw: a central core of staff and board, without which the rest of it would start to erode and break apart.
And that's where the US government comes in. Since the creation of ICANN in 1999, the US government has overseen the organisation. Uncle Sam was supposed to step away within just a few years but for various complicated reasons, in every one of the 15 intervening years, ICANN's core - its staff and board - have made at least one fundamentally stupid decision, usually against the explicit wishes of the majority of the organisation.
And then refused to change its mind.
Each time it has done so, the United States administration has done the equivalent of walking into the room, smacking ICANN over the head and leaving again.
An interesting and important subject, and a well-written article (slightly longer that usual, at 4 pages).
Gmail is the email solution of choice for a huge number of Netizens, and that provides a rich playing field for developers hoping to be useful to you by providing tools that simplify email overflow.
Enter Google with its latest endeavor, "Inbox." From Engadget:
If you're anything like us, Google's Gmail has an iron grip on your life. Google's looking to create a whole new iron grip with a new app from its Gmail team, and it's called "Inbox." What is it? That's a good question -- Google's made a demo slash advertisement video that we've dropped below. As far as we can tell, Inbox is a combination of Google Now and your Gmail inbox -- a "smart" inbox, if you will. It combines alike pieces of email (bank invoices, for example), highlights related information (like Google Now alerting you to flight changes, traffic, etc.) and keeps track of your life (it'll give you reminders, among other heads ups). Is this the end of Gmail? We seriously doubt it, but it is Google's latest foray into simplifying email.
ICANN made its decision last week on a number of high-profile top-level domain names.
And of 17 names, only 4 were attributed to a community-run group who will oversee them.o pass the test, each dot-word applicant had to prove they represented a specific community related to the word. If successful, they would be given priority over anyone else that had applied for the same top-level domain name.
Considering the commercial possibilities of domains ending with "music", "tennis", "art" and others - with recent auctions for gTLDs reaching into the millions of dollars - the stakes are high. And with a high bar of 14 out of 16 points required to pass the test, most failed.
The dot-words that did not pass the community test will move forward to an auction some time next year, and those with the deepest pockets will be able to snap them up.
Two interesting conclusions: of those names rejected, the field is now open for them to be managed by commercial, not community interests. And secondly, the playing field is now open for just about any domain name on earth. Let the dollars flow, eh gentlemen?
The Guardian covers
an upcoming Net Neutrality protest that already has some high-profile participants:
On 10 September, tech firms including Etsy, FourSquare, KickStarter, Mozilla, Reddit and Vimeo will install a widget on their sites to show how they believe the internet would look if the Federal Communications Commission (FCC) overturns "net neutrality" rules. [...]
A similar campaign led to the FCC being flooded with comments on the net neutrality legislation - so many that at one point its systems collapsed under the strain.
The sites won't actually run slower; they'll simply display a spinning "loading" symbol that links to more information about net neutrality. Details about the campaign (and the code, if you want to participate!) can be found at the
Battle for the Net site.
Will any of the tech news sites join the campaign?
Data journalist Carl Bialik profiles a fascinating user-driven website that combines photography, geography and big data:
Want to know what a website looked like in the past? The Internet Archive has you covered. But there's no Wayback Machine for the world, and how it looked.
There is, however, one for the British Isles. It is called Geograph, and it contains photos of 97 percent of the 244,034 one-kilometer squares of Great Britain.
In
the article he discusses Geograph's history and future plans, interviewing a dozen of the most prolific contributors along the way.
What do you think are some of the best uses for their data set? Would you contribute if Geograph expanded to your area?
New York Times journalist Mike Isaac
comments on the recent release of celebrity naked pictures of terms of what it means for our collective privacy, online security, and rights for websites to police themselves.The images are hardly the first nude celebrity pictures to make their way online. But their publication has touched off a larger discussion on the state of privacy and civil liberties on the Internet. Some privacy advocates are focusing on the role that big tech companies play in policing - or not policing - users who repeatedly push the boundaries of taste, or those who post controversial content like the videos of the beheadings of the journalists James Foley and Steven Sotloff...
...Twitter, YouTube and others may ultimately decide to take a more active approach to policing user-generated content. Twitter has already shown some signs of change. But this is a fine line to tread, as these companies have long trumpeted their democratic approach to unfettered online speech...
...If these services were altered significantly, civil liberties advocates fear it could inhibit how people are able to express themselves online.
[Author note: This is a reminder to take your massive collection of nude selfies off iCloud.]
Remember that guy who had a KickStarter for potato salad? He ended up making $50,000.
John Biggs of Tech Crunch sits down with Zack Danger Brown to
discuss his internet success.So I went to Kickstarter for a day and one of their engineers showed me one of his projects that he posted to get out the message that smaller, not-serious projects can succeed.
He showed me a project that was like a skull t-shirt project, and his video is clearly parody and it's him saying things like "You give $20, you get a skull t-shirt, but if you give $35, you get a sick skull t-shirt!"
He ended up making like $1,000, but the idea was: Look, we are not about big serious projects, you don't have to have an Oculus Rift to succeed on Kickstarter.
[Author note: When Al Gore invented the internet, this is probably not what he had in mind.]
Alan Jacobs is Distinguished Professor of the Humanities in the Honors Program of Baylor University and the author, most recently, of The "Book of Common Prayer": A Biography and The Pleasures of Reading in an Age of Distraction. And
he's written a good essay on why Twitter isn't fun anymore.
As long as I've been on Twitter (I started in March 2007) people have been complaining about Twitter. But recently things have changed. The complaints have increased in frequency and intensity, and now are coming more often from especially thoughtful and constructive users of the platform. There is an air of defeat about these complaints now, an almost palpable giving-up. For many of the really smart people on Twitter, it's over. Not in the sense that they'll quit using it altogether; but some of what was best about Twitter - primarily the experience of discovery - is now pretty clearly a thing of the past.
This is a bit more than your usual rant about Twitter and whether or not it's
jumped the shark. It's a conversation about a communications platform whose usefulness has changed as it has gotten more popular.
If you like this article, why not retweet it?