This suggests the attackers used a double extortion strategy: not only locking files with encryption but also stealing sensitive data to pressure victims into paying a ransom.

Pretty much. The ransom is noticeably low, however. The attackers' goal could be interpreted in several ways due to what was accessed and what was demanded.

That's been the norm with ransomware for a long time.

It's their business model.

I graduated college in the early 1990s and minored in technical writing. I started the first "Student Society of STC" back in college, and that lead to some good internships and a few jobs. Wrote software manuals and online help for an email software company that ran on the AS/400 and MVS. Had to write and code it in SGML, then that eventually moved to HTML.

In my daily work today, I still rely on all those basic principles of technical writing.

As a "long timer" so to speak, I think eventually there ended up being a decline of pure "technical writer" jobs out there, and not too many people going into the profession.

I don't think this has anything to do with Google's OAuth. This issue is literally with every single expired domain name out there. All one has to do is register the expired domain and look at all the emails sent to that domain.

Granted, Google "could" do something, but I don't think it's Google's responsibility to police expired domain names. What am I missing here?

Google promises to use a different `sub` claim for every account, even if you reuse the domain name. However, according to the talk, the `sub` claim isn't stable in normal scenarios, so developers don't use that like they're supposed to.

Google should fix the `sub` problem if the problem is on their side (and not, for instance, related to user accounts impersonation or recreated user accounts, which are expected to fail this check). Everyone integrating with Google should use the `sub` claim like they're supposed to.

Of course this approach doesn't help if a domain admin can recover the original workspace account (rather than simply re-registering the domain with Google), but that can easily be solved by not having the domain admin accounts use the domain they're hosted on.

Google should have done this 5-10 years ago.

This happens fairly often. But honestly it's a bit ridiculous that Google suggests that you change from a .co.uk to a .com to resolve the issue. That is NOT an option unless they're going to pay for the domain and the domain migration.

I would keep pushing back on that, there is no way that you need to move to another TLD.

They say that the site is "compromised and has malicious software", I bet it's actually something else, like a site that you're linking out to that's compromised and malicious--that's happened quite a bit in cases where sites are flagged like this in Google Ads.

The logical thing to do would be to provide that feedback as part of the assessment, if they're linking to a compromised site. Even that seems flawed, however. If OPs site is marked as compromised (and isnt) and someone links to it, will they then also be denied access to advertising because their site is now compromised? Soon thereafter I imagine that we have a runaway cascade and everyone is "compromised".

> Soon thereafter I imagine that we have a runaway cascade and everyone is "compromised".

The web isn't as well woven as it used to be. They'll just harm a bunch of innocent people, not numerous enough for the public at large to even notice.

Android should almost definitely be split off as a separate company.

I could see Android and Chrome as a combined company.

Android and Chrome are not great examples. They already open source projects (or 99.9% based on open source AOSP and Chromium codebases), which themselves only survive because Google is funding tons of engineers to work on them.

The cut should be in the vertical integration stacks. Like in Apple's case between the hardware and OS, between the OS and the App Store.

In Google's case, their hardware is already open, they mostly keep apps in their walled garden (and take their 30% troll tax) with things like GooglePlay and other Google "services", not sure how that would be something to break apart.

Realistically, the best outcome we can hope for is breaking Ads away from Search.

What I don't understand is why companies and brands like this just don't use NameBlock or a similar domain blocking service like GlobalBlock.

They literally can block domain names that have their company name or brand in them from being registered (up to 500 variations of their domain).

It's literally like $99/year to place a block. Saves a lot of the hassle of having to deal with parody and phishing sites and trying to take them down.

Just block the domain(s) from being registered in the first place.

This reads kind of like an advertisement. Plus it's subtly wrong.

My experience with the NameBlock API is that for those $99/year, they'll allow you to automate purchasing all similar domains. But then you have to pay registration fees on all of those domains, too. It's only $10/month per typo domain that you buy, but it sums up really quickly.

You're thinking of some other service, not NameBlock or GlobalBlock. There's no automated purchasing of all similar domain names. You don't pay registration fees, as the domains that end up being blocked will never be registered by anyone (not even you).

There literally is a block on the variations, it works at the Registry level not the registrar level.

The offending TLD here is .lol, which is not one of the TLDs they support. This would not have helped in this instance.

https://globalblock.co/included-extensions/

I'm also seeing much higher pricing:

https://www.101domain.com/global-block.htm

GlobalBlock is owned by GoDaddy, and pretty much covers the TLDs/extensions that are owned by GoDaddy Registry.

NameBlock is a separate company than GlobalBlock, and covers a different set of TLDs/extensions.

I didn't grab the pricing info for NameBlock because it requires you to sign an NDA to even see the pricing. I also don't see a list of TLDs they support.

How does that work in practice? Are you just paying them to lease it so you don’t have to?

If you place a block on a brand/companyname (a string of characters), then no one can register a domain name that contains those strings of characters. They also block up to 500 variations (placing a block on 'paypal' would get 'paypa1' blocked as well.

Those domains that are blocked won't be 'parked', someone trying to register the domain that's blocked, it will just say it's not available for registration.

I don't think you could block "clown" or "strike".

I doubt it. They are protecting against variations of "crowdstrike"...Not every variation of domains with the word "strike" in it. That would go beyond reasonable.

You'd be surprised. I recently parked some big name domains ending in various common TLDs in the world of government contracting. They did utilize some sort of parking or service to do it for them, but certainly not enough.

How can such services exist? Why would the registrars listen to them?

The domains are blocked at the registry level, not the registrar level.

Okay, why would the registry listen to them?

Most don’t.

This is very similar to Majestic's Link Graph where you can put in any domain name and see all the links, up to tier 5, that link to that domain name.

I'm wearing a Series 9 right now. What are the chances that they have to 'turn off' or 'disable' the pulse oximetry function?

I haven't heard that mentioned--or if it was I missed it.

I paid for it and I use it. It informs the VO2MAX graph in my database. That is very important to me.