Harris plagiarizes Wikipedia and blows off Catholics, Gwen Walz assigns America homework, social justice groomers keep trying to trans your kids, Williamson County’s sheriff gets accused of pay-for-play corruption, another Hamas leader eats a last meal of kosher drone, Columbia U wants to silence a pro-Israel professor, and a meat recall expands to my local supermarket.
The Biden-Harris administration announced [last] Friday that it was filing a lawsuit against the state of Virginia for enforcing voter integrity laws in the state that aim to curb illegal voting in elections.
Assistant Attorney General Kristen Clarke, who has a history of espousing racist views, claimed without evidence that Virginia’s move to increase election integrity was an “eleventh hour effort” intended, in part, to “disenfranchise qualified voters.”
The DOJ claimed that it was doing so because it was “too close to the Nov. 5 general election” to remove voters:
Section 8(c)(2) of the NVRA, also known as the Quiet Period Provision, requires states to complete systematic programs aimed at removing the names of ineligible voters from voter registration lists no later than 90 days before federal elections.
However, Virginia Governor Glenn Youngkin’s executive order requiring that non-citizens be removed from voter rolls was signed on August 7, 2024 — exactly 90 days before Election Day.
The problem is the people who are being removed from the voter rolls are not, in fact, voters because they are not citizens, said Youngkin.
“With less than 30 days until the election, the Biden-Harris Department of Justice is filing an unprecedented lawsuit against me and the Commonwealth of Virginia, for appropriately enforcing a 2006 law signed by Democrat Tim Kaine that requires Virginia to remove noncitizens from the voter rolls – a process that starts with someone declaring themselves a non-citizen and then registering to vote,” Youngkin said.
Youngkin said that the lawsuit was a “desperate attempt to attack the legitimacy of the elections in the Commonwealth, the very crucible of American Democracy.”
At the beginning of Harris’s political career, in the run-up to her campaign to serve as California’s attorney general, she and co-author Joan O’C Hamilton published a small volume, entitled Smart on Crime: A Career Prosecutor’s Plan to Make Us Safer. The book helped to establish her credibility on criminal-justice issues.
However, according to Stefan Weber, a famed Austrian “plagiarism hunter” who has taken down politicians in the German-speaking world, Harris’s book contains more than a dozen “vicious plagiarism fragments.” Some of the passages he highlighted appear to contain minor transgressions—reproducing small sections of text; insufficient paraphrasing—but others seem to reflect more serious infractions, similar in severity to those found in Harvard president Claudine Gay’s doctoral thesis. (Harris did not respond to a request for comment.)
Let’s consider a selection of these excerpts from Harris’s book, beginning with one in which Harris discusses high school graduation rates. Here, she lifted verbatim language from an uncited NBC News report, with the duplicated material marked in italics:
In Detroit’s public schools, only 25 percent of the students who enrolled in grade nine graduated from high school, while 30.5 percent graduated in Indianapolis public schools and 34 percent received diplomas in the Cleveland Municipal City School District. Overall, about 70 percent of the U.S. students graduate from public and private schools on time with a regular diploma, and about 1.2 million students drop out annually. Only about half of the students served by public school systems in the nation’s largest cities receive diplomas.
There’s more. In another section of the book, Harris, without proper attribution, reproduced extensive sections from a John Jay College of Criminal Justice press release. She and her co-author passed off the language as their own, copying multiple paragraphs virtually verbatim. Here is the excerpt, with the airlifted material in italics and abbreviations, such as percentages and state names, treated as verbatim substitutions:
High Point had its first face-to-face meeting with drug dealers, from the city’s West End neighborhood, on May 18, 2004. The drug market shut down immediately and permanently, with a sustained 35 percent reduction in violent crime. High Point repeated the strategy in three additional markets over the next three years. There is virtually no remaining public drug dealing in the city, and serious crime has fallen 20 percent citywide.
The High Point Strategy has since been implemented in Winston-Salem, Greensboro, and Raleigh, North Carolina; in Providence, Rhode Island; and in Rockford, Illinois. The U.S. Department of Justice is launching a national program to replicate the strategy in ten additional cities.
In a section about a New York court program, Harris stole long passages directly from Wikipedia—long considered an unreliable source. She not only assumes the online encyclopedia’s accuracy, but copies its language nearly verbatim, without citing the source. Here is Harris’s language, with duplicated material in italics, based on the page as it appeared in December 2008, before she published the book:
The Mid-town [sic] Community Court was established as a collaboration between the New York State Unified Court System and the Center for Court Innovation. The court works in partnership with local residents, businesses, and social service agencies to organize community service projects and provide on-site social services, including drug treatment, mental health counseling, and job training. What was innovative about Midtown Court was that it required low-level offenders to pay back the neighborhood through community service, while at the same time it offered them help with problems that often underlie criminal behavior.
To make matters worse, in duplicating Wikipedia’s language, Harris seems to have missed critical information and misstated a relevant detail. She claims, in prose identical to the online encyclopedia’s, that “illegal vending was down 24 percent” as a result of the court’s policies. Early in the paragraph, Harris cites the Bureau of Justice Assistance report to substantiate the figure. But she made a mistake: On Wikipedia, the “24 percent” figure was apparently tied to a different report, which found that “arrests for unlicensed vending,” rather than unlicensed vending as such, “fell by 24 percent” (emphasis mine). Her reliance on Wikipedia, an unreliable source, led to an unreliable conclusion.
While the BJA report was not the proper source for the “24 percent” claim, it did appear in the Wikipedia entry’s list of citations, and apparently was a fruitful resource for Harris and her coauthor, as they reproduced substantial portions of its sentences.
Nothing says “commitment to rigorous academic scholarship” quite like not just quoting verbatim from Wikipedia, but doing so incompetently.
Host of Fox News “Special Report” Bret Baier finally snagged that interview with Vice President and selected Democrat nominee Kamala Harris. Harris was campaigning in Washington Crossing, PA and was proud of the former Republicans and Trump administration people who took the stage with her and happy with their endorsement, delighted in their support of her as a presidential candidate.
The entire interview was a train wreck, but there were particular moments that were exceptionally cringeworthy, damaging, and proved with glaring certainty why she is unfit to lead.
Baier started off with the topic of illegal immigration, and you could visibly see Harris deflate like a balloon before the first question was asked.
Immediately Harris tried to filibuster Baier and do this interview’s version of “I’m speaking.” Harris brought up the U.S. Citizenship Act of 2021, which she claimed addressed the flaws in the asylum system with more judges, 15 million more border agents, increased penalties, stemming the flow of fentanyl, shore up entry points, and how she has worked toward bipartisan efforts to strengthen the border.
Baier gently pushed back with documented facts, and Harris briefly got that deer in headlights look she gets when she is desperately trying to find her talking points. Then she jumped on her supposed record as California Attorney General (not her current position as VP) as proof that she knew how to handle this crisis. Failing to understand that the fact that a crisis exists is proof that you have no ability to correct it.
But the most purely evil and damning part of this topic of illegal immigration was the fact that Harris could not even form the words to apologize for allowing criminals into the country that resulted in the senseless deaths of Laken Riley, Jocelyn Nungaray, and Rachel Morin.
Former president Donald Trump poked fun at vice president Kamala Harris during the Al Smith dinner on Thursday evening, criticizing his political rival for failing to show up at the charity event in person.
Harris addressed the crowd at the white-tie event, which raises funds for Catholics charities, in a pre-recorded video – a highly unusual move for a presidential candidate. It has become a tradition for presidential candidates to speak at the event since Richard Nixon and John F. Kennedy appeared together in 1960.
The vice president is the first presidential contender to skip out on the dinner since Walter Mondale in 1984.
There’s an auspicious precedent.
“I guess you should have told her the funds were going to bail out the looters and rioters in Minneapolis and she would have been here, guaranteed,” Trump said.
He went on to joke that Harris must be “out receiving communion from Gretchen Whitmer,” a reference to a viral video from earlier this month of the Michigan governor feeding a chip to a leftist influencer on her knees.
Trump accused the vice president of being “disrespectful to Catholics.”
He also quipped about the Democratic nominee’s odd’s of winning the election, saying, “There’s a group called White Dudes for Harris but I’m not worried about them. Their wives and their wives’ lovers are voting for me.”
Does Kamala Harris need a mea culpa in PA? Or does her disconnect from voters in the Rust Belt go beyond state lines and religion?
That question has rolled around in my head since reading William McGurn’s column yesterday at the Wall Street Journal. McGurn uses Gretchen Whitmer’s bizarre mockery of the Catholic Eucharist while wearing a Harris-Walz hat to argue that the Democrat anointee for the presidency now has a Whitmer-created problem. But is that entirely true, or does it go beyond Whitmer’s blasphemy?
McGurn recognizes a broader problem, but perhaps not its scope. First, he outlines the direct issues with Catholics, who comprise 30% of Pennsylvania:
As California’s attorney general, Ms. Harris signed several friend-of-the-court briefs opposing religious exemptions for private employers such as Hobby Lobby and religious nonprofits such as the Little Sisters of the Poor. She said she was “proud” to have co-sponsored California’s Reproductive FACT Act, which compelled pro-life pregnancy centers to display notices about where women could get an abortion. The Supreme Court in 2018 rejected the law as a likely violation of the First Amendment.
But perhaps Ms. Harris’s most notorious Catholic moment came after she was elected senator. When Brian Buescher was nominated for a federal judgeship, she grilled him about his membership in the Knights of Columbus, a Catholic men’s fraternal organization. Although President John F. Kennedy was also a Knight, Ms. Harris treated the group as though it were the Ku Klux Klan.
She would later co-sponsor the Equality Act, which the U.S. Conference of Catholic bishops said could force doctors and hospitals to perform abortions they oppose. Last month she snubbed New York’s Cardinal Timothy Dolan by declining to attend this Thursday’s Al Smith dinner, an election-year staple that has brought Democratic and Republican candidates together in a civil setting for decades.
Those are the direct issues, and those aren’t limited to Pennsylvania. Overall, Republicans now have a statistically significant edge in party ID among Catholics, according to Pew polling this year, 50/44. Nationally, Catholics accounted for 25% of the vote in 2020, although apparently pollsters didn’t include data on religion in state-level exit polling. One can expect a similarly significant number of Catholics in Wisconsin and Michigan, and perhaps slightly lower levels in states like Arizona and Georgia. In every state, however, Catholics make up a far larger part of the electorate than the Arab-Americans did in Michigan, and yet both Biden and Harris obsessed over their support all year long.
That’s one problem, but that’s not the only problem. A more recent Pew poll shows Harris trailing Donald Trump with Catholics by five points, even worse than Hillary Clinton performed in 2016. But the issue isn’t entirely religious:
Mr. Biden may be the last of the big-time Democrats whose base was the white working class. But it confers a sensibility Ms. Harris is conspicuously lacking. …
Politico reports that Ms. Harris’s prospects are “considerably dicier” because of a “cultural dissonance” between her progressive San Francisco persona and white working-class Catholic Pennsylvanians.
That gets closer to the real danger for Democrats, but it has less to do with “white” and “Catholic” than it does to working class. Biden had a political and cultural connection to working-class voters, not just because of his Catholicism but because of his background. He fit into that milieu even if that mainly came as a conceit, especially after fifty years in Washington DC, but he could talk in their language too … at least before his brain turned to jelly. People keep overlooking his 2012 address to the Democrat convention, which turned out to be the best of the week, in which he artfully bridged the gap between the working class and the Academia-drenched elite that had mainly taken over the party in the current generation.
Harris simply can’t do that. Not only is she incapable of connecting at anywhere near that level, she only recently even showed a desire to do so. Her lame attempt at repeating the mantra “I was raised in a middle-class household” ad nauseam is about as close as she gets. Culturally, she comes from the Academia-drenched elite and speaks their language, to the extent she speaks any political language effectively at all. Harris tosses around clichés as a means to connect to working class voters, which initially appeared to appeal to them but have turned into a major liability now.
The Democratic Party’s naked contempt for both religious believers and the actual working class has been evident for a long, long time.
More on the subject: “Blowing Off the Al Smith Dinner Might Have Cost Harris Pennsylvania — and the Election.”
The Catholic vote is not as monolithic as it used to be. In 1928, the Catholic vote was overwhelmingly Democratic, concentrated in urban centers. By 1960, the Catholic vote was fracturing through intermarriage and economic issues, but Kennedy still received about 65% of the vote from his co-religionists.
Today, Donald Trump can expect to get about 60% of the Catholic vote. In Pennsylvania, The Catholic vote might be pivotal in a state that Harris absolutely, positively has to win.
“Her San Francisco progressive persona isn’t a good fit for Joe Biden’s native state,” William McGurn wrote in a Wall Street Journal op-ed on Monday.
Snip. “In an election in Pennsylvania that will almost certainly be decided by less than 100,000 votes, Harris skipping the Al Smith Dinner was not only stupid but might be the mistake that cost her the White House.” Eh, probably not. Harris will probably lose the election because she’s part of an administration had presided over a wretched economy and let in millions of illegal aliens. Plus she’s a horrible candidate that literally nobody voted for. (Hat tip: Stephen Green at Instapundit.)
Google is up to its old tricks, “hiding Conservative news on election 23 pages deep.””When using the search term “donald trump presidential race 2024,” researchers had to scroll through 23 pages of results before they come to a U.S.-based right-leaning news source, a single Fox News video six results down on the 23rd page.”
An excerpt from the book Walz' wife was reading to children shows them all riding the gay dad while he puts a vacuum cleaner up to his mouth. I'm sure it's nothing. From: Bathe the Cat. pic.twitter.com/2npr5s6mDN
Gwen Walz also seems to feel that the best way to get men to the polls is assigning them homework.
Can you put some really money behind that and put it on air? Maybe during college football?
There are still men out there who don’t hate this campaign with every fiber of their being, and I think this ad could be enough to nag them right into Trump’s arms. https://t.co/vk6jwJY9oM
Yes, social justice warrior teachers do want to trans your kids. “Court Shuts Down BLM Teacher Trying To Force Trans Ideologies On Kids.”
Megan Williams is a first-grade teacher who forced her 6 and 7-year-old students to “observe” so-called Transgender Awareness Day. This Black Lives Matter activist subjected these small children to non-curricular propaganda about “gender identity” and sex changes.
Williams disturbingly went so far as to tell these kids that their “parents ma[d]e a guess whether they’re a boy or a girl” and may have been wrong. Parents complained, but Williams was backed by her school principal and superintendent.
Three mothers fired back by filing a lawsuit against Williams, the school, the district, and district officials in June of 2022. Their goal was to obtain a moratorium “on gender dysphoria and transgender transitioning,” parental notice and opt-out rights on the topic absent such a prohibition, compensatory damages, and punitive damages.
Thankfully, Judge Joy Conti of the U.S. District Court for the Western District of Pennsylvania just ruled largely in favor of these mothers.
Judge Conti stated that “parents have a constitutional right to reasonable and realistic advance notice and the ability to opt their elementary-age children of noncurricular instruction on transgender topics and to not have requirements for notice and opting out of those topics that are more stringent than those for other sensitive topics.”
Here’s the remarks in the aired clip shared by Johnson:
MARGARET BRENNAN: Well, the FEMA Director says there’s only $11 billion left from that $20 billion that was allocated. So that’s a different accounting than this 2% you say was distributed.
SPEAKER JOHNSON: Yeah. So they’ve obligated some funds, but they’ve only distributed 2%…The rescue and recovery efforts are still going on, and then we address the rest of it.
And here — I’ll put it in bold — is what CBS edited out for the broadcast:
MARGARET BRENNAN: Well, the FEMA Director says there’s only $11 billion left from that $20 billion that was allocated. So that’s a different accounting than this 2% you say was distributed.
SPEAKER JOHNSON: Yeah. So they’ve obligated some funds, but they’ve only distributed 2%, and when I was there on the ground, and you should go, I mean, bring the cameras and talk to the people there, they’ll tell you, don’t- don’t take politicians words for this or the administration’s word, talk to the people there on the ground they had not been provided the resources almost two weeks out from the storm that they desperately needed. And when I was there 13 days, post- you know, post the storm hitting that state, people are still being rescued. They’re stuck in the higher elevations in the mountains because the roads are down and all the rest. So they need every- every available resource and all hands on deck. The rescue and recovery efforts are still going on, and then we address the rest of it.
Issues in the debate ranged from abortion to the border crisis, and allowing boys in girls’ sports.
On abortion, Cruz said he supported Texas’ pro-life laws while acknowledging that other states would make different decisions.
“In Texas, we overwhelmingly support that parents should be notified and have to consent before their child gets an abortion. In Texas, we overwhelmingly agree that late-term abortions in the eighth and ninth months, that’s too extreme. And I’ll tell you, in Texas, we overwhelmingly agree that taxpayer money shouldn’t pay for abortions,” said Cruz.
He went on to attack his opponent’s position on abortion as extreme, noting that Allred “voted in favor of striking down Texas’ parental notification law. He voted in favor of striking down Texas’ parental consent law. He voted to legalize late-term abortions, including the eighth and ninth months.”
Allred, meanwhile, said he would fight to “restore a woman’s right to choose” and to “make Roe v. Wade the law of the land again.”
Snip.
One of the biggest issues playing out in the campaign thus far has been Allred’s position on allowing boys in girls’ sports. The issue has been the target of Cruz’s campaign ads and led to Allred denying the accusations, despite voting against legislation to protect girls sports.
“I know a lot of y’all at home, for example, saw two biological men competing in women’s boxing at the Olympics,” said Cruz. “That was wildly unfair. You know, my youngest daughter plays volleyball. It’s not fair for a biological boy or man, a teenage boy, to spike the volleyball at her, and he has voted repeatedly in favor of that.”
FEMA’s entanglement with the Biden-Harris administration’s disastrous open southern border policies by diverting storm relief funds ($1.4 billion, according to NYPost) for illegal and legal aliens may have undermined the federal agency’s ability to effectively manage emergencies, such as the Katrina-like disaster unfolding in the US Southeast.
Homeland Security Secretary Alejandro Mayorkas dropped the bombshell [two weeks ago]: FEMA “does not have the funds” to see Americans through the rest of this Atlantic hurricane season. The federal agency drained the funds by prioritizing taxpayer funds for illegal and legal aliens versus US citizens as the Biden-Harris globalist team rolled out the red carpet to anyone, even terrorists, via the open southern borders.
Connect the dots, if you can,” Tim Murtaugh, an adviser to former President Trump’s campaign, wrote on X, adding, “DHS says FEMA might not have enough cash to help people through hurricane season. But in 2 years of a new Biden-Harris program, they’ve spent $1 BILLION on housing and other services for migrants.”
Shedding a whole heck of a lot of color on the situation, Savanah Hernandez, a reporter for Turning Point USA, wrote on X that she has uncovered some of the “first looks” inside fully furnished luxury apartments for migrants that received free rent and utilities for two years.
Hernandez wrote in a note on The Post Millennial:
The Brunswick Landing apartments in Maine sparked controversy earlier this year when it was discovered that homeless migrants in the area were getting the opportunity to live in the units rent-free for up to two years. Migrants living in the apartments shared that not only is the rent-free, the utilities are paid and we got an inside look at the furnished apartments that would run the average American about $2,300 dollars.
“FEMA: Disaster Relief No Longer About Emergency Response, It’s About ‘Disaster Equity.'”
The Federal Emergency Management Agency (FEMA) is supposed to be the government’s premier emergency relief organization in times of disaster, like the situation now faced by victims of Hurricane Helene’s aftermath in North Carolina and Tennessee.
But according to the FEMA website, the agency now places higher priority on instituting Diversity, Equity and Inclusivity guidelines than on easing the suffering of Americans displaced by disaster.
Among the goals listed in FEMA’s strategic plan are to:
Instill equity as a foundation for emergency management
Lead whole of community in climate resilience
Promote and sustain a ready FEMA & prepared nation
What does that look like in action?
Here’s an example of a FEMA disaster preparedness meeting where participants discuss how LGBTQIA individuals were suffering disproportionally before the storm compared to other disaster victims.
Notice how the focus shifts from doing the greatest amount of good for the greatest amount of people to ensuring that they are promoting “equity in disaster relief.”
Social justice is racist poison that ruins everything, and now it’s costing Americans their lives.
Here we go again. “Report: Migrant Caravans Leaving Southern Mexico Headed Toward US Border.”
Chechen leader Ramzan Kadyrov has declared a “blood feud” against three federal lawmakers from neighboring North Caucasus republics in his first comments on last month’s deadly shooting outside the Moscow headquarters of Russia’s largest online retailer Wildberries.
Kadyrov has vowed to help Vladislav Bakalchuk, the estranged husband of Wildberries CEO Tatiana Kim — Russia’s wealthiest woman — to return his wife and block the merger of their e-commerce giant with the smaller outdoor advertising group Russ.
The family and business dispute escalated last month when Bakalchuk led a group of men to Wildberries’ Moscow offices and allegedly tried to force their way into the building. Two security guards, who were ethnic Ingush, were killed in the shootout and multiple felony charges, including murder, were filed against Bakalchuk and several other ethnic Chechens involved in the incident.
Kadyrov is a piece of work, but one with a sufficiently strong independent power base that Putin has felt compelled to buy him off. Kadyrov declaring a blood fued against Russian officials probably isn’t a sign of harmony in Russia’s government…
Sinwar is only the latest high-profile terrorist to meet his fate at the hands of the IDF. His predecessor at the top of Hamas’s hierarchy, Ismail Haniyeh, was killed in Tehran when a bomb covertly smuggled into an Iranian diplomatic safehouse exploded in July. Mohammed Deif, the commander of Hamas’s military wing, was neutralized in a July airstrike after seven unsuccessful IDF attempts to deliver him to justice. Hamas deputy commander Marwan Issa met his fate in March, two months after his deputy, Saleh al-Arouri, was cut down in the suburbs of Beirut by an Israeli drone.
A little over a year after the war Hamas inaugurated against Israel on 10/7 in the deadliest one-day slaughter of Jews since the Holocaust, the terrorist organization has been entirely decapitated. Its fighters are scattered, disorganized, and reduced to chaotic rearguard actions against the Israeli troops busily rolling them up. Critics of Israel’s campaign like to insist that Hamas is an idea and therefore cannot simply be dispatched like the thousands of its fighters the IDF has cut down. True enough, but an idea cannot shoot at you or launch rocket attacks on your cities. That requires well-connected, deeply embedded commanders with years of experience conducting asymmetrical insurgent attacks on a superior force. Those commanders are all dead.
The Israeli officials who have pursued Hamas’s barbarians until the end have done so without much encouragement from the West. Indeed, the death of every Hamas commander was fretted over in the West as though it created a new impediment to peace and to the negotiations over the hostages Hamas itself captured on 10/7 — 97 of whom still have not yet been located. Joe Biden’s administration withdrew almost all rhetorical support for Israeli operations in places like Rafah, where Sinwar himself was taken out. Benjamin Netanyahu’s government deserves the gratitude of the civilized world for rejecting these entreaties seeking Israel’s surrender in its righteous war.
The Israelis did not choose the way this war began, but they will be the authors of its conclusion. And the end is near. The Israelis have brought the Gaza Strip closer to its day of liberation from the tyranny of an illegitimate terrorist regime than all the combined efforts of the peace processors in the global diplomatic corps ever achieved. It is a shame that the American administration that stood so stalwartly with Israel at the outset of this campaign willingly sacrificed its ability to celebrate alongside its Israeli counterparts. This should be America’s victory, too. But by spending months on end agonizing over how Israel was achieving its honorable objective, the Biden White House and its allies lost sight of our shared strategic goals.
We hit the Houthis with B-2s. I didn’t have that on my 2024 dance card…
“Williamson County’s Democrat Sheriff Accused of Accepting Pay-to Play Donation. On September 24, the Williamson County Commissioners Court issued a contract for over $500,000 to Family Hospital Management Company for ‘Jail Inmate Psychological Services’. Just four days before a county contract was issued, [Democrat Sheriff Mike] Gleason received a $20,000 campaign donation from the founder and CEO of the company that received the contract.” “Jail Inmate Psychological Services” sounds like a great avenue for leftwing graft…
“A North Carolina Democratic county leader, who is also running for a seat in the state House, was arrested after allegedly stealing Trump signs near a road last week. Moore County, North Carolina, County Chair Lowell Simon, 68, was charged with two counts of misdemeanor larceny of political signs after he admitted to removing Trump signs and keeping them in his car.”
“The Young Turks’ Ana Kasparian says she ‘woke up’ after being molested by LA homeless man and ‘the good people’ slammed her for talking about it. Kasparian described feeling “politically homeless” and shared how the backlash she received from liberals after the assault played a key role in her reevaluation.” Seems like social justice warriors feel that being molested by a homeless man or raped by an illegal alien is a small price to pay for taxpayer-subsidized abortion…
Boy dressed as girl assaults actual girl, gives her a concussion and blurred vision. You know what the school administrators did, don’t you? That’s right, they suspended the victim.
“Edgewood ISD Superintendent Gets Raise While Students Are Failing. Edgewood ISD extended Superintendent Eduardo Hernández’s contract until 2029 and raised his annual salary to $291,923.””Only 23 percent of Edgewood ISD students can read, write, and do math at or above grade level.” Edgewood is on the west side of San Antonio.
Columbia U is trying to make their campus Judenfrei.
Columbia University is temporarily suspending a prominent pro-Israel business professor’s access to campus after he publicly criticized school officials for permitting anti-Israel campus demonstrations on the anniversary of the October 7 massacre.
Columbia notified Israeli-American business professor Shai Davidai on Tuesday that he will be banned from campus for violating university policy on harassing school employees.
On Tuesday night, Davidai posted a video on social media accusing Columbia of retaliating against him for posting a video of himself asking Columbia’s chief operating officer Cas Halloway why he allowed pro-Hamas demonstrators to protest on the anniversary of October 7.
“Right now I was supposed to be at the school of social work at Columbia, where the Jewish students are holding their own memorial service for the senseless violence of October 7th. But then I got a call from my lawyer, who says the university has decided to not allow me to be on campus anymore,” Davidai said.
“Why? Because of October 7th. Because I was not afraid to stand up to the hateful mob. And because I was not afraid to expose Mr. f**king Cas Holloway for not doing anything about it.”
Davidai should sue them over equal rights violation for millions. Let a thousand lawsuits bloom.
Researchers have unearthed two sophisticated toolsets that a nation-state hacking group—possibly from Russia—used to steal sensitive data stored on air-gapped devices, meaning those that are deliberately isolated from the Internet or other networks to safeguard them from malware.
One of the custom tool collections was used starting in 2019 against a South Asian embassy in Belarus. A largely different toolset created by the same threat group infected a European Union government organization three years later. Researchers from ESET, the security firm that discovered the toolkits, said some of the components in both were identical to those fellow security firm Kaspersky described in research published last year and attributed to an unknown group, tracked as GoldenJackal, working for a nation-state. Based on the overlap, ESET has concluded that the same group is behind all the attacks observed by both firms.
The practice of air gapping is typically reserved for the most sensitive networks or devices connected to them, such as those used in systems for voting, industrial control, manufacturing, and power generation. A host of malware used in espionage hacking over the past 15 years (for instance, here and here) demonstrate that air gapping isn’t a foolproof protection. It nonetheless forces threat groups to expend significant resources that are likely obtainable only by nation-states with superior technical acumen and unlimited budgets. ESET’s discovery puts GoldenJackal in a highly exclusive collection of threat groups.
Then there’s this: “The basic flow of the attack is, first, infecting an Internet-connected device through a means ESET and Kaspersky have been unable to determine.” There’s a 99% chance that these air-gaped systems are being attacked through the usual human engineering or security lapse vectors. Which leaves a 1% chance of some form of electromagnetic witchcraft…
“WeightWatchers Squeezes Higher After Unveiling New Low-Cost GLP-1 Treatment…WW announced the addition of a new compounded semaglutide to its lineup to beat America’s obesity crisis sparked by the processed foods industrial complex. The new treatment starts at $129 per month, and each additional month will cost $189. This is significantly less than GLP-1 obesity treatments from big pharma, which cost north of $1,000 a month.”
Fiat/Stellantis merged with Chrysler in 2014, and now they’re threatening to shut it down in two years.
BrucePac listeria meat recall expands, now includes some HEB items.
Disney plans to slash budgets on Marvel movies going forward. On the one hand, that’s probably prudent, since it gets harder and harder to turn a profit with soaring budgets. On the other hand, Marvel’s recent problems aren’t a product of big budgets, they’re a product of wokeness and crappy scripts.
Rick Beato has an interesting video with R.E.M. bassist Mike Mills. I didn’t realize that the other three members wrote the music then handed it off to Michael Stipe, who would go off and create the lyrics by himself.
One of the more useful, long-time websites on the Internet is the Internet Archive, aka The Wayback Machine, which contains captured, iterative versions of a vast amount of the World Wide Web.
Except that, right now, the site is offline and under attack by hackers.
“Have you ever felt like the Internet Archive runs on sticks and stones and is constantly on the verge of a major security breach? It just happened.”
“The Wayback Machine [is] one of the most important websites in the history of the Internet, because it literally archives the history of the Internet. It’s been taking snapshots of websites, including their HTML, CSS, JavaScript, and images since 1996, allowing us to remember the worldwide web in its peak form, when Amazon looked like this and weird people made weird websites just for fun. Unlike nowadays where everybody just chases algorithms on cringe factories like Tik-Tok and Instagram.”
It was founded by digital librarian Brewster Kahle.
“Unfortunately, the fate of this website hangs in the balance, as it’s currently getting pwned, boned and owned from multiple angles.”
“A data breach exposed 31 million email addresses and password hashes. Its Open Library lost a critical legal battle. Its website was defaced with some JavaScript graffiti. It’s been getting DOSed non-stop, and its current status is offline as we speak. What the hell is going on?”
“The Wayback Machine contains over 890 billion archived web pages weighing in at nearly 100 petabytes. It’s an unimaginable amount of data. If you look at one web page every second for the next 100 years, you would have looked at less than 1% of the total archive.”
“This data is practically irreplaceable. The only company that might be able to replace it is Google, but Google recently stopped using its own cached archive, and its search results now points to, you guessed it, the Internet Archives Wayback Machine.”
“We don’t know if the hackers have access to the archived website data, but if they do, and they might, they have the power to erase the history of the world wide web.”
“The Internet Archive will remove personal data and comply with GDPR [the EU’s General Data Protection Regulation], but some people want legitimate content to be memory-holed forever.”
Section on their Open Library project losing a lawsuit to publishers snipped.
“HIBP (which is not an STD, but rather a website that helps people find out if their data has been compromised in a data breach) was informed of the Internet Archives data breach on September 30th. It’s confirmed on October 5th. The Internet Archive gets notified on October 6th [before] making the data breach public on October 8th.
“The Internet Archive has been been facing aggressive DOS attacks going all the way back to May.”
“The website is defaced with some JavaScript library which triggers an alert message about the data breach before it’s been officially disclosed.”
“Right now on October 10th, the website is still being attacked and is completely offline. Things are not looking good.”
“What sort of sick, twisted hacker would want to mess with the Internet Archive, and why? Well, a hacktivist group called Blackmeta is claiming responsibility.”
“They say they’re not a bunch of teenagers, which means that they’re probably just a bunch of teenagers.”
According to this post, “Attributed by Radware to SN_BLACKMETA, a pro-Palestinian hacktivist with potential ties to Sudan that may operate from within Russia.” YouTuber Fireship (whose video this is) thinks that’s a false flag, but his reasons are “This doesn’t make sense and won’t get people to like you,” which hasn’t stopped those End Oil idiots. Indeed “this is stupid and makes people hate you” describes a vast array of real “activist” actions going all the way back to the Symbionese Liberation Army and attempts to levitate the Pentagon back in the 1960s, so I think Fireship’s deduction here is off-base.
Could be pro-Palestinian sorts, who have never seemed to care about “making friends” while raping women and beheading babies. Or it could be any number of social justice types, whose Khmer Rouge-esque “Year Zero” vibe jibs nicely with wiping out the Internet’s history. Or maybe they’re trying to erase Kamala Harris’ obvious past idiocies.
In any case, let’s all hope this attack fails, and that the Wayback Machine has robust, rotating offline backups…
More than 200 people have been confirmed dead as a result of Hurricane Helene, and that total is expected to rise as search-and-rescue crews reach more remote communities. Roads have been destroyed, many towns are still without power, and people are beginning to run out of food as trucks cannot get in to provide aid.
Amid all of this, Homeland Security Secretary Alejandro Mayorkas, the architect of the migrant invasion, warns that the Federal Emergency Management Agency is running out of money to aid hurricane victims. Meanwhile, thanks to the migrant crisis his catch-and-release policies created, FEMA has spent over $1 billion feeding, housing, and transporting illegal immigrants across the United States in just the last two years.
Before he was elected, President Joe Biden said of migrants wanting to enter the U.S. illegally, “We could afford to take in a heartbeat another 2 million.” Thanks to Biden’s subsequent policies, all supported by Vice President Kamala Harris, including the end of former President Donald Trump’s “Remain in Mexico” program, the temporary suspension of all deportations, and the creation of the CBP One app parole program and the Cubans, Haitians, Nicaraguans, and Venezuelans parole program, the number of illegal immigrants allowed into the U.S. by Biden has been closer to 4 million.
Unfortunately for communities across the U.S., the ability of this country to take in millions of illegal immigrants has not been as smooth as Biden predicted. Cities, many of them controlled by Democrats, have been begging the federal government for assistance in housing, clothing, feeding, education, and providing healthcare for the flood of migrants who are straining budgets in their communities.
In response, the Biden administration has spent tens of billions of dollars helping to ease the pain caused by their illegal migrant invasion. Local governments are required to provide education to all children, regardless of legal status, and the Department of Education helps local governments pay to educate these children. Hospitals must provide emergency care to all patients, even illegal immigrants without health insurance, and so the Department of Health and Human Services helps local hospitals stay afloat by reimbursing them through Medicaid.
And the Department of Homeland Security helps provide food, housing, and transportation to illegal immigrants through FEMA’s Emergency Food and Shelter Program and Shelter and Services Program Awards program. When the influx of migrants was bankrupting cities across the country this past winter, Democratic mayors traveled to the White House to beg Biden for more FEMA money to help their communities “meet the growing needs of these individuals.”
And the White House gave them the FEMA money they wanted. In just the last two years alone, the Biden administration has spent over $1 billion in FEMA funds giving local communities the resources needed to deal with the migrant crisis that the Biden administration created.
if Joe Biden had said he wanted to let 4 million illegal aliens into the country, and subsidize their food and clothing, do you think he would have been “elected” in 2020?
CBS lies, altering interview of Kamala Harris on Israel:
Here are the two different 60 Minutes edits layered on top of each other in full. You will hear where Whitaker's questions line up, and the different edited answers from Harris.
SC 1842 (bottom) is what aired on Monday night. SC 1843.5 (top) is what the Face the Nation X account… pic.twitter.com/FEuQp2o0kn
Beyond the word salad that people pointed out, CBS and 60 Minutes edited out everything she says about providing aide to Israel in order to defend itself from attacks.
Now when you contrast that with the fallout from the Coates interview, this all stinks. This is a CBS agenda…
On September 30th, anti-Israel author Ta-Nehisi Coates sat down for what turned out to be a spirited six-and-a-half-minute interview on CBS Mornings, during which co-anchor Tony Dokoupil challenged some of the claims made in Coates’ new book, “The Message.”
The book contains several essays about some of Coates’ travels, with the longest one being about his trip “to Palestine.” It was claims made in that essay that Dokoupil zeroed in on for closer examination during their exchange:
“I have to say, when I read the book, I imagine if I took your name out of it, took away the awards, the acclaim, took the cover off the book, publishing house goes away, the content of that section would not be out of place in the backpack of an extremist,” Dokoupil said.
“So then I found myself wondering, why does Ta’Nehisi Coates, who I’ve known for a long time, read his work for a long time, very talented, smart guy, leave out so much? Why leave out that Israel is surrounded by countries that want to eliminate it? Why leave out that Israel deals with terror groups that want to eliminate it? Why not detail anything of the first and the second Intifada, the café bombings, the bus bombings, the little kids blown to bits. Is it because you just don’t believe that Israel in any condition has a right to exist?” the CBS anchor continued.
Perhaps because Coates’ word is viewed as sacrosanct by woke leftists in the media, academia, and beyond despite his deeply flawed logic on issues like reparations, eruptions began almost immediately in the CBS newsroom, with tensions boiling over a week later during an editorial call:
During its editorial meeting on Monday at 9 a.m.—the morning of October 7—the network’s top brass all but apologized for the interview to staff, saying that it did not meet the company’s “editorial standards.” After being introduced by Wendy McMahon, the head of CBS News, Adrienne Roark, who is in charge of news gathering at the network, began her remarks by saying covering a story like October 7 “requires empathy, respect, and a commitment to truth.”
After quoting extensively from the CBS News handbook, she said, “We will still ask tough questions. We will still hold people accountable. But we will do so objectively, which means checking our biases and opinions at the door…”
Presumably, the “bias” accusations stem from the fact that, according to the New York Post, Dokoupil is “a convert to Judaism whose ex-wife lives in Israel along with their two children.”
“During its editorial meeting on Monday at 9 a.m.—the morning of October 7—the network’s top brass all but apologized for the interview to staff, saying that it did not meet the company’s ‘editorial standards.’”
Though Shalt Not Question the Holy Social justice.
A US judge has sentenced a disgraced Black Lives Matter leader to federal prison after he was convicted at trial in April on wire fraud and money laundering charges. Sir Maejor Page, 35, of Toledo, Ohio, who uses the alias Tyree Conyers-Page, was found guilty of running a “fake charity scheme” for personal profit, defrauding donors of more than $450,000 they had given to his nonprofit Black Lives Matter of Greater Atlanta.
US District Court Judge Jeffrey Helmick of the Northern District of Ohio sentenced Page on Thursday to 42 months in federal prison. He was also ordered to pay a $400 special assessment fee, according to a press release from the Department of Justice.
Prosecutors accused Page of defrauding 18,000 donors who collectively gave hundreds of thousands of dollars to his fraudulent charity, Black Lives Matter of Greater Atlanta. Page took the donations and used them for his own personal benefit. He purchased entertainment, hotel rooms, clothing, firearms, and a property in Ohio that he intended to use as his personal residence, court documents showed.
Page continued to collect donations for his “social justice” charity through its Facebook page after the organization’s tax-exempt status was revoked for failing to submit IRS Form 990 for three consecutive years. He consistently shared content on Facebook relating to social justice and racial issues in order to establish the legitimacy of his nonprofit organization, despite the fact this it was no longer tax-exempt. The convicted fraudster used Facebook to communicate privately with donors, to which he falsely claimed that their contributions would be allocated to “fight for George Floyd” and the “movement.”
In a recent podcast interview, the political analyst who first predicted that Joe Biden would withdraw from the presidential race revealed that private polling he has seen appears to suggest that Vice President Kamala Harris (D-Calif.) is in serious trouble ahead of the November election.
According to Breitbart, Newsmax commentator and former political director for ABC News Mark Halperin gave his analysis on The Morning Meeting with Sean Spicer and Dan Turrentine. Halperin said that internal polling could see Harris lose all but one of the seven swing states in this election, as her current lead in the national popular vote is not enough to win the electoral college against former President Donald Trump.
“So the new New York Times poll shows her up three nationally,” Halperin explained. “We all know that three is like the bubble point, right? If she’s up three, she’s got a chance to win the Electoral College, but they’d rather be at four, and they don’t want to be at two. So three is right at the bubble. I’m not saying this Times poll’s right. But it’s in line with international polls.”
“We all know from our contacts in both campaigns that Pennsylvania is tough for her right now. And without Pennsylvania, there are paths, but there aren’t many. There’s no path without Wisconsin,” Halperin continued. “So you see here, Tammy Baldwin’s Senate campaign poll shows Harris down three in Wisconsin. We all said yesterday, Wisconsin and Michigan are looking worse for Harris than before.”
Wisconsin Senator Tammy Baldwin’s (D-Wisc.) campaign had previously shared internal polling with both the Wall Street Journal and Axios, showing Harris losing to Trump in the state and Baldwin herself with a mere 2-point lead over her Republican challenger, Eric Hovde (R-Wisc.).
Such results in private polls align with the trend reflected in public polls, with pollsters such as Quinnipiac University and Emerson College showing President Trump gaining momentum in most of the swing states, now either leading Harris or tied in enough states to win the electoral college.
“I just saw some new private polling today that’s very robust private polling. She’s in a lot of trouble,” said Halperin. “The conversation I’m having with Trump people and Democrats with data are extremely bullish on Trump’s chances in the last 48 hours, extremely bullish. You think of the seven battleground states; which ones is Harris in danger of losing? I would say Pennsylvania, Michigan, Wisconsin, Arizona, North Carolina and Georgia. I’m not saying she’ll lose all six, but she’s in danger.”
If Harris were to lose these six states but hold the seventh swing state, Nevada, then the result would be an exact repeat of the 2016 election, with President Trump winning 306 electoral votes to Harris’ 232.
“Law enforcement has arrested Estefania Primera, an illegal alien from Venezuela, following reports that she was the ring leader for a gang’s sex trafficking operation in El Paso. Primera was named by a sex trafficking victim as the leader of a Tren de Aragua sex trafficking ring.”
People have been asking about the Texas temporary ID ruling in other threads, and now we have an update.
Secretary of State Asks Attorney General to Rule on ‘Limited Term’ Driver’s Licenses as Voter ID. Paxton received a request from Secretary of State Nelson to rule on the validity of “limited term” driver’s licenses as voter ID.
Texas Secretary of State (SOS) Jane Nelson issued an advisory on Tuesday that describes “limited term” driver’s licenses as an acceptable form of voter ID, though recommending other forms of photo identification if possible.
While the Texas Election Code does not specifically designate “limited term” ID cards as a permissible form of voter ID, it does describe “a personal identification card issued by the Texas Department of Public Safety” (TxDPS) as an approved form of identification.
As Nelson’s advisory acknowledges, TxDPS distributes “temporary term” driver’s licenses to noncitizens, provided they are an individual with lawful temporary status in the U.S.
The SOS’s guidance concedes that if an individual is registered to vote and presents a “limited term” driver’s license or ID card, they may receive a ballot after being fully informed by the election judge or clerk of the “eligibility requirements” necessary to vote in Texas.
The issue cited by the SOS is that while the limited term ID denotes noncitizen status at one point, it doesn’t mean that the individual has not since been naturalized. Transportation Code also includes the limited term ID as a valid form of identification, creating a small window for a potentially legitimate use of the document to vote.
Additionally, if an individual presents a “limited term” ID card but is not registered to vote, they may receive a provisional ballot after election officials fully evaluate what their lack of registration and unique form of identification suggests.
Nelson recommended using language such as, “The limited-term driver’s license/identification card you presented suggests that you are not a United States citizen. Your name does not appear on the list of registered voters. Per the Texas Election Code, to be eligible to vote in the State of Texas, you must be a qualified voter of this state,” when explaining the situation to the unregistered voter and prior to distributing a provisional ballot.
Nelson requested on October 9 that Texas Attorney General Ken Paxton rule on whether a limited term driver’s license that “generates questions of voter eligibility” is a valid form of voter ID and if an election official must present a ballot to an individual who only provides such ID in person. The request is for a non-binding opinion by the Office of the Attorney General.
Nelson also asked Paxton how ballot workers ought to treat mail-in ballots that only list an ID number or driver’s license card that is “limited term,” in regards both to “counting” the vote and for investigating “instances of fraud.”
So Paxton will be able to nip this potential avenue of voting fraud in the bud.
“A former Democrat member of the Texas Senate is throwing his support behind a Republican candidate for the seat he once held. Former State Sen. Eddie Lucio Jr. of Brownsville announced his endorsement of Adam Hinojosa in the race against freshman Democrat State Sen. Morgan LaMantia, pointing to their shared pro-life values as a key reason.”
“The most fun I had going to see the new Joker movie was in the car ride and from it, because I was listening to Warhammer 40K lore on the Horus Heresy. And just listening to that was better than seeing Joker Folie a Deux.”
Finally, a non-insulting use for AI? They’re going to use AI to create dubs of original Japanese anime in voices that sound like the original Japanese voice actors. This would be a big improvement on a lot of the early crappy dubs, but I can’t imagine American voice actors being thrilled at losing those gigs…
“Electric vehicle (EV) manufacturer Fisker Inc. is under investigation by the U.S. Securities and Exchange Commission (SEC) and faces formal objections from the U.S. Department of Justice (DOJ) over its Chapter 11 bankruptcy proceedings. The company filed for bankruptcy earlier this year after halting production in March…The DOJ contends in filings that Fisker’s proposed $750,000 cap on recall expenses in its bankruptcy plan is insufficient to cover both parts and labor costs required for vehicle repairs.”
Also: “New York-based company called American Lease was less deterred by this warning and in June agreed to purchase the remaining Fisker inventory—approximately 3,300 cars for a total of $46.3 million dollars. By October, American Lease had paid Fisker $42.5 million and had taken delivery of about 1,100 Oceans. That was the plan until the end of last week, at least. Last Friday evening, Fisker informed American Lease that the Oceans ‘cannot, as a technical matter, be ‘ported’ from the Fisker server to which the vehicles are currently linked to a distinct server owned and/or controlled by’ American Lease.” (Hat tip: Stephen Green at Instapundit.)
Also from Instapundit: Fisker left their California headquarters trashed when they vacated.
The issue originated in one of the Kia web portals used by dealerships. Long story short and a hefty bit of API abuse later, [Sam] Curry and his band of far-more-capable Kia Boyz managed to register a fake dealer account to get a valid access token, which they were then able to use to call any backend dealer API command they wanted.
“From the victim’s side, there was no notification that their vehicle had been accessed nor their access permissions modified,” Curry noted in his writeup. “An attacker could resolve someone’s license plate, enter their VIN through the API, then track them passively and send active commands like unlock, start, or honk.”
Bungled. “A founding member of the experimental rock band Mr. Bungle was found guilty Friday of first-degree murder in the killing of his girlfriend after prosecutors in California found an audio file the victim recorded on her phone as she fought for her life. A jury in Santa Cruz deliberated for a day before finding Theobald ‘Theo’ Lengyel guilty of first-degree murder in the killing of his girlfriend Alice “Alyx” Kamakaokalani Herrmann on the night of Dec. 4, 2023, inside her Capitola home.” (Hat tip: Dwight.)
The pianist cashed his ticket and drove an exhausting 500 miles to the concert venue on the only night he could play, only to find a broken, out-of-tune piano. The restaurant couldn’t get his order right before he had to leave to perform. He refused to play multiple times before finally relenting and, still in pain from the drive, improvised the best-selling solo piano album of all time.
I’ve long been amazed at the hyperparasitism of the hacker exploit ecosystem, where hackers penetrate systems not to steal credit card numbers, but just to steal the resources to run bot farms. And now hackers are stealing cloud resources to run AI sexbots.
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.
Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub.
You might wonder how a company could be so stupid as to include their cloud access credentials in their GitHub repository. Having worked for a long time in the cloud/SaaS space, I can tell you: It’s easier than you think. Developers probably included it so they could do rapid testing during the development cycle (and nobody wants to go through the pain of setting up another cryptokey through two-factor authentication every damn time they want to run a test), then overlooked changing it when they rolled to production. It’s the sort of thing dev should be looking for, but there are a lot of ways (personnel change, version rollback, etc.) something like that can slip through.
Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs) available on Bedrock. But they also soon discovered none of these AWS users had enabled full logging of LLM activity (by default, logs don’t include model prompts and outputs), and thus they lacked any visibility into what attackers were doing with that access.
So Permiso researchers decided to leak their own test AWS key on GitHub, while turning on logging so that they could see exactly what an attacker might ask for, and what the responses might be.
Within minutes, their bait key was scooped up and used in a service that offers AI-powered sex chats online.
Long gone are the days when boys were initiated into onanistic pursuits by the time-honored method of finding an old issue of Penthouse under a tree in the woods, but having to use AI chatbots when there’s a veritable ocean of pornography rolling around the Internet bespeaks of a lack of imagination in today’s large cohorts of lonely men.
“After reviewing the prompts and responses it became clear that the attacker was hosting an AI roleplaying service that leverages common jailbreak techniques to get the models to accept and respond with content that would normally be blocked,” Permiso researchers wrote in a report released today.
“Almost all of the roleplaying was of a sexual nature, with some of the content straying into darker topics such as child sexual abuse,” they continued. “Over the course of two days we saw over 75,000 successful model invocations, almost all of a sexual nature.”
Ian Ahl, senior vice president of threat research at Permiso, said attackers in possession of a working cloud account traditionally have used that access for run-of-the-mill financial cybercrime, such as cryptocurrency mining or spam. But over the past six months, Ahl said, Bedrock has emerged as one of the top targeted cloud services.
Stealing computer resources to run bots for cryptocurrency mining or spam is now evidentially one of those traditional criminal enterprises like running a numbers racket or selling swampland in Florida. Perhaps this strikes you with the same “get off my lawn” unease that I felt upon first reading the phrase “90s Music Nostalgia Tour.”
“Bad guy hosts a chat service, and subscribers pay them money,” Ahl said of the business model for commandeering Bedrock access to power sex chat bots. “They don’t want to pay for all the prompting that their subscribers are doing, so instead they hijack someone else’s infrastructure.”
Ahl said much of the AI-powered chat conversations initiated by the users of their honeypot AWS key were harmless roleplaying of sexual behavior.
“But a percentage of it is also geared toward very illegal stuff, like child sexual assault fantasies and rapes being played out,” Ahl said. “And these are typically things the large language models won’t be able to talk about.”
AWS’s Bedrock uses large language models from Anthropic, which incorporates a number of technical restrictions aimed at placing certain ethical guardrails on the use of their LLMs. But attackers can evade or “jailbreak” their way out of these restricted settings, usually by asking the AI to imagine itself in an elaborate hypothetical situation under which its normal restrictions might be relaxed or discarded altogether.
“A typical jailbreak will pose a very specific scenario, like you’re a writer who’s doing research for a book, and everyone involved is a consenting adult, even though they often end up chatting about nonconsensual things,” Ahl said.
In June 2024, security experts at Sysdig documented a new attack that leveraged stolen cloud credentials to target ten cloud-hosted LLMs. The attackers Sysdig wrote about gathered cloud credentials through a known security vulnerability, but the researchers also found the attackers sold LLM access to other cybercriminals while sticking the cloud account owner with an astronomical bill.
“Once initial access was obtained, they exfiltrated cloud credentials and gained access to the cloud environment, where they attempted to access local LLM models hosted by cloud providers: in this instance, a local Claude (v2/v3) LLM model from Anthropic was targeted,” Sysdig researchers wrote. “If undiscovered, this type of attack could result in over $46,000 of LLM consumption costs per day for the victim.”
Stolen credentials paid for with stolen credit cards running stolen AI access on stolen cloud platforms to run illegal sex chatbots. It’s a veritable ecology of cybercriminality…
A third but brief post on Israel’s exploding pager attack against Hezbollah. Several people have expressed incredulity that Israel would go to the trouble of setting up “their own factory” to manufacture the exploding pages against Hezbollah. I suspect people are envisioning something the size of a Foxconn iPhone line, but for smaller runs of less cutting-edge products, modern contract manufacturing can usually do things in much smaller footprints. Pagers are old 1980s tech, most probably use off-the-shelf commodity parts you can find anywhere, and I suspect Israel set up something much smaller.
You don’t need a line of assembly workers, you need a pick-and-place machine to attach the surface-mount components to your circuit board. Pick-and-place machines are also old technology that have gone through many iterations, but you can literally run a circuit board a assembly line in your garage. Here’s a guy that uses a very old pick-and-place machine to make amusement park controllers using equipment in his own shed.
Note that his boards are roughly the same size as a pager (probably slightly bigger). His is a low-tech approach that allows him to do all the steps himself and requires hand-soldering for some components. With a few more machines and a few more people, I suspect Israel could easily have run their exploding pager line out of a space of 1,000 square feet or less. Everything save the explosive batteries probably used commodity pager parts, and even the special command sequence to trigger the explosion was probably programmed into a commodity controller chip.
Israel also has a modern, sophisticated electronics sector, so it’s possible they contract with one of their existing military electronics contractors to do a run, but I’m not sure anyone had an assembly line suitable for turning out old-tech pagers, as you wouldn’t want to alert Hezbollah agents with a circuit board that looked too modern.
There were a lot of sophisticated aspects to Israel’s supply chain attack, especially how they used human intelligence to insinuate themselves into Hezbollah’s procurement system to be in a position to provide the pagers. And producing batteries that actually held explosives was not a trivial task. But setting up an assembly line for the pagers once they had done all the upfront espionage work to get in a position to provide them was probably among the least difficult aspects of the operation.
Israel has injured thousands across Lebanon, with hundreds in critical condition and dozens more dead, this week in two waves of simultaneous explosions of electronic communications equipment targeting Iranian-backed Hezbollah terrorists.
The blasts — which may have killed 19 and wounded 150 of Iran’s Islamic Revolutionary Guard Corps (IRGC) members — started on Tuesday afternoon around 3:30 p.m. local time when pagers used by Hezbollah started beeping with a message from their leadership.
After a few beeps, the pagers simultaneously exploded across the country, blinding hundreds, tearing off limbs, and leaving gaping holes in bodies.
The messages that the devices received were not from Hezbollah leadership; they were from Israel’s intelligence and military apparatus, and they were part of a multi-year plan.
There was initial confusion as to what happened when the explosions were reported. Various news reports said that malware had potentially been uploaded to the devices, causing the batteries to overheat and explode. Then reports surfaced claiming a small amount of highly explosive material had been placed into each device after Israel intercepted the devices after they were manufactured by a Taiwanese company.
However, none of those reports were accurate, according to a New York Times report that revealed that Israel never intercepted the pagers — it made them.
Hezbollah has forced tens of thousands of Israelis to evacuate their homes in northern Israel since October 7 as the terrorist group fires drones, rockets, and missiles on a regular basis — having fired many thousands in nearly 12 months.
Israel has responded with precision strikes, killing more than 300 top Hezbollah commanders and numerous lower-level terrorists.
Hezbollah Secretary General Hassan Nasrallah pushed for the terrorists to abandon their phones and switch to low-tech pagers to avoid being tracked by Israel. Nasrallah had bragged that his strategy would “blind” Israel.
However, unbeknownst to Hezbollah, Israel had been secretly manufacturing the pagers that Hezbollah was buying for years.
The Taiwanese company Gold Apollo had contracted with a company called B.A.C. Consulting in Hungary to manufacture the pagers. B.A.C. Consulting was one of three shell companies that Israel created to mask the true manufacturer of the communications equipment: Israeli intelligence.
B.A.C. Consulting created real pagers for numerous customers to create the perception of a legitimate company in order to get picked up for the contract to produce the pagers for Hezbollah.
The pagers manufactured for Hezbollah were separate from those made for other clients, the report said. The pagers that Hezbollah received “contained batteries laced with the explosive PETN” and began shipping in 2022, the report said.
One of my objections to the “planted explosives” idea was that there was no way for explosives in the battery compartment to access the antenna circuitry to receive the detonation signal, but if Israel designed the pagers from the ground up to go boom then obviously that’s not a problem.
After the first round of explosions on Tuesday, Israel struck again on Wednesday, detonating Hezbollah’s backup communications equipment: walkie-talkies.
The explosions from the walkie-talkies were significantly larger than the explosions from the pagers because the devices were larger, meaning they could be packed with more explosive material. Videos posted online showed entire apartment units blown out and numerous cars engulfed in flames.
My other objection was that Israel would be better off gathering intel from the pagers than making them go boom, but if they manufactured them, they probably have all the intel they need on locations of leadership, warehouses, weapons, etc. It looks like Israel was the one that blinded Hezbollah, not the reverse.
It may also explain why Israel hasn’t assassinated Nasrallah yet: Because he’s evidently an idiot.
There’s been much speculation that with Hezbollah’s communications so compromised, Israel will now move decisively against them. And indeed, right now Israel is pounding the snot out of locations in southern Lebanon.
Plus Israeli F-15s are evidently flying over Beirut with evident impunity. (Lebanon couldn’t take down Israeli aircraft during the Lebanon War in 2006 either, mainly because they’re using old Soviet crap.)
A lot of MSM commentators have shrieked over and over again during the Israel-Hamas War that Israel was in trouble because they would face a two-front war when Hezbollah really got involved. That didn’t happen. Instead, Israel settled Hamas’ hash in Gaza (where it’s now mopping up), then hit a whole lot of militant factions on the West Bank (an under-reported story), all the while withstanding pinprick strikes from the Mullahs and their proxies while carrying out varied strikes in Syria and Iran.
Having accomplished all that, Israel seems to be moving decisively against Hezbollah. Now Israel is poised to enter a two-front war, but only on its own terms, not Hezbollah’s. It’s almost like Israel had its own Schlieffen Plan to defeat each of its enemies in turn before turning to the next, only competently executed. But with Hezbollah so disorganized, it may not even feel the need to launch a ground incursion into Lebanon.
The end result of the war Hamas’ terrorist atrocity started will be that Israel will be stronger and its borders more secure, all Israel’s terrorist enemies will be destroyed or weaker, and Iran will be shown, yet again, as a very weak horse using incompetent proxies.
Now, as a bonus, here’s a Habitual Linecrosser video on the subject.
At least nine people were killed and about 2,750 people were injured in Lebanon on Tuesday during the mass explosion of pagers belonging to members of Hezbollah, according to the country’s health ministry.
A Hezbollah official described the event as the “biggest security breach” the group has suffered since the start of the Israel-Gaza war nearly one year ago, according to a Reuters report. The Shiite terror group claimed that lithium batteries inside the pagers apparently detonated.
Some members allegedly felt the pagers “heating up” before abandoning them, according to an unnamed Hezbollah official speaking to the Wall Street Journal. Hezbollah officials have speculated that Israeli malware could be behind the infiltration.
Sky News Arabia, however, quoted sources insisting that Mossad, Israel’s primary intelligence agency, physically planted explosive materials inside the pagers before they were delivered to Lebanon.
According to the Times of Israel, Hezbollah Secretary-General Hassan Nasrallah turned to pagers after he directed members to stop using cell phones in February, fearing they could be tracked by Israeli intelligence. A Lebanese security source claimed the devices were imported five months ago, according to Al Jazeera.
Seven individuals were similarly killed in Syria around Damascus, according to Iran’s IRGC-affiliated Saberin News. This signals a coordinated effort to reach the group in multiple locations across different countries.
Everyone and their dog has posted this story, so I wasn’t going to note it outside the LinkSwarm, except I think some commenters are making erroneous assumptions about how the attack was carried out. I see three possibilities:
The Sky News Arabia suggestion (also floated in this Washington Post article) that the attack was carried out via a supply chain attack planting explosive in each pager, seems clever and has a certain surface plausibility. But I think it very unlikely, mainly because, if you already have that level of access to their communication network hardware, planting explosives is probably the least rewarding attack you could carry out. No, the real play for a supply chain attack is to compromise the security of the devices themselves so you can use Hezbollah’s own devices to spy on their entire communications network. That’s a whole lot more valuable than a handful of deaths and a larger number of maimings. I also find the idea that they intercepted the batteries and loaded them with Pentaerythritol tetranitrate (PETN) even less likely. Just how would these batteries receive the detonate signal if they’re not directly in the circuit to access the antenna to receive the signal?
My guess is that Israel discovered the type of battery and charging firmware Hezbollah’s pagers used, and used a remote exploit to trigger overcharging in the batteries. This also aligns with reports that several Hezbollah terrorists felt the pager getting hot before they exploded. That isn’t the way explosives work, but it is the way Lithium Ion batteries respond to overcharging. Further supporting this hypothesis is that Israel’s previous Stuxnet worm targeting Iran’s nuclear program used a broadly similar attack (a combination software/firmware exploit that caused physical destruction of the targeted system). Such attacks are by no means easy, but dozens of broadly similar hardware hacking exploits are revealed at DEFCON every year.
A third theory I’ve seen proposed by various commenters: Israel was able to explode the pagers because Hezbollah equipped all of them with explosives from the git-go, either to use as improvised explosives or for data security if captured. The first is unlikely because we all know Hezbollah has access to a wide range of explosives to build bombs and IEDs with, and it doesn’t make sense to use something as small as a pager for any significant target. The second strikes me as deeply unlikely from a cost/benefit analysis.
(If someone can think of another theory than those three, let me know in the comments below.)
The heady onrush of the technological revolution has allowed non-state actors like Hezbollah to punch well above their weight by using commercial off-the-shelf technology to strike vulnerable targets (civilians and infrastructure) of larger state actors like Israel. But the downside of not controlling your own supply chain is that a technologically sophisticated state actor like Israel has the knowledge and resources to hack your consumer-grade equipment.
I just read that Hezbollah radios are now exploding as well, so I’m going to go ahead and post this before Israel manages to remote detonate still more of Hezbollah’s tech.
Hezbollah, of course, is talking about launching a full-scale war against Israel. Given the destruction of their communication networks, one wonders how long it will take them to learn semaphore to coordinate attacks…
More evidence of the Biden Recession, California’s welfare state goes extra crazy, Chicago has to spend mad money to produce illiterate children, an Assistant DA resigns, a cyberattack hits car dealers nationwide, a Brazilian thief gets ventilated, and God unites the entire world in hatred of the New York Yankees. It’s the Friday LinkSwarm!
Taxpayers are funding a new high-rise building in Los Angeles where homeless people will enjoy skyline views, a cafe, a gym, and an art studio, not to mention the free rent.
The fancy new building is 19 stories high and has 278 units, each costing about $600,000. The total cost was $165 million, according to the Los Angeles Times. It is the first of three new high-rise buildings that will soon house homeless people.
Snip.
This modern tower for the homeless includes a TV in each apartment, a gym, an art room, a soundproofed music room, a computer room with a library, a TV lounge, a courtyard, and a cafe that will host movie nights. There are also six common balconies, four of which have dog runs.
Where are politicians getting all the money for this project? The buildings are funded by the city’s supportive housing loan program, Proposition HHH, which was approved by city voters in 2016, as well as state housing funds and $56 million in state tax credits.
The three apartment buildings will be located around the headquarters of the Weingart Center, a nonprofit that assists homeless people. Kevin Murray, a former California state senator, is the man behind the project. He serves as the chief executive of the nonprofit.
I’m sure all the Homeless Industrial Complex members involved got generously paid for their efforts. Once again, the message of the Democratic Party is: You’re suckers for working for a living.
Illinois Policy just issued a report showing that while CPS has doubled spending per student since 2012, grades are down by 60-80%, depending on the subject. “Just 1-in-4 CPS students can read or perform math at grade level,” the report says. “The percent of students enrolling in college after high school graduation is decreasing. And for those who do enroll, another study found many are struggling to finish college in four years – just 30% get their bachelor’s in four years compared to 47% nationally.”
By every other measure… there’s no other way to put this… CPS is falling apart.
In 2023, 26% of students in grades 3 through 8 across all of CPS could read at grade level and about 18% could do math proficiently. For 11th grade CPS students, only 22% could read at grade level and 19% do math proficiently.
CPS’ failure to engage students shows in the chronic absenteeism rate. Chronic absenteeism has skyrocketed.
According to ISBE data, 86.3% of teachers in CPS were rated as proficient or excellent in 2023, down from 91.4% in 2019. Yet many students in CPS are struggling to reach proficiency in core subjects.
There’s much more at the link, all of it tragic. An entire generation of Chicago students is failing — and being failed by their schools and, let’s be brutally honest, by their families.
If you’re thinking that CPS must be seriously underfunded to achieve such dismal results, you must have been living in a cave for the last 40 or 50 years. CPS will spend a jaw-dropping $29,028 per student this year. My family lives in a lovely exurb of Colorado Springs and our district spends roughly one-third of what CPS does — $10,214 per student — and we get much better results. It isn’t about the money. It rarely is.
The case began in November 2022, when Loper Bright Enterprises, a fishery based out of Cape May, New Jersey, appealed a district court opinion to the Supreme Court. The conflict between Loper Bright and the National Marine Fisheries Service (NMFS) started after the agency decided to require private fisheries like Loper Bright to pay their regulatory inspectors for their time observing fishery practices.
While the law doesn’t explicitly allow this practice, the Fishery Service cites the Chevron Deference, a precedent set by a 1984 Supreme Court case, which states that an ambiguous law can be interpreted by government agencies as they see fit. In short, the Fishery Service wants private companies to pay their salaries and found a legal loophole to justify it.
While this may seem like an isolated incident, it is just one example of a long history of government agencies infringing on individual liberty. The outcome of this case holds supreme importance for the future of our republic and the preservation of our financial and civil freedoms.
Since 1950, the federal government has steadily grown in size. Today, it has over 2.9 million civilian employees, more than Walmart has worldwide. This growth has paved the way for the creation of a governmental pseudo-branch denoted the “administrative state.” The administrative state contains government employees who have a significant impact on people’s everyday lives but yet aren’t held accountable to citizens in the form of elections. These unelected bureaucrats undermine the central ethos of a republic, where elected officials are supposed to seek the good of their constituents or risk not being re-elected.
The problem with this system was made evident during the pandemic. During the COVID shutdown, hundreds of millions of Americans were sentenced to lockdowns, impacting their schools, churches, and families. Many of the people behind this policy were members of the CDC, one of the government agencies that comprise the administrative state. The decisions they made were not subject to the traditional checks and balances which typically constrain the US government. Instead, America found itself under a tyranny of the unelected.
This overreach extends beyond individual liberty into private business. When businesses can be encroached upon at a whim by unelected authorities, long-term investment becomes a much riskier endeavor. When the COVID shutdown occurred, many small businesses, with their small profit margins and high overhead, were unable to weather the storm. For the companies that survived, the blatant government intervention and the severe consequences that followed left a sour taste in their mouth for future capital investments. You’re not going to build a new business if a bureaucrat can shut it down the next day. All of these factors contribute to government agencies having a negative impact on financial markets and investor portfolios.
The Chevron Deference precedent, which is at the center of Loper Bright Enterprises v. Raimondo, gives even more power to these governmental agencies. When ambiguity exists, this precedent allows courts to simply defer to agencies’ interpretations, even if those interpretations favor the agencies’ own interests. It also allows courts to seek out ambiguity in order to give near-unbridled power to these agencies.
If the Supreme Court upholds Chevron, it will further entrench the power of unelected bureaucrats and make it increasingly difficult for individuals and businesses to challenge agency overreach. However, if the Court rules against Chevron, it would represent a shift toward increased restraint of the administrative state, leading to a reevaluation of the scope and authority of federal agencies.
Israeli arms exports hit record sales. Funny how having products that actually work stimulates sales. I’m betting Russia is enjoying the opposite right now…
Baseball game announcer: We will not be singing the national anthem. Crowd: The hell we won’t! Patriotism ensues.
Speaking of DA’s behaving badly, a followup: Assistant Travis County DA Joseph Frederick, who was charged with aggravated assault, has resigned before he could be fired, his lawyer saying this was to maintain his health benefits, because he has Parkinson’s. Which is strange, because COBRA covers involuntary termination as well.
Argentine President Javier Milei has a glorious rant about how you can’t negotiate with leftists.
This week’s California restaurant chain closing due to the minimum wage hike: Arby’s. (Hat tip: Dwight.)
“CDK Global, a major software provider to auto dealerships in the U.S., has been hacked, forcing the company to shut down most of its systems temporarily. This cyberattack effectively halted sales operations at approximately 15,000 car dealerships, including those under General Motors, Group 1 Automotive, and Holman.” Without this software, there’s essential dead in the water. (More details.)
Speaking of money-losing MSM outlets, the incoming editor of the Washington Post says thanks but no thanks after the staff there preemptively published a hit piece on him. How’s that letting the inmates run the asylum working out for you, Jeff Bezos?
George R. Nethercutt Jr., the Republican who ousted Democratic Speaker Thomas S. Foley in the Newt Gingrich Contract with America wave of 1994, dead at 79 (Hat tip: Dwight.)
Is olive oil good for your brain? I hope so, since it’s an Atkins-compliant dressing for my salad, so I generally get more than the recommended teaspoon a day.
An anonymous hacker has claimed to have leaked 270 GB of internal data and source code from The New York Times (NYT) on the controversial image board 4chan.
The leak, reportedly containing over 5,000 repositories and 3.6 million files, was published on June 6, 2024. It has since raised widespread concern and speculation about the potential implications for the historic news organization.
The hacker, who has not been identified, posted a magnet link to the files on 4chan, encouraging users to download and share the data. According to the hacker, the leaked collection comprises uncompressed tar files with fewer than 30 encrypted repositories.
The leaked data reportedly contains a variety of source code, including the blueprints of well-known games like Wordle, email marketing campaigns, and ad reports. The hacker’s message was signed “With love from /aicg/,” a nod to a 4chan community.
While the leak’s legitimacy has not been independently verified, cybersecurity experts and media outlets have expressed serious concerns. The Register reported that it had seen a list of files in the purported leak but had not confirmed their authenticity.
Bryan Lunduke of The Lunduke Journal (who’s covered leaked/hacked material like this before) downloaded the files. He says they’re 334GB worth of files (maybe the size discrepancy is zipped vs unzipped) and thinks they’re real.
This dropped June 6.
“We are talking about a 334 gigabyte archive containing supposedly 3.6 million and some change files, individual source code files. Massive. Off-the-charts massive.”
He though it might just be every New York Times story ever published, but it doesn’t appear to be. Nor does it look like an email server dump.
“This is massive. It almost is making my brain hurt simply going through all of this.”
“I went through it. I read a bunch of it in depth. When I say a bunch of it, I mean I spent a long time on it and barely made a dent.”
“It truly does look to be over 3 something million source code files.”
“The first things I looked through were tremendously boring. It was just stupid JavaScript files dealing with Markdown.” JavaScript is a front-end programming language used for performing a huge variety of tasks in your browser. Markdown is an HTML-like text markup language used as a basis for rendering documents in a variety of different formats (standard web page, phone webpage, PDF, online help, etc.
A lot of it appears to be internal website documents.
“It’s from a wide variety of stuff. I mean it’s all over the map. We’re talking onboarding documents and technical documents, hiring documents, switchboard documents, user attribute documents, a huge amount of documentation.”
Plus actual source code for iOS and Android applications.
Lunduke explains legal doctrine on leaked materials and reporting, saying he didn’t commit any crime to obtain the material, which should legally put him in the clear for talking about material therein relevant to the public interest. Normally I’d point out “Hacking is wrong, mkay,” but New York Times has itself published hacked/leaked/stolen material itself at least as far back as The Pentagon Papers, so this is a case of biter bit.
“There a reasonable assumption that publishing some of this leaked material would be of the public interest…There are a number of policies and other interesting things in place documented within this material that could be of the public interest.”
“This does appear to be real. I cannot fathom how all of this could have been created if it wasn’t real.” I am inclined to agree. But! It’s important to note that a real archive can be salted with false information for a variety of nefarious purposes, so caveat lector.
“It is an absolutely monstrous amount. Simply searching through it and scanning it is insane. There are over 5,000 individual mini-archives within this link each one appears to represent an individual source code repository, or at least a folder or subfolder within source code repositories.” He says it appears to be just the latest snapshot, and not all the versions you would find in a source code repository like GitHub.
The time stamps on the files look recent.
“Man, there’s some funky things going on here.”
I am most interested in how internal policies codify/enforce woke social justice priorities, if there are any special instructions for covering Donald Trump (or other Republicans), racial preferences in hiring policies, etc.
A newly discovered backdoor found in the xz liblzma library of XZ Utils, the XZ format compression utilities included in most Linux distributions, targets the RSA implementation of OpenSSH.
For those outside of tech, that sentence was an unreadable jumble of acronyms. For those inside tech, a chill probably ran down their spine, as those technologies are everywhere. Anytime anyone buys something online, they’re going to be using SSH to create a secure channel to pass transaction information. [As a commenter noted, SSH is a command tool rather than Secure Socket Layer (SSL), which is used for encrypted transactions. Mental typo. My bad. – LP.] Depending on how many distros are using that library, the consequence range from “bad” to “really, really bad.”
A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns.
The cause of the vulnerability is actually malicious code present in versions 5.6.0 (released in late February) and 5.6.1 (released on March 9) of the xz libraries, which was accidentally found by Andres Freund, a PostgreSQL developer and software engineer at Microsoft.
“After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer: The upstream xz repository and the xz tarballs have been backdoored,” he shared via the oss-security mailing list.
According to Red Hat, the malicious injection in the vulnerable versions of the libraries is obfuscated and only included in full in the download package.
“The Git distribution lacks the M4 macro that triggers the build of the malicious code. The second-stage artifacts are present in the Git repository for the injection during the build time, in case the malicious M4 macro is present,” they added.
“The resulting malicious build interferes with authentication in sshd via systemd.”
I’m just going to note for the record that a whole lot of longtime Linux programmers absolutely hated the introduction of systemd. I don’t have deep enough Linux chops to take a side in this controversy, or know whether systemd was a significant factor in allowing the exploit to work.
Moving on:
The malicious script in the tarballs is obfuscated, as are the files containing the bulk of the exploit, so this is likely no accident.
“Given the activity over several weeks, the committer is either directly involved or there was some quite severe compromise of their system. Unfortunately the latter looks like the less likely explanation, given they communicated on various lists about the “fixes” [for errors caused by the injected code in v5.6.0],” Freund commented.
One silver lining is that the problem doesn’t look to be as widespread as it could be.
“Luckily xz 5.6.0 and 5.6.1 have not yet widely been integrated by Linux distributions, and where they have, mostly in pre-release versions.”
Red Hat says that the vulnerable packages are present in Fedora 41 and Fedora Rawhide, and have urged users of those distros to immediately stop using them.
“If you are using an affected distribution in a business setting, we encourage you to contact your information security team for next steps,” they said, and added that no versions of Red Hat Enterprise Linux (RHEL) are affected.
Since Red Hat is usually the default for big E-commerce platforms, it looks like this exploit is merely “bad” rather than “really, really bad,” which means its not nearly as bad as, say, Log4J was. Your Amazons and eBays are probably safe from the exploit.
The people who are likely going to be hurt by this exploit are mom and pop E-commerce sites using their webhost’s “build an E-commerce site using these easy tools” feature. The smaller the site, the more likely they’re using a free distro, some of which may have this vulnerability.
Whatever the site, they should run an updated software composition analysis tool on stacks and build-chains to see if they’re vulnerable.
