Huawei opens core tech to developers and hopes to inspire the next TikTok
It also laid out plans to see Google replacement HarmonyOS on smartphones from next year and a handful of new consumer devices.
Huawei has announced it will fully open core technologies, including its software and hardware capabilities, to developers and partners.
As part of this plan, Huawei will open software services, such as browsing, search, map, payment, advertising kits, and hardware capabilities, including AR map, communication and transmission tools, as well as security capabilities.
Huawei consumer business group CEO Richard Yu appealed to developers and partners to work with the company to "jointly build a fully-connected all-scenario intelligent ecosystem" featuring new apps across different categories.
"Developers can benefit from all the resources we have β¦ we're dedicated to introducing Chinese developers' work to global consumers, hoping to see more TikTok in the future, so that we can take them to the overseas market," Yu said, speaking through a translator during his keynote speech at Huawei's Developer Conference 2020.
π ππΌ https://www.zdnet.com/article/huawei-opens-core-tech-to-developers-and-hopes-to-inspire-the-next-tiktok
#huawei #open #core #tech #HarmonyOS #developers
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
It also laid out plans to see Google replacement HarmonyOS on smartphones from next year and a handful of new consumer devices.
Huawei has announced it will fully open core technologies, including its software and hardware capabilities, to developers and partners.
As part of this plan, Huawei will open software services, such as browsing, search, map, payment, advertising kits, and hardware capabilities, including AR map, communication and transmission tools, as well as security capabilities.
Huawei consumer business group CEO Richard Yu appealed to developers and partners to work with the company to "jointly build a fully-connected all-scenario intelligent ecosystem" featuring new apps across different categories.
"Developers can benefit from all the resources we have β¦ we're dedicated to introducing Chinese developers' work to global consumers, hoping to see more TikTok in the future, so that we can take them to the overseas market," Yu said, speaking through a translator during his keynote speech at Huawei's Developer Conference 2020.
π ππΌ https://www.zdnet.com/article/huawei-opens-core-tech-to-developers-and-hopes-to-inspire-the-next-tiktok
#huawei #open #core #tech #HarmonyOS #developers
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
ZDNet
Huawei opens core tech to developers and hopes to inspire the next TikTok
It also laid out plans to see Google replacement HarmonyOS on smartphones from next year and a handful of new consumer devices.
Fishing in the Piracy Stream: How the Dark Web of Entertainment is Exposing Consumers to Harm
Digital Citizens Investigation Finds Malware on PiracyApps That Steal User Names and Passwords, Probe to Breach Networks, and Secretly Upload Data.
π ππΌ (PDF)
https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DCA_Fishing_in_the_Piracy_Stream_v6.pdf
π ππΌ Read as well:
Dark Web-Hosted Movies and Fake Apps Are Costing the US Movie and TV Industry Billions Every Year
https://tapeucwutvne7l5o.onion/dark-web-hosted-movies-and-fake-apps-are-costing-the-us-movie-and-tv-industry-billions-every-year
#darknet #darkweb #movies #piracy #report #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Digital Citizens Investigation Finds Malware on PiracyApps That Steal User Names and Passwords, Probe to Breach Networks, and Secretly Upload Data.
π ππΌ (PDF)
https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DCA_Fishing_in_the_Piracy_Stream_v6.pdf
π ππΌ Read as well:
Dark Web-Hosted Movies and Fake Apps Are Costing the US Movie and TV Industry Billions Every Year
https://tapeucwutvne7l5o.onion/dark-web-hosted-movies-and-fake-apps-are-costing-the-us-movie-and-tv-industry-billions-every-year
#darknet #darkweb #movies #piracy #report #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Dark Web-Hosted Movies and Fake Apps Are Costing the US Movie and TV Industry Billions Every Year
The dark web facilitates the movie piracy industry thatβs costing the US movie and TV industry billions of dollars in lost revenue
Illegal movie downloads and counterfeit entertainment apps are costing the US movie and television industry billions of dollars every year.
Today, there are more than 150 billion views of illicit multimedia being consumed across the US every single year. It turns out that a majority of these views have been unaccounted for as a significantly high number of offenders continue to operate under the radar of copyright enforcement authorities.
Illegal file sharing is normally facilitated via torrent websites, which denote online platforms where individuals upload large files.
The torrent websites are accessible to people looking out to download uploaded information that would include pirated movie content, software programs, and video games.
Importantly, the dark web, which is known for hosting illicit goods and services for sale, has become a significantly relevant player in the illegal movies and fake apps business. Here, millions of illicit files are uploaded and accessed by darknet downloaders.
While speaking to Amarillo News, Dr. Brandon Bang, a criminal justice expert, said that the current circumstance surrounding pirated entertainment material has led to the loss of employment opportunities and revenue streams across the economic spectrum.
He went on to highlight the role of torrent websites in enabling the illegal movie download business that has affected the entire industry. The criminal justice pundit went on to cite the case involving shutdown of the torrent website MegaUpload β an event that was big enough to cause noticeable positive changes in the TV industry, which gained a more than 5 percent increase in revenue due to the anti-piracy operation.
π ππΌ https://tapeucwutvne7l5o.onion/dark-web-hosted-movies-and-fake-apps-are-costing-the-us-movie-and-tv-industry-billions-every-year
π ππΌ https://abc7amarillo.com/news/local/illegal-downloading-is-costing-the-us-movie-television-industry-billions-per-year
π ππΌ Read as well (pdf)
Fishing in the Piracy Stream: How the Dark Web of Entertainment is Exposing Consumers to Harm
https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DCA_Fishing_in_the_Piracy_Stream_v6.pdf
#darknet #darkweb #movies #piracy #report #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The dark web facilitates the movie piracy industry thatβs costing the US movie and TV industry billions of dollars in lost revenue
Illegal movie downloads and counterfeit entertainment apps are costing the US movie and television industry billions of dollars every year.
Today, there are more than 150 billion views of illicit multimedia being consumed across the US every single year. It turns out that a majority of these views have been unaccounted for as a significantly high number of offenders continue to operate under the radar of copyright enforcement authorities.
Illegal file sharing is normally facilitated via torrent websites, which denote online platforms where individuals upload large files.
The torrent websites are accessible to people looking out to download uploaded information that would include pirated movie content, software programs, and video games.
Importantly, the dark web, which is known for hosting illicit goods and services for sale, has become a significantly relevant player in the illegal movies and fake apps business. Here, millions of illicit files are uploaded and accessed by darknet downloaders.
While speaking to Amarillo News, Dr. Brandon Bang, a criminal justice expert, said that the current circumstance surrounding pirated entertainment material has led to the loss of employment opportunities and revenue streams across the economic spectrum.
He went on to highlight the role of torrent websites in enabling the illegal movie download business that has affected the entire industry. The criminal justice pundit went on to cite the case involving shutdown of the torrent website MegaUpload β an event that was big enough to cause noticeable positive changes in the TV industry, which gained a more than 5 percent increase in revenue due to the anti-piracy operation.
π ππΌ https://tapeucwutvne7l5o.onion/dark-web-hosted-movies-and-fake-apps-are-costing-the-us-movie-and-tv-industry-billions-every-year
π ππΌ https://abc7amarillo.com/news/local/illegal-downloading-is-costing-the-us-movie-television-industry-billions-per-year
π ππΌ Read as well (pdf)
Fishing in the Piracy Stream: How the Dark Web of Entertainment is Exposing Consumers to Harm
https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DCA_Fishing_in_the_Piracy_Stream_v6.pdf
#darknet #darkweb #movies #piracy #report #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
KVII
Illegal downloading is costing the U.S. movie & television industry billions per year
Illegal downloading is costing the U. S. movie & television industry, billions of dollars a year. We spoke to Dr. Brandon Bang, assistant Professor of criminal justice at WT and director of the criminal justice program, who said it's also costing the U. S.β¦
QAnon Website Shuts Down After N.J. Man Identified as Operator
A popular website for posts about the conspiracy group QAnon abruptly shut down after a fact-checking group identified the developer as a New Jersey man.
Qmap.pub is among the largest websites promoting the QAnon conspiracy, with over 10 million visitors in July, according to web analytics firm SimilarWeb Ltd., and served as the primary archive of QAnonβs posts. The website aggregates posts by Q, the anonymous figure behind the QAnon theory, and the creator of the Qmap.pub website is known online only as βQAppAnon.β
The fact-checking site Logically.ai identified Jason Gelinas of New Jersey on Sept. 10 as the βdeveloper and mouthpieceβ for the site. New Jersey state records connect QAppAnon to Gelinasβs home address, Bloomberg found.
Reached outside his home, Gelinas declined to comment on the Logically report, saying only that someone had sent it to him on Twitter after it was published.
βIβm not going to comment on any of that,β Gelinas said when asked if he was behind the website Qmap. βIβm not going to get involved. I want to stay out of it.β
Wearing an American flag baseball cap, Gelinas said that QAnon is a βpatriotic movement to save the country.β
π ππΌ https://www.bloomberg.com/news/articles/2020-09-11/qanon-website-shuts-down-after-n-j-man-identified-as-operator
#qanon #qmap #QAppAnon #website #shutdown
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
A popular website for posts about the conspiracy group QAnon abruptly shut down after a fact-checking group identified the developer as a New Jersey man.
Qmap.pub is among the largest websites promoting the QAnon conspiracy, with over 10 million visitors in July, according to web analytics firm SimilarWeb Ltd., and served as the primary archive of QAnonβs posts. The website aggregates posts by Q, the anonymous figure behind the QAnon theory, and the creator of the Qmap.pub website is known online only as βQAppAnon.β
The fact-checking site Logically.ai identified Jason Gelinas of New Jersey on Sept. 10 as the βdeveloper and mouthpieceβ for the site. New Jersey state records connect QAppAnon to Gelinasβs home address, Bloomberg found.
Reached outside his home, Gelinas declined to comment on the Logically report, saying only that someone had sent it to him on Twitter after it was published.
βIβm not going to comment on any of that,β Gelinas said when asked if he was behind the website Qmap. βIβm not going to get involved. I want to stay out of it.β
Wearing an American flag baseball cap, Gelinas said that QAnon is a βpatriotic movement to save the country.β
π ππΌ https://www.bloomberg.com/news/articles/2020-09-11/qanon-website-shuts-down-after-n-j-man-identified-as-operator
#qanon #qmap #QAppAnon #website #shutdown
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Bloomberg.com
QAnon Website Shuts Down After N.J. Man Identified as Operator
A popular website for posts about the conspiracy group QAnon abruptly shut down after a fact-checking group identified the developer as a New Jersey man.
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack - Researcher kept a major Bitcoin bug secret for two years to prevent attacks
The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.
In 2018, a security researcher discovered a major vulnerability in Bitcoin Core, the software that powers the Bitcoin blockchain, but after reporting the issue and having it patched, the researcher opted to keep details private in order to avoid hackers exploiting the issue.
Technical details were published earlier this week after the same vulnerability was independently discovered in another cryptocurrency, based on an older version of the Bitcoin code that hadn't received the patch.
Called INVDoS, the vulnerability is a classic denial-of-service (DoS) attack. While in many cases, DoS attacks are harmless, they are not for internet-reachable systems, which need to have stable uptime in order to process transactions.
INVDoS was discovered in 2018 by Braydon Fuller, a Bitcoin protocol engineer. Fuller found that an attacker could create malformed Bitcoin transactions that, when processed by Bitcoin blockchain nodes, would lead to uncontrolled consumption of the server's memory resources, which would eventually crash impacted systems.
π ππΌ CVE-2018-17145: Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (pdf)
https://invdos.net/paper/CVE-2018-17145.pdf
π ππΌ https://www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks
#researcher #bitcoin #bug #INVDoS #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.
In 2018, a security researcher discovered a major vulnerability in Bitcoin Core, the software that powers the Bitcoin blockchain, but after reporting the issue and having it patched, the researcher opted to keep details private in order to avoid hackers exploiting the issue.
Technical details were published earlier this week after the same vulnerability was independently discovered in another cryptocurrency, based on an older version of the Bitcoin code that hadn't received the patch.
Called INVDoS, the vulnerability is a classic denial-of-service (DoS) attack. While in many cases, DoS attacks are harmless, they are not for internet-reachable systems, which need to have stable uptime in order to process transactions.
INVDoS was discovered in 2018 by Braydon Fuller, a Bitcoin protocol engineer. Fuller found that an attacker could create malformed Bitcoin transactions that, when processed by Bitcoin blockchain nodes, would lead to uncontrolled consumption of the server's memory resources, which would eventually crash impacted systems.
π ππΌ CVE-2018-17145: Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (pdf)
https://invdos.net/paper/CVE-2018-17145.pdf
π ππΌ https://www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks
#researcher #bitcoin #bug #INVDoS #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Welcome to the quantum Internet, with privacy guaranteed by the laws of physics
Quantum computing is gradually moving from the realm of science β and even science fiction β to become a practical technology that is being used in real-life contexts.
Three years ago, Privacy News Online wrote about one aspect β the possibility that quantum computers will be able to unlock all of todayβs encryption, including the strongest. But increasingly, a more positive vision of quantum computing is emerging. It is centered around the creation of what is being called the quantum Internet.
Thatβs just a shorthand way of saying a global network of quantum computers and other devices based on the physics of quantum mechanics, able to exchange information much as ordinary systems do across todayβs non-quantum Internet. But the quantum version has one crucial property that makes it of great importance for privacy: it offers a fundamentally secure way of communication in which privacy is guaranteed by the laws of physics.
Thatβs because the quantum bits β qubits β that move across a quantum network link are subject to the observer effect: any attempt to monitor them as they traverse the network would modify them. As a result, it will be evident when things like encryption keys or data have been compromised en route. There is no way around this β it is an inherent property of quantum mechanical systems β which is why so many companies and governments are exploring how to create quantum networks and the quantum Internet.
π ππΌ https://www.privateinternetaccess.com/blog/welcome-to-the-quantum-internet-with-privacy-guaranteed-by-the-laws-of-physics/
π ππΌ (pdf)
https://www.energy.gov/sites/prod/files/2020/07/f76/QuantumWkshpRpt20FINAL_Nav_0.pdf
#quantum #internet #privacy #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Quantum computing is gradually moving from the realm of science β and even science fiction β to become a practical technology that is being used in real-life contexts.
Three years ago, Privacy News Online wrote about one aspect β the possibility that quantum computers will be able to unlock all of todayβs encryption, including the strongest. But increasingly, a more positive vision of quantum computing is emerging. It is centered around the creation of what is being called the quantum Internet.
Thatβs just a shorthand way of saying a global network of quantum computers and other devices based on the physics of quantum mechanics, able to exchange information much as ordinary systems do across todayβs non-quantum Internet. But the quantum version has one crucial property that makes it of great importance for privacy: it offers a fundamentally secure way of communication in which privacy is guaranteed by the laws of physics.
Thatβs because the quantum bits β qubits β that move across a quantum network link are subject to the observer effect: any attempt to monitor them as they traverse the network would modify them. As a result, it will be evident when things like encryption keys or data have been compromised en route. There is no way around this β it is an inherent property of quantum mechanical systems β which is why so many companies and governments are exploring how to create quantum networks and the quantum Internet.
π ππΌ https://www.privateinternetaccess.com/blog/welcome-to-the-quantum-internet-with-privacy-guaranteed-by-the-laws-of-physics/
π ππΌ (pdf)
https://www.energy.gov/sites/prod/files/2020/07/f76/QuantumWkshpRpt20FINAL_Nav_0.pdf
#quantum #internet #privacy #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Privacy News Online by Private Internet Access VPN
Welcome to the quantum Internet, with privacy guaranteed by the laws of physics
Quantum computing is gradually moving from the realm of science β and even science fiction β to become a practical technology that is being used in
ByteDance won't allow TikTok's algorithm to be part of a sale: Report
As the deadline for a forced sale or shutdown of the U.S. operations of the TikTok video-sharing app fast approaches, ByteDance is said to have decided its algorithm won't be part of any sale that happens.
September 15, the date by which U.S. President Donald Trump has ordered ByteDance to either sell TikTok to a U.S. company or see the service banned from the U.S. market, is looming. Today, September 13, The South China Morning Post is reporting (based on an unnamed source that the SCMP says was briefed on the Chinese company's boardroom discussions) that ByteDance has decided TikTok's algorithm won't be included as part of the sale.
So now the question is will a sale still happen by Tuesday? Will Microsoft and Walmart, Oracle -- with close ties to Trump -- and/or various TikTok investors still see enough value in TikTok to push forward with a purchase? And for how much?
Even before today's report about terms around the algorithm, there were questions whether a sale would happen at all. The Wall Street Journal reported on September 9 that ByteDance was discussing with the U.S. government various possible arrangements that would allow TikTok to avoid a full sale of its U.S. operations. And before that, the Chinese government had put in place steps designed to make a sale to a U.S. company more difficult, if not impossible.
π ππΌ https://www.scmp.com/economy/china-economy/article/3101362/tiktoks-algorithm-not-sale-bytedance-tells-us-source
π ππΌ https://www.zdnet.com/article/bytedance-wont-allow-tiktoks-algorithm-to-be-part-of-a-sale-report
#report #TikTok #DeleteTikTok #china #usa #sale #algorithm
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
As the deadline for a forced sale or shutdown of the U.S. operations of the TikTok video-sharing app fast approaches, ByteDance is said to have decided its algorithm won't be part of any sale that happens.
September 15, the date by which U.S. President Donald Trump has ordered ByteDance to either sell TikTok to a U.S. company or see the service banned from the U.S. market, is looming. Today, September 13, The South China Morning Post is reporting (based on an unnamed source that the SCMP says was briefed on the Chinese company's boardroom discussions) that ByteDance has decided TikTok's algorithm won't be included as part of the sale.
So now the question is will a sale still happen by Tuesday? Will Microsoft and Walmart, Oracle -- with close ties to Trump -- and/or various TikTok investors still see enough value in TikTok to push forward with a purchase? And for how much?
Even before today's report about terms around the algorithm, there were questions whether a sale would happen at all. The Wall Street Journal reported on September 9 that ByteDance was discussing with the U.S. government various possible arrangements that would allow TikTok to avoid a full sale of its U.S. operations. And before that, the Chinese government had put in place steps designed to make a sale to a U.S. company more difficult, if not impossible.
π ππΌ https://www.scmp.com/economy/china-economy/article/3101362/tiktoks-algorithm-not-sale-bytedance-tells-us-source
π ππΌ https://www.zdnet.com/article/bytedance-wont-allow-tiktoks-algorithm-to-be-part-of-a-sale-report
#report #TikTok #DeleteTikTok #china #usa #sale #algorithm
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
South China Morning Post
Exclusive | TikTokβs algorithm not for sale, ByteDance tells US: source
Chinese tech company decides not to sell or transfer code behind the popular video-sharing app, source says.
Protect your information from physical threats
π‘ ππΌ Table of Contents ππΌ
π ππΌ What you can learn from this guide
π ππΌ Assessing your risks
π ππΌ Creating your physical security policy
π ππΌ Protecting your information from physical intruders
π ππΌ Software and settings related to physical security
π ππΌ Maintaining a healthy environment for your equipment
π ππΌ Further reading
π‘ π ππΌ https://securityinabox.org/en/guide/physical/
#security #physical #information #guide
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
π‘ ππΌ Table of Contents ππΌ
π ππΌ What you can learn from this guide
π ππΌ Assessing your risks
π ππΌ Creating your physical security policy
π ππΌ Protecting your information from physical intruders
π ππΌ Software and settings related to physical security
π ππΌ Maintaining a healthy environment for your equipment
π ππΌ Further reading
π‘ π ππΌ https://securityinabox.org/en/guide/physical/
#security #physical #information #guide
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
securityinabox.org
Protect against physical threats
China's 'hybrid war': Beijing's mass surveillance of Australia and the world for secrets and scandal
A Chinese company with links to Beijing's military and intelligence networks has been amassing a vast database of detailed personal information on thousands of Australians, including prominent and influential figures.
A database of 2.4 million people, including more than 35,000 Australians, has been leaked from the Shenzhen company Zhenhua Data which is believed to be used by China's intelligence service, the Ministry of State Security.
Zhenhua has the People's Liberation Army and the Chinese Communist Party among its main clients.
Information collected includes dates of birth, addresses, marital status, along with photographs, political associations, relatives and social media IDs.
It collates Twitter, Facebook, LinkedIn, Instagram and even TikTok accounts, as well as news stories, criminal records and corporate misdemeanours.
While much of the information has been "scraped" from open-source material, some profiles have information which appears to have been sourced from confidential bank records, job applications and psychological profiles.
The company is believed to have sourced some of its information from the so-called "dark web".
One intelligence analyst said the database was "Cambridge Analytica on steroids", referring to the trove of personal information sourced from Facebook profiles in the lead up to the 2016 US election campaign.
π ππΌ https://www.abc.net.au/news/2020-09-14/chinese-data-leak-linked-to-military-names-australians/12656668
#china #beijing #australia #eu #uk #canada #hybrid #war #mass #surveillance #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
A Chinese company with links to Beijing's military and intelligence networks has been amassing a vast database of detailed personal information on thousands of Australians, including prominent and influential figures.
A database of 2.4 million people, including more than 35,000 Australians, has been leaked from the Shenzhen company Zhenhua Data which is believed to be used by China's intelligence service, the Ministry of State Security.
Zhenhua has the People's Liberation Army and the Chinese Communist Party among its main clients.
Information collected includes dates of birth, addresses, marital status, along with photographs, political associations, relatives and social media IDs.
It collates Twitter, Facebook, LinkedIn, Instagram and even TikTok accounts, as well as news stories, criminal records and corporate misdemeanours.
While much of the information has been "scraped" from open-source material, some profiles have information which appears to have been sourced from confidential bank records, job applications and psychological profiles.
The company is believed to have sourced some of its information from the so-called "dark web".
One intelligence analyst said the database was "Cambridge Analytica on steroids", referring to the trove of personal information sourced from Facebook profiles in the lead up to the 2016 US election campaign.
π ππΌ https://www.abc.net.au/news/2020-09-14/chinese-data-leak-linked-to-military-names-australians/12656668
#china #beijing #australia #eu #uk #canada #hybrid #war #mass #surveillance #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
www.abc.net.au
China's mass surveillance of 35,000 Australians revealed
A database of 2.4 million people, including more than 35,000 Australians, has been leaked from the Shenzhen company Zhenhua Data, which is believed to be used by China's intelligence service, the Ministry of State Security.
Forwarded from cRyPtHoNβ’ INFOSEC (DE)
Interview mit den Machern vom Zeroday-Podcast: bitte Fragen einreichen!
Zeroday-Podcast fΓΌr Informationssicherheit und Datenschutz von Stefan und Sven. Schon seit Ende 2016 begeistern uns die beiden regelmΓ€Γig mit ihrem Podcast. In den einschlΓ€gigen Telegram-Nachrichten KanΓ€len sind sie schon lange regelmΓ€Γig vertreten. Aber auch in unseren Lesetipps sind sie immer wieder mit dabei und gern gesehene GΓ€ste. Jetzt haben wir endlich die Gelegenheit fΓΌr ein Interview mit den beiden.
So ein Podcast ist schon eine feine Sache. Egal wo man sich gerade befindet, man kann sich immer und ΓΌberall zu seinen Lieblingsthemen etwas Passendes anhΓΆren. Und klar, welches Thema kΓΆnnte fΓΌr einen Leser der Tarnkappe passender sein, als Informationssicherheit und Datenschutz. Denn digitale Selbstverteidigung, Informationssicherheit und unser Datenschutz werden immer wichtiger.
Stefan und Sven haben sich genau diesem Thema verschrieben. Seit Ende 2016 sind sie mit viel Leidenschaft dabei. Mit ihrem regelmΓ€Γig erscheinenden Zeroday-Podcast, versuchen sie seit nun fast vier Jahren ihre HΓΆrer fΓΌr diese Themen zu begeistern.
π§ ππΌ https://t.iss.one/cRyPtHoN_INFOSEC_DE/4335
β οΈ Denkt immer daran, diese Techniken oder Hardware nur bei GerΓ€ten anzuwenden, deren Eigner oder Nutzer das erlaubt haben. Der unerlaubte Zugriff auf fremde Infrastruktur ist strafbar (In Deutschland Β§202a, Β§202b, Β§202c StGB).
π ππΌ https://tarnkappe.info/interview-mit-den-machern-von-zeroday-podcast-bitte-fragen-einreichen/
#Interview #Zeroday #Podcast
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Zeroday-Podcast fΓΌr Informationssicherheit und Datenschutz von Stefan und Sven. Schon seit Ende 2016 begeistern uns die beiden regelmΓ€Γig mit ihrem Podcast. In den einschlΓ€gigen Telegram-Nachrichten KanΓ€len sind sie schon lange regelmΓ€Γig vertreten. Aber auch in unseren Lesetipps sind sie immer wieder mit dabei und gern gesehene GΓ€ste. Jetzt haben wir endlich die Gelegenheit fΓΌr ein Interview mit den beiden.
So ein Podcast ist schon eine feine Sache. Egal wo man sich gerade befindet, man kann sich immer und ΓΌberall zu seinen Lieblingsthemen etwas Passendes anhΓΆren. Und klar, welches Thema kΓΆnnte fΓΌr einen Leser der Tarnkappe passender sein, als Informationssicherheit und Datenschutz. Denn digitale Selbstverteidigung, Informationssicherheit und unser Datenschutz werden immer wichtiger.
Stefan und Sven haben sich genau diesem Thema verschrieben. Seit Ende 2016 sind sie mit viel Leidenschaft dabei. Mit ihrem regelmΓ€Γig erscheinenden Zeroday-Podcast, versuchen sie seit nun fast vier Jahren ihre HΓΆrer fΓΌr diese Themen zu begeistern.
π§ ππΌ https://t.iss.one/cRyPtHoN_INFOSEC_DE/4335
β οΈ Denkt immer daran, diese Techniken oder Hardware nur bei GerΓ€ten anzuwenden, deren Eigner oder Nutzer das erlaubt haben. Der unerlaubte Zugriff auf fremde Infrastruktur ist strafbar (In Deutschland Β§202a, Β§202b, Β§202c StGB).
π ππΌ https://tarnkappe.info/interview-mit-den-machern-von-zeroday-podcast-bitte-fragen-einreichen/
#Interview #Zeroday #Podcast
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Telegram
cRyPtHoNβ’ INFOSEC (DE)
Zeroday Podcast - Ist Payback sicher? Wie sicher ist Payback?
Der Podcast fΓΌr Informationssicherheit und Datenschutz von Stefan und Sven
Nachdem sich Stefan in Zeroday-Folge 9 bereits #Payback unter Datenschutzaspekten angesehen hat, wollen wir heute ausβ¦
Der Podcast fΓΌr Informationssicherheit und Datenschutz von Stefan und Sven
Nachdem sich Stefan in Zeroday-Folge 9 bereits #Payback unter Datenschutzaspekten angesehen hat, wollen wir heute ausβ¦
IRS Wants to Pay $625,000 for Tools to Track Monero
The United States Internal Revenue Service is offering $625,000 for Monero-tracing software, according to a recently published proposal request.
In the proposal request, the IRS described the need for βinnovative solutions for tracing and attribution of privacy coins,β including Monero and the Bitcoin Lightning Network.
The use of privacy coins is becoming more popular for general use, and is also seeing an increase in use by illicit actors,β the IRS wrote in the proposal. βCurrently, there are limited investigative resources for tracing transactions involving privacy cryptocurrency coins such as Monero, Layer 2 network protocol transactions such as Lightning Labs, or other off-chain transactions that provide privacy to illicit actors.β
The IRS is planning on spending $1 million this fiscal year on multiple proposals, according to the document.
π‘ Documents attached to the proposal: ππΌ
ππΌ Pilot+IRS+Crypto+RFP+FINAL.pdf
https://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/irs-wants-to-pay-625000-to-track-monero/documents/Pilot+IRS+Crypto+RFP+FINAL.pdf
ππΌ Clauses+Provision+Attachment+Crypto.pdf
https://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/irs-wants-to-pay-625000-to-track-monero/documents/Clauses+Provision+Attachment+Crypto.pdf
ππΌ Related: CipherTrace Provided Feds with βMonero Tracingβ Tools
https://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/ciphertrace-provided-feds-with-monero-tracing-tools/
π ππΌ https://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/irs-wants-to-pay-625000-to-track-monero/
#irs #monero #tracking #tracing #privacy #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The United States Internal Revenue Service is offering $625,000 for Monero-tracing software, according to a recently published proposal request.
In the proposal request, the IRS described the need for βinnovative solutions for tracing and attribution of privacy coins,β including Monero and the Bitcoin Lightning Network.
The use of privacy coins is becoming more popular for general use, and is also seeing an increase in use by illicit actors,β the IRS wrote in the proposal. βCurrently, there are limited investigative resources for tracing transactions involving privacy cryptocurrency coins such as Monero, Layer 2 network protocol transactions such as Lightning Labs, or other off-chain transactions that provide privacy to illicit actors.β
The IRS is planning on spending $1 million this fiscal year on multiple proposals, according to the document.
π‘ Documents attached to the proposal: ππΌ
ππΌ Pilot+IRS+Crypto+RFP+FINAL.pdf
https://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/irs-wants-to-pay-625000-to-track-monero/documents/Pilot+IRS+Crypto+RFP+FINAL.pdf
ππΌ Clauses+Provision+Attachment+Crypto.pdf
https://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/irs-wants-to-pay-625000-to-track-monero/documents/Clauses+Provision+Attachment+Crypto.pdf
ππΌ Related: CipherTrace Provided Feds with βMonero Tracingβ Tools
https://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/ciphertrace-provided-feds-with-monero-tracing-tools/
π ππΌ https://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/irs-wants-to-pay-625000-to-track-monero/
#irs #monero #tracking #tracing #privacy #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Magento online stores hacked in largest campaign to date
Almost 2,000 Magento stores have been compromised over the weekend in the largest hacking campaign since 2015.
More than 2,000 Magento online stores have been hacked over the weekend in what security researchers have described as the "largest campaign ever."
The attacks were a typical Magecart scheme where hackers breached sites and then planted malicious scripts inside the stores' source code, code that logged payment card details that shoppers entered inside checkout forms.
"On Friday, 10 stores got infected, then 1,058 on Saturday, 603 on Sunday and 233 today," said Willem de Groot, founder of Sanguine Security (SanSec), a Dutch cyber-security firm specialized in tracking Magecart attacks.
"This automated campaign is by far the largest one that Sansec has identified since it started monitoring in 2015," de Groot added. "The previous record was 962 hacked stores in a single day in July last year."
π ππΌ https://sansec.io/research/largest-magento-hack-to-date
π ππΌ https://www.zdnet.com/article/magento-online-stores-hacked-in-largest-campaign-to-date
#magento #online #store #hacked
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Almost 2,000 Magento stores have been compromised over the weekend in the largest hacking campaign since 2015.
More than 2,000 Magento online stores have been hacked over the weekend in what security researchers have described as the "largest campaign ever."
The attacks were a typical Magecart scheme where hackers breached sites and then planted malicious scripts inside the stores' source code, code that logged payment card details that shoppers entered inside checkout forms.
"On Friday, 10 stores got infected, then 1,058 on Saturday, 603 on Sunday and 233 today," said Willem de Groot, founder of Sanguine Security (SanSec), a Dutch cyber-security firm specialized in tracking Magecart attacks.
"This automated campaign is by far the largest one that Sansec has identified since it started monitoring in 2015," de Groot added. "The previous record was 962 hacked stores in a single day in July last year."
π ππΌ https://sansec.io/research/largest-magento-hack-to-date
π ππΌ https://www.zdnet.com/article/magento-online-stores-hacked-in-largest-campaign-to-date
#magento #online #store #hacked
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Sansec
Cardbleed: 3% of Magento install base hacked
Media is too big
VIEW IN TELEGRAM
Joe Rogan Experience #1536 - Edward Snowden
Former CIA contractor turned whistleblower Edward Snowden shocked the world when he revealed the misdeeds of the US intelligence community and its allies. Now living in Russia, he is a noted privacy advocate and author who serves as president of the Freedom of the Press Foundation.
πΊ ππΌ https://www.youtube.com/watch?v=_Rl82OQDoOc
#snowden #cia #whistleblower #usa #video #podcast
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Former CIA contractor turned whistleblower Edward Snowden shocked the world when he revealed the misdeeds of the US intelligence community and its allies. Now living in Russia, he is a noted privacy advocate and author who serves as president of the Freedom of the Press Foundation.
πΊ ππΌ https://www.youtube.com/watch?v=_Rl82OQDoOc
#snowden #cia #whistleblower #usa #video #podcast
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
You are not anonymous on Tor - Last February, my Tor onion service came under a huge Tor-based distributed denial-of-service (DDoS) attack
I spent days analyzing the attack, developing mitigation options, and defending my server. (The Tor service that I run for the Internet Archive was down for a few hours, but I managed to keep it up and running through most of the attack.)
While trying to find creative ways to keep the service up, I consulted a group of friends who are very active in the network incident response field. Some of these are the people who warn the world about new network attacks. Others are very experienced at tracking down denial-of-service attacks and their associated command-and-control (C&C) servers. I asked them if they could help me find the source of the attack. "Sure," they replied. They just needed my IP address.
I read off the address: "152 dot" and they repeated back "152 dot". "19 dot" "19 dot" and then they told me the rest of the network address. (I was stunned.) Tor is supposed to be anonymous. You're not supposed to know the IP address of a hidden service. But they knew. They had been watching the Tor-based DDoS. They had a list of the hidden service addresses that were being targeted by the attack. They just didn't know that this specific address was mine.
As it turns out, this is an open secret among the internet service community: You are not anonymous on Tor !!
π‘ Threat Modeling
There are plenty of documents that cover how Tor triple-encrypts packets, selects a route using a guard, relay, and exit, and randomizes paths to mix up the network traffic. However, few documents cover the threat model. Who can see your traffic?
π ππΌ https://www.hackerfactor.com/blog/index.php?/archives/896-Tor-0day-Finding-IP-Addresses.html
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
I spent days analyzing the attack, developing mitigation options, and defending my server. (The Tor service that I run for the Internet Archive was down for a few hours, but I managed to keep it up and running through most of the attack.)
While trying to find creative ways to keep the service up, I consulted a group of friends who are very active in the network incident response field. Some of these are the people who warn the world about new network attacks. Others are very experienced at tracking down denial-of-service attacks and their associated command-and-control (C&C) servers. I asked them if they could help me find the source of the attack. "Sure," they replied. They just needed my IP address.
I read off the address: "152 dot" and they repeated back "152 dot". "19 dot" "19 dot" and then they told me the rest of the network address. (I was stunned.) Tor is supposed to be anonymous. You're not supposed to know the IP address of a hidden service. But they knew. They had been watching the Tor-based DDoS. They had a list of the hidden service addresses that were being targeted by the attack. They just didn't know that this specific address was mine.
As it turns out, this is an open secret among the internet service community: You are not anonymous on Tor !!
π‘ Threat Modeling
There are plenty of documents that cover how Tor triple-encrypts packets, selects a route using a guard, relay, and exit, and randomizes paths to mix up the network traffic. However, few documents cover the threat model. Who can see your traffic?
π ππΌ https://www.hackerfactor.com/blog/index.php?/archives/896-Tor-0day-Finding-IP-Addresses.html
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
You are not anonymous on Tor
π ππΌ https://t.iss.one/BlackBox_Archiv/1252
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
π ππΌ https://t.iss.one/BlackBox_Archiv/1252
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw
New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.
Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer.
Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol.
BLE is a slimmer version of the original Bluetooth (Classic) standard but designed to conserve battery power while keeping Bluetooth connections alive as long as possible.
Due to its battery-saving features, BLE has been massively adopted over the past decade, becoming a near-ubiquitous technology across almost all battery-powered devices.
As a result of this broad adoption, security researchers and academics have also repeatedly probed BLE for security flaws across the years, often finding major issues.
π ππΌ https://www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw
#BLESA #BLE #bluetooth #security #flaw
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.
Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer.
Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol.
BLE is a slimmer version of the original Bluetooth (Classic) standard but designed to conserve battery power while keeping Bluetooth connections alive as long as possible.
Due to its battery-saving features, BLE has been massively adopted over the past decade, becoming a near-ubiquitous technology across almost all battery-powered devices.
As a result of this broad adoption, security researchers and academics have also repeatedly probed BLE for security flaws across the years, often finding major issues.
π ππΌ https://www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw
#BLESA #BLE #bluetooth #security #flaw
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
ZDNET
Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw
New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.
A Chrome Reverse Proxy Extension has been put up for sale by the threat actor MrMillionaire.
According to the actor the extension turns victim Chrome browsers into fully-functional HTTP/HTTPS proxies, allowing the actors to browse sites as their victims.
π ππΌ https://twitter.com/shad0wintel/status/1306080368114589698
#chrome #reverse #proxy #extension #MrMillionaire
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
According to the actor the extension turns victim Chrome browsers into fully-functional HTTP/HTTPS proxies, allowing the actors to browse sites as their victims.
π ππΌ https://twitter.com/shad0wintel/status/1306080368114589698
#chrome #reverse #proxy #extension #MrMillionaire
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Revealed: Israeli Firm Provided Phone-hacking Services to Saudi Arabia
A representative of Cellebrite, which states that it has complied with the rules, flew to Riyadh from London last November, and at the request of the Saudi prosecutorβs office hacked into a Samsung cellphone
In November of last year, a representative of the Israeli firm Cellebrite landed at King Khaled International Airport in the Saudi capital, Riyadh. The man, a foreign national whose identity is known to TheMarker, Haaretzβs sister publication, arrived on a commercial flight from London to hack into a phone in the possession of the Saudi Justice Ministry. The details of the visit were agreed upon before the hacker landed.
The staff at Cellebrite demanded of the Saudis that their employee be met at the Riyadh airport by a government representative. They insisted that he pass through passport control without his passport being stamped and without an inspection of the electronic equipment that he would have with him, which they demanded would not leave his possession and only which he would use.
From there, it was agreed in advance that the hacker would be immediately taken to an isolated hotel room, where the Saudis committed not to install cameras β and where the job of hacking and copying information from a mobile cellphone was carried out. When the work was completed, Cellebriteβs representative returned to the airport and flew back to London.
Cellebrite is not the only Israeli company to provide hacking or other cybersecurity services to the Saudi kingdom, but it is apparently the only one that does so without any oversight from the Israeli Defense Ministry.
π ππΌ https://www.haaretz.com/israel-news/tech-news/.premium-revealed-israeli-firm-provided-phone-hacking-services-to-saudi-arabia-1.9161374
π ππΌ https://twitter.com/haaretzcom/status/1306233686761889798
#israel #hacking #samsung #cellebrite #saudiarabia
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
A representative of Cellebrite, which states that it has complied with the rules, flew to Riyadh from London last November, and at the request of the Saudi prosecutorβs office hacked into a Samsung cellphone
In November of last year, a representative of the Israeli firm Cellebrite landed at King Khaled International Airport in the Saudi capital, Riyadh. The man, a foreign national whose identity is known to TheMarker, Haaretzβs sister publication, arrived on a commercial flight from London to hack into a phone in the possession of the Saudi Justice Ministry. The details of the visit were agreed upon before the hacker landed.
The staff at Cellebrite demanded of the Saudis that their employee be met at the Riyadh airport by a government representative. They insisted that he pass through passport control without his passport being stamped and without an inspection of the electronic equipment that he would have with him, which they demanded would not leave his possession and only which he would use.
From there, it was agreed in advance that the hacker would be immediately taken to an isolated hotel room, where the Saudis committed not to install cameras β and where the job of hacking and copying information from a mobile cellphone was carried out. When the work was completed, Cellebriteβs representative returned to the airport and flew back to London.
Cellebrite is not the only Israeli company to provide hacking or other cybersecurity services to the Saudi kingdom, but it is apparently the only one that does so without any oversight from the Israeli Defense Ministry.
π ππΌ https://www.haaretz.com/israel-news/tech-news/.premium-revealed-israeli-firm-provided-phone-hacking-services-to-saudi-arabia-1.9161374
π ππΌ https://twitter.com/haaretzcom/status/1306233686761889798
#israel #hacking #samsung #cellebrite #saudiarabia
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Haaretz.com
Revealed: Israeli firm provided phone-hacking services to Saudi Arabia
***
My stolen credit card details were used 4,500 miles away. I tried to find out how it happened
When cybersecurity reporter Danny Palmer found his card was apparently used on another continent, he set out to discover more.
On a Thursday back in February I was relaxing and watching TV when my evening was interrupted by the ping of a text message from my bank.
"You will shortly receive an SMS to confirm recent activity on your card."
I was puzzled. I certainly hadn't made any strange or unexpected purchases that day, so what was this about? About 30 seconds later, I received my answer in a second text message.
It said my credit card details had been used less than a minute before to try to make a payment of Β£108 at a store with an unfamiliar name.
A quick search online revealed it to be a supermarket in the city of Paramaribo, Suriname β a small country on the north-eastern coast of South America, bordered by Brazil, Guyana and French Guiana. That's quite a long way from my home in London, so I was pretty sure I hadn't popped into that store to pick anything up in the last 60 seconds.
The alert asked me to confirm the transaction by replying with 'Yes' or 'No'. It did cross my mind that perhaps this was a double- or triple-bluff scam and that by responding to an unexpected text message, I would be making a big mistake. Just in case, I chose to phone the bank instead.
They confirmed that yes, someone had attempted to use my card details over 4,500 miles away from London β but the attempted payment was blocked as suspicious, so no money was stolen.
I cancelled my card and ordered a new one as the recommended safety precaution, given someone else had my details. But as a reporter I was left wondering how did this happen?
How was it that my bank details were somehow stolen, passed onto someone on the other side of the world and almost successfully used at what looked to be a small retailer in Suriname?
Credit cards are a solution - and part of the problem
Debit and credit cards are a part of everyday life that we don't think about, but not so long ago they would have felt like a strange concept to those using physical currency to buy things. The first UK credit card was issued in 1966, while the first debit card didn't arrive in the UK until 1987.
Now, there are over 51 million debit cardholders in the UK, accounting for 96% of adults, while over 32 million UK adults have a credit card. According to the trade association UK Finance, total spending on credit and debit cards accounted for over Β£800 billion during 2018, with over 20 billion transactions over the course of the year.
Such is the increased popularity of using card payments β helped by online shopping and the ability to make contactless payments in stores β that it's overtaken cash as the most common form of payment in the UK, and the number of card payments is still growing.
π ππΌ https://www.zdnet.com/article/my-stolen-credit-card-details-were-used-4500-miles-away-i-tried-to-find-out-how-it-happened
#stolen #creditcard #details #story
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
When cybersecurity reporter Danny Palmer found his card was apparently used on another continent, he set out to discover more.
On a Thursday back in February I was relaxing and watching TV when my evening was interrupted by the ping of a text message from my bank.
"You will shortly receive an SMS to confirm recent activity on your card."
I was puzzled. I certainly hadn't made any strange or unexpected purchases that day, so what was this about? About 30 seconds later, I received my answer in a second text message.
It said my credit card details had been used less than a minute before to try to make a payment of Β£108 at a store with an unfamiliar name.
A quick search online revealed it to be a supermarket in the city of Paramaribo, Suriname β a small country on the north-eastern coast of South America, bordered by Brazil, Guyana and French Guiana. That's quite a long way from my home in London, so I was pretty sure I hadn't popped into that store to pick anything up in the last 60 seconds.
The alert asked me to confirm the transaction by replying with 'Yes' or 'No'. It did cross my mind that perhaps this was a double- or triple-bluff scam and that by responding to an unexpected text message, I would be making a big mistake. Just in case, I chose to phone the bank instead.
They confirmed that yes, someone had attempted to use my card details over 4,500 miles away from London β but the attempted payment was blocked as suspicious, so no money was stolen.
I cancelled my card and ordered a new one as the recommended safety precaution, given someone else had my details. But as a reporter I was left wondering how did this happen?
How was it that my bank details were somehow stolen, passed onto someone on the other side of the world and almost successfully used at what looked to be a small retailer in Suriname?
Credit cards are a solution - and part of the problem
Debit and credit cards are a part of everyday life that we don't think about, but not so long ago they would have felt like a strange concept to those using physical currency to buy things. The first UK credit card was issued in 1966, while the first debit card didn't arrive in the UK until 1987.
Now, there are over 51 million debit cardholders in the UK, accounting for 96% of adults, while over 32 million UK adults have a credit card. According to the trade association UK Finance, total spending on credit and debit cards accounted for over Β£800 billion during 2018, with over 20 billion transactions over the course of the year.
Such is the increased popularity of using card payments β helped by online shopping and the ability to make contactless payments in stores β that it's overtaken cash as the most common form of payment in the UK, and the number of card payments is still growing.
π ππΌ https://www.zdnet.com/article/my-stolen-credit-card-details-were-used-4500-miles-away-i-tried-to-find-out-how-it-happened
#stolen #creditcard #details #story
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
ZDNET
My stolen credit card details were used 4,500 miles away. I tried to find out how it happened
When cybersecurity reporter Danny Palmer found his card was apparently used on another continent, he set out to discover more.
In China, smart locks are being used to track citizens and enforce lockdowns
Proprietary "smart" devices are an absolute nightmare. If users can't audit the code they don't know what they are doing and the device works for the tech company selling it rather than the user.
π ππΌ See here: https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf
On a really basic level think about the information someone can infer just by looking at data from devices like this:
Your door is opened and locked at 7:30 am everyday and then reopened and unlocked at 6:30 pm but never during the hours in between? Chances are you ....
π ππΌ https://www.reddit.com/r/privacytoolsIO/comments/its9h7
#smart #locks #thinkabout #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Proprietary "smart" devices are an absolute nightmare. If users can't audit the code they don't know what they are doing and the device works for the tech company selling it rather than the user.
π ππΌ See here: https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf
On a really basic level think about the information someone can infer just by looking at data from devices like this:
Your door is opened and locked at 7:30 am everyday and then reopened and unlocked at 6:30 pm but never during the hours in between? Chances are you ....
π ππΌ https://www.reddit.com/r/privacytoolsIO/comments/its9h7
#smart #locks #thinkabout #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
US charges two Russians for stealing $16.8m via cryptocurrency phishing sites
The two hackers stole from hundreds of users of cryptocurrency exchanges Poloniex, Binance, and Gemini.
The US Department of Justice has filed charges today against two Russian nationals for orchestrating a multi-year phishing operation against the users of three cryptocurrency exchanges.
The two suspects stand accused of creating website clones for the Poloniex, Binance, and Gemini cryptocurrency exchanges, luring users on these fake sites, and collecting their account credentials. These phishing operations began around June 2017.
US officials said the Russian duo β made up of Danil Potekhin (aka cronuswar) and Dmitrii Karasavidi; residents of Voronezh and Moscow, respectively β used the stolen credentials to access victim accounts and steal their Bitcoin (BTC) and Ether (ETH) crypto-assets.
In total, US officials estimated the victims in the hundreds. Court documents cite 313 defrauded Poloniex users, 142 Binance victims, and 42 users at Gemini.
Losses were estimated at $16,876,000.
π ππΌ (pdf)
https://assets.documentcloud.org/documents/7211805/Potekhin-Superseding-Indictment.pdf
π ππΌ https://www.zdnet.com/article/us-charges-two-russians-for-stealing-16-8m-via-cryptocurrency-phishing-sites
#Potekhin #cryptocurrency #phishing #russia #usa
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The two hackers stole from hundreds of users of cryptocurrency exchanges Poloniex, Binance, and Gemini.
The US Department of Justice has filed charges today against two Russian nationals for orchestrating a multi-year phishing operation against the users of three cryptocurrency exchanges.
The two suspects stand accused of creating website clones for the Poloniex, Binance, and Gemini cryptocurrency exchanges, luring users on these fake sites, and collecting their account credentials. These phishing operations began around June 2017.
US officials said the Russian duo β made up of Danil Potekhin (aka cronuswar) and Dmitrii Karasavidi; residents of Voronezh and Moscow, respectively β used the stolen credentials to access victim accounts and steal their Bitcoin (BTC) and Ether (ETH) crypto-assets.
In total, US officials estimated the victims in the hundreds. Court documents cite 313 defrauded Poloniex users, 142 Binance victims, and 42 users at Gemini.
Losses were estimated at $16,876,000.
π ππΌ (pdf)
https://assets.documentcloud.org/documents/7211805/Potekhin-Superseding-Indictment.pdf
π ππΌ https://www.zdnet.com/article/us-charges-two-russians-for-stealing-16-8m-via-cryptocurrency-phishing-sites
#Potekhin #cryptocurrency #phishing #russia #usa
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag