Enlarge (credit: Intel)

Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their products.

Researchers from security firm Binarly have confirmed that the lapse has resulted in Intel, Lenovo, and Supermicro shipping server hardware that contains a vulnerability that can be exploited to reveal security-critical information. The researchers, however, went on to warn that any hardware that incorporates certain generations of baseboard management controllers made by Duluth, Georgia-based AMI or Taiwan-based AETN are also affected.

Chain of fools

BMCs are tiny computers soldered into the motherboard of servers that allow cloud centers, and sometimes their customers, to streamline the remote management of vast fleets of servers. They enable administrators to remotely reinstall OSes, install and uninstall apps, and control just about every other aspect of the system—even when it's turned off. BMCs provide what’s known in the industry as “lights-out” system management. AMI and AETN are two of several makers of BMCs.

Activision has sent cease-and-desist letters to two makers of popular fan clients for legacy Call of Duty titles in recent weeks. The move cuts off access to the many gameplay and quality-of-life improvements brought by these clients and stops what fans say is the only safe way to play these older games without the threat of damaging hacking by opponents.

The first victim of Activision's recent efforts was SM2, a major Modern Warfare 2 modding project whose development started over two years ago . Since then, the modding group has been working on updating that seminal 2009 release with new weapons, in-game perks, a redesigned UI, new streak and progression systems, and even a recent move to a more modern game engine .

Those efforts stopped last week, though, before the mod could even release its first version. The SM2 Twitter account reported that "a team member received a Cease & Desist letter on behalf of Activision Publishing in relation to the SM2 project. We are complying with this order and shutting down all operations permanently."

Enlarge / Artist's conception of Blizzard fighting off DDoS attackers.

When a highly anticipated online game launches, unforeseen server capacity issues and long entry queues are nothing out of the ordinary. In the case of this week's Overwatch 2 early access launch, though, the usual crowding problems are apparently being exacerbated by coordinated distributed denial of service attacks.

On Tuesday evening, Blizzard President Mike Ybarra issued a generic tweet warning that "Teams are working hard on server issues with Overwatch 2 ." Less than an hour later, though, he followed up with some more worrying specifics. "Unfortunately we are experiencing a mass DDoS attack on our servers," he said. "Teams are working hard to mitigate/manage. This is causing a lot of drop/connection issues."

Overnight, Overwatch 2 Game Director Aaron Keller posted an update saying that "we’re steadily making progress on server issues and stability, as well as working through a second DDoS attack. We’re all hands on deck and will continue to work throughout the night. Thank you for your patience—we’ll share more info as it becomes available."

XMPP Providers - Curated List of Providers for Registration and Autocomplete

When? Wednesday, 2022-05-11 18:00 CEST (always 2ⁿᵈ Wednesday of every month)

Where? In and in front of xHain hack+makespace, Grünberger Str. 16, 10243 Berlin

No live stream and no recording this time, sorry. The revolution will not be televised. At least not by us and not tomorrow.

See you there or in our virtual room xmpp:berlin-meetup@conference.conversations.im?join

#jabber #xmpp #community #xhain #freesoftware #berlin #meetup #federation #providers #servers

For a couple of years already, we are #hosting Movim for free on different servers accross Europe (and soon on the other continents!). The Movim team is also hosting two XMPP servers (movim.eu and jappix.com) and their related services (file hosting, chatrooms, PubSub service…).

Those #servers and domains are directly financed personally by the administrators but still have a cost.

Today we are launching an official #Patreon page to allow our community to help us fund those servers and related services. Our overall monthly costs are around 50$ and we would like to see if the #Movim #community could cover them by doing small monthly donations.

There are actually 400 connected users on the XMPP servers, 100 of them are connected on the different pods that we are hosting. A small donation of 1$ monthly could easily allow us cover those cost and help the team to improve and extend the services in return :)

If you prefer to do a one time donation, you can also send it on our PayPal account.

Thanks again for your support!