They’ve been around since 2018, and with only two weeks notice, now are saying they need $150k?! Who the fuck is their CFO, and how did their burn rate get so out of control? Shouldn’t they have started the campaign months ago if this was an expected problem?
This just fucking reeks of embezzlement; grossly mismanaging the funds charitable individuals had entrusted them with.
This. They clearly overextended due to the boom in streaming during the pandemic, and are now reacting to the contraction in content consumption both here, and on YouTube.
Linux device attacks preventable by standard security precautions
deleted by creator
Any competitor worth their salt will match and exceed that as a signing bonus.
I wouldn’t immediately jump to that conclusion. There are plenty of legitimate business opportunities that do not imply “taking money to promote products”. In-line advertising and properly disclosed free samples are standard operating procedure for the tech industry, but they are completely above board, and by themselves do not imply bias.
Nearly every content creator’s YouTube channel About page or website will have a similar line, somewhere.
Take that Geiger counter close to most old concrete sometime. Now think of what these old buildings are made of.
The biggest mistake users will make is thinking their data is safe JUST because they have a NAS or a RAID. It’s common parlance in Systems Administration that RAID is NOT backup.
To wit— not truly understanding RAID and how it relates to capacity, parity, and especially the time required to rebuild in failed disk situation. It is a crucial mistake to use RAID 5 with greater than 2TB disks, and even that is pushing it, but RAID 5 is at least in the zeitgeist.
There are also some outside concerns such as Drive batch dates and knowing to pre-purchase spare disks well in advance that may hamper recovery.
You are absolutely correct— major blog hosting, image hosting, and video hosting sites are all “free” for the content creator, but YouTube by far has the largest audience and highest monetization rates of any of them.
This is just creators buying in with their wallets; it makes sense to go where the money is, even if the format sucks for the idealized content consumer.
Shouldn’t be this hard to find out the attack vector.
Buried deep, deep in their writeup:
RocketMQ servers
I’m sure if you’re running other insecure, public facing web servers with bad configs, the actor could exploit that too, but they didn’t provide any evidence of this happening in the wild (no threat group TTPs for initial access), so pure FUD to try to sell their security product.
Unfortunately, Ars mostly just restated verbatim what was provided by the security vendor Aqua Nautilus.