Unfck the Internet

We love it, we need it, and we can all feel the ways it’s fcked. Together we can unfck it. Start by choosing the only non-profit-backed, people-first browser.

👀 👉🏼 Let’s get started
https://www.mozilla.org/en-US/firefox/unfck/

#unfck #internet #mozilla #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Tracking Mixed Bitcoins

Mixer services purportedly remove all connections betweenthe input (deposited) Bitcoins and the output (withdrawn) mixed Bit-coins, seemingly rendering taint analysis tracking ineffectual. In this pa-per, we introduce and explore a novel tracking strategy, calledAddressTaint Analysis, that adapts from existing transaction-based taint anal-ysis techniques for tracking Bitcoins that have passed through a mixerservice.

👀 👉🏼 (PDF)
https://arxiv.org/pdf/2009.14007.pdf

#analysis #bitcoin #mixer #tracking #tracing #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

UK Judge to Give Decision on Assange Extradition Early Next Year

The British judge presiding over the extradition trial of WikiLeaks founder Julian Assange said on Thursday that she would give her verdict on the case early next year. Judge Vanessa Baraitser said she would decide whether or not Assange will be extradited to the US on January 4th. Thursday was the 18th day of the hearing and the final day of witness testimony.

If Assange is extradited to the US, he could face up to 175 years in prison for exposing US war crimes. The US indicted the WikiLeaks founder on 17 counts of espionage and one count of conspiring to commit computer intrusion. The charges revolve around US State Department communications and documents on the US wars in Iraq and Afghanistan published by WikiLeaks in 2010.

The charges against Assange essentially criminalize receiving and publishing classified information.

A group of legal professionals, known as Lawyers for Assange, sent a letter to the UK government calling for the immediate release of the publisher. The group warned that Assange would not see a fair trial in the US. The letter said all of the crimes Assange is accused of are standard journalistic practices, and if he is extradited, it would gravely endanger press freedom. The letter was endorsed by hundreds of politicians, parliament members, and heads of state from around the world.

Last week, the Old Bailey heard testimony that Assange has been diagnosed with Aspergers, severe depression, and other conditions that put him at risk of suicide. Medical experts said if Assange is extradited to the US, it will increase his risk of suicide.

On Tuesday, Maureen Baird, a former warden of a high-security prison in New York, told the court that Assange would likely be held in isolation if extradited due to the national security nature of the case. If convicted, Assange would likely be held in isolation in a supermax prison in Colorado, known as ADX, which is home to notorious criminals. Baird warned of the adverse effects isolation causes on the mental health of inmates.

👀 👉🏼 https://news.antiwar.com/2020/10/01/uk-judge-to-give-decision-on-assange-extradition-early-next-year/

#assange #extradition #uk #usa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

US Treasury says some ransomware payments may need its express approval

US Treasury says companies paying ransoms to previously-sanctioned cybercrime groups may face sanctions unless it is notified of the payment beforehand.

The US Treasury Department has published guidelines today to be used in special circumstances where a ransomware payment may break US sanctions.

The guidelines apply to situations where an individual or company has had its data encrypted by a ransomware gang that is either sanctioned or has affiliations with a cybercrime group sanctioned by the US Treasury in years past.

The Treasury says that making a ransomware payment in this type of situation may violate Treasury sanctions and incur a legal investigation against the entities involved, which could be:

The victim;
The financial institutions which processed the ransom payment; and
Intermediaries such as cyber-insurance firms and companies involved in digital forensics and incident response.

US officials say that in these situations, victims should contact the Treasury's Office of Foreign Assets Control (OFAC) before deciding on making the payment.

"OFAC encourages victims and those involved with addressing ransomware attacks to contact OFAC immediately if they believe a request for a ransomware payment may involve a sanctions nexus," the agency said today.

Companies who contact law enforcement agencies when they get infected will also be looked favorably upon "in determining an appropriate enforcement outcome if the situation is later determined to have a sanctions nexus."

👀 👉🏼 https://www.zdnet.com/article/us-treasury-says-some-ransomware-payments-may-need-its-express-approval

#ransomware #cybercrime #payments #usa #treasury
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

GDPR Enforcement Tracker

This website contains a list and overview of fines and penalties which data protection authorities within the EU have imposed under the EU General Data Protection Regulation (GDPR, DSGVO). Our aim is to keep this list as up-to-date as possible. Since not all fines are made public, this list can of course never be complete, which is why we appreciate any indication of further GDPR fines and penalties.

👀 👉🏼 https://www.enforcementtracker.com/

#gdpr #enforcement #tracker
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Egypt police ‘using dating apps’ to find and imprison LGBT+ people

In a brutal effort to “clear the streets” of the LGBT+ community, security forces are entrapping Egyptians using dating apps, throwing them into jail, and subjecting them to systematic torture and abuse, a new report has found.

Using social media and apps such as Grindr, Egyptian police are creating fake profiles that they use to meet gay, lesbian, bi and trans people, at which point they are picked up off the street and arbitrarily arrested, Human Rights Watch said on Thursday. Police then unlawfully search through the content of their phones to justify keeping them in detention and bring charges against them.

“Yasser”, 27, told the group he was arrested when he met another man in Giza Center City after chatting with him on Grindr, a same-sex dating app.

“When they came back with a police report, I was surprised to see the guy I met on Grindr is one of the officers. They beat me and cursed me until I signed papers that said I was ‘practicing debauchery’ and publicly announcing it to fulfill my ‘unnatural sexual desires’.”

While in detention, all of the fifteen people interviewed by the rights group said security forces subjected them to physical and verbal abuse, “ranging from slapping to being water-hosed and tied up for days”.

👀 👉🏼 https://www.independent.co.uk/news/world/middle-east/egypt-lgbt-gay-facebook-grindr-jail-torture-police-hrw-b742231.html

#egypt #lgbt #gay #imprison #datingapps #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

US Indicts Members of ‘Piracy’ Group Team-Xecuter, Two Arrested

The U.S. Government has indicted three members of the infamous group Team-Xecuter, the masterminds behind various Nintendo hacks. Two of the members have been arrested and are in custody., but the group's website remains online. According to the Department of Justice, Team-Xecuter is a criminal enterprise that profits from pirating video game technology.

Team-Xecuter is widely known for creating ‘hacks’ that bypass digital restrictions on Nintendo consoles.

The group has been chased by Nintendo for years, but today, their operation has become the center of a criminal case prosecuted by the US Government.

The US Department of Justice just announced that two members of Team-Xecuter were arrested recently. Max Louarn, a 48-year-old French national, and the 51-year-old Gary Bowser from Canada are in custody and charged in a criminal conspiracy. The indictments also name a third defendant, a Chinese man named Yuanning Chen (35), who remains at large.

The three indicted members are just a minority of the total group. According to the US authorities, there are more than a dozen Team-Xecuter members scattered around the world. These members help to code and create the Nintendo hacks, but they are also suspected of being involved in the production and sale of these devices.

The indictment portrays Team-Xecuter as a criminal enterprise and notes that its members did their best to evade law enforcement by using a variety of brands, websites, and distribution channels.

“These defendants were allegedly leaders of a notorious international criminal group that reaped illegal profits for years by pirating video game technology of U.S. companies,” said Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division.

👀 👉🏼 https://torrentfreak.com/us-indicts-several-members-of-piracy-group-team-xecuter-two-arrested-201002/

#usa #piracy #TeamXecuter #arrested
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

GHunt

GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email.

👀 👉🏼 It can currently extract :

✅ Owner's name
✅ Last time the profile was edited
✅ Google ID
✅ If the account is an Hangouts Bot
✅ Activated Google services (Youtube, Photos, Maps, News360, Hangouts, etc.)
✅ Possible Youtube channel
✅ Possible other usernames
✅ Public photos
✅ Phones models
✅ Phones firmwares
✅ Installed softwares
✅ Google Maps reviews
✅ Possible physical location

⚠️ Warning:
02/10/2020: Since few days ago, Google return a 404 when we try to access someone's Google Photos public albums, we can only access it if we have a link of one of his albums.
Either this is a bug and this will be fixed, either it's a protection that we need to find how to bypass.
So, currently, the photos & metadata module will always return "No albums" even if there is one.

👀 👉🏼 https://github.com/mxrch/GHunt

#ghunt #google #account #tool
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Anonymous hacks 83 websites belonging to Azerbaijani government in support of Armenia

Anonymous Greece hacked 83 Azerbaijani government websites in solidarity with Armenia.

The hacktivist group Anonymous hacked 83 state websites of Azerbaijan government, including 73 sites in just an hour, in support of Armenia. The hacktivists not only hacked the websites, but also downloaded information, the group shared from their official page on Twitter.

👀 👉🏼 https://news.xiaomi-miui.gr/anonymous-greece-attacking-sites-from-azermpaitzan-51055-2/

👀 👉🏼 https://www.nuceciwan54.com/en/2020/10/03/anonymous-hacks-83-websites-belonging-to-azerbaijani-government-in-support-of-armenia/

#anonymous #hacktivist #hacking #greece #azerbaijan #armenia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Saturday Night Live - Jim Carrey & Maya Rudolph As Joe Biden & Alec Baldwin as Donald Trump.

Yeah, I know. Again, this has nothing to do with the actual topic of this channel. But! Somehow I think, every now and then, we need something to smile about.

👀 👉🏼 This parody with star cast should not be missed!
https://www.youtube.com/watch?v=Kxhlf2m0rtY

#trump #biden #usa #parody #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The Internet's Own Boy: The Story of Aaron Swartz

The Internet's Own Boy follows the story of programming prodigy and information activist Aaron Swartz. From Swartz's help in the development of the basic internet protocol RSS to his co-founding of Reddit, his fingerprints are all over the internet. But it was Swartz's groundbreaking work in social justice and political organizing combined with his aggressive approach to information access that ensnared him in a two-year legal nightmare. It was a battle that ended with the taking of his own life at the age of 26. Aaron's story touched a nerve with people far beyond the online communities in which he was a celebrity.

📺 👉🏼 https://www.youtube.com/watch?v=M85UvH0TRPc

#swartz #internet #socialjustice #activist #docu #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google removed 34 malware-infected apps from the Play Store, now you should delete them from your Android phone

The Joker malware steals money from users by subscribing them to the unwanted premium paid subscriptions without their consent. It first simulates interaction with ads without users’ knowledge and then uses the victim’s SMS messages including OTP to initiate payments.

In the period of two months between July and September, Google has removed 34 apps from the Google Play Store because they were inflected by the Joker malware that has been giving Android smartphone users nightmares. The Joker malware is not new but lately has been causing headaches for Android app developers as it is very hard to detect due to the little code it uses. Also, malware like these use a different technique called ‘Dropper’ to bypass Google’s security scan and sneak into the user’s device.

The most recent additions to the list of apps infected by Joker malware were revealed by Zscaler, a cybersecurity firm based in California. Here’s a look at the 34 apps infected by the malware you should remove from your smartphone if not done already.

👀 👉🏼 https://indianexpress.com/article/technology/tech-news-technology/34-apps-joker-malware-infected-android-uninstall-google-play-store-6701973/

#google #playstore #android #joker #malware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

US official alleges big tech has started giving Hong Kong user data to China under new national security law

A senior US state official has alleged that big tech companies are already handing over Hong Kong user data to Chinese officials, The Guardian reports. Hong Kong has been drastically changed this year by a new national security law which firmly put Hong Kong in China’s vice grip. The official, whose anonymity The Guardian has maintained, explained why we might not have heard anything from tech giants like Facebook and Google:

“There is a possibility that things are happening but because of the restrictions put on by the Hong Kong authorities, they [companies] would not be able to divulge this. The company would be told by mainland authorities ‘you will be breaking the [law] if you reveal the fact that I’m asking for this information.’”

Facebook and Google declined to comment to The Guardian on the allegations. One Hong Kong activist who now lives abroad, Glacier Kwong, commented:

“I don’t want to put it that way but I will. If Google or other technology companies comply with this national security law, it is actually helping indirectly the Hong Kong government, the Chinese government, to oppress or crack down on the civil society.”

👀 👉🏼 https://www.privateinternetaccess.com/blog/us-official-alleges-big-tech-has-started-giving-hong-kong-user-data-to-china-under-new-national-security-law/

#hongkong #china #bigtech #userdata #national #security #law #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Sonos is spying on me… (and you)

I recently decided to get a wireless speaker for our Kitchen. Sonos seems like an obvious choice these days. The sound quality and aesthetics were very appealing. So I ordered a Sonos One SL speaker.

In terms of sound quality and looks, I was very pleased. I’m not an audiophile but the sound quality seemed superb and the speaker just looks fantastic. A very clean and unassuming look.

As I later discovered, a dirty beast hides under the cool exterior.

My concerns started to grow almost immediately as I was setting up the new speaker. I downloaded the app, and started the setup process, soon to realize that I need to register with my email just to set up the device on my network… And of course, I had to accept the terms and conditions …. hmmm… ok, I guess.

I was then asked to allow sharing my location as well, which raised another alarm bell. Why does my speaker need my location? I’m not 100% sure, but if I recall, I had to allow it to access my location, or else I couldn’t continue.

Once the device was finally set up, I went through the settings, to explore and see what else is there. I was rather disappointed to find that “Additional usage data” was turned on by default. I live in Europe, and I thought that the EU regulations should prevent this kind of behaviour. They should explicitly ask my permission to track my usage, especially if it isn’t necessary for the device to function.

I could opt-out of it luckily, but it didn’t feel right to me.

👀 👉🏼 What data is Sonos collecting, and why?
https://blog.gingerlime.com/2020/sonos-is-spying-on-me-and-you/

‼️ Digging into the Sonos privacy policy made my hair stand…
https://www.sonos.com/en/legal/privacy

#sonos #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Hacker Uploads Own Fingerprints To Crime Scene In Dumbest Cyber Attack Ever

Max Heinemeyer, director of threat hunting at Darktrace, thought it would be interesting to look back at the seven years since launching its AI-powered cybersecurity solution. Look back through the lens of some of the weirdest attacks that the AI cyber-brain had identified that is. You know what, he was right. I've been around cybersecurity for 30 years, but Heinemeyer revealed one of the dumbest cyber attacks I've ever encountered.

To be honest, as a 'greybeard' who has spent most of his working life in the cybersecurity space, I've seen some pretty weird hacking stuff go down. There was the time in 2010 that hackers replaced an image of the then Spanish Prime Minister with a picture of Mr. Bean on the EU presidency site. Or how about, in 2012, when an Iranian nuclear facility was reportedly hacked so as to play Thunderstruck by AC/DC at full volume? The Darktrace AI does, however, seem to have a knack of uncovering bizarre, unconventional, and undoubtedly original cyber attacks as they happen. The dumbest, though, has to be the hacker who uploaded their own fingerprints to the scene of the cybercrime.

👀 👉🏼 https://www.forbes.com/sites/daveywinder/2020/10/04/hacker-uploads-own-fingerprints-to-crime-scene-in-dumbest-cyberattack-ever

#cyberattack #hacker #truecrime #fingerprints #dumb
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Internet history can be used for “reidentification” finds study by Mozilla

A recent research paper has reaffirmed that our internet history can be reliably used to identify us. The research was conducted by Sarah Bird, Ilana Segall, and Martin Lopatka from Mozilla and is titled: Replication: Why We Still Can’t Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories. The paper was released at the Symposium on Usable Privacy and Security and is a continuation of a 2012 paper that highlighted the same reidentifiability problem.

‼️ Just your internet history can be used to reidentify you on the internet ‼️

Using data from 52,000 consenting Firefox users, the researchers were able to identify 48,919 distinct browsing profiles which had 99% uniqueness.

This is especially concerning because internet history is routinely sold by your internet service provider (ISP) and mobile data provider to third party advertising and marketing firms which are demonstrably able to tie a list of sites back to an individual they already have a profile on – even if the ISP claims to be “anonymizing” the data being sold. This is a legally sanctioned activity ever since 2017 when Congress voted to get rid of broadband privacy and allow the monetization of this type of data collection.

This type of “history-based profiling” is undoubtedly being used to build ad profiles on internet users around the world. Previous studies have shown that an IP address usually stays static for about a month – which the researchers noted: “is more than enough time to build reidentifiable browsing profiles.”

👀 👉🏼 (PDF)
https://www.usenix.org/system/files/soups2020-bird.pdf

👀 👉🏼 https://www.cozyit.com/internet-history-can-be-used-for-reidentification-finds-study-by-mozilla/

#mozilla #study #research #internet #history #reidentification #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

💡 UPDATE💡- KuCoin: Hackers steal 150 million US dollars from Bitcoin stock exchange

A quick update since my last livestream on Sep 30.

After a thorough investigation, we have found the suspects of the 9.26 #KuCoin Security Incident with substantial proof at hand. Law enforcement officials and police are officially involved to take action.

👀 👉🏼 https://nitter.net/lyu_johnny/status/1312359615091277824

#KuCoin #bitcoin #exchange #hacker #hacked #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Stop the EARN IT Bill Before It Breaks Encryption

The House and Senate are both pushing forward with the so-called “EARN IT” Act, a bill that will undermine encryption and free speech online. Attorney General William Barr and the DOJ have demanded for years that messaging services give the government special access to users’ private messages. If EARN IT passes, Barr will likely get his wish—law enforcement agencies will be able to scan every message sent online.

💡 The EARN IT Act (S. 3398) is anti-speech, anti-security, and unnecessary. It could come to the Senate floor this month—we need to tell Congress to reject this dangerous proposal.

👀 👉🏼 https://act.eff.org/action/stop-the-earn-it-bill-before-it-breaks-encryption-a7904e20-2083-4d5e-88ae-44ee5fef7a5d

#eff #earnit #bill #encryption #freespeech #usa #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Breaking News: Computer Anti-Virus Guru John McAfee Arrested in Spain on U.S. Tax Evasion Charges

Millionaire recluse McAfee has been arrested by authorities in Spain and is awaiting extradition to the US.

Computer Anti-Virus developer John Mcafee has been charged with tax evasion by federal prosecutors. They allege McAfee used nominee names to hide cryptocurrency, a yacht, and real estate as part of a conspiracy to evade taxes.

Authorities in Spain have been careful not to mention where Mcafee was detained. Mcafee is notorious for hiding his location and after being arrested over 22 times maybe this time the US justice system have their man.

👀 👉🏼 https://www.euroweeklynews.com/2020/10/05/computer-anti-virus-guru-john-mcafee-arrested-in-spain-on-u-s-tax-evasion-charges/

#mcafee #arrested #spain
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag