Weekly Axis Of Easy #25
In this issue:
- Canada Revenue Agency orders Paypal to disclose data
- PSA: Canada Revenue Agency does not take Bitcoin
- Former founder: Facebook exploits psychology to make site “addictive”
- LockCrypt Ransomware spreading via compromised mail servers
- Krebs: How to opt-out of Equifax selling your salary history
- Ethereum smart contract bug locks up over 500,000 ether
If you’re Canadian and have a Paypal business account you’ve probably been notified by now that Paypal is complying with a Federal Court Order to share transaction data with the Canada Revenue Agency (CRA). No big deal provided you’ve been duly reporting your income received via Paypal. Right? I always assumed this was happening anyway, but the order covers a broad swath of data from 2014 to 2017.
That said about Canada Revenue Agency, you are hopefully aware that the CRA does not take payments from you in Bitcoin. York region police are warning the public to be wary of scammers posing as CRA officials directing victims to remit tax payments via Bitcoin ATMs. So far over 40 victims have been fleeced out of $300,000 in this manner.
Former Facebook founder and self-declared “conscientious objector” Sean Parker made some very candid remarks at an event in Philadelphia last week around how Facebook was designed to give you a steady stream of “dopamine hits” in an effort to “consume as much of your time and conscious attention as possible”.
Yet another ransomware originating in June, accelerating in October is using infected mail servers to brute force remote desktops (RDP) which it then infects and encrypts. This one charges between 0.5 and 1 Bitcoin per server to decrypt ($3000 to $7000). As we’ve said, you need to be backing up, and if you are backing up, you need to be backing up your backups. Yes, we will be out soon with easyBackup which can handle workstations, servers and databases. Details soon.
Brian Krebs has been providing continuous coverage of the Equifax data breach debacle, in this post he elaborates on Equifax’s “The Work Number” service, which you never opted-into, but makes your salary history available to prospective employers (and maybe, as Krebs uncovers, whoever else wants to know…)
Turns out there’s a way to opt-out, see: https://krebsonsecurity.com/2017/11/how-to-opt-out-of-equifax-revealing-your-salary-history/
Ethereum wallet provider Parity is reeling after a bug in their wallet smart contract caused it to “commit suicide”, locking up over 500,000 ethers (worth approximately
$150,000,000 USD across nearly 600 user wallets in an inaccessible state. Word is unless they can find a way to to hack their own contract, those ethers are gone. There is a talk of a “hard fork” in the Ethereum blockchain to rescue the funds, which would make this the second such instance since “the Dao Hack” which split Ethereum into the present chain and “Ethereum Classic”.