News in brief: Facebook introspects; Magento RCE; RIP Robert Taylor

Robert Taylor

Your daily round-up of some of the other stories in the news

Killing prompts Facebook introspection

Facebook is reviewing its handling of content that violates its standards after a man used the platform to broadcast a murder on 16 April.

As a result of this terrible series of events, we are reviewing our reporting flows to be sure people can report videos and other material that violates our standards as easily and quickly as possible.

In addition to improving our reporting flows, we are constantly exploring ways that new technologies can help us make sure Facebook is a safe environment … We are also working on improving our review processes.

The killer uploaded three videos within the space of eleven minutes on Sunday. The first announced his intention to commit murder, the second showed the crime itself and the third was a confession.

According to Facebook’s timeline of events it was made aware of the first video within 18 minutes but almost an hour and 45 minutes elapsed before users began reporting the murder itself. The company disabled the suspect’s account 23 minutes later.

Earlier today Pennsylvania State Police announced that the man suspected of killing Robert Godwin as he walked home on Sunday afternoon had taken his own life.

Magento Remote Code Execution Vulnerability

A remote code execution vulnerability has been found in version 2 of Magento’s popular ecommerce software. The bug requires admin access so although it’s serious it will likely be hard to exploit.

In a security announcement sent on 14 April the Magento Security Team advised that the vulnerability will likely not be fixed until early May. Until then users are encouraged to enforce the use of the software’s “Add Secret Key to URLs” feature.

The following steps will enable the feature:

  1. Logon to Merchant Site Admin URL (e.g., your domain.com/admin)
  2. Click on Stores > Configuration > ADVANCED > Admin > Security > Add Secret Key to URL
  3. Select YES from the dropdown options
  4. Click on Save Config

A full description of the flaw can be found in an advisory published on DefenseCode.

Robert Taylor dies

Internet pioneer Robert Taylor died at his home in Woodside, California on 13 April 2017.

Praised for his “visionary leadership” Taylor was an inductee of the Internet Hall of Fame, a recipient of the National Medal of Technology and a winner of the Draper Prize.

In 1966 he initiated the connection of ARPA-funded research centres into the ARPAnet, a network that would eventually evolve into the Internet.

At Xerox Corp he founded the iconic Palo Alto Research Center (PARC) where the blueprint for much of modern personal computing was established.

Catch up with all of today’s stories on Naked Security


Image of Robert Taylor by Gardner Campbell licensed under CC BY-SA 2.0.