Auth0 Has been down for almost 4 hours now

Incident Report for Auth0
https://status.auth0.com/

👉🏼 https://downtimeproject.com/

👉🏼 https://news.ycombinator.com/item?id=26876287

#auth0 #down #incident
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

SuperTokens

SuperTokens is an open core alternative to proprietary login providers like Auth0 or AWS Cognito. We are different because we offer:

👉🏼 Open source: SuperTokens can be used for free, forever, with no limits on the number of users.

👉🏼 An on-premises deployment so that you control 100% of your user data, using your own database.

👉🏼 An end to end solution with login, sign ups, user and session management, without all the complexities of OAuth protocols.

👉🏼 Ease of implementation and higher security.

👉🏼 Extensibility: Anyone can contribute and make SuperTokens better!

💡 Philosophy
Authentication directly affects UX, dev experience and security of any app. We believe that current solutions are unable to optimise for all three "pillars", leading to a large number of applications hand rolling their own auth. This not only leads to security issues, but is also a massive time drain.

We want to change that - we believe the only way is to provide a solution that has the right level of abstraction, gives you maximum control, is secure, and is simple to use - just like if you build it yourself, from scratch (minus the time to learn, build and maintain).

We also believe in the principle of least vendor lockin. Your having full control of your user's data means that you can switch away from SuperTokens without forcing your existing users to logout, reset their passwords or in the worst case, sign up again.

https://github.com/supertokens/supertokens-core

#supertokens #login #provider #alternative #auth0 #opensource
📡 @nogoolag 📡 @blackbox_archiv

Facebook Email to profile vulnerability

A video shared with researchers and Motherboard shows a tool linking email addresses to Facebook accounts

A tool lets a user see which email address is linked to a Facebook account even if the Facebook user didn't publicly advertise their address, according to a video sent to various researchers and Motherboard.

The news presents another significant privacy issue for Facebook, which is continuing to face a series of data leaks around phone numbers and other data.

https://twitter.com/UnderTheBreach/status/1384552368512159744

https://www.vice.com/en/article/bvz8pz/tool-finds-facebook-email-addresses

#tool #facebook #DeleteFacebook #poc #email #accounts #video
📡 @nogoolag 📡 @blackbox_archiv

Castopod Host

Castopod Host is an open-source server made for podcasters who want engage and interact with their audience. Please note that Castopod Host is still under heavy development: it may not be 100% stable and some features are still being developed.

We are a team of entrepreneurs and developers who spent the last ten years developing media content solutions.

We have always been advocates for the open source community, but we coud not find open source solutions for podcasts that suited our needs, so we decided to start The Podlibre Iniative.

The past two decades of organic growth were driven by original audio content producers.
Major digital players and audio content industry are now investing on Podcasts.
Yet, compared to the standards in Social Media and Search Engines, Podcasts - technology, user experience - have not evolved much for the past 20 years.

It is time for all players - Podcasters, Radio Networks, Journalists, Writers and all Voice lovers - to power up podcasts!

https://podlibre.org/tag/castopod-host/

https://code.podlibre.org/podlibre/castopod/-/releases

#castopod #podcast #opensource #alternative
📡 @nogoolag 📡 @blackbox_archiv

Tracking the WhatsApp habits of 5000 random Smartphones

In the previous blog post, we have seen that this is quite simple to hack the WhatsApp online status of a contact. A simple Online or last seen yesterday at 19:00 insight can be reverse engineered to leak phone habits at a couple of seconds accuracy.

‼️ There is an even more silly thing not mentioned yet: You can track any mobile phone ! So let’s play and scale to track 5000 random numbers.

Like previously, I am sharing the source code as a PROOF OF CONCEPT. You can jump straight to the end if you are more curious about the results than by the technical stuff I’m about to resume. We are reusing the previous code with Node.js, Puppeteer & Grafana.

https://jorislacance.fr/blog/2021/04/16/whatsapp-tracking-2

💡 Hack the WhatsApp status to track contacts
https://jorislacance.fr/blog/2020/04/01/whatsapp-tracking

💡 How a WhatsApp status loophole is aiding cyberstalkers
https://t.iss.one/BlackBox_Archiv/2018

💡 Sudden New Warning Will Surprise Millions Of WhatsApp Users
https://t.iss.one/BlackBox_Archiv/1987

💡 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.iss.one/BlackBox_Archiv/2042

#DeleteWhatsapp #user #tracking #whatsapp #thinkabout #change
📡 @nogoolag 📡 @blackbox_archiv

On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits

In this paper, we instead investigate the insecurity of OSS from a critical perspective—the feasibility of stealthily introducing vulnerabilities in OSS via hypocrite commits (i.e., seemingly beneficial commits that in fact introduce other critical issues).

The introduced vulnerabilities are critical because they may be stealthily exploited to impact massive devices.

https://github.com/QiushiWu/qiushiwu.github.io/blob/main/papers/OpenSourceInsecurity.pdf

#opensource #security #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (Interesting quotes and conclusion)

💡 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.iss.one/BlackBox_Archiv/2042

Both WhatsApp and Telegram transmit the contacts of users in clear text to their servers (but encrypted during transit), where they are stored to allow the services to push updates (such as newly registered contacts) to the clients. WhatsApp stores phone numbers of its users in clear text on the server, while phone numbers not registered with WhatsApp are MD5-hashed with the country prefix prepended (according to court documents from 2014 [2]).

Signal does not store contacts on the server. Instead, each client periodically sends hashes of the phone numbers stored in the address book to the service, which matches them against the list of registered users and responds with the intersection. The different procedures illustrate a trade-off between usability and privacy: the approach of WhatsApp and Telegram can provide faster updates to the user with less communication overhead, but needs to store sensitive data on the servers.

💡Signal:

Our script for Signal uses 100 accounts over 25 daysto check all 505 million mobile phone numbers in the US. Our results show that Signal currently has 2.5 million users registered in the US, of which 82.3 % have set an encrypted user name, and 47.8 % use an encrypted profile picture. We also cross-checked with WhatsApp to see if Signal users differ in their use of public profile pictures, and found that 42.3 % of Signal users are also registered on WhatsApp (cf. Tab. IV), and 46.3 % of them have a public profile picture there. While this is slightly lower than the average for WhatsApp users (49.6 %), it is not sufficient to indicate an increased privacy-awareness of Signal’s users, at least for profile pictures.

💡Telegram:

For Telegram we use 20 accounts running for 20 days on random US mobile phone numbers. Since Telegram’s rate limits are very strict, only 100,000 numbers were checked during that time: 0.9 % of those are registered and 41.9 % have a non-zero importer_count. These numbers have a higher probability than random ones to be present on other messengers, with 20.2 % of the numbers being registered with WhatsApp and 1.1 % registered with Signal, compared to the average success rates of 9.8 % and 0.9 %, respectively. Of the discovered Telegram users, 44 % of the crawled users have at least one public profile picture, with 2 % of users having more than 10 pictures available.

💡 Comparison WhatsApp | Signal | Telegram:

With its focus on privacy, Signal excels in exposing almost no information about registered users, apart from their phone number. In contrast, WhatsApp exposes profile pictures and the About text for registered numbers, and requires users to opt-out of sharing this data by changing the default settings. Our results show that only half of all US users prevent such sharing by either not uploading an image or changing the settings. Telegram behaves even worse: it allows crawling multiple images and also additional information for each user. The importer_count offered by its API even provides information about users not registered with the service. This can help attackers to acquire likely active numbers, which can be searched on other platforms.

💡 Conclusion:

Mobile contact discovery is a challenging topic for privacy researchers in many aspects. In this paper, we took an attacker’s perspective and scrutinized currently deployed contact discovery services of three popular mobile messengers: WhatsApp, Signal, and Telegram. We revisited known attacks and using novel techniques we quantified the efforts required for curious serv[...]

#contact #messenger #telegram #whatsapp #signal #crawling #attacks #comment #conclusion
📡 @nogoolag 📡 @blackbox_archiv

China’s social credit program creeps into Canada

Vancouver, British Columbia, Canada: China’s Orwellian “social credit system” that records the social and financial behaviour of individuals and corporations across China, using a vast surveillance system, has expanded globally, and is now openly operational at the renowned Haidilao hot pot restaurant, in Western Canada.

Ryan Pan, a manager with Haidilao Hot Pot in Vancouver confirmed that over 60 surveillance cameras have been installed in the restaurant at the request of the Haidilao corporation, as part of the social credit system in China. He said that the Vancouver location has 30 tables with two cameras assigned to each table.

When asked specifically why Haidilao required so many cameras to monitor staff and patrons, Ryan Pan said that the cameras were installed to “punish” staff if they didn’t adhere to corporate standards and to “people track”. Pan also said that the video is sent back to China but declined to say why this was, other than to say the reason for this was “secret.”

Founded in Sichuan, China, the Haidilao opened up at two locations in the Vancouver region, the most recent of which was opened in 2018 in a former Swiss Chalet restaurant in the trendy Kitsilano district of Vancouver. The location is within walking distance of the home rented by Huawei for staff temporarily re-located to Vancouver to assist Meng Wanzhou, the chief financial officer (CFO) of the telecom giant. Following her arrest and hearing over a provisional US extradition request for fraud and conspiracy to commit fraud in order to circumvent US sanctions against Iran. The Haidilao location is no more than 10 minutes to Meng Wanzhou’s mansion and the Peoples Republic of China Consulate. Haidilao has over 935 locations around the world and more than 36 million VIP members and 60,000 plus staff.

We reached out to Ivy Li, with the Canadian Friends of Hong Kong, who is a well-known public speaker, writer and activist on matters related to China and pro-democracy, to ask why Canadians should be concerned that China’s social credit system is now operational in Canada.

https://www.sundayguardianlive.com/news/chinas-social-credit-program-creeps-canada

#canada #vancouver #china #surveillance #social #scoring
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Not Your Usual Supply Chain Hack: The Codecov Bash Uploader Blunder

We all know about the SolarWinds supply chain hack. But, while smaller in scope, Codecov‘s Bash Uploader Security supply chain failure is also a record-setter. And, this is not a record anyone wants to break.

Months after their code was busted Codecov only discovered the foul-up, thanks to a security-conscious user. He checked the Secure Hash Algorithm 1 (SHA-1) checksum for the Github version of Codecov Bash Uploader and the SHA-1 checksum for the downloaded Bash Uploader version with shasum — a Linux program that calculates and verifies SHA-1 hashes — and found they didn’t match. In other words, they were not the same program.

Whoops!

Codecov is a reporting tool that inserts coverage metrics directly into continuous integration (CI) workflows. Its job is to watch for coding problems while running test suites. It especially looks in pull requests where new features and bug fixes are usually found and new bugs and problems often pop up.

Bash Uploader’s task is to export users’ CI environmental data. This includes any credentials, tokens, or keys users were working within their CI runner when the Bash Uploader script was executed. That’s already dangerous enough because its name is perfectly descriptive. Bash Uploader uses the Bash shell and curl to upload unencrypted environmental data to Codecov. And, oh yes, to the attacker’s server as well.

https://thenewstack.io/not-your-usual-supply-chain-hack-the-codecov-bash-uploader-blunder/

💡 Read as well ...
https://t.iss.one/cRyPtHoN_INFOSEC_EN/15695

#supplychain #hack #codecov
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Wikinews discusses DRM and DMCA with Richard Stallman after GitHub re-enables public access to youtube-dl

Interview with Richard Stallman about the harms of DRM and DMCA 1201

https://en.wikinews.org/wiki/Wikinews_discusses_DRM_and_DMCA_with_Richard_Stallman_after_GitHub_re-enables_public_access_to_youtube-dl

#freesoftware #stallman #drm #dmca #youtubedl #github #interview #mp3
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag

In epic hack, Signal developer turns the tables on forensics firm Cellebrite

Widely used forensic software can be exploited to infect investigators' computers.

For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspike—the brainchild behind the Signal messaging app—has turned the tables.

On Wednesday, Marlinspike published a post that reported vulnerabilities in Cellebrite software that allowed him to execute malicious code on the Windows computer used to analyze a device. The researcher and software engineer exploited the vulnerabilities by loading specially formatted files that can be embedded into any app installed on the device.

Cellebrite provides two software packages: The UFED breaks through locks and encryption protections to collect deleted or hidden data, and separate Physical Analyzer uncovers digital evidence (“trace events”).

To do their job, both pieces of Cellebrite software must parse all kinds of untrusted data stored on the device being analyzed. Typically, software that is this promiscuous undergoes all kinds of security hardening to detect and fix any memory-corruption or parsing vulnerabilities that might allow hackers to execute malicious code.

“Looking at both UFED and Physical Analyzer, though, we were surprised to find that very little care seems to have been given to Cellebrite’s own software security,” Marlinspike wrote. “Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.”

https://arstechnica.com/information-technology/2021/04/in-epic-hack-signal-developer-turns-the-tables-on-forensics-firm-cellebrite/

https://signal.org/blog/cellebrite-vulnerabilities/

#signal #hack #forensics #cellebrite #israel #vulnerabilities
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Here’s Why University of Minnesota is Getting Banned from Contributing to Linux Kernel Code

Trolling Linux kernel maintainers first and then playing victim. Greg Kroah-Hartman had enough of these university researchers.

It all started with a seemingly innocent patch to the Linux kernel on the 6th April, 2021. A Ph.D. candidate at University of Minnesota submitted this really small patch:

https://news.itsfoss.com/hypocrite-commits/

💡 Read as well (PDF) - Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits
https://t.iss.one/BlackBox_Archiv/2068

#opensource #security #minnesota #university #trolling
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Russian intelligence agency SVR sets up dark web whistleblowing platform

The SVR, Russia’s main intelligence service, has deployed a system similar to the SecureDrop whistleblowing platform to allow Russians living abroad to safely send anonymous tips via the Tor network about national security threats.

“If you are outside Russia and have important information regarding urgent threats to the security of the Russian Federation, you can safely and anonymously share it with us via the virtual reception system (VRS) of the SVR over the TOR network,” the Russian Foreign Intelligence Service (SVR) says in a page on its official website.

The SVR’s new Tor site is located at:
svrgovru24yd42e6mmrnohzs37hb35yqeulvmvkc76e3drb75gs4qrid.onion

https://therecord.media/russian-intelligence-agency-svr-sets-up-dark-web-whistleblowing-platform/

#russia #svr #whistleblowing #platform #tor
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

UK.gov wants mobile makers to declare death dates for their new devices from launch

IoT security plan suddenly thrusts into the mainstream

Phone, tablet, and IoT gadget makers will have to state when they'll stop providing security updates for new devices entering the market, the UK's Department for Culture, Media and Sport (DCMS) vowed this morning.

Today's pledge would see existing plans for internet-connected tat extended to smartphones and tablets, which is a large step for a scheme originally put together for landfill Internet-of-Things devices such as webcams.

Digital Infrastructure Minister Matt Warman said in a canned statement: "Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems."

The £70m Secure by Design plan has been telegraphed by the DCMS for years, though today's extension to everyday smartphones is notable.

On top of this, smart device makers will also be banned from publishing default admin passwords for their wares. Such admin passwords are a standard method for digital crims to break into a device or the network to which it is connected.

A government-sponsored study from University College London two years ago, highlighted today by DCMS, said typical IoT devices come with no crime prevention advice, which is presumably the sort of finding that UK.gov enjoys seeing public money poured into.

https://www.theregister.com/2021/04/21/ukgov_death_dates_smartphones_iot_security/

#smartphones #iot #security #updates
📡 @nogoolag 📡 @blackbox_archiv

Phantom Malware: Conceal Malicious Actions From Malware Detection Techniques by Imitating User Activity

State of the art malware detection techniques only consider the interaction of programs with the operating system’s API (system calls) for malware classification. This paper demonstrates that techniques like these are insufficient. A point that is overlooked by the currently existing techniques is presented in this paper: Malware is able to interact with windows providing the corresponding functionality in order to execute the desired action by mimicking user activity. In other words, harmful actions will be masked as simulated user actions.

https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9186656#fghj7

#phantom #malware #detection #antivirus #windows #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

I Made A Water Computer And It Actually Works

Computers add numbers together using logic gates built out of transistors. But they don't have to be! They can be built out of greedy cup siphons instead! I used specially designed siphones to works as XOR and AND gates and chained them together so they add 4 digit binary numbers.

https://www.youtube.com/watch?v=IxXaizglscw

#water #computer #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag

Apple’s AirDrop leaks users’ PII, and there’s not much they can do about it

Apple has known of the flaw since 2019 but has yet to acknowledge or fix it.

AirDrop, the feature that allows Mac and iPhone users to wirelessly transfer files between devices, is leaking user emails and phone numbers, and there's not much anyone can do to stop it other than to turn it off, researchers said.

AirDrop uses Wi-Fi and Bluetooth Low Energy to establish direct connections with nearby devices so they can beam pictures, documents, and other things from one iOS or macOS device to another. One mode allows only contacts to connect, a second allows anyone to connect, and the last allows no connections at all.

A matter of milliseconds

To determine if the device of a would-be sender should connect with other nearby devices, AirDrop broadcasts Bluetooth advertisements that contain a partial cryptographic hash of the sender's phone number and email address. If any of the truncated hashes matches any phone number or email address in the address book of the receiving device or the device is set to receive from everyone, the two devices will engage in a mutual authentication handshake over Wi-Fi. During the handshake, the devices exchange the full SHA-256 hashes of the owners' phone numbers and email addresses.

Hashes, of course, can't be converted back into the cleartext that generated them, but depending on the amount of entropy or randomness in the cleartext, they are often possible to figure out. Hackers do this by performing a "brute-force attack," which throws huge numbers of guesses and waits for the one that generates the sought-after hash. The less the entropy in the cleartext, the easier it is to guess or crack, since there are fewer possible candidates for an attacker to try.

The amount of entropy in a phone number is so minimal that this cracking process is trivial since it takes milliseconds to look up a hash in a precomputed database containing results for all possible phone numbers in the world. While many email addresses have more entropy, they too can be cracked using the billions of email addresses that have appeared in database breaches over the past 20 years.

https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it

#apple #mac #iphone #airdrop #vulnerability
📡 @nogoolag 📡 @blackbox_archiv

India asks Twitter to take down some tweets critical of its COVID-19 handling

The Indian government asked social media platform Twitter (TWTR.N) to take down dozens of tweets, including some by local lawmakers, that were critical of India’s handling of the coronavirus outbreak, as cases of COVID-19 again hit a world record.

Twitter has withheld some of the tweets after the legal request by the Indian government, a company spokeswoman told Reuters on Saturday.

The government made an emergency order to censor the tweets, Twitter disclosed on Lumen database, a Harvard University project.

In the government's legal request, dated April 23 and disclosed on Lumen, 21 tweets were mentioned. Among them were tweets from a lawmaker named Revnath Reddy, a minister in the state of West Bengal named Moloy Ghatak and a filmmaker named Avinash Das.

https://www.reuters.com/world/india/india-asks-twitter-take-down-some-tweets-critical-its-covid-19-handling-2021-04-24/

💡 read this as well:
https://www.thehindu.com/news/national/other-states/seize-property-of-those-spreading-rumours-up-cm/article34404518.ece

#india #twitter #covid #corona #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

University of Minnesota security researchers apologize for deliberately buggy Linux patches

The abashed University of Minnesota researchers apologized for their blunders, but the issues are far from resolved. And, Linus Torvalds briefly addresses the fouled up Linux patches.

Last week, some University of Minnesota (UMN) security researchers kicked a hornet nest, when it was revealed that they'd tried to insert deliberately buggy patches into Linux. Greg Kroah-Hartman, the well-respected Linux kernel maintainer for the Linux stable branch, responded by banning not only them but any UMN-connected developers from contributing to the Linux kernel. Now, the researchers have sort of, kind of, apologized for their mistakes: "We sincerely apologize for any harm our research group did to the Linux kernel community."

https://www.zdnet.com/article/university-of-minnesota-security-researchers-apologize-for-deliberately-buggy-linux-patches/

https://lore.kernel.org/lkml/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com/T/#u

#opensource #security #minnesota #university #trolling #apologize
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Emotet malware self-destructs after cops deliver time-bomb DLL to infected Windows PCs

Uninstall code, distributed from backend servers seized in January, fired on Sunday

Notorious Windows malware Emotet was automatically wiped from computers yesterday by European law enforcement using a customized DLL.

This specially crafted time bomb caused the software to self-destruct on Sunday, April 25. The code was distributed at the end of January to Emotet-infected computers by the malware's command-and-control (C2) infrastructure, which had just been seized in a multinational police operation.

Those raids were largely successful: on Friday this week, malware tracker site Abuse.ch’s Emotet portal showed none of the Emotet C2 servers it tracks were online.

As the dust settled from the swoops, the officers and agents involved wondered what to do next. The answer was to set a firm death date. Infosec bods subsequently spotted that the backend systems seized by the police had made available a software update for Emotet that, once automatically downloaded and quietly installed, would activate an uninstall routine this weekend.

Infosec outfit MalwareBytes confirmed on Sunday that its updated Emotet install had indeed completely removed itself as expected.

Mariya Grozdanova, a threat intelligence analyst at Redscan, described the cops' deinstallation code to The Register: “The EmotetLoader.dll is a 32-bit DLL responsible for removing the malware from all infected computers. This will ensure that all services related to Emotet will be deleted, the run key in the Windows registry is removed – so that no more Emotet modules are started automatically – and all running Emotet processes are terminated."

https://www.theregister.com/2021/04/26/emotet_sunday_25_april_killswitch_date/

https://nitter.pussthecat.org/MBThreatIntel/status/1386413655659479043

💡 read this as well:
https://t.iss.one/BlackBox_Archiv/1707

💡 read this as well:
https://t.iss.one/BlackBox_Archiv/1705

💡 read this as well:
https://t.iss.one/BlackBox_Archiv/1703

#malware #botnet #emotet #bka #europol #busted #takedown #uninstall
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

“SWAT team of nerds” - Pentagon explains odd transfer of 175 million IP addresses to obscure company

Something weird happened minutes before Trump left—US says it was security research.

The US Department of Defense puzzled Internet experts by apparently transferring control of tens of millions of dormant IP addresses to an obscure Florida company just before President Donald Trump left the White House, but the Pentagon has finally offered a partial explanation for why it happened. The Defense Department says it still owns the addresses but that it is using a third-party company in a "pilot" project to conduct security research.

"Minutes before Trump left office, millions of the Pentagon's dormant IP addresses sprang to life," was the title of a Washington Post article on Saturday. Literally three minutes before Joe Biden became president, a company called Global Resource Systems LLC "discreetly announced to the world's computer networks a startling development: It now was managing a huge unused swath of the Internet that, for several decades, had been owned by the US military."

The number of Pentagon-owned IP addresses announced by the company rose to 56 million by late January and 175 million by April, making it the world's largest announcer of IP addresses in the IPv4 global routing table.

"The theories were many," the Post article said. "Did someone at the Defense Department sell off part of the military's vast collection of sought-after IP addresses as Trump left office? Had the Pentagon finally acted on demands to unload the billions of dollars worth of IP address space the military has been sitting on, largely unused, for decades?"

The Post said it got an answer from the Defense Department on Friday in the form of a statement from the director of "an elite Pentagon unit known as the Defense Digital Service." The Post wrote:

"Brett Goldstein, the DDS's director, said in a statement that his unit had authorized a "pilot effort" publicizing the IP space owned by the Pentagon.

"This pilot will assess, evaluate, and prevent unauthorized use of DoD IP address space," Goldstein said. "Additionally, this pilot may identify potential vulnerabilities."

Goldstein described the project as one of the Defense Department's "many efforts focused on continually improving our cyber posture and defense in response to advanced persistent threats. We are partnering throughout DoD to ensure potential vulnerabilities are mitigated."

https://arstechnica.com/information-technology/2021/04/pentagon-explains-odd-transfer-of-175-million-ip-addresses-to-obscure-company/

#usa #pentagon #ip #adresses #why
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag