BlackBox (Security) Archiv
4.1K subscribers
183 photos
393 videos
167 files
2.67K links
๐Ÿ‘‰๐Ÿผ Latest viruses and malware threats
๐Ÿ‘‰๐Ÿผ Latest patches, tips and tricks
๐Ÿ‘‰๐Ÿผ Threats to security/privacy/democracy on the Internet

๐Ÿ‘‰๐Ÿผ Find us on Matrix: https://matrix.to/#/!wNywwUkYshTVAFCAzw:matrix.org
Download Telegram
Asians dump WhatsApp for Signal and Telegram on privacy concerns

Facebook risks losing top markets as users look for more-secure alternatives

HONG KONG/NEW DELHI/SINGAPORE --
A theme has been trending on social media over the past week in Hong Kong, which has come increasingly under the watchful eye of Beijing after a national security law imposed on the territory last year.

"We made it from ICQ to MSN, from MSN to WhatsApp. It's not that hard to switch to another app!" The line refers to popular instant messaging tools that have come and gone over past 20 years.

It is an indication that people in the city have joined social media users around the globe in a shift to other messaging platforms because of concerns over privacy, after WhatsApp dismayed many users by rewriting its terms of use on Jan. 6.

The new terms will essentially allow Facebook, WhatsApp's owner, to gain access to certain personal information, such as contact lists, location, financial information and usage data.

Since then, WhatsApp's rivals have seen a record-breaking amount of downloads.

Signal, a private messaging app, logged 7.5 million downloads globally between Jan. 6 and Jan. 10 following endorsements from the likes of Tesla CEO Elon Musk and former U.S. National Security Agency contractor Edward Snowden. That marks a 43-fold increase from the previous week, according to Sensor Tower, an app-analytics company.

https://asia.nikkei.com/Business/Technology/Asians-dump-WhatsApp-for-Signal-and-Telegram-on-privacy-concerns

#whatsapp #DeleteWhatsApp #signal #telegram #privacy #asia
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
The pirate bay, the most censored website in the world, started by kids, run by people with problems with alcohol, drugs and money, still is up after almost 2 decades. Parlor and gab etc have all the money around but no skills or mindset. Embarrassing.

https://nitter.net/brokep/status/1348194329005875203

#piratebay #parler
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Facebook Has Been Showing Military Gear Ads Next To Insurrection Posts

Earlier this week, Facebook employees warned that military product ads were being advertised against news about DC riots. The company did not act.

Facebook has been running ads for body armor, gun holsters, and other military equipment next to content promoting election misinformation and news about the attempted coup at the US Capitol, despite internal warnings from concerned employees.

In the aftermath of an attempted insurrection by President Donald Trumpโ€™s supporters last week at the US Capitol building, Facebook has served up ads for defense products to accounts that follow extremist content, according to the Tech Transparency Project, a nonprofit watchdog group. Those ads โ€” which include New Yearโ€™s specials for specialized body armor plates, rifle enhancements, and shooting targets โ€” were all delivered to a TTP Facebook account used to monitor right-wing content that could incite violence.

Beginning last summer, the Mark Zuckerbergโ€“led company banned pages, groups, and accounts belonging to US-based militant groups, โ€œboogalooโ€ extremists, and those associated with the QAnon mass delusion. But members of those movements quickly found ways around the companyโ€™s policies by renaming their pages or using code names. They continue to proliferate, organize, and advertise on the social network.

These ads for tactical gear, which were flagged internally by employees as potentially problematic, show Facebook has been profiting from content that amplifies political and cultural discord in the US.

https://www.buzzfeednews.com/article/ryanmac/facebook-profits-military-gear-ads-capitol-riot

#facebook #DeleteFacebook #advertising #military #gear #capitol #riot #thinkabout #why
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Apple reportedly scrapped plans to fully secure iCloud backups after FBI intervention

Apple canโ€™t read your device data, but it can read your backups

Apple reportedly dropped plans to fully secure usersโ€™ iPhone and iPad backups after the FBI complained about the initiative, reports Reuters.

Apple devices have a well-deserved reputation for protecting on-device data, but backups made using iCloud are a different matter. This information is encrypted to stop attackers, but Apple holds the keys to decrypt it and shares it with police and governments when legally required.

https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT

https://www.theverge.com/2020/1/21/21075033/apple-icloud-end-to-end-encryption-scrapped-fbi-reuters-report

#apple #icloud #encryption #fbi #thinkabout
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Bellingcat's Online Investigation Toolkit - version 6.6 (Feb.11, 2021)

"Welcome to Bellingcatโ€™s freely available online open source investigation toolkit.

This toolkit includes satellite and mapping services, tools for verifying photos and videos, websites to archive web pages, and much more. Follow Bellingcat's work using many of those tools via the website or through various social media. The group provides workshops to familiarize with the tools and learn open source investigative methods.

Content:

๐Ÿ’ก Maps, Satellites & Streetview
๐Ÿ’ก Location Based Searches
๐Ÿ’ก Image & Video Verification
๐Ÿ’ก Social Media
๐Ÿ’ก Transportation
๐Ÿ’ก Date & Time

๐Ÿ’ก WhoIs, IPs & Website Analysis
๐Ÿ’ก People & Phone Numbers
๐Ÿ’ก Archiving & Downloading
๐Ÿ’ก Company Registries
๐Ÿ’ก Data Visualization
๐Ÿ’ก Online Security & Privacy
๐Ÿ’ก Finding Experts
๐Ÿ’ก Miscellaneous
๐Ÿ’ก Guides & Handbooks

https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit#gid=930747607

#Bellingcat #toolkit #research #collection
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
EXCLUSIVE-Trump administration adds China's Comac, Xiaomi to Chinese military blacklist

WASHINGTON, Jan 14 (Reuters) - The Trump administration on Thursday added nine Chinese firms to a blacklist of alleged Chinese military companies, including planemaker Comac and mobile phone maker Xiaomi, according to a document seen by Reuters.

The companies will be subject to a new U.S. investment ban which forces American investors to divest their holdings of the blacklisted firms by Nov. 11, 2021.

https://www.reuters.com/article/usa-china-comac-military/exclusive-trump-administration-adds-chinas-comac-xiaomi-to-chinese-military-blacklist-idUSL1N2JP233

#trump #usa #china #comac #xiaomi #military #blacklist
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Signal: New Signal groups use Google servers

Some readers have pointed out to me that Signal appears to be using the Google Data Center to create / manage new Signal groups. The domain
storage.signal.org resolves to the IP addresses:

216.239.32.21
216.239.34.21
216.239.36.21
and 216.239.38.21

These addresses belong to Google, Mountain View. The host name of these servers or the Revese lookup also listens to the name any-in-2015.1e100.net.

The question now is, why the group function is linked to Google servers. Especially for privacy-sensitive users Google is a red flag - for a good reason: The sick WWW: Stop using Google Web-Services.

https://www.kuketz-blog.de/signal-neue-signal-gruppen-nutzen-google-server/

#signal #messenger #google #thinkabout #why
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Julian Assange pleaded with Edward Snowden to hide 'where CIA doesn't have influence'

JULIAN ASSANGE delivered a desperate plea to Edward Snowden, a US whistleblower, to seek asylum in Russia as opposed to Latin America, as it was a nation "where the CIA doesn't have influence".

Mr Assange, who founded the news leaks website WikiLeaks, was told today he cannot be extradited to the US during a hearing at the Old Bailey. Judge Vanessa Baraitser said extradition had been refused amid fears Mr Assange could take his own life, a decision the US government said it would appeal. The 49-year-old was indicted by prosecutors in the US over 17 espionage charges, and one allegation of computer misuse, over WikiLeaks' decision to publish leaked military and diplomatic documents ten years ago.

Whistleblower Mr Snowden urged US President Donald Trump to "free Julian Assange", and that he "alone can save his life".

It had previously been reported Mr Trump was "considering" pardoning Mr Assange, but it appears the US will continue its battle to ensure the website editor goes in front of a court in America.

https://www.express.co.uk/news/world/1379409/julian-assange-news-edward-snowden-donald-trump-pardon-cia-wikileaks-nationality-spt

#assange #snowden #cia #usa #russia
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Denuvo Anti-Cheat now available on Steamworks

Denuvoโ€™s Anti-Cheat protection is available to all Valve Steamworks partners

AMSTERDAM, January 18, 2021 โ€“
Denuvo by Irdeto, the leader in video games protection and anti-cheat security, is now available for direct anti-cheat integration through Steamworks, offering security solutions for publishers and developers whose games are available on Steam.

Denuvo has more than two billion unique game protected installs across all platforms, making it one of the leading security providers in the video gaming industry. More than 1,000 games have been secured by Denuvo worldwide, proving Denuvoโ€™s strong understanding of developersโ€™ needs and the gaming landscape. Denuvo offering its services via direct integration through Steamworks makes it easier for developers and publishers to prevent cheating in their competitive multiplayer games.

According to Irdetoโ€™s latest research, 77% of global gamers are likely to abandon a game when cheating occurs, creating a tremendous monetization risk for publishers and developers. By offering its services directly through Steamworks, Denuvo can further its mission of bringing fairness and fun back to gaming by providing security solutions to all developers who want to protect their games and gamers from hackers and cheaters.

https://irdeto.com/news/denuvo-anti-cheat-now-available-on-steamworks/

Earlier post: Why You Should Remove DOOM Eternal from your PC Immediately
https://t.iss.one/BlackBox_Archiv/900

#irdeto #denuvo #anticheat #steamworks
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Degoogling my life

Privacy is a human right, when so much of our life is lived online. In my opinion, the two most evil companies on the planet with a blatant disregard for privacy because it is so fundamental to their business model are: Facebook (and by extension, WhatsApp and Instagram) and Google. A common argument against the need for privacy that I have definitely heard in my family is โ€œbut I have nothing to hideโ€. Well, neither do I and yet so does everyone. Does anyone really appreciate searching on Google for a vacuum cleaner and then seeing photos of vacuum cleaners follow them around all over the web for months afterwards? But I digress: I made a conscious decision to gradually rid myself of Google (Facebook was easier: just delete the app.) to the extant possible.

I spent quite some time researching alternatives to each of Google services, and the list below tabulates what I have settled on. Importantly, I have reached the conclusion that viable (and often superior) alternatives exist. Nothing in life is free: one can pay with oneโ€™s privacy or with cash. It is no surprise this that most of these below are paid services. Personally, I am more than happy to support businesses where I know what I am paying for and my data is not being pilfered to create some Frankensteinian advertising profile on me.

https://thefiringneuron.com/2021/01/17/degoogling-my-life/

#degoogling #google #DeleteGoogle #privacy #thinkabout
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Exclusive: Trump admin slams China's Huawei, halting shipments from Intel, others - sources

NEW YORK/WASHINGTON (Reuters) -
The Trump administration notified Huawei suppliers, including chipmaker Intel, that it is revoking certain licenses to sell to the Chinese company and intends to reject dozens of other applications to supply the telecommunications firm, people familiar with the matter told Reuters.

The action - likely the last against Huawei Technologies under Republican President Donald Trump - is the latest in a long-running effort to weaken the worldโ€™s largest telecommunications equipment maker, which Washington sees as a national security threat.

The notices came amid a flurry of U.S. efforts against China in the final days of Trumpโ€™s administration. Democrat Joe Biden will take the oath of office as president on Wednesday.

Huawei and Intel Corp declined to comment. Commerce said it could not comment on specific licensing decisions, but said the department continues to work with other agencies to โ€œconsistentlyโ€ apply licensing policies in a way that โ€œprotects U.S. national security and foreign policy interests.โ€

https://www.reuters.com/article/us-usa-huawei-tech-exclusive-idUSKBN29M0KD

#usa #china #huawei #intel
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Signal: All communication takes place via tech giants like Amazon, Microsoft, Google and Cloudflare.

At Signal, all communication takes place via various tech giants such as Amazon, Microsoft, Google and Cloudflare. Broken down by domains, the following picture emerges:

โ—๏ธ Amazon: textsecure-service.whispersystems.org, cdn.signal.org, sfu.voip.signal.org
โ—๏ธ Google: storage.signal.org, contentproxy.signal.org
โ—๏ธ Microsoft: api.directory.signal.org, api.backup.signal.org
โ—๏ธ Cloudflare: cdn2.signal.org

Message exchange (textsecure-service.whispersystems.org) is done via Amazon AWS, for example, while Google Data Servers (storage.signal.org) are responsible for creating and managing the groups. This means that all communication is handled via central servers of the tech giants. Especially privacy-sensitive users may be put off by this, which I can understand. However, at least from an IT security perspective, I think the use of the rented servers is negligible, since Signal works with the zero-knowledge principle. Certainly, it would be desirable if the Signal Foundation hosted the servers itself. However, this would not necessarily mean a security gain. Nevertheless, this is a point of criticism, since this naturally also flushes money into the coffers of the tech data octopuses.

https://www.kuketz-blog.de/signal-jegliche-kommunikation-erfolgt-ueber-tech-giganten-wie-amazon-microsoft-google-und-cloudflare/

#signal #messenger #google #amazon #microsoft #thinkabout #why
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Astian Translate: Open Source Translations in Nine Languages

Astian's new translation service competes against proprietary services from Google, Microsoft and Amazon. It is based on the Python software Argos Translate.

With Translate, Astian releases a new translation service that appears as free software. At launch, the program can handle nine languages: English, Spanish, French, German, Italian, Portuguese, Russian, Arabic and Chinese. Automatic input recognition is still experimental.

Users can try out the service on libretranslate.com, which is operated by Astian, but the software can also be deployed on a separate server. The corresponding API can be found on GitHub, including instructions for setup and configuration. However, the Astian server is intended for testing purposes only.

https://astian.org/en/astian-translate-free-and-open-source-translations/

#opensource #translation #astian
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
solomos-ndss21.pdf
576.5 KB
Favicons can be misused for tracking - Persistent Tracking in Modern Browsers

In a research paper, favicons are used for user tracking in browsers. There is no protection against this yet.

Browser manufacturers have increasingly cracked down on tracking techniques that use cookies in recent years. However, a research team at the University of Illinois at Chicago (UIC) has now shown in a study (PDF) that browsers offer a much larger attack surface for abusing their tracking techniques, even if such tracking is not actually intended. The team shows this by means of favicons, which could be converted into so-called supercookies.

https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf

#tracking #favicons #browser #research #supercookies #fingerprinting #pdf
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
How to leave Google and why

You should already know how big tech companies like Google or Facebook are using your private data to make revenue from targeted ads (and sometimes maybe sell it under the hood without your knowledge). There is no secret about data being the most valuable asset on earth now - even exceeding the oil.

Why ?

Some people say "I have nothing to hide, I don't care" which is essentialy ignoring basic human right and making this right worthless to you and very precious to others. We are already living in Cyberpunk era and the world is starting to be led by big organizations rather than governments so let's try to prepare ourselves and start to care about our data.

I think Google and Facebook are particulary bad when it comes to the data - we all heard about Cambridge Analytica and lately about Whatsapp scandal. Removing Facebook account is slightly easier than moving away from your Google account. It's impossible to just toggle some settings and let go your gmail address, google search, photos, youtube - pretty much your entire digital life.

Recently Google changed their policy for storing photos. Starting from July 2021 you won't have unlimited High Quality storage as before rather than 15GB limit. This is still okay in terms of space but the politics behind it is just disgusting. Google was effectively feeding it's photo AI algorithms for face detection and tagging for years now using user data obtained by giving up the service for free. Now when these algorithms got so good and it's almost impossible to make them better and Google don't need users anymore they switched to make some money from the service.

https://jach.me/how-to-leave-google

๐Ÿ’ก https://www.bbc.co.uk/news/technology-46618582

๐Ÿ’ก https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data

๐Ÿ’ก https://www.wired.com/story/google-tracks-you-privacy/

๐Ÿ’ก Degoogling my life
https://t.iss.one/BlackBox_Archiv/1640

#degoogling #google #DeleteGoogle #privacy #thinkabout #why
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Hacker News

Hacker News is a social news website focusing on computer science and entrepreneurship. It is run by Paul Graham's investment fund and startup incubator, Y Combinator. In general, content that can be submitted is defined as "anything that gratifies one's intellectual curiosity."

https://t.iss.one/hackernewslive

๐Ÿ’ก https://news.ycombinator.com/

#hackernews #ycombinator #recommendation
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Congratulations to @DuckDuckGo! We're happy to have you as Tor Browser's default search engine. ๐Ÿฆ† + ๐Ÿง…

https://nitter.net/torproject/status/1351274161763733510?s=19

#tor #duckduckgo #searchengine
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Zuccnet - End-to-end Encrypted Facebook Messenger

Zuccnet is a fork of
https://github.com/mjkaufer/messer, a command-line client for Facebook Messenger. Only difference is, Facebook can't read your messages.

It is known that Facebook scans your messages. If you need to keep using Facebook messenger but care about privacy, Zuccnet might help.

It's pretty simple: you and your friend have Zuccnet installed. Your friend gives you their Zuccnet public key. Then, when you send a message to your friend on Zuccnet, your message is encrypted on your machine before it is sent across Facebook to your friend. Then, your friend's Zuccnet decrypts the message. Facebook never sees the content of your message.

๐Ÿ’ก I'm not a security person and there's probably some stuff I've missed - any contributions are very welcome! This is very beta, don't take it too seriously.

https://github.com/tomquirk/zuccnet#zuccnet

#zuccnet #facebook #DeleteFacebook #messenger #encryption #commandline
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag
Privacy Browser - A web browser that respects your privacy

Privacy Browser has two primary goals.

1.
Minimize the amount of information that is sent to the internet.

2. Minimize the amount of information that is stored on the device.

Most browsers silently give websites massive amounts of information that allows them to track you and compromise your privacy. Websites and ad networks use technologies like JavaScript, cookies, DOM storage, user agents, and many other things to uniquely identify each user and track them between visits and across the web.

In contrast, privacy sensitive features are disabled by default in Privacy Browser. If one of these technologies is required for a website to function correctly, the user may choose to turn it on for just that visit. Or, they can use domain settings to automatically turn on certain features when entering a specific website and turn them off again when leaving.

Privacy Browser currently uses Androidโ€™s built-in WebView to render web pages. As such, it works best when the latest version of WebView is installed (see https://www.stoutner.com/privacy-browser/common-settings/webview/). In the 4.x series, Privacy Browser will switch to a forked version of Androidโ€™s WebView called Privacy WebView that will allow for advanced privacy features.

#privacy #browser #android
๐Ÿ“ก@cRyPtHoN_INFOSEC_DE
๐Ÿ“ก
@cRyPtHoN_INFOSEC_EN
๐Ÿ“ก
@BlackBox_Archiv
๐Ÿ“ก
@NoGoolag