Ransomware gang tries to extort Apple hours ahead of Spring Loaded event
The operators of the REvil ransomware are demanding that Apple pay a ransom demand to avoid having confidential information leaked on the dark web.
The REvil crew claims it came into possession of Apple product data after breaching Quanta Computer, a Taiwanese company that is the biggest laptop manufacturer in the world and which is also one of the companies that assemble official Apple products based on pre-supplied product designs and schematics.
In a message posted on a dark web portal where the ransomware gang usually threatens victims and leaks their data, the REvil gang said that Quanta refused to pay to get its stolen data back and, as a result, the REvil operators have now decided to go after the companyβs primary customer instead.
The REvil gang posted 21 screenshots depicting Macbook schematics and threatened to publish new data every day until Apple or Quanta paid the ransom demand.
Furthermore, the ransomware gang also hinted that the data of other companies might also be leaked online.
βOur team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,β the REvil operators wrote. βWe recommend that Apple buy back the available data by May 1.β
Known customers of Quanta Computer include some of the biggest laptop vendors in the world, such as HP, Dell, Microsoft, Toshiba, LG, Lenovo, and many others.
https://therecord.media/ransomware-gang-tries-to-extort-apple-hours-ahead-of-spring-loaded-event/
https://twitter.com/vxunderground/status/1384529044323008521
#REvil #ransomware #extort #apple #spring #event
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
The operators of the REvil ransomware are demanding that Apple pay a ransom demand to avoid having confidential information leaked on the dark web.
The REvil crew claims it came into possession of Apple product data after breaching Quanta Computer, a Taiwanese company that is the biggest laptop manufacturer in the world and which is also one of the companies that assemble official Apple products based on pre-supplied product designs and schematics.
In a message posted on a dark web portal where the ransomware gang usually threatens victims and leaks their data, the REvil gang said that Quanta refused to pay to get its stolen data back and, as a result, the REvil operators have now decided to go after the companyβs primary customer instead.
The REvil gang posted 21 screenshots depicting Macbook schematics and threatened to publish new data every day until Apple or Quanta paid the ransom demand.
Furthermore, the ransomware gang also hinted that the data of other companies might also be leaked online.
βOur team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,β the REvil operators wrote. βWe recommend that Apple buy back the available data by May 1.β
Known customers of Quanta Computer include some of the biggest laptop vendors in the world, such as HP, Dell, Microsoft, Toshiba, LG, Lenovo, and many others.
https://therecord.media/ransomware-gang-tries-to-extort-apple-hours-ahead-of-spring-loaded-event/
https://twitter.com/vxunderground/status/1384529044323008521
#REvil #ransomware #extort #apple #spring #event
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
therecord.media
Ransomware gang tries to extort Apple hours ahead of Spring Loaded event
The operators of the REvil ransomware are demanding that Apple pay a ransom demand to avoid having confidential information leaked on the dark web.
Auth0 Has been down for almost 4 hours now
Incident Report for Auth0
https://status.auth0.com/
ππΌ https://downtimeproject.com/
ππΌ https://news.ycombinator.com/item?id=26876287
#auth0 #down #incident
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Incident Report for Auth0
https://status.auth0.com/
ππΌ https://downtimeproject.com/
ππΌ https://news.ycombinator.com/item?id=26876287
#auth0 #down #incident
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
SuperTokens
SuperTokens is an open core alternative to proprietary login providers like Auth0 or AWS Cognito. We are different because we offer:
ππΌ Open source: SuperTokens can be used for free, forever, with no limits on the number of users.
ππΌ An on-premises deployment so that you control 100% of your user data, using your own database.
ππΌ An end to end solution with login, sign ups, user and session management, without all the complexities of OAuth protocols.
ππΌ Ease of implementation and higher security.
ππΌ Extensibility: Anyone can contribute and make SuperTokens better!
π‘ Philosophy
Authentication directly affects UX, dev experience and security of any app. We believe that current solutions are unable to optimise for all three "pillars", leading to a large number of applications hand rolling their own auth. This not only leads to security issues, but is also a massive time drain.
We want to change that - we believe the only way is to provide a solution that has the right level of abstraction, gives you maximum control, is secure, and is simple to use - just like if you build it yourself, from scratch (minus the time to learn, build and maintain).
We also believe in the principle of least vendor lockin. Your having full control of your user's data means that you can switch away from SuperTokens without forcing your existing users to logout, reset their passwords or in the worst case, sign up again.
https://github.com/supertokens/supertokens-core
#supertokens #login #provider #alternative #auth0 #opensource
π‘ @nogoolag π‘ @blackbox_archiv
SuperTokens is an open core alternative to proprietary login providers like Auth0 or AWS Cognito. We are different because we offer:
ππΌ Open source: SuperTokens can be used for free, forever, with no limits on the number of users.
ππΌ An on-premises deployment so that you control 100% of your user data, using your own database.
ππΌ An end to end solution with login, sign ups, user and session management, without all the complexities of OAuth protocols.
ππΌ Ease of implementation and higher security.
ππΌ Extensibility: Anyone can contribute and make SuperTokens better!
π‘ Philosophy
Authentication directly affects UX, dev experience and security of any app. We believe that current solutions are unable to optimise for all three "pillars", leading to a large number of applications hand rolling their own auth. This not only leads to security issues, but is also a massive time drain.
We want to change that - we believe the only way is to provide a solution that has the right level of abstraction, gives you maximum control, is secure, and is simple to use - just like if you build it yourself, from scratch (minus the time to learn, build and maintain).
We also believe in the principle of least vendor lockin. Your having full control of your user's data means that you can switch away from SuperTokens without forcing your existing users to logout, reset their passwords or in the worst case, sign up again.
https://github.com/supertokens/supertokens-core
#supertokens #login #provider #alternative #auth0 #opensource
π‘ @nogoolag π‘ @blackbox_archiv
GitHub
GitHub - supertokens/supertokens-core: Open source alternative to Auth0 / Firebase Auth / AWS Cognito
Open source alternative to Auth0 / Firebase Auth / AWS Cognito - GitHub - supertokens/supertokens-core: Open source alternative to Auth0 / Firebase Auth / AWS Cognito
This media is not supported in your browser
VIEW IN TELEGRAM
Facebook Email to profile vulnerability
A video shared with researchers and Motherboard shows a tool linking email addresses to Facebook accounts
A tool lets a user see which email address is linked to a Facebook account even if the Facebook user didn't publicly advertise their address, according to a video sent to various researchers and Motherboard.
The news presents another significant privacy issue for Facebook, which is continuing to face a series of data leaks around phone numbers and other data.
https://twitter.com/UnderTheBreach/status/1384552368512159744
https://www.vice.com/en/article/bvz8pz/tool-finds-facebook-email-addresses
#tool #facebook #DeleteFacebook #poc #email #accounts #video
π‘ @nogoolag π‘ @blackbox_archiv
A video shared with researchers and Motherboard shows a tool linking email addresses to Facebook accounts
A tool lets a user see which email address is linked to a Facebook account even if the Facebook user didn't publicly advertise their address, according to a video sent to various researchers and Motherboard.
The news presents another significant privacy issue for Facebook, which is continuing to face a series of data leaks around phone numbers and other data.
https://twitter.com/UnderTheBreach/status/1384552368512159744
https://www.vice.com/en/article/bvz8pz/tool-finds-facebook-email-addresses
#tool #facebook #DeleteFacebook #poc #email #accounts #video
π‘ @nogoolag π‘ @blackbox_archiv
Castopod Host
Castopod Host is an open-source server made for podcasters who want engage and interact with their audience. Please note that Castopod Host is still under heavy development: it may not be 100% stable and some features are still being developed.
We are a team of entrepreneurs and developers who spent the last ten years developing media content solutions.
We have always been advocates for the open source community, but we coud not find open source solutions for podcasts that suited our needs, so we decided to start The Podlibre Iniative.
The past two decades of organic growth were driven by original audio content producers.
Major digital players and audio content industry are now investing on Podcasts.
Yet, compared to the standards in Social Media and Search Engines, Podcasts - technology, user experience - have not evolved much for the past 20 years.
It is time for all players - Podcasters, Radio Networks, Journalists, Writers and all Voice lovers - to power up podcasts!
https://podlibre.org/tag/castopod-host/
https://code.podlibre.org/podlibre/castopod/-/releases
#castopod #podcast #opensource #alternative
π‘ @nogoolag π‘ @blackbox_archiv
Castopod Host is an open-source server made for podcasters who want engage and interact with their audience. Please note that Castopod Host is still under heavy development: it may not be 100% stable and some features are still being developed.
We are a team of entrepreneurs and developers who spent the last ten years developing media content solutions.
We have always been advocates for the open source community, but we coud not find open source solutions for podcasts that suited our needs, so we decided to start The Podlibre Iniative.
The past two decades of organic growth were driven by original audio content producers.
Major digital players and audio content industry are now investing on Podcasts.
Yet, compared to the standards in Social Media and Search Engines, Podcasts - technology, user experience - have not evolved much for the past 20 years.
It is time for all players - Podcasters, Radio Networks, Journalists, Writers and all Voice lovers - to power up podcasts!
https://podlibre.org/tag/castopod-host/
https://code.podlibre.org/podlibre/castopod/-/releases
#castopod #podcast #opensource #alternative
π‘ @nogoolag π‘ @blackbox_archiv
Tracking the WhatsApp habits of 5000 random Smartphones
In the previous blog post, we have seen that this is quite simple to hack the WhatsApp online status of a contact. A simple Online or last seen yesterday at 19:00 insight can be reverse engineered to leak phone habits at a couple of seconds accuracy.
βΌοΈ There is an even more silly thing not mentioned yet: You can track any mobile phone ! So letβs play and scale to track 5000 random numbers.
Like previously, I am sharing the source code as a PROOF OF CONCEPT. You can jump straight to the end if you are more curious about the results than by the technical stuff Iβm about to resume. We are reusing the previous code with Node.js, Puppeteer & Grafana.
https://jorislacance.fr/blog/2021/04/16/whatsapp-tracking-2
π‘ Hack the WhatsApp status to track contacts
https://jorislacance.fr/blog/2020/04/01/whatsapp-tracking
π‘ How a WhatsApp status loophole is aiding cyberstalkers
https://t.iss.one/BlackBox_Archiv/2018
π‘ Sudden New Warning Will Surprise Millions Of WhatsApp Users
https://t.iss.one/BlackBox_Archiv/1987
π‘ All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.iss.one/BlackBox_Archiv/2042
#DeleteWhatsapp #user #tracking #whatsapp #thinkabout #change
π‘ @nogoolag π‘ @blackbox_archiv
In the previous blog post, we have seen that this is quite simple to hack the WhatsApp online status of a contact. A simple Online or last seen yesterday at 19:00 insight can be reverse engineered to leak phone habits at a couple of seconds accuracy.
βΌοΈ There is an even more silly thing not mentioned yet: You can track any mobile phone ! So letβs play and scale to track 5000 random numbers.
Like previously, I am sharing the source code as a PROOF OF CONCEPT. You can jump straight to the end if you are more curious about the results than by the technical stuff Iβm about to resume. We are reusing the previous code with Node.js, Puppeteer & Grafana.
https://jorislacance.fr/blog/2021/04/16/whatsapp-tracking-2
π‘ Hack the WhatsApp status to track contacts
https://jorislacance.fr/blog/2020/04/01/whatsapp-tracking
π‘ How a WhatsApp status loophole is aiding cyberstalkers
https://t.iss.one/BlackBox_Archiv/2018
π‘ Sudden New Warning Will Surprise Millions Of WhatsApp Users
https://t.iss.one/BlackBox_Archiv/1987
π‘ All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.iss.one/BlackBox_Archiv/2042
#DeleteWhatsapp #user #tracking #whatsapp #thinkabout #change
π‘ @nogoolag π‘ @blackbox_archiv
Joris La Cancellera
Tracking the WhatsApp habits of 5000 random Smartphones | Joris La Cancellera
Portfolio of Joris La Cancellera. Hacker on various things.
OpenSourceInsecurity.pdf
443.4 KB
On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits
In this paper, we instead investigate the insecurity of OSS from a critical perspectiveβthe feasibility of stealthily introducing vulnerabilities in OSS via hypocrite commits (i.e., seemingly beneficial commits that in fact introduce other critical issues).
The introduced vulnerabilities are critical because they may be stealthily exploited to impact massive devices.
https://github.com/QiushiWu/qiushiwu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
#opensource #security #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
In this paper, we instead investigate the insecurity of OSS from a critical perspectiveβthe feasibility of stealthily introducing vulnerabilities in OSS via hypocrite commits (i.e., seemingly beneficial commits that in fact introduce other critical issues).
The introduced vulnerabilities are critical because they may be stealthily exploited to impact massive devices.
https://github.com/QiushiWu/qiushiwu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
#opensource #security #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (Interesting quotes and conclusion)
π‘ All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.iss.one/BlackBox_Archiv/2042
Both WhatsApp and Telegram transmit the contacts of users in clear text to their servers (but encrypted during transit), where they are stored to allow the services to push updates (such as newly registered contacts) to the clients. WhatsApp stores phone numbers of its users in clear text on the server, while phone numbers not registered with WhatsApp are MD5-hashed with the country prefix prepended (according to court documents from 2014 [2]).
Signal does not store contacts on the server. Instead, each client periodically sends hashes of the phone numbers stored in the address book to the service, which matches them against the list of registered users and responds with the intersection. The different procedures illustrate a trade-off between usability and privacy: the approach of WhatsApp and Telegram can provide faster updates to the user with less communication overhead, but needs to store sensitive data on the servers.
π‘Signal:
Our script for Signal uses 100 accounts over 25 daysto check all 505 million mobile phone numbers in the US. Our results show that Signal currently has 2.5 million users registered in the US, of which 82.3 % have set an encrypted user name, and 47.8 % use an encrypted profile picture. We also cross-checked with WhatsApp to see if Signal users differ in their use of public profile pictures, and found that 42.3 % of Signal users are also registered on WhatsApp (cf. Tab. IV), and 46.3 % of them have a public profile picture there. While this is slightly lower than the average for WhatsApp users (49.6 %), it is not sufficient to indicate an increased privacy-awareness of Signalβs users, at least for profile pictures.
π‘Telegram:
For Telegram we use 20 accounts running for 20 days on random US mobile phone numbers. Since Telegramβs rate limits are very strict, only 100,000 numbers were checked during that time: 0.9 % of those are registered and 41.9 % have a non-zero importer_count. These numbers have a higher probability than random ones to be present on other messengers, with 20.2 % of the numbers being registered with WhatsApp and 1.1 % registered with Signal, compared to the average success rates of 9.8 % and 0.9 %, respectively. Of the discovered Telegram users, 44 % of the crawled users have at least one public profile picture, with 2 % of users having more than 10 pictures available.
π‘ Comparison WhatsApp | Signal | Telegram:
With its focus on privacy, Signal excels in exposing almost no information about registered users, apart from their phone number. In contrast, WhatsApp exposes profile pictures and the About text for registered numbers, and requires users to opt-out of sharing this data by changing the default settings. Our results show that only half of all US users prevent such sharing by either not uploading an image or changing the settings. Telegram behaves even worse: it allows crawling multiple images and also additional information for each user. The importer_count offered by its API even provides information about users not registered with the service. This can help attackers to acquire likely active numbers, which can be searched on other platforms.
π‘ Conclusion:
Mobile contact discovery is a challenging topic for privacy researchers in many aspects. In this paper, we took an attackerβs perspective and scrutinized currently deployed contact discovery services of three popular mobile messengers: WhatsApp, Signal, and Telegram. We revisited known attacks and using novel techniques we quantified the efforts required for curious serv[...]
#contact #messenger #telegram #whatsapp #signal #crawling #attacks #comment #conclusion
π‘ @nogoolag π‘ @blackbox_archiv
π‘ All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.iss.one/BlackBox_Archiv/2042
Both WhatsApp and Telegram transmit the contacts of users in clear text to their servers (but encrypted during transit), where they are stored to allow the services to push updates (such as newly registered contacts) to the clients. WhatsApp stores phone numbers of its users in clear text on the server, while phone numbers not registered with WhatsApp are MD5-hashed with the country prefix prepended (according to court documents from 2014 [2]).
Signal does not store contacts on the server. Instead, each client periodically sends hashes of the phone numbers stored in the address book to the service, which matches them against the list of registered users and responds with the intersection. The different procedures illustrate a trade-off between usability and privacy: the approach of WhatsApp and Telegram can provide faster updates to the user with less communication overhead, but needs to store sensitive data on the servers.
π‘Signal:
Our script for Signal uses 100 accounts over 25 daysto check all 505 million mobile phone numbers in the US. Our results show that Signal currently has 2.5 million users registered in the US, of which 82.3 % have set an encrypted user name, and 47.8 % use an encrypted profile picture. We also cross-checked with WhatsApp to see if Signal users differ in their use of public profile pictures, and found that 42.3 % of Signal users are also registered on WhatsApp (cf. Tab. IV), and 46.3 % of them have a public profile picture there. While this is slightly lower than the average for WhatsApp users (49.6 %), it is not sufficient to indicate an increased privacy-awareness of Signalβs users, at least for profile pictures.
π‘Telegram:
For Telegram we use 20 accounts running for 20 days on random US mobile phone numbers. Since Telegramβs rate limits are very strict, only 100,000 numbers were checked during that time: 0.9 % of those are registered and 41.9 % have a non-zero importer_count. These numbers have a higher probability than random ones to be present on other messengers, with 20.2 % of the numbers being registered with WhatsApp and 1.1 % registered with Signal, compared to the average success rates of 9.8 % and 0.9 %, respectively. Of the discovered Telegram users, 44 % of the crawled users have at least one public profile picture, with 2 % of users having more than 10 pictures available.
π‘ Comparison WhatsApp | Signal | Telegram:
With its focus on privacy, Signal excels in exposing almost no information about registered users, apart from their phone number. In contrast, WhatsApp exposes profile pictures and the About text for registered numbers, and requires users to opt-out of sharing this data by changing the default settings. Our results show that only half of all US users prevent such sharing by either not uploading an image or changing the settings. Telegram behaves even worse: it allows crawling multiple images and also additional information for each user. The importer_count offered by its API even provides information about users not registered with the service. This can help attackers to acquire likely active numbers, which can be searched on other platforms.
π‘ Conclusion:
Mobile contact discovery is a challenging topic for privacy researchers in many aspects. In this paper, we took an attackerβs perspective and scrutinized currently deployed contact discovery services of three popular mobile messengers: WhatsApp, Signal, and Telegram. We revisited known attacks and using novel techniques we quantified the efforts required for curious serv[...]
#contact #messenger #telegram #whatsapp #signal #crawling #attacks #comment #conclusion
π‘ @nogoolag π‘ @blackbox_archiv
Telegram
BlackBox (Security) Archiv
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues existβ¦
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues existβ¦
Chinaβs social credit program creeps into Canada
Vancouver, British Columbia, Canada: Chinaβs Orwellian βsocial credit systemβ that records the social and financial behaviour of individuals and corporations across China, using a vast surveillance system, has expanded globally, and is now openly operational at the renowned Haidilao hot pot restaurant, in Western Canada.
Ryan Pan, a manager with Haidilao Hot Pot in Vancouver confirmed that over 60 surveillance cameras have been installed in the restaurant at the request of the Haidilao corporation, as part of the social credit system in China. He said that the Vancouver location has 30 tables with two cameras assigned to each table.
When asked specifically why Haidilao required so many cameras to monitor staff and patrons, Ryan Pan said that the cameras were installed to βpunishβ staff if they didnβt adhere to corporate standards and to βpeople trackβ. Pan also said that the video is sent back to China but declined to say why this was, other than to say the reason for this was βsecret.β
Founded in Sichuan, China, the Haidilao opened up at two locations in the Vancouver region, the most recent of which was opened in 2018 in a former Swiss Chalet restaurant in the trendy Kitsilano district of Vancouver. The location is within walking distance of the home rented by Huawei for staff temporarily re-located to Vancouver to assist Meng Wanzhou, the chief financial officer (CFO) of the telecom giant. Following her arrest and hearing over a provisional US extradition request for fraud and conspiracy to commit fraud in order to circumvent US sanctions against Iran. The Haidilao location is no more than 10 minutes to Meng Wanzhouβs mansion and the Peoples Republic of China Consulate. Haidilao has over 935 locations around the world and more than 36 million VIP members and 60,000 plus staff.
We reached out to Ivy Li, with the Canadian Friends of Hong Kong, who is a well-known public speaker, writer and activist on matters related to China and pro-democracy, to ask why Canadians should be concerned that Chinaβs social credit system is now operational in Canada.
https://www.sundayguardianlive.com/news/chinas-social-credit-program-creeps-canada
#canada #vancouver #china #surveillance #social #scoring
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Vancouver, British Columbia, Canada: Chinaβs Orwellian βsocial credit systemβ that records the social and financial behaviour of individuals and corporations across China, using a vast surveillance system, has expanded globally, and is now openly operational at the renowned Haidilao hot pot restaurant, in Western Canada.
Ryan Pan, a manager with Haidilao Hot Pot in Vancouver confirmed that over 60 surveillance cameras have been installed in the restaurant at the request of the Haidilao corporation, as part of the social credit system in China. He said that the Vancouver location has 30 tables with two cameras assigned to each table.
When asked specifically why Haidilao required so many cameras to monitor staff and patrons, Ryan Pan said that the cameras were installed to βpunishβ staff if they didnβt adhere to corporate standards and to βpeople trackβ. Pan also said that the video is sent back to China but declined to say why this was, other than to say the reason for this was βsecret.β
Founded in Sichuan, China, the Haidilao opened up at two locations in the Vancouver region, the most recent of which was opened in 2018 in a former Swiss Chalet restaurant in the trendy Kitsilano district of Vancouver. The location is within walking distance of the home rented by Huawei for staff temporarily re-located to Vancouver to assist Meng Wanzhou, the chief financial officer (CFO) of the telecom giant. Following her arrest and hearing over a provisional US extradition request for fraud and conspiracy to commit fraud in order to circumvent US sanctions against Iran. The Haidilao location is no more than 10 minutes to Meng Wanzhouβs mansion and the Peoples Republic of China Consulate. Haidilao has over 935 locations around the world and more than 36 million VIP members and 60,000 plus staff.
We reached out to Ivy Li, with the Canadian Friends of Hong Kong, who is a well-known public speaker, writer and activist on matters related to China and pro-democracy, to ask why Canadians should be concerned that Chinaβs social credit system is now operational in Canada.
https://www.sundayguardianlive.com/news/chinas-social-credit-program-creeps-canada
#canada #vancouver #china #surveillance #social #scoring
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
The Sunday Guardian Live
Chinaβs social credit program creeps into Canada
Chinaβs surveillance system of βsocial creditβ has expanded globally and is now openly operational in Western Canada. Vancouver, British Columbia, Canada: Chinaβs Orwellian βsocial credit systemβ that records the social and financial behaviour of individualsβ¦
Not Your Usual Supply Chain Hack: The Codecov Bash Uploader Blunder
We all know about the SolarWinds supply chain hack. But, while smaller in scope, Codecovβs Bash Uploader Security supply chain failure is also a record-setter. And, this is not a record anyone wants to break.
Months after their code was busted Codecov only discovered the foul-up, thanks to a security-conscious user. He checked the Secure Hash Algorithm 1 (SHA-1) checksum for the Github version of Codecov Bash Uploader and the SHA-1 checksum for the downloaded Bash Uploader version with shasum β a Linux program that calculates and verifies SHA-1 hashes β and found they didnβt match. In other words, they were not the same program.
Whoops!
Codecov is a reporting tool that inserts coverage metrics directly into continuous integration (CI) workflows. Its job is to watch for coding problems while running test suites. It especially looks in pull requests where new features and bug fixes are usually found and new bugs and problems often pop up.
Bash Uploaderβs task is to export usersβ CI environmental data. This includes any credentials, tokens, or keys users were working within their CI runner when the Bash Uploader script was executed. Thatβs already dangerous enough because its name is perfectly descriptive. Bash Uploader uses the Bash shell and curl to upload unencrypted environmental data to Codecov. And, oh yes, to the attackerβs server as well.
https://thenewstack.io/not-your-usual-supply-chain-hack-the-codecov-bash-uploader-blunder/
π‘ Read as well ...
https://t.iss.one/cRyPtHoN_INFOSEC_EN/15695
#supplychain #hack #codecov
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
We all know about the SolarWinds supply chain hack. But, while smaller in scope, Codecovβs Bash Uploader Security supply chain failure is also a record-setter. And, this is not a record anyone wants to break.
Months after their code was busted Codecov only discovered the foul-up, thanks to a security-conscious user. He checked the Secure Hash Algorithm 1 (SHA-1) checksum for the Github version of Codecov Bash Uploader and the SHA-1 checksum for the downloaded Bash Uploader version with shasum β a Linux program that calculates and verifies SHA-1 hashes β and found they didnβt match. In other words, they were not the same program.
Whoops!
Codecov is a reporting tool that inserts coverage metrics directly into continuous integration (CI) workflows. Its job is to watch for coding problems while running test suites. It especially looks in pull requests where new features and bug fixes are usually found and new bugs and problems often pop up.
Bash Uploaderβs task is to export usersβ CI environmental data. This includes any credentials, tokens, or keys users were working within their CI runner when the Bash Uploader script was executed. Thatβs already dangerous enough because its name is perfectly descriptive. Bash Uploader uses the Bash shell and curl to upload unencrypted environmental data to Codecov. And, oh yes, to the attackerβs server as well.
https://thenewstack.io/not-your-usual-supply-chain-hack-the-codecov-bash-uploader-blunder/
π‘ Read as well ...
https://t.iss.one/cRyPtHoN_INFOSEC_EN/15695
#supplychain #hack #codecov
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
The New Stack
Not Your Usual Supply Chain Hack: The Codecov Bash Uploader Blunder
We all know about the SolarWinds supply chain hack. But, while smaller in scope, Codecov's Bash Uploader Security supply chain failure is also a record-setter. And, this is not a record anyone wants to break. Months after their code was busted Codecov onlyβ¦
Audio
Wikinews discusses DRM and DMCA with Richard Stallman after GitHub re-enables public access to youtube-dl
Interview with Richard Stallman about the harms of DRM and DMCA 1201
https://en.wikinews.org/wiki/Wikinews_discusses_DRM_and_DMCA_with_Richard_Stallman_after_GitHub_re-enables_public_access_to_youtube-dl
#freesoftware #stallman #drm #dmca #youtubedl #github #interview #mp3
π@cRyPtHoN_INFOSEC_FR
π@cRyPtHoN_INFOSEC_EN
π@cRyPtHoN_INFOSEC_DE
π@BlackBox_Archiv
π@NoGoolag
Interview with Richard Stallman about the harms of DRM and DMCA 1201
https://en.wikinews.org/wiki/Wikinews_discusses_DRM_and_DMCA_with_Richard_Stallman_after_GitHub_re-enables_public_access_to_youtube-dl
#freesoftware #stallman #drm #dmca #youtubedl #github #interview #mp3
π@cRyPtHoN_INFOSEC_FR
π@cRyPtHoN_INFOSEC_EN
π@cRyPtHoN_INFOSEC_DE
π@BlackBox_Archiv
π@NoGoolag
In epic hack, Signal developer turns the tables on forensics firm Cellebrite
Widely used forensic software can be exploited to infect investigators' computers.
For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspikeβthe brainchild behind the Signal messaging appβhas turned the tables.
On Wednesday, Marlinspike published a post that reported vulnerabilities in Cellebrite software that allowed him to execute malicious code on the Windows computer used to analyze a device. The researcher and software engineer exploited the vulnerabilities by loading specially formatted files that can be embedded into any app installed on the device.
Cellebrite provides two software packages: The UFED breaks through locks and encryption protections to collect deleted or hidden data, and separate Physical Analyzer uncovers digital evidence (βtrace eventsβ).
To do their job, both pieces of Cellebrite software must parse all kinds of untrusted data stored on the device being analyzed. Typically, software that is this promiscuous undergoes all kinds of security hardening to detect and fix any memory-corruption or parsing vulnerabilities that might allow hackers to execute malicious code.
βLooking at both UFED and Physical Analyzer, though, we were surprised to find that very little care seems to have been given to Cellebriteβs own software security,β Marlinspike wrote. βIndustry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.β
https://arstechnica.com/information-technology/2021/04/in-epic-hack-signal-developer-turns-the-tables-on-forensics-firm-cellebrite/
https://signal.org/blog/cellebrite-vulnerabilities/
#signal #hack #forensics #cellebrite #israel #vulnerabilities
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Widely used forensic software can be exploited to infect investigators' computers.
For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspikeβthe brainchild behind the Signal messaging appβhas turned the tables.
On Wednesday, Marlinspike published a post that reported vulnerabilities in Cellebrite software that allowed him to execute malicious code on the Windows computer used to analyze a device. The researcher and software engineer exploited the vulnerabilities by loading specially formatted files that can be embedded into any app installed on the device.
Cellebrite provides two software packages: The UFED breaks through locks and encryption protections to collect deleted or hidden data, and separate Physical Analyzer uncovers digital evidence (βtrace eventsβ).
To do their job, both pieces of Cellebrite software must parse all kinds of untrusted data stored on the device being analyzed. Typically, software that is this promiscuous undergoes all kinds of security hardening to detect and fix any memory-corruption or parsing vulnerabilities that might allow hackers to execute malicious code.
βLooking at both UFED and Physical Analyzer, though, we were surprised to find that very little care seems to have been given to Cellebriteβs own software security,β Marlinspike wrote. βIndustry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.β
https://arstechnica.com/information-technology/2021/04/in-epic-hack-signal-developer-turns-the-tables-on-forensics-firm-cellebrite/
https://signal.org/blog/cellebrite-vulnerabilities/
#signal #hack #forensics #cellebrite #israel #vulnerabilities
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Ars Technica
In epic hack, Signal developer turns the tables on forensics firm Cellebrite
Widely used forensic software can be exploited to infect investigators' computers.
Hereβs Why University of Minnesota is Getting Banned from Contributing to Linux Kernel Code
Trolling Linux kernel maintainers first and then playing victim. Greg Kroah-Hartman had enough of these university researchers.
It all started with a seemingly innocent patch to the Linux kernel on the 6th April, 2021. A Ph.D. candidate at University of Minnesota submitted this really small patch:
https://news.itsfoss.com/hypocrite-commits/
π‘ Read as well (PDF) - Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits
https://t.iss.one/BlackBox_Archiv/2068
#opensource #security #minnesota #university #trolling
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Trolling Linux kernel maintainers first and then playing victim. Greg Kroah-Hartman had enough of these university researchers.
It all started with a seemingly innocent patch to the Linux kernel on the 6th April, 2021. A Ph.D. candidate at University of Minnesota submitted this really small patch:
https://news.itsfoss.com/hypocrite-commits/
π‘ Read as well (PDF) - Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits
https://t.iss.one/BlackBox_Archiv/2068
#opensource #security #minnesota #university #trolling
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
It's FOSS News
Here's Why University of Minnesota is Getting Banned From Contributing to Linux Kernel Code
It all started with a seemingly innocent patch to the Linux kernel on the 6th April, 2021. A Ph.D. candidate at University of Minnesota submitted this really small patch:
Since the patch was simple and seemed to improve the code quality, it got greenβ¦
Since the patch was simple and seemed to improve the code quality, it got greenβ¦
Russian intelligence agency SVR sets up dark web whistleblowing platform
The SVR, Russiaβs main intelligence service, has deployed a system similar to the SecureDrop whistleblowing platform to allow Russians living abroad to safely send anonymous tips via the Tor network about national security threats.
βIf you are outside Russia and have important information regarding urgent threats to the security of the Russian Federation, you can safely and anonymously share it with us via the virtual reception system (VRS) of the SVR over the TOR network,β the Russian Foreign Intelligence Service (SVR) says in a page on its official website.
The SVRβs new Tor site is located at:
svrgovru24yd42e6mmrnohzs37hb35yqeulvmvkc76e3drb75gs4qrid.onion
https://therecord.media/russian-intelligence-agency-svr-sets-up-dark-web-whistleblowing-platform/
#russia #svr #whistleblowing #platform #tor
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
The SVR, Russiaβs main intelligence service, has deployed a system similar to the SecureDrop whistleblowing platform to allow Russians living abroad to safely send anonymous tips via the Tor network about national security threats.
βIf you are outside Russia and have important information regarding urgent threats to the security of the Russian Federation, you can safely and anonymously share it with us via the virtual reception system (VRS) of the SVR over the TOR network,β the Russian Foreign Intelligence Service (SVR) says in a page on its official website.
The SVRβs new Tor site is located at:
svrgovru24yd42e6mmrnohzs37hb35yqeulvmvkc76e3drb75gs4qrid.onion
https://therecord.media/russian-intelligence-agency-svr-sets-up-dark-web-whistleblowing-platform/
#russia #svr #whistleblowing #platform #tor
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
The Record
Russian intelligence agency SVR sets up dark web whistleblowing platform
The SVR, Russia's main intelligence service, has deployed a system similar to the SecureDrop whistleblowing platform to allow Russians living abroad to safely send anonymous tips via the Tor network about national security threats.
UK.gov wants mobile makers to declare death dates for their new devices from launch
IoT security plan suddenly thrusts into the mainstream
Phone, tablet, and IoT gadget makers will have to state when they'll stop providing security updates for new devices entering the market, the UK's Department for Culture, Media and Sport (DCMS) vowed this morning.
Today's pledge would see existing plans for internet-connected tat extended to smartphones and tablets, which is a large step for a scheme originally put together for landfill Internet-of-Things devices such as webcams.
Digital Infrastructure Minister Matt Warman said in a canned statement: "Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems."
The Β£70m Secure by Design plan has been telegraphed by the DCMS for years, though today's extension to everyday smartphones is notable.
On top of this, smart device makers will also be banned from publishing default admin passwords for their wares. Such admin passwords are a standard method for digital crims to break into a device or the network to which it is connected.
A government-sponsored study from University College London two years ago, highlighted today by DCMS, said typical IoT devices come with no crime prevention advice, which is presumably the sort of finding that UK.gov enjoys seeing public money poured into.
https://www.theregister.com/2021/04/21/ukgov_death_dates_smartphones_iot_security/
#smartphones #iot #security #updates
π‘ @nogoolag π‘ @blackbox_archiv
IoT security plan suddenly thrusts into the mainstream
Phone, tablet, and IoT gadget makers will have to state when they'll stop providing security updates for new devices entering the market, the UK's Department for Culture, Media and Sport (DCMS) vowed this morning.
Today's pledge would see existing plans for internet-connected tat extended to smartphones and tablets, which is a large step for a scheme originally put together for landfill Internet-of-Things devices such as webcams.
Digital Infrastructure Minister Matt Warman said in a canned statement: "Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems."
The Β£70m Secure by Design plan has been telegraphed by the DCMS for years, though today's extension to everyday smartphones is notable.
On top of this, smart device makers will also be banned from publishing default admin passwords for their wares. Such admin passwords are a standard method for digital crims to break into a device or the network to which it is connected.
A government-sponsored study from University College London two years ago, highlighted today by DCMS, said typical IoT devices come with no crime prevention advice, which is presumably the sort of finding that UK.gov enjoys seeing public money poured into.
https://www.theregister.com/2021/04/21/ukgov_death_dates_smartphones_iot_security/
#smartphones #iot #security #updates
π‘ @nogoolag π‘ @blackbox_archiv
The Register
UK.gov wants mobile makers to declare death dates for their new devices from launch
IoT security plan suddenly thrusts into the mainstream
π1
Phantom Malware.pdf
1.8 MB
Phantom Malware: Conceal Malicious Actions From Malware Detection Techniques by Imitating User Activity
State of the art malware detection techniques only consider the interaction of programs with the operating systemβs API (system calls) for malware classification. This paper demonstrates that techniques like these are insufficient. A point that is overlooked by the currently existing techniques is presented in this paper: Malware is able to interact with windows providing the corresponding functionality in order to execute the desired action by mimicking user activity. In other words, harmful actions will be masked as simulated user actions.
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9186656#fghj7
#phantom #malware #detection #antivirus #windows #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
State of the art malware detection techniques only consider the interaction of programs with the operating systemβs API (system calls) for malware classification. This paper demonstrates that techniques like these are insufficient. A point that is overlooked by the currently existing techniques is presented in this paper: Malware is able to interact with windows providing the corresponding functionality in order to execute the desired action by mimicking user activity. In other words, harmful actions will be masked as simulated user actions.
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9186656#fghj7
#phantom #malware #detection #antivirus #windows #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Media is too big
VIEW IN TELEGRAM
I Made A Water Computer And It Actually Works
Computers add numbers together using logic gates built out of transistors. But they don't have to be! They can be built out of greedy cup siphons instead! I used specially designed siphones to works as XOR and AND gates and chained them together so they add 4 digit binary numbers.
https://www.youtube.com/watch?v=IxXaizglscw
#water #computer #video
π½@cRyPtHoN_INFOSEC_FR
π½@cRyPtHoN_INFOSEC_EN
π½@cRyPtHoN_INFOSEC_DE
π½@BlackBox_Archiv
π½@NoGoolag
Computers add numbers together using logic gates built out of transistors. But they don't have to be! They can be built out of greedy cup siphons instead! I used specially designed siphones to works as XOR and AND gates and chained them together so they add 4 digit binary numbers.
https://www.youtube.com/watch?v=IxXaizglscw
#water #computer #video
π½@cRyPtHoN_INFOSEC_FR
π½@cRyPtHoN_INFOSEC_EN
π½@cRyPtHoN_INFOSEC_DE
π½@BlackBox_Archiv
π½@NoGoolag
Appleβs AirDrop leaks usersβ PII, and thereβs not much they can do about it
Apple has known of the flaw since 2019 but has yet to acknowledge or fix it.
AirDrop, the feature that allows Mac and iPhone users to wirelessly transfer files between devices, is leaking user emails and phone numbers, and there's not much anyone can do to stop it other than to turn it off, researchers said.
AirDrop uses Wi-Fi and Bluetooth Low Energy to establish direct connections with nearby devices so they can beam pictures, documents, and other things from one iOS or macOS device to another. One mode allows only contacts to connect, a second allows anyone to connect, and the last allows no connections at all.
A matter of milliseconds
To determine if the device of a would-be sender should connect with other nearby devices, AirDrop broadcasts Bluetooth advertisements that contain a partial cryptographic hash of the sender's phone number and email address. If any of the truncated hashes matches any phone number or email address in the address book of the receiving device or the device is set to receive from everyone, the two devices will engage in a mutual authentication handshake over Wi-Fi. During the handshake, the devices exchange the full SHA-256 hashes of the owners' phone numbers and email addresses.
Hashes, of course, can't be converted back into the cleartext that generated them, but depending on the amount of entropy or randomness in the cleartext, they are often possible to figure out. Hackers do this by performing a "brute-force attack," which throws huge numbers of guesses and waits for the one that generates the sought-after hash. The less the entropy in the cleartext, the easier it is to guess or crack, since there are fewer possible candidates for an attacker to try.
The amount of entropy in a phone number is so minimal that this cracking process is trivial since it takes milliseconds to look up a hash in a precomputed database containing results for all possible phone numbers in the world. While many email addresses have more entropy, they too can be cracked using the billions of email addresses that have appeared in database breaches over the past 20 years.
https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it
#apple #mac #iphone #airdrop #vulnerability
π‘ @nogoolag π‘ @blackbox_archiv
Apple has known of the flaw since 2019 but has yet to acknowledge or fix it.
AirDrop, the feature that allows Mac and iPhone users to wirelessly transfer files between devices, is leaking user emails and phone numbers, and there's not much anyone can do to stop it other than to turn it off, researchers said.
AirDrop uses Wi-Fi and Bluetooth Low Energy to establish direct connections with nearby devices so they can beam pictures, documents, and other things from one iOS or macOS device to another. One mode allows only contacts to connect, a second allows anyone to connect, and the last allows no connections at all.
A matter of milliseconds
To determine if the device of a would-be sender should connect with other nearby devices, AirDrop broadcasts Bluetooth advertisements that contain a partial cryptographic hash of the sender's phone number and email address. If any of the truncated hashes matches any phone number or email address in the address book of the receiving device or the device is set to receive from everyone, the two devices will engage in a mutual authentication handshake over Wi-Fi. During the handshake, the devices exchange the full SHA-256 hashes of the owners' phone numbers and email addresses.
Hashes, of course, can't be converted back into the cleartext that generated them, but depending on the amount of entropy or randomness in the cleartext, they are often possible to figure out. Hackers do this by performing a "brute-force attack," which throws huge numbers of guesses and waits for the one that generates the sought-after hash. The less the entropy in the cleartext, the easier it is to guess or crack, since there are fewer possible candidates for an attacker to try.
The amount of entropy in a phone number is so minimal that this cracking process is trivial since it takes milliseconds to look up a hash in a precomputed database containing results for all possible phone numbers in the world. While many email addresses have more entropy, they too can be cracked using the billions of email addresses that have appeared in database breaches over the past 20 years.
https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it
#apple #mac #iphone #airdrop #vulnerability
π‘ @nogoolag π‘ @blackbox_archiv
Ars Technica
Appleβs AirDrop leaks usersβ PII, and thereβs not much they can do about it
Apple has known of the flaw since 2019 but has yet to acknowledge or fix it.
India asks Twitter to take down some tweets critical of its COVID-19 handling
The Indian government asked social media platform Twitter (TWTR.N) to take down dozens of tweets, including some by local lawmakers, that were critical of Indiaβs handling of the coronavirus outbreak, as cases of COVID-19 again hit a world record.
Twitter has withheld some of the tweets after the legal request by the Indian government, a company spokeswoman told Reuters on Saturday.
The government made an emergency order to censor the tweets, Twitter disclosed on Lumen database, a Harvard University project.
In the government's legal request, dated April 23 and disclosed on Lumen, 21 tweets were mentioned. Among them were tweets from a lawmaker named Revnath Reddy, a minister in the state of West Bengal named Moloy Ghatak and a filmmaker named Avinash Das.
https://www.reuters.com/world/india/india-asks-twitter-take-down-some-tweets-critical-its-covid-19-handling-2021-04-24/
π‘ read this as well:
https://www.thehindu.com/news/national/other-states/seize-property-of-those-spreading-rumours-up-cm/article34404518.ece
#india #twitter #covid #corona #thinkabout
π‘ @nogoolag π‘ @blackbox_archiv
The Indian government asked social media platform Twitter (TWTR.N) to take down dozens of tweets, including some by local lawmakers, that were critical of Indiaβs handling of the coronavirus outbreak, as cases of COVID-19 again hit a world record.
Twitter has withheld some of the tweets after the legal request by the Indian government, a company spokeswoman told Reuters on Saturday.
The government made an emergency order to censor the tweets, Twitter disclosed on Lumen database, a Harvard University project.
In the government's legal request, dated April 23 and disclosed on Lumen, 21 tweets were mentioned. Among them were tweets from a lawmaker named Revnath Reddy, a minister in the state of West Bengal named Moloy Ghatak and a filmmaker named Avinash Das.
https://www.reuters.com/world/india/india-asks-twitter-take-down-some-tweets-critical-its-covid-19-handling-2021-04-24/
π‘ read this as well:
https://www.thehindu.com/news/national/other-states/seize-property-of-those-spreading-rumours-up-cm/article34404518.ece
#india #twitter #covid #corona #thinkabout
π‘ @nogoolag π‘ @blackbox_archiv
Reuters
India asks Twitter to take down some tweets critical of its COVID-19 handling
The Indian government asked social media platform Twitter (TWTR.N) to take down dozens of tweets, including some by local lawmakers, that were critical of its handling of the coronavirus outbreak, as cases of COVID-19 again hit a world record.
University of Minnesota security researchers apologize for deliberately buggy Linux patches
The abashed University of Minnesota researchers apologized for their blunders, but the issues are far from resolved. And, Linus Torvalds briefly addresses the fouled up Linux patches.
Last week, some University of Minnesota (UMN) security researchers kicked a hornet nest, when it was revealed that they'd tried to insert deliberately buggy patches into Linux. Greg Kroah-Hartman, the well-respected Linux kernel maintainer for the Linux stable branch, responded by banning not only them but any UMN-connected developers from contributing to the Linux kernel. Now, the researchers have sort of, kind of, apologized for their mistakes: "We sincerely apologize for any harm our research group did to the Linux kernel community."
https://www.zdnet.com/article/university-of-minnesota-security-researchers-apologize-for-deliberately-buggy-linux-patches/
https://lore.kernel.org/lkml/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com/T/#u
#opensource #security #minnesota #university #trolling #apologize
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
The abashed University of Minnesota researchers apologized for their blunders, but the issues are far from resolved. And, Linus Torvalds briefly addresses the fouled up Linux patches.
Last week, some University of Minnesota (UMN) security researchers kicked a hornet nest, when it was revealed that they'd tried to insert deliberately buggy patches into Linux. Greg Kroah-Hartman, the well-respected Linux kernel maintainer for the Linux stable branch, responded by banning not only them but any UMN-connected developers from contributing to the Linux kernel. Now, the researchers have sort of, kind of, apologized for their mistakes: "We sincerely apologize for any harm our research group did to the Linux kernel community."
https://www.zdnet.com/article/university-of-minnesota-security-researchers-apologize-for-deliberately-buggy-linux-patches/
https://lore.kernel.org/lkml/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com/T/#u
#opensource #security #minnesota #university #trolling #apologize
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
ZDNet
University of Minnesota security researchers apologize for deliberately buggy Linux patches
The abashed University of Minnesota researchers apologized for their blunders, but the issues are far from resolved. And, Linus Torvalds briefly addresses the fouled up Linux patches.
Emotet malware self-destructs after cops deliver time-bomb DLL to infected Windows PCs
Uninstall code, distributed from backend servers seized in January, fired on Sunday
Notorious Windows malware Emotet was automatically wiped from computers yesterday by European law enforcement using a customized DLL.
This specially crafted time bomb caused the software to self-destruct on Sunday, April 25. The code was distributed at the end of January to Emotet-infected computers by the malware's command-and-control (C2) infrastructure, which had just been seized in a multinational police operation.
Those raids were largely successful: on Friday this week, malware tracker site Abuse.chβs Emotet portal showed none of the Emotet C2 servers it tracks were online.
As the dust settled from the swoops, the officers and agents involved wondered what to do next. The answer was to set a firm death date. Infosec bods subsequently spotted that the backend systems seized by the police had made available a software update for Emotet that, once automatically downloaded and quietly installed, would activate an uninstall routine this weekend.
Infosec outfit MalwareBytes confirmed on Sunday that its updated Emotet install had indeed completely removed itself as expected.
Mariya Grozdanova, a threat intelligence analyst at Redscan, described the cops' deinstallation code to The Register: βThe EmotetLoader.dll is a 32-bit DLL responsible for removing the malware from all infected computers. This will ensure that all services related to Emotet will be deleted, the run key in the Windows registry is removed β so that no more Emotet modules are started automatically β and all running Emotet processes are terminated."
https://www.theregister.com/2021/04/26/emotet_sunday_25_april_killswitch_date/
https://nitter.pussthecat.org/MBThreatIntel/status/1386413655659479043
π‘ read this as well:
https://t.iss.one/BlackBox_Archiv/1707
π‘ read this as well:
https://t.iss.one/BlackBox_Archiv/1705
π‘ read this as well:
https://t.iss.one/BlackBox_Archiv/1703
#malware #botnet #emotet #bka #europol #busted #takedown #uninstall
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Uninstall code, distributed from backend servers seized in January, fired on Sunday
Notorious Windows malware Emotet was automatically wiped from computers yesterday by European law enforcement using a customized DLL.
This specially crafted time bomb caused the software to self-destruct on Sunday, April 25. The code was distributed at the end of January to Emotet-infected computers by the malware's command-and-control (C2) infrastructure, which had just been seized in a multinational police operation.
Those raids were largely successful: on Friday this week, malware tracker site Abuse.chβs Emotet portal showed none of the Emotet C2 servers it tracks were online.
As the dust settled from the swoops, the officers and agents involved wondered what to do next. The answer was to set a firm death date. Infosec bods subsequently spotted that the backend systems seized by the police had made available a software update for Emotet that, once automatically downloaded and quietly installed, would activate an uninstall routine this weekend.
Infosec outfit MalwareBytes confirmed on Sunday that its updated Emotet install had indeed completely removed itself as expected.
Mariya Grozdanova, a threat intelligence analyst at Redscan, described the cops' deinstallation code to The Register: βThe EmotetLoader.dll is a 32-bit DLL responsible for removing the malware from all infected computers. This will ensure that all services related to Emotet will be deleted, the run key in the Windows registry is removed β so that no more Emotet modules are started automatically β and all running Emotet processes are terminated."
https://www.theregister.com/2021/04/26/emotet_sunday_25_april_killswitch_date/
https://nitter.pussthecat.org/MBThreatIntel/status/1386413655659479043
π‘ read this as well:
https://t.iss.one/BlackBox_Archiv/1707
π‘ read this as well:
https://t.iss.one/BlackBox_Archiv/1705
π‘ read this as well:
https://t.iss.one/BlackBox_Archiv/1703
#malware #botnet #emotet #bka #europol #busted #takedown #uninstall
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
The Register
Emotet malware self-destructs after cops deliver time-bomb DLL to infected Windows PCs
Uninstall code, distributed from backend servers seized in January, fired on Sunday