Haha, is this what it takes to get a fearmongering article into arstechnica? A Wix website and an IDA screenshot that shows.. nothing at all?
Like, that IDA view is literally what you get when you open IDA on a binary or compressed file and pretend it's x86 assembly. Empty functions list and a navigation bar that is showing all white data.
You should try and write a fearmongering article and see if it makes it in!
Seriously though, it's not like they ran the story solely because of a screenshot. Other things they likely considered (being a reputable news source [1]) would include the source of the information and historical accuracy of that source, additional source material that was not fit for publication (confidentiality, irrelevent beyond proving accuracy of information, etc.), and other independent verification (reaching out to potential affected companies, communication with the sellers, viewing the advertisement for the material, etc.).
On top of that, writing the article in this way allows for expansion and updates as more information is confirmed or comes to light.
Welcome to how reputable news companies work. They generally don't make stuff up on the spot based on a screenshot.
The article is fine. If you read it you would have discovered that the hackers claim to be selling access to three US AV companies. This is a group of attackers that has a history of selling access to large organizations, so there's a good chance that what they are offering is real. It doesn't sound like the hackers have revealed the names of the companies. If they did reveal the names, the value of what they are selling would be significantly lower.
> The article is fine. If you read it you would have discovered that...
> It doesn't sound like the hackers have revealed the names of the companies.
It sounds like the article isn't clearly stating that the hackers haven't revealed the names of the companies, rather requires intuition of the reader to figure out. IMO the journalist should be more clear.
HN Guidelines: Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that."
I read the article. I was interested in who got hacked, not that someone got hacked.
So, they are claiming to have done so but did not reveal which ones?
The spy in me wonders if this is fake to discourage campaigns to use AV software in the coming elections. The non-spy just worries about my company's AV software.
It'd be nice to know which ones, so I can push back more effectively if anyone tries to force us to use something besides the builtin Windows AV on our development workstations.
Running Visual Studio or building npm/bower-based web projects on a machine that has one or, god help you, two or three of these deep-scanning real-time protection clusterflips is like watching paint dry in a monsoon.
Like, that IDA view is literally what you get when you open IDA on a binary or compressed file and pretend it's x86 assembly. Empty functions list and a navigation bar that is showing all white data.