So strange that twitter can't automatically filter these. The message format is pretty consistent. Surely they could write something to at least put tweets matching this pattern in a moderation queue.
Facebook Messenger is blocking me from sending any string containing the attacker's wallet address bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh. I'm trying to send blockchain explorer URL's to friends and it's failing.
Facebook messenger has extremely sensitive filters. It seems to block most links I try to send. Most recently, I tried to send a GIF of a beautiful city on a river to my girlfriend. Nope, blocked. The link was a GIF sharing site, I don't remember which one, but it's highly unlikely there's any malware on it so it must be a porn filter.
And as for sending links to my staging site to a couple of tech friends... forget about it.
Reminds me of a thing years ago where a virus used a Twitter account's messages as its command & control system. Said twitter account encoded the commands in base64 I believe.
That dude is talking the exact way a lot of execs think. If this is due to one person's screw-up, that person is going to get railroaded out of the company's back door.
I saw this happen before. A newish IT guy accidentally deployed a script to a few hundred machines that took down the whole worldwide intranet for a multi-billion dollar juggernaut for an hour or so. He was supposedly forgiven, but ended up on a "performance improvement plan" where he had a bunch of impossible tasks, and every shortcoming was documented to use against him until he was fired.
I wish things worked the way you think they do, or if not that way, I wish they'd at least just shitcan the dude on the spot (with a few months' severance) and be done with it.
If you ever get put on a PIP for a reason that's obviously to get rid of you as fast as possible, have a quiet word with someone in power and float the idea of a settlement agreement.
You might even get a free laptop out of it..
(This comment is only considering employment in the UK)
In the US it's true companies get indemnity for this, but they also usually have better lawyers than you do, so most will play hardball and you lose and then when a company does a background search on you and see litigiousness... it's better to take your losses and move on.
I don’t know what form it would or even should take but these kinds of “Performance Improvement Plans” where the person being coached is set up for failure needs some kind of alternative that incentivizes employers to either responsibly dismiss the person or otherwise be genuine with “performance improvement”.
These tactics are hard to prove if someone goes to court over it (probably) but are just as hard to recover emotionally from and can stunt a person all the way to their next job or many.
So when you see those impossible job descriptions that no one can possibly meet, that is your cover. It's not fair, but sometimes you just don't fit in and the team has to get rid of the fly in the ointment.
While I agree 100% with your response in general, Twitter are suggesting this is an inside job (the "social engineering" line looks like a cover for "someone has been paid for internal access"). If that's true, then someone is definitely getting fired today, and a whole lot more than fired to follow!
They used the edit function to walk back their comment as a 'joke' after my post was submitted, and managed to make things worse in the process.
Would you joke about firing someone for a mistake during an interview? I would consider that a dealbreaker if I were interviewing someone, as in "this interview is over, go home".
Do you consider HN an appropriate forum for pithy one-liner jokes that do not contribute to the discussion? Reconsider.
It depends, same as it does for an employee. Is there a history of negligence? Did they refuse to consider warnings of risk that were presented? Did they or their peers brief their management on the risk?
Unlikely. That isn't how hacks or outages are punished in large software service orgs, unless it was intentional or due to negligence like disabling a failing test to get something shipped to prod.
They should have used unique wallets for each tweet and A/B tested the gullibility of the victim's audience.
Would have made them more difficult to track and shut down as well. More hallmarks that this wasn't probably something they lucked into, rather than some sophisticated attack.
New address: bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l
Tweet: https://mobile.twitter.com/CashApp/status/128352200769559757...