Security Researcher Believes Mac Backdoor ‘Tiny Shell” Still Being Used

Mac security researcher Jaron Bradley says he believes hackers are still using an open source macOS backdoor called “Tiny SHell.”

Tinyshell is an open source tool that operates like a shady version of SSH. It’s been a while since I’ve encountered a new sample, but I fully believe attackers are still out there using it. If you watched the Macdoored talk then you’ve seen what attackers are doing “post mortem” with this tool. However, no technical details have been discussed about the malware itself.

Amazon No Longer Including Item Details in Order and Shipment Emails

Users have started to notice that Amazon does not include the items you’ve ordered in its confirmation and shipment emails. One Daring Fireball, John Gruber owners whether it is a bid to stop others scraping the data.

Amazon no longer puts a list of items in order confirmation and shipment notice emails. Almost certainly they’re doing this to thwart email-scraping data harvesters from obtaining information about Amazon sales. All sorts of companies harvest this info, and people volunteer to let them do it (including Edison Mail, the iOS mail client whose recent egregious bug granted full access to email accounts to random other users — at least they’re up front about it in their “how we use data” statement). Edison is far from alone in this — there’s an entire cottage industry of email clients and “tools” whose entire business model is based on scraping their users’ email for e-commerce trends. So, from the Department of This Is Why We Can’t Have Nice Things, Amazon has responded by removing product information from its emails.

Amtrak Data Breach Affects Guest Rewards Accounts

Discovered on April 16, 2020, Amtrak suffered a data breach that affects its Amtrak Guest Rewards accounts.

The attack vector involved was compromised usernames and passwords, which may suggest the use of credentials previously leaked or stolen, or the use of brute-force methods.

Amtrak says that some personal information was viewable, although the company has not specifically said what data may have been compromised. However, Amtrak was keen to emphasize that Social Security numbers, credit card information, and other financial data was not involved in the data leak.

Writer and Podcaster Antony Johnston - TMO BGM Interview

Antony Johnston is a New York Times bestselling writer and podcaster. The Charlize Theron movie Atomic Blonde is based on his graphic novel; his Brigitte Sharp thrillers are critically acclaimed; and Dead Space, his first videogame, redefined its genre. He also hosts a writer’s podcast.

Antony told me about how he transformed his career as graphics artist into successful graphic novels and video game scripting. Later, on his Mac, he delved into novel writing (with Scrivener), most notably the Brigitte Sharp thrillers. Antony recounted how his graphic novel The Coldest City came to be made into a theatrical movie, Atomic Blonde. And to top it all off, Antony told me about his podcast “Writing and Breathing,” a show about “why, how, and what we write,” in which he chats with fellow authors of all kinds.