It's adorable that people are only slowly realizing that Google search at least fed sites traffic, while chat AI thingies slurp up and summarize content, which they anonymize and feed back, leaving the slurped sites traffic-less and dying. But, innovation.

It is, in a way, a tragedy of the commons problem, with no easy way to police "over grazing" of the information commons, leading to automated over-usage and eventual ecosystem collapse.

The #malvertising campaigns via Google Ads are not just about software downloads and scams. They also include phishing for popular password managers such as 1Password.

The differences are so subtle, most people will fall for it.

Real URL:
https://my[.]1password.com/signin
Phishing URL:
https://my1pasword[.]com/signin

T-Mobile says its customer records have been pillaged yet again. In a filing with the SEC, T-Mobile said it learned on Jan 5 that a "bad actor" abused an API to harvest names, billing addresses, phone numbers emails, dates of birth and T-Mobile account numbers on 37 million current postpaid and prepaid customers.

Perfect timing, too. There are only a few more days left for T-Mobile customers to claim their $25 or possibly more for T-Mobile's settlement from the breach last August, when they exposed similar data on at least 40 million current and former customers.

And to think this data was exposed despite T-Mobile saying as part of its settlement from last year's breach that they were going to invest $150 million into their own security infrastructure.

https://www.sec.gov/ix?doc=/Archives/edgar/data/0001283699/000119312523010949/d641142d8k.htm

https://www.cnet.com/tech/mobile/another-data-breach-has-hit-t-mobile-impacting-37-million-accounts/

Most people who operate DDoS-for-hire businesses attempt to hide their true identities and location. Proprietors of these so-called “booter” or “stresser” services — designed to knock websites and users offline — have long operated in a legally murky area of cybercrime law. But until recently, their biggest concern wasn’t avoiding capture or shutdown by the feds: It was minimizing harassment from unhappy customers or victims, and insulating themselves against incessant attacks from competing DDoS-for-hire services.

And then there are booter store operators like John Dobbs, a 32-year-old computer science graduate student living in Honolulu, Hawaii. For at least a decade until late last year, Dobbs openly operated IPStresser[.]com, a popular and powerful attack-for-hire service that he registered with the state of Hawaii using his real name and address. Likewise, the domain was registered in Dobbs’s name and hometown in Pennsylvania.

https://krebsonsecurity.com/2023/01/thinking-of-hiring-or-running-a-booter-service-think-again/

Saved the best quote till the end, from @nixonnixoff :

"“When a booter service claims they don’t share logs, they’re lying because logs are legal leverage for when the booter service operator gets arrested,” Nixon said. “And when they do, you’re going to be the first people they throw under the bus.”

#booter #stresser #ddosforhire #ddos #Dobbs #IPStresser