Tag Archive for: Parler

How Did The Parler Hack Happen? WordPress Security Issues Lead the Way

/in


Parler, the Twitter rip-off that served as one of the main organizing tools for the Donald Trump fanatics who stormed the U.S. Capitol on Jan. 6, has been largely offline for more than a week. But even in suspended animation, the preferred online home for QAnon, the Proud Boys, and other elements of the American far-right is still creating trouble.

Decisions by Amazon, Apple, and Google to quit hosting the site and forbid mobile users to download the app have triggered cries of Big Tech censorship. First Amendment and internet regulation politics aside, the way Parler gushed data on its way out the door raises serious cybersecurity questions as well as worries about whether other players on the internet have data breaches in their future.

Though it’s impossible to verify without peeking under Parler’s hood—a task now impossible since the website is offline—the prevailing narrative is that a Parler security flaw (or flaws) allowed a white-hat hacker to download and archive all of Parler’s user data shortly before Amazon Web Services pulled the plug on hosting the site. Among the data presented for the public (and law enforcement) to access included, in some cases, potentially incriminating location data.

Parler relied on Worpress, the world’s most-used content management system. That has led to speculation that WordPress was part of the flaw and that anyone else using WordPress was in danger. However, according to a general consensus of cybersecurity experts, including several contacted for this article, Parler’s data breach didn’t happen simply because Parler used WordPress. Instead, Parler’s user data leaked because CEO John Matze and the site’s architects left major flaws in Parler’s API, the link between Parler’s front-end and its user data.

See Also: Elon Musk Blames Facebook and Mark Zuckerberg For Capitol Riot

The “predominant belief” is “that Parler was a rushed, poor design buoyed by right-leaning investors to become pretty large before they really had built a solid foundation, technologically speaking,” Andrew Zolides, a professor of communications at Xavier University who teaches courses in digital design told Observer. (Among…

Source…

DDoS-Guard To Forfeit Internet Space Occupied by Parler — Krebs on Security

/in


Parler, the beleaguered social network advertised as a “free speech” alternative to Facebook and Twitter, has had a tough month. Apple and Google removed the Parler app from their stores, and Amazon blocked the platform from using its hosting services. Parler has since found a home in DDoS-Guard, a Russian digital infrastructure company. But now it appears DDoS-Guard is about to be relieved of more than two-thirds of the Internet address space the company leases to clients — including the Internet addresses currently occupied by Parler.

The pending disruption for DDoS-Guard and Parler comes compliments of Ron Guilmette, a researcher who has made it something of a personal mission to de-platform conspiracy theorist and far-right groups.

In October, a phone call from Guilmette to an Internet provider in Oregon was all it took to briefly sideline a vast network of sites tied to 8chan/8kun — a controversial online image board linked to several mass shootings — and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global child sex-trafficking ring and plotting against President Donald Trump. As a result, those QAnon and 8chan sites also ultimately ended up in the arms of DDoS-Guard.

Much like Internet infrastructure firm CloudFlare, DDoS-Guard typically doesn’t host sites directly but instead acts as a go-between to simultaneously keep the real Internet addresses of its clients confidential and to protect them from crippling Distributed Denial-of-Service (DDoS) attacks.

The majority of DDoS-Guard’s employees are based in Russia, but the company is actually incorporated in two other places: As “Cognitive Cloud LLP” in Scotland, and as DDoS-Guard Corp. based in Belize.  However, none of the company’s employees are listed as based in Belize, and DDoS-Guard makes no mention of the Latin American region in its map of global operations.

In studying the more than 11,000 Internet addresses assigned to those two companies, Guilmette found that approximately 66 percent of them were doled out to the Belize entity by LACNIC, the regional Internet registry for the Latin American and Caribbean regions.

Suspecting…

Source…

Parler CEO goes into hiding blaming Amazon flak, death threats

/in


By Joel Rosenblatt | Bloomberg

The chief executive officer of Parler says he’s gone into hiding after receiving death threats.

John Matze Jr.’s social media platform was briefly the new home to conservative supporters of Donald Trump who flocked to it after Twitter banned the president. But Parler went dark Sunday after Apple Inc. and Google removed it from their app stores and Amazon.com pulled the plug on its web-hosting service, citing violent content that the e-commerce giant says played into the Jan. 6 Capitol riot.

“Many Parler employees are suffering harassment and hostility, fear for their safety and that of their families, and in some cases have fled their home state to escape persecution,” Matze’s lawyer said in Parler’s lawsuit aimed at forcing Amazon Web Services to put the platform back online. Matze had to “go into hiding with his family after receiving death threats and invasive personal security breaches.”

The CEO didn’t specify the source of the threats, but his lawyer said in a filing that Matze’s covert action was required because he’s been spotlighted “as the CEO of the company AWS continues to vilify.”

Source…

Parler app removed from Google Play Store (Update: Apple suspends iOS app)

/in


parler app icon

  • Parler, a “free speech” social media app, has been removed from the Google Play Store.
  • In a statement, Google said Parler had not done enough to “implement robust moderation for egregious content.”
  • Apple has also warned Parler to put in better moderation or its iOS app will be removed from Apple’s app store.

Update: January 9, 2021 – 8:36 p.m. ETDeadline reports that Apple has now suspended the iOS Parler app from its App Store as well. Apple told Parler in an email that the social networking company “has not taken adequate measures to address the proliferation of these threats to people’s safety.”

Original story – January 9, 2021 – Parler, the social media app that centers on conservative themes and content, has had its app removed from the Google Play Store. Launched in 2018, Parler has become more popular over the last several months among US conservatives.

In the wake of Wednesday’s looting of the US Capital in Washington D.C. by a mob, it had been discovered that Parler was used by some right-wing groups and individuals to promote participation in that mob and to advocate violence during that event. Late Friday night, Google decided that was enough to remove the Parler app from the Play Store.

In an email statement from Google, as posted by XDA Developers, the company stated:

In order to protect user safety on Google Play, our longstanding policies require that apps displaying user-generated content have moderation policies and enforcement that removes egregious content like posts that incite violence. All developers agree to these terms and we have reminded Parler of this clear policy in recent months.

We’re aware of continued posting in the Parler app that seeks to incite ongoing violence in the U.S. We recognize that there can be reasonable debate about content policies and that it can be difficult for apps to immediately remove all violative content, but for us to distribute an app through Google Play, we do require that apps implement robust moderation for egregious content. In light of this ongoing and urgent public safety threat, we are suspending the app’s listings from the Play Store until it addresses these issues.

In addition to the…

Source…