On this week of Bottom Line IT, Mike Maddox and Erik Jacobsen talk about why Cloudflare Let an Extremist Stronghold Burn, Alteryx Breach, Internet Sales Tax Collection, and more! 

Segment 1

Why Cloudflare Let an Extremist Stronghold Burn
Full Article: https://www.wired.com/story/free-speech-issue-cloudflare/

Cloudflare, is a content delivery, and DNS services, and Internet Security company on the backend of the Internet that protects clients from DDoS attacks. For years Cloudflare has provided web protection for international services ranging from Turkish escort services, to popular televised European singing contests. Over the years, Cloudflare’s philosophy was to not be concerned with the ethics of its customers, and simply passed web complaints through to its customers, along with the contact of the person levying the complaint. CEO Matthew Prince defended his practices by citing free speech and stating that “it would be like AT&T listening in on your phone conversations and saying, “Hey, we don’t like your political views. We’re kicking you off our network.”” This philosophy was challenged when immediately after the incidents at Charlottesville this summer, hate group and Cloudflare customer Daily Stormer followed up on complaints by using the contact information provided by Cloudflare to harass and threaten those that levied the complaints. After months of outrage for Cloudflare’s continued support for the Daily Stormer, Prince finally caved to pressure and terminated support for the hate group. However, Prince used the opportunity to state the danger of regulating the Internet stating “Without a clear framework as a guide for content regulation, a small number of companies will largely determine what can and cannot be online.” Continuing in a memo to his staff Prince stated “literally I woke up in a bad mood and decided someone shouldn’t be allowed on the internet. No one should have that power.”

Segment 2

Alteryx Breach Exposes Information on 123 Million American Households
Full Article: https://m-huffpost com.cdn.ampproject.org/c/s/m.huffpost.com/us/entry/us_5a39316ae4b0860bf4ab4e24/amp

Alteryx is an online marketing and analytics firm that left a database with personal information on 123 million American households unsecured and open to the public. The database excludes names, but includes everything from number of children in the house, their ages and gender, how old your car is, your ethnicity, to whether or not you’re a dog or cat person. The database includes addresses and phone numbers however, and from there it is quite simple for an individual to  simply look up someone in the database’s name using their number. Expert Chris Vickery told the HuffPost regarding the breach: “if you’re an American, your information probably was exposed.”

Segment 3

Supreme Court to Consider Internet Sales Tax Collection
Full Article: https://www.wsj.com/articles/supreme-court-to-consider-internet-sales-tax-collection-1515788446?mod=djemalertTECH

The Supreme Court said this month that it would consider if states can require online retailers to collect sales taxes even if they are not physically located in the state, a case that could have a major impact on online commerce. The appeal comes from the state of South Dakota, which hopes to overturn a high-court precedent limiting states’ ability to collect sales tax from online retailers. 35 other states urged the court to take the case, stating that the inability to collect taxes from online retailers has cost state budgets billions of dollars. Online retailers such as Overtock.com Inc and Newegg Inc. have argued that the court shouldn’t review the case, and leave the matter to congress.

Segment 4

FCC Won’t Redefine ‘Broadband’
Full Article: https://www.wired.com/story/fcc-wont-redefine-broadband-move-could-have-worsened-digital-divide/

The FCC announced last Thursday that it will continue to consider connection that are 25 mbps broadband. This comes as good news for rural communities that were worried that changing the definition of broadband would allow the government to minimize the “digital divide” between communities with speedy internet and those without. Had the government decided to lower the threshold, it would have considered areas considered underserved by broadband providers to be considered adequately served.

Segment 5

Tinder’s Lack of Encryption Lets Strangers Spy on Your Swipes
Full Article: https://www.wired.com/story/tinder-lack-of-encryption-lets-strangers-spy-on-swipes/

The popular online dating service Tinder lacks standard encryption necessary to keep photos, and “swipes” hidden from interested parties. Tinder lacks basic HTTPS encryption for photos, so just by being on the same Wi-Fi network as any user, researchers from Checkmarx demonstrated that they could see any photo the user did, or even inject images into the users photo stream. Checkmarx states it told Tinder about the vulnerabilities in November, however, the company has yet to fix the flaws.

Segment 6 – Bottom Line Security

Menacing Malware Shows the Dangers of Industrial System Sabotage
Full Article: https://www.wired.com/story/triton-malware-dangers-industrial-system-sabotage/

A recent digital attack on industrial control systems at an industrial plant has reinvigorated fears about how hacking may target critical infrastructure. The new attack called Triton or Trisis, allowed hackers to introduce malware into the plant due to flaws in its security procedures that granted the hackers access to its stations and its safety control network. The attack utilized a zero day (or previously unknown) vulnerability, and then deployed a remote access trojan as the second part of their exploitation, a first for malware targeted toward industrial control systems. Experts believe that the attack was conducted by sophisticated nation state hackers.