WordPressの開発プロジェクトであるWordPress.orgは、2024年9月25日にWP Engineからのアクセスをブロックしました。新たに、WP EngineがWordPress.orgへのアクセス権回復を求める申立書を裁判所に提出したことが明らかになりました。

続きを読む...

title="名作絵本「スイミー」がグミに！“1匹”の黒いコーラ味＆赤いリンゴ味の魚型グミ、ファミリーマートから" title="グルメのニュース" title="限定メニューのニュース" title="リンゴ(アップル)のニュース" title="コンビニのニュース" title="絵本のニュース" title="ファミリーマートのニュース" title="グミ(菓子)のニュース"

カリフォルニア州立大学サクラメント校の数学教授であるジェイ・カミングス氏が、学術論文検索サイトのGoogle Scholarで、「万有引力の法則」発見などで知られる科学者のアイザック・ニュートンのプロフィールに「メール認証済み」と記載されているのを発見したことが話題になっています。

続きを読む...

Wayvback Machineなどを運営するInternet Archiveは2024年10月9日にハッキング被害を受け、3100万人以上のユーザーデータが漏えいしたことが報じられています。さらにハッカーはユーザーがサポートチケットにアクセスするためのZendeskトークンを盗んだと主張し、これまでサポートを求めたユーザーに対しInternet Archiveのメールアカウントを装ってメッセージを送信しています。

続きを読む...

　富士急静岡バスは、東京駅～富士市エリア間の高速バス「かぐや姫エクスプレス」の運行を11月1日に再開し、ダイヤ改正を実施する。同便は6月から当面の間運休となっていた。

A post shared Saturday on social media acknowledges those admins and developers at the Internet Archive working "literally round the clock... They have taken no days off this past week. They are taking none this weekend... they are working with all of their energy and considerable talent." It describes people "working so incredibly hard... putting their all in," with a top priority of "getting the site back secure and safe". But there's new and continuing problems, reports The Verge's weekend editor: Early this morning, I received an email from "The Internet Archive Team," replying to a message I'd sent on October 9th. Except its author doesn't seem to have been the digital archivists' support team — it was apparently written by the hackers who breached the site earlier this month and who evidently maintain some level of access to its systems. I'm not alone. Users on the Internet Archive subreddit are reporting getting the replies, as well. Here is the message I received: It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets. As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018. Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it'd be someone else. The site BleepingComputer believes they know the larger context, starting with the fact that they've also "received numerous messages from people who received replies to their old Internet Archive removal requests... The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server." BleepingComputer also writes that they'd "repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years." And that "the threat actor behind the actual data breach, who contacted BleepingComputer through an intermediary to claim credit for the attack," has been frustrated by misreporting. (Specifically, they insist there were two separate attacks last week — a DDoS attack and a separate data breach for a 6.4-gigabyte database which includes email addresses for the site's 33 million users.) The threat actor told BleepingComputer that the initial breach of Internet Archive started with them finding an exposed GitLab configuration file on one of the organization's development servers, services-hls.dev.archive.org. BleepingComputer was able to confirm that this token has been exposed since at least December 2022, with it rotating multiple times since then. The threat actor says this GitLab configuration file contained an authentication token allowing them to download the Internet Archive source code. The hacker say that this source code contained additional credentials and authentication tokens, including the credentials to Internet Archive's database management system. This allowed the threat actor to download the organization's user database, further source code, and modify the site. The threat actor claimed to have stolen 7TB of data from the Internet Archive but would not share any samples as proof. However, now we know that the stolen data also included the API access tokens for Internet Archive's Zendesk support system. BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what we knew about how the breach occurred and why it was done, but we never received a response. "The Internet Archive was not breached for political or monetary reasons," they conclude, "but simply because the threat actor could... "While no one has publicly claimed this breach, BleepingComputer was told it was done while the threat actor was in a group chat with others, with many receiving some of the stolen data. This database is now likely being traded amongst other people in the data breach community, and we will likely see it leaked for free in the future on hacking forums like Breached."

Read more of this story at Slashdot.