☕ Parler, tricked?

To:Brew Readers

IT Brew // Morning Brew // Update

October 05, 2022

TOGETHER WITH

Wednesday has arrived! Summer may be over, but the party will continue indoors, where musicians are getting ready to tour and play your favorite—wait, what? The tickets are how much?!

In today’s edition:

Parboiled

No cred

—Eoin Higgins, Billy Hurley, Patrick Lucas Austin

HOSTING

Parler games

This illustration picture shows the social media website from Parler displayed on a computer screen.

Olivier Douliery/AFP via Getty Images

Step into my Parler, said the hacker to the fly.

Parler, a social media app aimed at right-wing users that was shut down after it was used to organize parts of the January 6 riot, is rebranding as a cloud service. The new company, restructured as Parlement Technologies, will offer its services to sites that are forced off the internet for hosting controversial and hateful content.

But a flaw in Parler’s newsletter interface uncovered by IT Brew indicates that the conservative “alt-tech” company faces a big lift to convince users to ditch established cloud services, unless they’re using Parlement as a last resort.

Parler games. After being forwarded Parler’s newsletter by journalist Jacob Silverman, this reporter was able to access the forwarding contact’s internal subscription metrics and profile, and was allowed to change the recipient’s email and preferences. After being forwarded a newsletter from two other addresses, IT Brew’s reporter was able to access their newsletter profiles as well.

“You would think that a company that is trying to stake out a claim as a mature tech company that is a safe place for canceled voices would be a little more responsible than this,” Silverman told IT Brew.

By contrast, subscription services like the one used by news site Protocol require users to confirm their identity before being allowed to change their preferences, email address, and subscriptions.

The Parler newsletter uses software developed by Salesforce known as Salesforce Marketing Cloud or ExactTarget. Parler agreed to use the services in April 2021, according to reporting from The Daily Beast, as part of the company’s “comeback” last year.

Parler did not respond to a request for comment.

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @EoinHiggins_ on Twitter.

TOGETHER WITH DELL

Cyberattacks got you spooked?

With 79% of orgs reporting a ransomware attack in the past year¹, big-picture stats don’t exactly help alleviate any jitters.

Big or small, your company can’t afford a “it won’t happen here.” The aftermath of an attack can be operationally detrimental and seriously expensive, not to mention harmful to your reputation. Need to fortify your infrastructure ASAP? Get Dell’s Tech Advisor team on the job.

Dell Tech advisors can help you determine what you need to ensure that your data and IT assets are protected against attacks. And what happens when your sole focus isn’t cybersecurity? You can rest easy and focus your attention on getting ahead of the competition, for starters.

Find out how you can get protected.

PASSWORDS

Like a bot

a login screen where the username is "Get_Ur_Own_Account"

Francis Scialabba

A report from the identity-management provider Okta revealed the popularity of a login attack called “credential stuffing.”

Not a side at IT Thanksgiving, credential stuffing is a persistent, frequently bot-driven tactic that takes advantage of a user’s tendency to reuse the same username and/or password over and over again. An attacker attempts logins with the already-compromised username and passwords, hoping that the captured credentials work across multiple sites, like a bank and a retailer.

Okta found a bunch of these attacks: 34% of the traffic on its Auth0 authentication platform, according to the company’s research, showed characteristics of credential stuffing, like bursts of failed logins.

The rise in credential stuffing revealed that bots are busier than ever, and a variety of defenses are needed to counter the persistent attacks.

“Obviously, a lot of this is driven by bots. And so we really need to be thinking about what [we’re] doing in the observability space to help us also use that same intelligence to fight those bots off,” Jameeka Green Aaron, CISO at Okta, told IT Brew.

Bot, bot, pwn. Firing off a bunch of login attempts at once, from one location, would seem suspicious to a network administrator, so password stuffers are often careful to mask their IP addresses, take over machines, and appear to be coming from a variety of destinations, according to Duncan Greatwood, CEO at the cybersec platform provider Xage Security.

Website operators can monitor login activity and boot suspicious bursts of authentication failures, but bots often sneak by corporate defenses, according to Zach Capers, senior analyst at GetApp, an online resource for SaaS applications.

Read the rest here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

TOGETHER WITH DELL

Modern security for the modern business leader. Cyberattacks can be operationally damaging, expensive, and packed with long-term ramifications. Don’t leave security up to chance—fortify your infrastructure with modern tech from Dell Technologies. They’ll protect your data and IT assets so you can start focusing on growth. Learn more here.

PATCH NOTES

picture of data with "Clean Me" written on it + bottle of cleaner in front of it

Francis Scialabba

Today’s top IT reads.

Stat: 2024. That’s the deadline set by the European Parliament that will mandate consumer electronics makers like Apple to manufacture smartphones compatible with the universal USB-C connector. (CNET)

Quote: “Threat actors continue to target our nation’s critical infrastructure and government networks to exploit weaknesses with unknown, unprotected, or under-protected assets”—CISA Director Jen Easterly, announcing changes to reporting software vulnerabilities as part of CISA’s Binding Operational Directive (Cybersecurity Dive)

Read: Chinese YouTubers looking to remain anonymous online are being tricked into downloading an infected version of the Tor browser. (The Verge)

WHAT ELSE IS BREWING

CD Projekt Red announced its slate of future titles, including a sequel to the controversial Cyberpunk 2077.
India’s Mars orbital craft Mangalyaan has run out of fuel and battery power after eight years of service.
Russia has issued fines to TikTok and Twitch for “LGBT propaganda,” as well as hosting an interview with a Ukrainian political figure.
The SEC has fined Kim Kardashian for not disclosing she was paid to promote crypto token EthereumMax.

ICYMI

Check out the IT Brew stories you may have missed.

SHARE THE BREW

Share IT Brew with your coworkers, acquire free Brew swag, and then make new friends as a result of your fresh Brew swag.

We're saying we'll give you free stuff and more friends if you share a link. One link.

Your referral count: {{profile.vars.referral_count}}

Click to Share

Or copy & paste your referral link to others:
morningbrew.com/it/r/?kid={{profile.vars.referral_code}}

✳︎ A Note From Dell

1. Enterprise Strategy Group—The Long Road Ahead to Ransomware Preparedness eBook, March 2022.

Written by Eoin Higgins, Billy Hurley, and Patrick Lucas Austin

Was this email forwarded to you? Sign up here

WANT MORE BREW?

{if !contains(profile.lists,"Daily Business")}

Get the daily email that makes reading the news enjoyable →

Morning Brew: become smarter in 5 minutes, every morning

{/if} {if !contains(profile.lists,"EmTech Brew") || !contains(profile.lists,"HR Brew") || !contains(profile.lists,"Marketing Brew") || !contains(profile.lists,"Retail Brew") || !contains(profile.lists,"IT Brew") || !contains(profile.lists,"Future Social") || !contains(profile.lists,"CFO Brew")}

Industry news, with a sense of humor →

CFO Brew: your go-to source for global finance insights
Emerging Tech Brew: AI, crypto, space, autonomous vehicles, and more
Future Social: the Brew's take on the world of social media
Healthcare Brew: the comprehensive industry guide for administrators, medical professionals, and more
HR Brew: analysis of the employee-employer relationship
Marketing Brew: the buzziest happenings in marketing and advertising
Retail Brew: retail trends from DTC to "buy now, pay later"

{/if} {if !contains(profile.lists,"Money Scoop") || !contains(profile.lists,"The Essentials") || !contains(profile.lists,"Money With Katie")}

Tips for smarter living →

Incrypto: Finally, crypto news you can understand
Money Scoop: your personal finance upgrade
Money With Katie: manifest your financial freedom
Sidekick: lifestyle recs from every corner of the internet

{/if}

Podcasts → Business Casual, Founder's Journal, Imposters, and The Money with Katie Show

YouTube

Accelerate Your Career with our Courses →

Business Essentials Accelerator: Become a better communicator, operator, and innovator.
Leadership Accelerator: Grow your team, grow yourself, grow your impact.
Business Analytics Accelerator: Understand the business of numbers and make better decisions with data.

☕ Parler, tricked?

HOSTING

Parler games

TOGETHER WITH DELL

Cyberattacks got you spooked?

PASSWORDS

Like a bot

TOGETHER WITH DELL

PATCH NOTES

WHAT ELSE IS BREWING

ICYMI

SHARE THE BREW

Top insights for IT pros