There is only one big story from the last few days, and that is the focus, but there are a few other smaller stories that interest me.
Twitter Suffers Massive Security Incident, High Profile Accounts Compromised
On Wednesday July 15 Twitter fell victim to an unprecedented attack. Several very high profile accounts were compromised, including Elon Musk, Bill Gates, Warren Buffet, the official Apple account, Barrack Obama, and Joe Biden. The attackers gained control of the accounts and posted messages attempting to get people to deposit bitcoins into a bitcoin wallet, promising any bitcoin deposited would be paid back two to one. Each tweet was only up for a few minutes, but between two bitcoin wallets over $123,000 USD worth of bitcoin was deposited over over 400 individual transactions.
The scale of the attack, and the fact that Twitter clearly did not know how it was happening for some time is stunning. Twitter eventually took the extraordinary step of turning off the ability of all verified Twitter accounts to post new tweets. The company also disabled the ability to reset passwords, and eventually revealed that it took control of several accounts to keep them from being hijacked. Overall, it was well over two hours from the time of the first spam tweet until Twitter was able to say it had identified the root cause.
The attack was carried out by at least one person who obtained access to Twitter’s internal tool that allows it to manage accounts. The attacker used a tactic called social engineering, which is where a user or employee with administrative access is tricked into giving that access to the malicious party.
There are larger implications to this attack beyond the money lost. It is not known exactly how long the attackers had access to the twitter administration console, though unconfirmed rumours are that it was at least 90 minute prior to the first spam tweet. Nor is it known if the attackers downloaded any data from the compromised profiles, or any other profiles that were not publicly compromised.
This is easily the most high profile attack on any social network that I can recall. It will likely have far reaching implications, though it remains unclear how much can be done. Social engineering does not take advantage of a flaw in a platform, it tricks users, which is very hard to defend against. Mitigation and steps can be taken to make it harder to get this kind of access, and it is likely that going forward this tool will be even more restricted inside Twitter, but the most important mitigation piece will likely be better training for users with this access.
The FBI has announced an investigation into what happened, and Twitter has promised full co-operation.
Usually I provide just one link to single story, but here is a link to a collection of articles from The Verge
Microsoft discontinues Xbox One X months before Series X Launch
With the Xbox Series X releasing later this year, Microsoft has begun to consolidate the company’s console hardware options. The company announced it was discontinuing the Xbox One X, the current high end console, as well as the Xbox One S All Digital Edition version of the console without a blu-ray drive. The Xbox One S with a blu-ray drive will remain on sale.
I find it odd that the company would discontinue the current high end console with the release date of the Series X still three or four months away, but in the same vein, I wouldn’t recommend anyone buy an Xbox One of any kind unless an existing console breaks and there is no interest in waiting for the Series X launch.
Project xCloud Will Launch in September
Microsoft also announced that the xCloud game streaming service will launch in September and will be included in Xbox Game Pass Ultimate at no additional charge. The service will also get a proper name, as xCloud has been the product development code name.
xCloud will allow users to stream a selection of Xbox games to different devices over the internet, allowing anyone to play those games without needing to own an Xbox.
It is not clear which platforms xCloud will launch on. The testign period has focused on Android devices, and there has been no ability to use a PC or Mac, nor any kind of TV streaming device like Chromecast. Notable is that Microsoft is not promising availability of xCloud on iOS and iPad OS at this time, and says it is engaged in negotiations with Apple about its availability. Google Stadia, a competing game streaming platform, is not available on iPhones and iPads. Apple is not allowing those apps into it’s app store at this time.
Google Play Pass Launches in Canada
Google has expanded the Google Play Pass subscription services to severla more countries, Canada included. Google Play Pass is similar to Apple Arcade in that for a monthly or yearly fee users can access a selection of apps from the Google Play Store. The primary difference is that Apple Arcade is focused on games only, while Google Play Pass includes apps other than games as well. Google Play pass includes access to paid apps and games, as well as free apps and games that are modified to have full functionality without needing in app purchases.
There is a list of apps available, and if you have an android device and feel like this may be useful to you, you can sign up for a 1 month free trial, with the price being $6/month after, or $35 for a full year paid up front.