Notion Sites takes Notion sites up a level

by with No Comment Tech

Cursor arrow pointing at URL on screen

Image Credits: Tetra Images / Getty Images

Popular productivity tool Notion has long allowed its users to make any of their pages public. Now, the company is expanding on this with the launch of Notion Sites, which adds several new features to its existing publishing tools. For the most part, these are pretty straightforward, but together, they do make for a more polished publishing experience.

A lot of content-centric work already happens in Notion, be that organizing publishing calendars or actually working on documents. Over the years, Notion users figured out all kinds of ways to turn their pages into websites — and some startups were even founded solely on that idea. Given that there’s a clear demand, it makes sense then for the company to lean into publishing that work directly.

Image Credits: Notion

“One of the best features of Notion has always been that with a single click, you can turn a Notion page into a publicly facing website,” Notion product lead Matt Piccolella told me ahead of today’s launch. “The problem with these pages is that they’ve always been missing many of the bells and whistles that you might expect to see on a website.”

Notion Sites adds some of those bells and whistles. Specifically, that means the ability to do things like customizing favicons and building navigation bars with links, as well as using breadcrumb navigation. These Notion Sites can now also easily be published under custom domains and, for better visibility and analytics, there are also basic SEO features (mostly title and description) as well as a Google Analytics integration. Notion users can now also customize their share previews to define how a site is represented on social media. And for finding information on the sites themselves, Notion has added a search feature.

Like before, the idea here is to help users publish any Notion page they may have been working on internally and then make those publicly available. That also means that virtually every existing Notion feature will appear on the public Notion Site, too.

Image Credits: Notion

One thing the team has very specifically stayed away from, though, is the ability to customize sites in detail. There’s a dark and light mode, just like in Notion itself, but that’s about it. Over time, Piccolella said, the team plans to add more visual theming options. The mission here, Piccolella said, is to make this the “simplest way to publish a beautiful website” — that means a lot of choice for the user.

“I think one of the benefits of Notion is that you get that kind of Notion look and feel, which is kind of effortlessly beautiful,” he said. “Fonts are going to look really nice and the colors are going to look really nice, without having to comb through tons of different visual styling and things like that. It’s actually kind of the visual minimalism that we like.”

Like seemingly every company, Notion is also thinking about how it can add AI functionality to help users build their Notion Sites but also to make AI features available to their users. Piccolella wasn’t yet ready to go into details about what that would look like, though.

XNXX joins handful of adult sites subject to EU's strictest content moderation rules

by with No Comment Tech

Image Credits: Jason Trbovich (opens in a new window) / Flickr (opens in a new window) under a CC BY 2.0 (opens in a new window) license.

The European Union has designated adult content website XNXX as subject to the strictest level of content regulation under the bloc’s Digital Services Act (DSA) after it notified the bloc it had passed the usage threshold of more than 45 million regional average monthly users.

It’s the fourth porn site to be named a very large online platform (VLOP), after Pornhub, Stripchat and XVideos gained the status in December 2023.

The EU has signaled it wants the regime to force popular platforms hosting adult content to add age verification to prevent minors accessing inappropriate content. Although, so far, other adult content VLOPs appear to have responded to the designation by asking users to self-declare they are over 18 years of age — rather than implementing more robust forms of age verification.

Zooming out, there are approaching two dozen other VLOPs operating across different types of businesses, including e-commerce, social networking and internet search. All the designated platforms are required to abide by an extra set of obligations that aim to drive algorithmic accountability through transparency and also mandate risk assessments to reduce negative societal impacts.

“Such obligations include adopting specific measures to empower and protect users online, to prevent minors from accessing pornographic content online, including with age-verification tools, to provide access to publicly available data to researchers, and to publish a repository of ads,” the Commission wrote in a press release Wednesday announcing XNXX as the latest VLOP.

XNXX has four months to be compliant with the rules for VLOPs, so by mid-November, which is when the EU expects it to submit its first risk assessment report.

Requirements for VLOPs sit on top of the DSA’s general rules, which have applied to XNXX since mid-February. These cover governance issues such as providing users with accessible tools to report illegal content.

Any breaches of the Pan-EU rulebook can attract fines of up to 6% of global annual turnover.

The European Commission is the sole enforcer of the DSA rules for VLOPs, which amps up the regulatory risk for designated platforms as the EU takes on centralized enforcement versus the decentralized oversight of the general rules, which loops in various authorities at the member state level. Up to now, oversight on XNXX has been undertaken by the Czech Telecommunication Office.

The EU has a number of open investigations on VLOPs for suspected non-compliance, including probes of X (formerly Twitter), TikTok, AliExpress and Facebook and Instagram. But — so far — it has not confirmed any breaches or issued any fines.

The bloc’s enforcers have also been active in expanding designations for VLOPs, with the initial 19 named in April 2023 now numbering 25 in total. “This designation illustrates how the Commission continues to closely monitor market developments,” the EU added of XNXX joining the VLOP club.

EU names three porn sites subject to its strictest online content rules

Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms

by with No Comment Tech

a sea of patterned green bugs with yellow bitcoin logos on them on a red background

Image Credits: Samuil Levich / Getty Images

A security researcher says six companies were saved from having to pay potentially hefty ransom demands, in part thanks to rookie security flaws found in the web infrastructure used by the ransomware gangs themselves.

Two companies received the decryption keys to unscramble their data without having to pay the cybercriminals a ransom, and four hacked crypto companies were alerted before the ransomware gang could begin encrypting their files, marking rare wins for the targeted victim organizations.

Vangelis Stykas, a security researcher and chief technology officer at Atropos.ai, set out on a research project to identify the command and control servers behind over 100 ransomware and extortion-focused groups and their data leak sites. The aim was to identify flaws that could be used to unmask information about the gangs themselves, including their victims. 

Stykas told TechCrunch ahead of his talk at the Black Hat security conference in Las Vegas on Thursday that he found several simple vulnerabilities in the web dashboards used by at least three ransomware gangs, which were enough to compromise the inner workings of the operations themselves.

Ransomware gangs typically hide their identities and operations on the dark web, an anonymous version of the web accessible through the Tor browser, which makes it difficult to identify where the real-world servers are that are used for cyberattacks and storage of stolen data.

But coding errors and security bugs in the leak sites, which ransomware gangs use to extort their victims by publishing their stolen files, allowed Stykas to peek inside without having to log in and extract information about each operation. In some cases, the bugs exposed the IP addresses of the leak site’s servers, which could be used to trace their real-world locations.

Some of the bugs include the Everest ransomware gang using a default password for accessing its back-end SQL databases, and exposing its file directories, and exposed API endpoints that revealed the targets of the BlackCat ransomware gang’s attacks while in progress.

Stykas said he also used one bug, known as an insecure direct object reference, or IDOR, to cycle through all of the chat messages of a Mallox ransomware administrator, which contained two decryption keys that Stykas then shared with the affected companies.

The researcher told TechCrunch that two of the victims were small businesses and the other four were crypto companies, with two of them considered unicorns (startups with valuations over $1 billion), though he declined to name the companies.

He added that none of the companies he notified has publicly disclosed the security incidents, and did not rule out disclosing the names of the companies in the future.

The FBI and other government authorities have long advocated victims of ransomware not to pay the hackers’ ransom, as to prevent the malicious actors from profiting from their cyberattacks. But the advice offers little by way of recourse for the companies that need to regain access to their data or can’t operate their business.

Law enforcement has seen some success in compromising ransomware gangs in order to obtain their bank of decryption keys and starve cybercriminals from their illegal revenue streams, albeit with mixed results.

The research shows that ransomware gangs can be susceptible to much of the same simple security issues as big companies, providing a potential avenue for law enforcement to target criminal hackers that are far out of jurisdictional reach. 

Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms

by with No Comment Tech

a sea of patterned green bugs with yellow bitcoin logos on them on a red background

Image Credits: Samuil Levich / Getty Images

A security researcher says six companies were saved from having to pay potentially hefty ransom demands, in part thanks to rookie security flaws found in the web infrastructure used by the ransomware gangs themselves.

Two companies received the decryption keys to unscramble their data without having to pay the cybercriminals a ransom, and four hacked crypto companies were alerted before the ransomware gang could begin encrypting their files, marking rare wins for the targeted victim organizations.

Vangelis Stykas, a security researcher and chief technology officer at Atropos.ai, set out on a research project to identify the command and control servers behind over 100 ransomware and extortion-focused groups and their data leak sites. The aim was to identify flaws that could be used to unmask information about the gangs themselves, including their victims. 

Stykas told TechCrunch ahead of his talk at the Black Hat security conference in Las Vegas on Thursday that he found several simple vulnerabilities in the web dashboards used by at least three ransomware gangs, which were enough to compromise the inner workings of the operations themselves.

Ransomware gangs typically hide their identities and operations on the dark web, an anonymous version of the web accessible through the Tor browser, which makes it difficult to identify where the real-world servers are that are used for cyberattacks and storage of stolen data.

But coding errors and security bugs in the leak sites, which ransomware gangs use to extort their victims by publishing their stolen files, allowed Stykas to peek inside without having to log in and extract information about each operation. In some cases, the bugs exposed the IP addresses of the leak site’s servers, which could be used to trace their real-world locations.

Some of the bugs include the Everest ransomware gang using a default password for accessing its back-end SQL databases, and exposing its file directories, and exposed API endpoints that revealed the targets of the BlackCat ransomware gang’s attacks while in progress.

Stykas said he also used one bug, known as an insecure direct object reference, or IDOR, to cycle through all of the chat messages of a Mallox ransomware administrator, which contained two decryption keys that Stykas then shared with the affected companies.

The researcher told TechCrunch that two of the victims were small businesses and the other four were crypto companies, with two of them considered unicorns (startups with valuations over $1 billion), though he declined to name the companies.

He added that none of the companies he notified has publicly disclosed the security incidents, and did not rule out disclosing the names of the companies in the future.

The FBI and other government authorities have long advocated victims of ransomware not to pay the hackers’ ransom, as to prevent the malicious actors from profiting from their cyberattacks. But the advice offers little by way of recourse for the companies that need to regain access to their data or can’t operate their business.

Law enforcement has seen some success in compromising ransomware gangs in order to obtain their bank of decryption keys and starve cybercriminals from their illegal revenue streams, albeit with mixed results.

The research shows that ransomware gangs can be susceptible to much of the same simple security issues as big companies, providing a potential avenue for law enforcement to target criminal hackers that are far out of jurisdictional reach. 

Notion Sites takes Notion sites up a level

by with No Comment Tech

Cursor arrow pointing at URL on screen

Image Credits: Tetra Images / Getty Images

Popular productivity tool Notion has long allowed its users to make any of their pages public. Now, the company is expanding on this with the launch of Notion Sites, which adds several new features to its existing publishing tools. For the most part, these are pretty straightforward, but together, they do make for a more polished publishing experience.

A lot of content-centric work already happens in Notion, be that organizing publishing calendars or actually working on documents. Over the years, Notion users figured out all kinds of ways to turn their pages into websites — and some startups were even founded solely on that idea. Given that there’s a clear demand, it makes sense then for the company to lean into publishing that work directly.

Image Credits: Notion

“One of the best features of Notion has always been that with a single click, you can turn a Notion page into a publicly facing website,” Notion product lead Matt Piccolella told me ahead of today’s launch. “The problem with these pages is that they’ve always been missing many of the bells and whistles that you might expect to see on a website.”

Notion Sites adds some of those bells and whistles. Specifically, that means the ability to do things like customizing favicons and building navigation bars with links, as well as using breadcrumb navigation. These Notion Sites can now also easily be published under custom domains and, for better visibility and analytics, there are also basic SEO features (mostly title and description) as well as a Google Analytics integration. Notion users can now also customize their share previews to define how a site is represented on social media. And for finding information on the sites themselves, Notion has added a search feature.

Like before, the idea here is to help users publish any Notion page they may have been working on internally and then make those publicly available. That also means that virtually every existing Notion feature will appear on the public Notion Site, too.

Image Credits: Notion

One thing the team has very specifically stayed away from, though, is the ability to customize sites in detail. There’s a dark and light mode, just like in Notion itself, but that’s about it. Over time, Piccolella said, the team plans to add more visual theming options. The mission here, Piccolella said, is to make this the “simplest way to publish a beautiful website” — that means a lot of choice for the user.

“I think one of the benefits of Notion is that you get that kind of Notion look and feel, which is kind of effortlessly beautiful,” he said. “Fonts are going to look really nice and the colors are going to look really nice, without having to comb through tons of different visual styling and things like that. It’s actually kind of the visual minimalism that we like.”

Like seemingly every company, Notion is also thinking about how it can add AI functionality to help users build their Notion Sites but also to make AI features available to their users. Piccolella wasn’t yet ready to go into details about what that would look like, though.

XNXX joins handful of adult sites subject to EU's strictest content moderation rules

by with No Comment Tech

Image Credits: Jason Trbovich (opens in a new window) / Flickr (opens in a new window) under a CC BY 2.0 (opens in a new window) license.

The European Union has designated adult content website XNXX as subject to the strictest level of content regulation under the bloc’s Digital Services Act (DSA) after it notified the bloc it had passed the usage threshold of more than 45 million regional average monthly users.

It’s the fourth porn site to be named a very large online platform (VLOP), after Pornhub, Stripchat and XVideos gained the status in December 2023.

The EU has signaled it wants the regime to force popular platforms hosting adult content to add age verification to prevent minors accessing inappropriate content. Although, so far, other adult content VLOPs appear to have responded to the designation by asking users to self-declare they are over 18 years of age — rather than implementing more robust forms of age verification.

Zooming out, there are approaching two dozen other VLOPs operating across different types of businesses, including e-commerce, social networking and internet search. All the designated platforms are required to abide by an extra set of obligations that aim to drive algorithmic accountability through transparency and also mandate risk assessments to reduce negative societal impacts.

“Such obligations include adopting specific measures to empower and protect users online, to prevent minors from accessing pornographic content online, including with age-verification tools, to provide access to publicly available data to researchers, and to publish a repository of ads,” the Commission wrote in a press release Wednesday announcing XNXX as the latest VLOP.

XNXX has four months to be compliant with the rules for VLOPs, so by mid-November, which is when the EU expects it to submit its first risk assessment report.

Requirements for VLOPs sit on top of the DSA’s general rules, which have applied to XNXX since mid-February. These cover governance issues such as providing users with accessible tools to report illegal content.

Any breaches of the Pan-EU rulebook can attract fines of up to 6% of global annual turnover.

The European Commission is the sole enforcer of the DSA rules for VLOPs, which amps up the regulatory risk for designated platforms as the EU takes on centralized enforcement versus the decentralized oversight of the general rules, which loops in various authorities at the member state level. Up to now, oversight on XNXX has been undertaken by the Czech Telecommunication Office.

The EU has a number of open investigations on VLOPs for suspected non-compliance, including probes of X (formerly Twitter), TikTok, AliExpress and Facebook and Instagram. But — so far — it has not confirmed any breaches or issued any fines.

The bloc’s enforcers have also been active in expanding designations for VLOPs, with the initial 19 named in April 2023 now numbering 25 in total. “This designation illustrates how the Commission continues to closely monitor market developments,” the EU added of XNXX joining the VLOP club.

EU names three porn sites subject to its strictest online content rules