DMCA Complaint Claims Copyright On The Word 'Outstanding', Wants Entries From Top Dictionaries De-Listed From Google

Techdirt readers are by now all too familiar with how broken the DMCA takedown system is. But a recent post on TorrentFreak introduces us to some interesting new examples. It concerns the software review site ThinkMobiles. Apparently, it's a company registered in Ukraine, and many of its authors seem to come from the region -- and nothing wrong with that.

As TorrentFreak notes, ThinkMobiles is very protective of its articles. The Lumen database, which collects and analyzes requests to remove material from the Web, has 376 results for the company, representing many hundreds of potential takedowns. But TorrentFreak spotted that some of the most recent ones are particularly unusual:

https://www.techdirt.com/articles/20210308/09034846381/dmca-complaint-claims-copyright-word-outstanding-wants-entries-top-dictionaries-de-listed-google.shtml

https://lumendatabase.org/faceted_search?sender_name=Thinkmobiles

#dmca #complaint #copyright #FuckDmca
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Autocratization Turns Viral - DEMOCRACY REPORT 2021

V-Dem is a unique approach to measuring democracy – historical, multidimensional, nuanced, and disaggregated – employing state-of-the-art methodology.

Varieties of Democracy (V-Dem) produces the largest global dataset on democracy with almost 30 million data points for 202 countries from 1789 to 2020. Involving over 3,500 scholars and other country experts, V-Dem measures hundreds of different attributes of democracy. V-Dem enables new ways to study the nature, causes, and consequences of democracy embracing its multiple meanings.

https://www.v-dem.net/files/25/DR%202021.pdf

#vdem #worldwide #democracy #report #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

The Robots Are Coming for Phil in Accounting

Workers with college degrees and specialized training once felt relatively safe from automation. They aren’t.

The robots are coming. Not to kill you with lasers, or beat you in chess, or even to ferry you around town in a driverless Uber.

These robots are here to merge purchase orders into columns J and K of next quarter’s revenue forecast, and transfer customer data from the invoicing software to the Oracle database. They are unassuming software programs with names like “Auxiliobits — DataTable To Json String,” and they are becoming the star employees at many American companies.

Some of these tools are simple apps, downloaded from online stores and installed by corporate I.T. departments, that do the dull-but-critical tasks that someone named Phil in Accounting used to do: reconciling bank statements, approving expense reports, reviewing tax forms. Others are expensive, custom-built software packages, armed with more sophisticated types of artificial intelligence, that are capable of doing the kinds of cognitive work that once required teams of highly-paid humans.

White-collar workers, armed with college degrees and specialized training, once felt relatively safe from automation. But recent advances in A.I. and machine learning have created algorithms capable of outperforming doctors, lawyers and bankers at certain parts of their jobs. And as bots learn to do higher-value tasks, they are climbing the corporate ladder.

https://www.nytimes.com/2021/03/06/business/the-robots-are-coming-for-phil-in-accounting.html

#thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

New Algorithm Generates Synthetic Human Genetic Code

They say the fake DNA is indistinguishable from the real thing.

We’ve seen AI algorithms create mostly-believable pictures of people’s headshots, works of art, news articles, and even pokémon. But now a team of scientists is taking things a step further, with an algorithm to generate the entire genetic code of nonexistent people.

Using a type of AI called a Generative Adversarial Network (GAN), in which two algorithms rapidly generate some sort of output, check their work against real-world examples, and refine things as they go, the team has managed to replicate realistic human genomes that they say are indistinguishable from the real thing, according to research first spotted by The Next Web.

Unlike other GAN projects — like those horrifying pokémon — that are meant to be fun little AI oddities, the team of researchers from Estonia’s University of Tartu and France’s Paris-Saclay University who developed the artificial genome project say that their fake genetic sequences have real value as a tool for research geneticists.

They argue in their paper, which was published Thursday in the journal PLOS Genetics, that these DNA codes could help further genetic experimentation — without compromising the privacy of actual people who would need to give up their genetic data.

https://futurism.com/algorithm-generates-synthetic-human-genetic-code

https://thenextweb.com/neural/2021/02/08/this-human-genome-does-not-exist-researchers-taught-an-ai-to-generate-fake-dna/

https://journals.plos.org/plosgenetics/article?id=10.1371/journal.pgen.1009303

#algorithm #ai #synthetic #human #genetic #dna #research
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Swiss Police Raid Apartment of Verkada Hacker, Seize Devices

Swiss authorities raided the apartment Friday of a hacker who claimed credit for breaching the Silicon Valley security camera company Verkada and gaining access to its customers’ surveillance feeds, according to the hacker and a search warrant seen by Bloomberg News.

Tillie Kottmann said their apartment in Lucerne, Switzerland, was raided and that police seized the hacker’s electronic devices. The warrant was based on an alleged hack that took place last year and not on the recent breach of Verkada.

After being notified of the breach by Bloomberg News, Verkada referred the matter to the FBI. The breach exposed live camera feeds of companies like Tesla Inc., as well as hospitals, jails, and schools.

According to a copy of the search warrant provided to Bloomberg News, the search was conducted as part of a U.S criminal case against Kottmann in the Western District of Washington. The warrant requested documents related to hacking as well as information on cryptocurrency holdings. Kottmann has been accused of unauthorized access to protected computers, identify theft, and fraud.

Kottmann has previously claimed credit for hacking carmaker Nissan Motor Co. and leaking documents from U.S. chipmaker Intel Corp.

The search warrant said that the raid was in connection with an FBI investigation into “the hacking of computer databases and the subsequent theft and distribution of information including source code, confidential documents and internal user data.”

https://www.bloomberg.com/news/articles/2021-03-12/swiss-police-raid-apartment-of-verkada-hacker-seize-devices

#swiss #police #raid #hacker #verkada #Kottmann #busted
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

There’s a vexing mystery surrounding the 0-day attacks on Exchange servers

A half-dozen groups exploiting the same 0-days is unusual, if not unprecedented.

The Microsoft Exchange vulnerabilities that allow hackers to take over Microsoft Exchange servers are under attack by no fewer than 10 advanced hacking groups, six of which began exploiting them before Microsoft released a patch, researchers reported Wednesday. That raises a vexing question: how did so many separate threat actors have working exploits before the security flaws became publicly known?

Researchers say that as many as 100,000 mail servers around the world have been compromised, with those for the European Banking Authority and Norwegian Parliament being disclosed in the past few days. Once attackers gain the ability to execute code on the servers, they install web shells, which are browser-based windows that provide a means for remotely issuing commands and executing code.

When Microsoft issued emergency patches on March 2, the company said the vulnerabilities were being exploited in limited and targeted attacks by a state-backed hacking group in China known as Hafnium. On Wednesday, ESET provided a starkly different assessment. Of the 10 groups ESET products have recorded exploiting vulnerable servers, six of those APTs—short for advanced persistent threat actors—began hijacking servers while the critical vulnerabilities were still unknown to Microsoft.

It’s not often that a so-called zero-day vulnerability is exploited by two groups in unison, but it happens. A zero-day under attack by six APTs simultaneously, on the other hand, is highly unusual, if not unprecedented.

https://arstechnica.com/gadgets/2021/03/security-unicorn-exchange-server-0-days-were-exploited-by-6-apts/

#microsoft #exchange #server #attack #zeroday #exploited #apt #hacked #hacking
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

7-Zip developer releases the first official Linux version

An official version of the popular 7-zip archiving program has been released for Linux for the first time.

Linux already had support for the 7-zip archive file format through a POSIX port called p7zip but it was maintained by a different developer.

As the p7zip developer has not maintained their project for 4-5 years, 7-Zip developer Igor Pavlov decided to create a new official Linux version based on the latest 7-Zip source code.

Pavlov has released 7-Zip for Linux in AMD64, ARM64, x86, and armhf versions, which users can download at the following links:

👉🏼 7-Zip for 64-bit Linux x86-64 (AMD64)
👉🏼 7-Zip for 64-bit Linux ARM64
👉🏼 7-Zip for 32-bit Linux x86
👉🏼 7-Zip for 32-bit Linux armhf

This first version of 7-Zip for Linux is released as a console application and has similar, but not identical, command-line arguments as p7zip.

https://sourceforge.net/p/sevenzip/discussion/45797/thread/cec5e63147/

https://www.bleepingcomputer.com/news/software/7-zip-developer-releases-the-first-official-linux-version/

#7zip #sevenzip #official #linux #tools
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

How to Implement DDoS Attack Prevention & Mitigation Without Jeopardizing Latency

TL;DR — With real-time traffic in mind, Subspace can prevent DDoS attacks across any real-time application from occurring without incurring latency and can mitigate attack traffic closer to the source without servers going offline.

Towards the end of 2020, nearly 77% of all DDoS attacks targeted the online gambling and gaming industries, and that number continues to rise.

Online games have traditionally been an easy target, especially compared to traditional web services, as players and attackers alike immediately see the effects. Usually, protection isn’t a priority for newer game titles that aren’t expected to succeed and aren’t initially well-funded. Budgets and resources typically go toward making the game rather than protecting their network.

In addition, gambling is a highly competitive industry that may be susceptible to attacks from rival sites, or those looking to extort companies and their user bases. Online gambling providers, in some instances, may prioritize security, but that does not negate the persistence of those who specifically target gambling apps and services.

Many of these attacks come from weaknesses in protocols designed 30–50 years ago when the internet was a friendlier place, and real-time apps were only a dream. Existing solutions work wonderfully for traditional web traffic that doesn’t require low-latency response times. Real-time gaming and gambling are now a reality, but current DDoS mitigation and protection providers aren’t focused on real-time security. That leaves real-time apps with latency-inducing security protocols or exposed to attacks.

https://subspacepowered.medium.com/how-to-implement-ddos-attack-prevention-mitigation-without-jeopardizing-latency-e8bcdd70a57

#ddos #attack #prevention #mitigation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Tesla investor sues Elon Musk over his tweets

Elon Musk's tweets are driving up stock prices. An investor fears that he is endangering the company's well-being and is suing the Tesla CEO.

Not only the U.S. Securities and Exchange Commission has had enough of Elon Musk's tweets. A Tesla investor fears for the well-being of the company and wants to put an end to the boss' Twitter activities. Chase Gharrity has filed a lawsuit against Elon Musk in the administrative court of the US state of Delaware.

The lawsuit says Musks risks fines and penalties from regulators with his "erratic tweets" and thus falling share prices.

https://www.bloomberglaw.com/public/desktop/document/CONFCOMPLAINTChaseGharrityvElonMusketalDocketNo20210199DelChMar08?1615625301

#ElonMusk #tesla #complaint
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Online platforms: Economic and societal effects

Online platforms such as #Google, #Amazon, and #Facebook play an increasingly central role in the economy and society. They operate as digital intermediaries across interconnected sectors and markets subject to network effects. These firms have grown to an unprecedented scale, propelled by data-driven business models. Online platforms have a massive impact on individual users and businesses, and are recasting the relationships between customers, advertisers, workers and employers.

https://www.europarl.europa.eu/RegData/etudes/STUD/2021/656336/EPRS_STU(2021)656336_EN.pdf

#online #platforms #study #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Mass Extraction: The Widespread Power of U.S. Law Enforcement to Search Mobile Phones

Every day, law enforcement agencies across the country search thousands of cellphones, typically incident to arrest. To search phones, law enforcement agencies use mobile device forensic tools (MDFTs), a powerful technology that allows police to extract a full copy of data from a cellphone — all emails, texts, photos, location, app data, and more — which can then be programmatically searched. As one expert puts it, with the amount of sensitive information stored on smartphones today, the tools provide a “window into the soul.”

This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant. To our knowledge, this is the first time that such records have been widely disclosed.

Every American is at risk of having their phone forensically searched by law enforcement.

https://www.upturn.org/reports/2020/mass-extraction/

💡 Read as well:
https://www.eff.org/deeplinks/2021/03/fbi-should-stop-attacking-encryption-and-tell-congress-about-all-encrypted-phones

#usa #fbi #lawenforcement #massextraction #MDFT #mobilephones #cellphones #encryption #decryption #study #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

After months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app. No wonder they wanted to hide it.

Spying on users has nothing to do with building a great web browser or search engine. We would know (our app is both in one).

https://nitter.nixnet.services/DuckDuckGo/status/1371509053613084679

#duckduckgo #google #DeleteGoogle #personal #data #yourdata
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

$5.7M stolen in Roll crypto heist after hot wallet hacked

A security breach at cryptocurrency platform Roll allowed a hacker to obtain the private key to its hot wallet and steal its contents — worth about $5.7 million.

In a statement, the company said it was investigating the breach, which happened early Sunday.

"As of this writing, it seems like a compromise of the private keys [sic] of our hot wallet and not a bug in the Roll smart contracts or any token contracts," the statement said. Roll said the attacker had already sold the tokens for Ethereum.

"There is no further user action suggested at this stage. We are temporarily disabling withdraw from the Roll wallet of all social money until we have migrated our hot wallet," the statement added.

It's not clear how the attacker broke in and obtained the private key — akin to the password for Roll's hot wallet. Hot wallets are designed to be connected to the internet to send and receive cryptocurrency, but typically only store a fraction of a cryptocurrency owner's total reserves, given the inherent security risk of an internet-connected wallet. A cold wallet, or storage device that isn't connected to the internet, is typically used for holding the bulk of an owner's cryptocurrency for longer-term periods.

https://finance.yahoo.com/news/5-7m-stolen-roll-crypto-141924662.html

https://tryroll.com/security-incident/

#breach #crypto #cryptocurrency #wallet #hacker #attack #tryroll
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Darknet Diaries - EP 87: Guild of the Grumpy Old Hackers

In 2016 the LinkedIn breach data became available to the public. What the Guild of the Grumpy Old Hackers did with it then is quite the story. Listen to Victor, Edwin, and Mattijs tell their story.

https://darknetdiaries.com/episode/87/

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag

The most invasive apps: which apps are sharing your personal data?

Apps form a part of our everyday life. From catching up with our friends to playing games, watching films, investing in stocks and banking, there’s not much we do without them.

But what price do we pay for the ease they offer?

💡Apps can collect and share anything from your personal information and user content, to search and browsing history, to analyse you as a ‘profile’ for themselves and other apps.

https://blog.pcloud.com/invasive-apps/

#invasive #apps #data #sharing #profiling #bigdata #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Computer giant Acer hit by $50 million ransomware attack

Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.

Acer is a Taiwanese electronics and computer maker well-known for laptops, desktops, and monitors. Acer employs approximately 7,000 employees and earned $7.8 billion in 2019.

Yesterday, the ransomware gang announced on their data leak site that they had breached Acer and shared some images of allegedly stolen files as proof.

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack

#acer #ransomware #attack
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Amazon delivery drivers in the US have until tonight to sign this consent form for Amazon to collect their biometric info and use AI-cameras that monitor their location and movement.

If they don't sign, they lose their jobs.

https://twitter.com/LaurenKGurley/status/1374114988391022606

#DeleteAmazon #DickPunchBezos #pleaseshare #thinkabout #why
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Integrate FusionAuth SSO with MongoDB Realm JWT User Authentication using HMAC-SHA256 Shared Secret

Note: This video used HS256 shared secret. However, FusionAuth supports JWKS (https://fusionauth.io/docs/v1/tech/oa... ) and MongoDB supports JWKS too. We've tested JWKS and it works, so it's a better idea to use JWKS and a custom ECDSA-256 asymmetric key.

https://www.youtube.com/watch?v=duE9156DW7M

#fusionauth #mongodb #realm #jwt #sso #authentication #openid #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Triage software in emergency rooms - The next quick fix from Spahn's house.

The Ministry of Health (Germany) wants to introduce software to sort emergency cases in hospitals. But doctors and medical associations fear for the safety of patients.

Overloading the healthcare system is one of the great dangers of the pandemic. But even before Corona, media reports on overcrowded emergency rooms and overworked staff were mounting. The question of how best to distribute the scarce time of emergency personnel among patients seems all the more pressing.

A software program is now to help doctors and nurses decide how quickly and by whom patients need to be treated in the emergency room. This is provided for in a draft law of the Federal Ministry of Health. Hospital staff are to use a computer program to assess symptoms and decide on further care. Less severe cases could thus be referred to a family doctor's office for the next business day.

However, the proposal is strongly opposed by professional associations. A wrong decision by the software could lead to deaths, their introduction is not justifiable. What's more, one study points out that while intensive care beds are currently full, many people are avoiding hospitals because of the pandemic. As a result, emergency rooms are less busy than before, it says. So how come the Federal Ministry of Health is pushing ahead with the controversial reform now?

https://netzpolitik.org/2021/triage-software-in-notaufnahmen-der-naechste-schnellschuss-aus-dem-hause-spahn/

#triage #software #hospitals #emergency #rooms #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

12 years since Operation Aurora. Have we learned anything?

The question that we’re exploring in this interview is whether or not we’ve managed to move the infosec needle since the Chinese government hacked Google back during the Operation Aurora attacks of 2009.

https://risky.biz/soapbox51/

#operation #aurora #china #google #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag

Crystal Web Archiver

Crystal is a program to download websites for long-term archival. It works best on traditional websites made of distinct pages (rather than infinitely scrolling feeds of content) which make limited use of JavaScript. This includes most static websites, blogs, and wikis and excludes most social media sites.

Digital preservation is important

I personally care a lot about digital preservation, which makes it possible to access and enjoy digital content even after it was originally released, substantially beyond the usual lifetime of such works. I’m planning to work on a few projects this year to advance the state of the art in preserving both online sites and old Macintosh programs from the 1990’s. If this topic is also of interest to you, please consider following me on Twitter or RSS. I like hearing from people who have similar interests.

⚠️ This project is beta quality, and in particular requires additional documentation to be realistically usable by most people. If you'd like to take the plunge anyway, please see the "Quickstart" section below.

Download ⬇️

👉🏼 macOS 10.14 and later
👉🏼 Windows 7, 8, 10

https://github.com/davidfstr/Crystal-Web-Archiver#crystal-web-archiver

#CrystalWebArchiver #web #archiver #program #tools
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag