Deloitte leaks clients’ secret emails, Uber wants to leave Quebec and the new Firefox Quantum is out — Issue #27


🌍 Around the web

Deloitte hit by cyber-attack revealing clients’ secret emails

This week’s high profile data leak’s victim is Deloitte!

One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients (…) The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”. The account required only a single password and did not have “two-step“ verification, sources said. (…) In addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details.

Techbeacon also asks “Deloitte 4+ months late on breach: New poster child for bad security practices?”

The Equifax Hack Has the Hallmarks of State-Sponsored Pros

Investigations into the massive breach aren’t complete but it seems the intruders used techniques that have been linked to nation-state hackers in the past.

The handoff to more sophisticated hackers is among the evidence that led some investigators inside Equifax to suspect a nation-state was behind the hack. Many of the tools used were Chinese, and these people say the Equifax breach has the hallmarks of similar intrusions in recent years at giant health insurer Anthem Inc. and the U.S. Office of Personnel Management; both were ultimately attributed to hackers working for Chinese intelligence.

Following the breach Equifax C.E.O. Richard Smith also stepped down.

Uber threatens to leave if Quebec insists on stricter rules

Uber says it will cease operations in Quebec next month if the province doesn’t back down on new, stricter rules regulating the ride-hailing service. ‘Bye-bye, I don’t care,’ Montreal mayor says.

“What the [Transport] Ministry has announced is an attempt to impose old rules on a new technological model,” he told a news conference. Quebec is the only Canadian jurisdiction where Uber operates that requires drivers to do training, he said. Previously, they had to do 20 hours (…) He said 15 extra hours of training that could be done online should not be a big deal, suggesting drivers split the 35 hours into seven sessions of five hours each.

China Blocks WhatsApp, Broadening Online Censorship

After ICOs and Bitcoins, it’s WhatsApp’s turn to get banned in China.

China has largely blocked the WhatsApp messaging app, the latest move by Beijing to step up surveillance ahead of a big Communist Party gathering next month.
The disabling in mainland China of the Facebook-owned app is a setback for the social media giant, whose chief executive, Mark Zuckerberg, has been pushing to re-enter the Chinese market, and has been studying the Chinese language intensively. WhatsApp was the last of Facebook products to still be available in mainland China; the company’s main social media service has been blocked in China since 2009, and its Instagram image-sharing app is also unavailable.

U.S. to Collect Social Media Data on All Immigrants Entering Country

The Department of Homeland Security will soon begin collecting social media data from all immigrants entering the US.

The department will begin collecting the information on Oct. 18, the same day the Trump administration’s new travel ban on citizens of seven countries and restrictions on those from two others are set to take effect.
Green card holders and naturalized citizens will also have their social media information collected, with the data becoming part of their immigration file (…)
The department (…) would collect “social media handles, aliases, associated identifiable information and search results,” which would be included in an applicant’s immigration file. It said the data would come from “publicly available information obtained from the internet, public records, public institutions, interviewees, commercial data providers.”

🤖 Technology / AI / Blockchain

Chaos and hackers stalk investors on cryptocurrency exchanges

Trading bitcoins and other virtual currencies can make fortunes for their owners but they are largely unregulated, besieged by hackers and thieves, and fraught with risk for consumers.

Dan Wasyluk discovered the hard way that trading cryptocurrencies such as bitcoin happens in an online Wild West where sheriffs are largely absent.
Wasyluk and his colleagues raised bitcoins for a new tech venture and lodged them in escrow at a company running a cryptocurrency exchange called Moolah. Just months later the exchange collapsed; the man behind it is now awaiting trial in Britain on fraud and money-laundering charges. He has pleaded not guilty.
Wasyluk’s project lost 750 bitcoins, currently worth about $3 million, and he believes he stands little chance of recovering any money.

Showtime websites secretly mined user CPU for cryptocurrency

After Pirate Pay, it’s Showtime’s website turn to mine cryptocurrencies without users’ consent.

Showtime websites were found to be running a script that allows the sites to mine visitors’ extra CPU power for cryptocurrency, as pointed out by users on Twitter. The afflicted sites included showtime.com and showtimeanytime.com, but the script has since been removed following reports from Gizmodo and other sites.
The crypto mining Javascript is called Coinhive, and according to the site, it was made as an alternative to banner ads as a way for website owners to get around pesky ad-blockers. Ironically, some ad-blockers have now included Coinhive on the list of the banned. The script mines the cryptocurrency known as Monero.

South Korea bans raising money through initial coin offerings

South Korea is following China’s example.

The Financial Services Commission said all kinds of initial coin offerings (ICO) will be banned as trading of virtual currencies needs to be tightly controlled and monitored.
“Raising funds through ICOs seem to be on the rise globally, and our assessment is that ICOs are increasing in South Korea as well,” the regulator said in a statement after a meeting with the finance ministry, the Bank of Korea and the National Tax Service.

Inside the Meteoric Rise in ICOs

Learn more about what ICOs are, how they work and why they’re growing.

Rather than looking to traditional angel or venture investors to place capital as an equity investment, companies developing new blockchain-based products and services have turned to the cryptocurrency community to crowdsource the purchase and usage of their token in an ICO.
ICOs are similar in some ways to a crowdfunding campaign, but instead of offering a copy of a product like on Kickstarter, or shares of equity in a startup like on Crowdfunder, what is being offered are digital “tokens.” This process of selling new cryptocurrency tokens in an ICO results in funding received via cryptocurrency, most commonly in Bitcoin or Ether.

⚙️ Development / Design / DIY projects

It’s time to give Firefox another chance

I just installed it and must admit it looks good and at this point renders most pages faster than my Chrome. Official announcement here.

Earlier this week, Mozilla, the nonprofit organization behind Firefox, launched the first beta of Firefox 57. That doesn’t sound like a big deal, but version 57 is the most important Firefox release in years. It’s the culmination of years of work on many of the moving pieces that the user never sees but that allow the browser to quickly display your Gmail inbox, YouTube video or cat forum. To mark the fact that this is such a major release, Mozilla has dubbed this release “Firefox Quantum.”

Advice I Wish I Had Been Given Before Upgrading From AngularJS to Angular 2+

If you’re considering upgrading from AngularJS to Angular 2+ you should read this.

We want to share our experience with you; give you tips and tricks. This is a general guide on what to expect, how to prepare, and when to do what as you’re upgrading your app to Angular 2 and up.

Look What You Made Me Do, Chrome

Cheat your way to a Taylor Swift concert.

For her upcoming concert, Taylor Swift partnered with Ticketmaster to ensure that only legitimate fans can buy tickets. I’d like to say that I’m a true fan who will do the honest work to get a ticket… but I am also a woman with a computer and I like a challenge.
I ended up having a lot of fun exploring Chrome Developer Tools and I wanted to share what I learned.

Draggable JS — JavaScript drag and drop library

Draggable is a lightweight, responsive, modern drag and drop JavaScript library — the ideal choice for adding slick native-feeling drag and drop behaviour to your web apps.