OctoPrint's anonymous usage stats were manipulated
Gina Häußge discovered fake tracking events manipulating OctoPrint's usage statistics. Perpetrators simulated outdated software instances, leading to data cleanup and preventive measures. OctoEverywhere acknowledged the incident, pledging collaboration for resolution.
Read original article
The creator of OctoPrint, Gina Häußge, discovered that the anonymous usage statistics of OctoPrint were manipulated by a small number of clients sending fake tracking events. These events simulated thousands of unique instances running outdated versions of the software. The manipulation involved fake installation events of a specific plugin, OctoEverywhere, and other popular plugins. Gina cleaned up the data, blocked the offending clients, and implemented measures to prevent future manipulations. The perpetrator(s) behind the manipulation were strongly condemned for abusing the project's data integrity. OctoEverywhere responded to the incident, acknowledging the manipulation and expressing their commitment to rectify the situation by collaborating with Gina and contributing to the OctoPrint project. The incident highlighted the importance of data accuracy for making informed decisions regarding the project's maintenance and development.
Related
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
Ex-Fujitsu engineer admits changing court testimony at request of Post Office
Former Fujitsu engineer Gareth Jenkins admitted altering court testimony for Post Office in Horizon scandal. Jenkins, key in Horizon system design, faces inquiry for perjury. Testimony reveals manipulation of evidence.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
Reputation Farming Using Closed GitHub Issues
Reputation farming on GitHub involves manipulating closed issues and pull requests to falsely boost accounts' reputation. Maintainers are urged to monitor activity, report suspicious behavior, and automate checks to prevent this deceptive practice.
Identity Verification Used by X, TikTok, and Uber Exposed Driver's Licenses
An identity verification firm, AU10TIX, exposed login credentials, risking access to sensitive data like driver's licenses. Despite claims of prompt revocation, functional credentials were found. AU10TIX partners with major platforms.
2 commentsThis isn't evidence that they messed with usage stats, just that from me they get a little less benefit of the doubt.
Related
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
Ex-Fujitsu engineer admits changing court testimony at request of Post Office
Former Fujitsu engineer Gareth Jenkins admitted altering court testimony for Post Office in Horizon scandal. Jenkins, key in Horizon system design, faces inquiry for perjury. Testimony reveals manipulation of evidence.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
Reputation Farming Using Closed GitHub Issues
Reputation farming on GitHub involves manipulating closed issues and pull requests to falsely boost accounts' reputation. Maintainers are urged to monitor activity, report suspicious behavior, and automate checks to prevent this deceptive practice.
Identity Verification Used by X, TikTok, and Uber Exposed Driver's Licenses
An identity verification firm, AU10TIX, exposed login credentials, risking access to sensitive data like driver's licenses. Despite claims of prompt revocation, functional credentials were found. AU10TIX partners with major platforms.