Statement from Governor Andrew M. Cuomo on Telecom Companies Fighting Against New York's Groundbreaking Law Requiring Providers to Offer Affordable Internet for Low-income New Yorkers
"COVID hasn't only threatened the health and well-being of New Yorkers, but it exposed the many injustices preventing millions of people from building a prosperous life. Now more than ever, it's critical we break down these barriers and ensure every New Yorker is able to take part in our post-COVID recovery.
"The fact is, this is the 21st century and whether you point to remote education, telecommuting, telehealth or otherwise, broadband holds great power. Simply put — it's become an essential service and that's why it was so important to ensure affordable internet was available for low-income New Yorkers.
"I knew giant telecom companies would be upset by our efforts to level the playing field, and right on cue, they're pushing back. This is nothing more than a transparent attempt by billion-dollar corporations putting profit ahead of creating a more fair and just society.
"Let me be abundantly clear — providing internet in the Empire State is not a god given right. If these companies want to pick this fight, impede the ability of millions of New Yorkers to access this essential service and prevent them from participating in our economic recovery, I say bring it on."
https://www.governor.ny.gov/news/statement-governor-andrew-m-cuomo-telecom-companies-fighting-against-new-yorks-groundbreaking
https://storage.courtlistener.com/recap/gov.uscourts.nyed.463483/gov.uscourts.nyed.463483.1.0.pdf
https://www.governor.ny.gov/news/governor-cuomo-signs-legislation-establishing-first-nation-program-provide-affordable-internet
#usa #ny #gov #legislation #telecom #companies #affordable #internet
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
"COVID hasn't only threatened the health and well-being of New Yorkers, but it exposed the many injustices preventing millions of people from building a prosperous life. Now more than ever, it's critical we break down these barriers and ensure every New Yorker is able to take part in our post-COVID recovery.
"The fact is, this is the 21st century and whether you point to remote education, telecommuting, telehealth or otherwise, broadband holds great power. Simply put — it's become an essential service and that's why it was so important to ensure affordable internet was available for low-income New Yorkers.
"I knew giant telecom companies would be upset by our efforts to level the playing field, and right on cue, they're pushing back. This is nothing more than a transparent attempt by billion-dollar corporations putting profit ahead of creating a more fair and just society.
"Let me be abundantly clear — providing internet in the Empire State is not a god given right. If these companies want to pick this fight, impede the ability of millions of New Yorkers to access this essential service and prevent them from participating in our economic recovery, I say bring it on."
https://www.governor.ny.gov/news/statement-governor-andrew-m-cuomo-telecom-companies-fighting-against-new-yorks-groundbreaking
https://storage.courtlistener.com/recap/gov.uscourts.nyed.463483/gov.uscourts.nyed.463483.1.0.pdf
https://www.governor.ny.gov/news/governor-cuomo-signs-legislation-establishing-first-nation-program-provide-affordable-internet
#usa #ny #gov #legislation #telecom #companies #affordable #internet
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
www.governor.ny.gov
Statement from Governor Andrew M. Cuomo on Telecom Companies Fighting Against New York's Groundbreaking Law Requiring Providers…
"Let me be abundantly clear — providing internet in the Empire State is not a god given right. If these companies want to pick this fight, impede the ability of millions of New Yorkers to access this essential service and prevent them from participating in…
What is the point of code review?
Most software engineers have strong feelings about code review. Almost everyone would agree that it’s a best practice when working on a team, but it can also be a burden and a source of disagreements.
Too often discussions about code review focus on how to do it without stopping to ask why we do it. The process gets in the way of the purpose, and we forget why we do code review in the first place.
Whether you’re doing over-the-shoulder reviews, GitHub Pull Requests, or mailing diffs, a good code review process should achieve two things:
1.) Share knowledge
2.) Reach consensus
https://medium.com/codeapprove/what-is-the-point-of-code-review-f8df8cffc26b
#code #review #comment #knowledge #consensus
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Most software engineers have strong feelings about code review. Almost everyone would agree that it’s a best practice when working on a team, but it can also be a burden and a source of disagreements.
Too often discussions about code review focus on how to do it without stopping to ask why we do it. The process gets in the way of the purpose, and we forget why we do code review in the first place.
Whether you’re doing over-the-shoulder reviews, GitHub Pull Requests, or mailing diffs, a good code review process should achieve two things:
1.) Share knowledge
2.) Reach consensus
https://medium.com/codeapprove/what-is-the-point-of-code-review-f8df8cffc26b
#code #review #comment #knowledge #consensus
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Medium
What is the point of code review?
Discussions about code review often focus on how to do it without stopping to ask why we do it. The process gets in the way of the purpose.
recycled-numbers-latest.pdf
347.8 KB
Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States
35 million phone numbers are disconnected in the U.S. every year. Standard industry practice is to reassign those numbers to other subscribers. But this leads to many types of security and privacy risks, which our study analyzes rigorously.
https://recyclednumbers.cs.princeton.edu/assets/recycled-numbers-latest.pdf
https://recyclednumbers.cs.princeton.edu/
#security #privacy #phone #number #recycling #usa #mobile #carriers #pdf
📡 @nogoolag 📡 @blackbox_archiv
35 million phone numbers are disconnected in the U.S. every year. Standard industry practice is to reassign those numbers to other subscribers. But this leads to many types of security and privacy risks, which our study analyzes rigorously.
https://recyclednumbers.cs.princeton.edu/assets/recycled-numbers-latest.pdf
https://recyclednumbers.cs.princeton.edu/
#security #privacy #phone #number #recycling #usa #mobile #carriers #pdf
📡 @nogoolag 📡 @blackbox_archiv
Your Car Is Spying on You, and a CBP Contract Shows the Risks
A “vehicle forensics kit” can reveal where you’ve driven, what doors you opened, and who your friends are.
U.S. Customs and Border Protection purchased technology that vacuums up reams of personal information stored inside cars, according to a federal contract reviewed by The Intercept, illustrating the serious risks in connecting your vehicle and your smartphone.
The contract, shared with The Intercept by Latinx advocacy organization Mijente, shows that CBP paid Swedish data extraction firm MSAB $456,073 for a bundle of hardware including five iVe “vehicle forensics kits” manufactured by Berla, an American company. A related document indicates that CBP believed the kit would be “critical in CBP investigations as it can provide evidence [not only] regarding the vehicle’s use, but also information obtained through mobile devices paired with the infotainment system.” The document went on to say that iVe was the only tool available for purchase that could tap into such systems.
According to statements by Berla’s own founder, part of the draw of vacuuming data out of cars is that so many drivers are oblivious to the fact that their cars are generating so much data in the first place, often including extremely sensitive information inadvertently synced from smartphones.
Indeed, MSAB marketing materials promise cops access to a vast array of sensitive personal information quietly stored in the infotainment consoles and various other computers used by modern vehicles — a tapestry of personal details akin to what CBP might get when cracking into one’s personal phone. MSAB claims that this data can include “Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been.” MSAB even touts the ability to retrieve deleted data, divine “future plan[s],” and “Identify known associates and establish communication patterns between them.”
https://theintercept.com/2021/05/03/car-surveillance-berla-msab-cbp/
#car #surveillance #forensic #cbp
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
A “vehicle forensics kit” can reveal where you’ve driven, what doors you opened, and who your friends are.
U.S. Customs and Border Protection purchased technology that vacuums up reams of personal information stored inside cars, according to a federal contract reviewed by The Intercept, illustrating the serious risks in connecting your vehicle and your smartphone.
The contract, shared with The Intercept by Latinx advocacy organization Mijente, shows that CBP paid Swedish data extraction firm MSAB $456,073 for a bundle of hardware including five iVe “vehicle forensics kits” manufactured by Berla, an American company. A related document indicates that CBP believed the kit would be “critical in CBP investigations as it can provide evidence [not only] regarding the vehicle’s use, but also information obtained through mobile devices paired with the infotainment system.” The document went on to say that iVe was the only tool available for purchase that could tap into such systems.
According to statements by Berla’s own founder, part of the draw of vacuuming data out of cars is that so many drivers are oblivious to the fact that their cars are generating so much data in the first place, often including extremely sensitive information inadvertently synced from smartphones.
Indeed, MSAB marketing materials promise cops access to a vast array of sensitive personal information quietly stored in the infotainment consoles and various other computers used by modern vehicles — a tapestry of personal details akin to what CBP might get when cracking into one’s personal phone. MSAB claims that this data can include “Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been.” MSAB even touts the ability to retrieve deleted data, divine “future plan[s],” and “Identify known associates and establish communication patterns between them.”
https://theintercept.com/2021/05/03/car-surveillance-berla-msab-cbp/
#car #surveillance #forensic #cbp
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The Intercept
Your Car Is Spying on You, and a CBP Contract Shows the Risks
A “vehicle forensics kit” can reveal where you’ve driven, what doors you opened, and who your friends are.
Then a Hacker Began Posting Patients’ Deepest Secrets Online
A family-run psychotherapy startup grew into a health care giant. It was a huge success—until the data breach and the anonymous ransom notes sent to clients.
Jere woke up on the morning of October 24, 2020, expecting what Finnish college students call normi päivä, an ordinary day. It was a Saturday, and he’d slept in. The night before, he had gone drinking by the beach with some friends. They’d sipped cheap apple liqueur, listened to Billie Eilish on his boom box. Now Jere (pronounced “yeh-reh”) needed to clear his head. He was supposed to spend this gray fall day on campus, finishing a group physics project about solar energy. The 22-year-old took a walk around the lake near his apartment outside Helsinki. Then, feeling somewhat refreshed, he jumped on the bus.
The day went quickly. Jere caught up with his friends, many of whom he hadn’t seen since the pandemic began. They chatted about their Christmas plans, ordered pizzas from a favorite local spot, and knuckled down to work in the cafeteria.
At around 4 pm, Jere checked Snapchat. An email notification popped up on his screen. His hands began to shake. The subject line included his full name, his social security number, and the name of a clinic where he’d gotten mental health treatment as a teenager: Vastaamo. He didn’t recognize the sender, but he knew what the email said before he opened it.
https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/
https://www.wired.com/story/hacker-threaten-release-therapy-notes-patients/
#psychotherapy #patients #hack #data #breach #hacker #ransom #notes
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
A family-run psychotherapy startup grew into a health care giant. It was a huge success—until the data breach and the anonymous ransom notes sent to clients.
Jere woke up on the morning of October 24, 2020, expecting what Finnish college students call normi päivä, an ordinary day. It was a Saturday, and he’d slept in. The night before, he had gone drinking by the beach with some friends. They’d sipped cheap apple liqueur, listened to Billie Eilish on his boom box. Now Jere (pronounced “yeh-reh”) needed to clear his head. He was supposed to spend this gray fall day on campus, finishing a group physics project about solar energy. The 22-year-old took a walk around the lake near his apartment outside Helsinki. Then, feeling somewhat refreshed, he jumped on the bus.
The day went quickly. Jere caught up with his friends, many of whom he hadn’t seen since the pandemic began. They chatted about their Christmas plans, ordered pizzas from a favorite local spot, and knuckled down to work in the cafeteria.
At around 4 pm, Jere checked Snapchat. An email notification popped up on his screen. His hands began to shake. The subject line included his full name, his social security number, and the name of a clinic where he’d gotten mental health treatment as a teenager: Vastaamo. He didn’t recognize the sender, but he knew what the email said before he opened it.
https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/
https://www.wired.com/story/hacker-threaten-release-therapy-notes-patients/
#psychotherapy #patients #hack #data #breach #hacker #ransom #notes
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
WIRED
They Told Their Therapists Everything. Hackers Leaked It All
A mental health startup built its business on easy-to-use technology. Patients joined in droves. Then came a catastrophic data breach.
The Instagram ads Facebook won't show you
Companies like Facebook aren’t building technology for you, they’re building technology for your data. They collect everything they can from FB, Instagram, and WhatsApp in order to sell visibility into people and their lives.
This isn’t exactly a secret, but the full picture is hazy to most – dimly concealed within complex, opaquely-rendered systems and fine print designed to be scrolled past. The way most of the internet works today would be considered intolerable if translated into comprehensible real world analogs, but it endures because it is invisible.
https://signal.org/blog/the-instagram-ads-you-will-never-see/
#signal #instagram #facebook #DeleteFacebook #ads #data #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Companies like Facebook aren’t building technology for you, they’re building technology for your data. They collect everything they can from FB, Instagram, and WhatsApp in order to sell visibility into people and their lives.
This isn’t exactly a secret, but the full picture is hazy to most – dimly concealed within complex, opaquely-rendered systems and fine print designed to be scrolled past. The way most of the internet works today would be considered intolerable if translated into comprehensible real world analogs, but it endures because it is invisible.
https://signal.org/blog/the-instagram-ads-you-will-never-see/
#signal #instagram #facebook #DeleteFacebook #ads #data #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Media is too big
VIEW IN TELEGRAM
Hacking the Nintendo Game & Watch
Your princess is AES encrypted in another castle
In contrast to the other Nintendo classic consoles (NES & SNES), Nintendo upped their game this time: A locked processor, AES-CTR encrypted flash & co. made it significantly harder to hack it, but in the end it was still hacked - one day before release.
This talk walks through the whole process of opening it up, exploiting the firmware up to bringing homebrew to a new console - in a fun, beginner friendly way.
https://media.ccc.de/v/rc3-11527-hacking_the_nintendo_game_watch
⚠️ This Talk was translated into multiple languages (DE / EN). The files available for download contain all languages as separate audio-tracks.
#ccc #rc3 #hacking #nintendo #game #watch #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag
Your princess is AES encrypted in another castle
In contrast to the other Nintendo classic consoles (NES & SNES), Nintendo upped their game this time: A locked processor, AES-CTR encrypted flash & co. made it significantly harder to hack it, but in the end it was still hacked - one day before release.
This talk walks through the whole process of opening it up, exploiting the firmware up to bringing homebrew to a new console - in a fun, beginner friendly way.
https://media.ccc.de/v/rc3-11527-hacking_the_nintendo_game_watch
⚠️ This Talk was translated into multiple languages (DE / EN). The files available for download contain all languages as separate audio-tracks.
#ccc #rc3 #hacking #nintendo #game #watch #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag
Signal is experiencing technical difficulties. (back online)
We are working hard to restore service as quickly as possible.
https://status.signal.org/
#signal #down
📡 @nogoolag 📡 @blackbox_archiv
We are working hard to restore service as quickly as possible.
https://status.signal.org/
#signal #down
📡 @nogoolag 📡 @blackbox_archiv
Maybe you heard that the domain dark.fail (@DarkDotFail ) got hijacked
Here's the story on how it happened. A thread! (I've pieced together the data I have so I might have some small errors in this thread, FYI.)
https://nitter.nixnet.services/brokep/status/1389314362561777665
#DarkDotFail #hijacked
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Here's the story on how it happened. A thread! (I've pieced together the data I have so I might have some small errors in this thread, FYI.)
https://nitter.nixnet.services/brokep/status/1389314362561777665
#DarkDotFail #hijacked
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Nitter
Peter Sunde Kolmisoppi (@brokep)
Maybe you heard that the domain https://dark.fail (@DarkDotFail ) got hijacked. Here's the story on how it happened. A thread! (I've pieced together the data I have so I might have some small errors in this thread, FYI.)
Facebook shut down Signal’s ads because they exposed too much
Facebook has barred privacy-focused messaging app Signal from running a series of Instagram ads, which would have exposed just how much personal information the photo-sharing network – and its social media behemoth owner – has on individuals as they browse their timeline. Signal had intended to use Instagram’s own third-party advert tools to reveal some of the precise targeting that advertisers can buy access to.
There’s a general acknowledgement these days that advertisers can filter who, exactly, sees their commercials. That makes good business sense, after all: there’s no point in showing ads to people who are unlikely to be interested in your product.
However it’s likely that few mainstream consumers are aware of quite how much targeted information ad network providers like Facebook hold on them. Collated across multiple interactions online – with websites, apps, services, and more – they help build unexpectedly precise profiles about each user. Those profiles can then in turn be sold as visibility filters to more advertisers, so that they can further narrow down their campaigns to whoever they believe will be the most receptive audience.
https://www.slashgear.com/facebook-shut-down-signals-ads-because-they-exposed-too-much-04671574/
💡 read as well:
https://t.iss.one/BlackBox_Archiv/2138
#signal #instagram #facebook #DeleteFacebook #ads #data #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Facebook has barred privacy-focused messaging app Signal from running a series of Instagram ads, which would have exposed just how much personal information the photo-sharing network – and its social media behemoth owner – has on individuals as they browse their timeline. Signal had intended to use Instagram’s own third-party advert tools to reveal some of the precise targeting that advertisers can buy access to.
There’s a general acknowledgement these days that advertisers can filter who, exactly, sees their commercials. That makes good business sense, after all: there’s no point in showing ads to people who are unlikely to be interested in your product.
However it’s likely that few mainstream consumers are aware of quite how much targeted information ad network providers like Facebook hold on them. Collated across multiple interactions online – with websites, apps, services, and more – they help build unexpectedly precise profiles about each user. Those profiles can then in turn be sold as visibility filters to more advertisers, so that they can further narrow down their campaigns to whoever they believe will be the most receptive audience.
https://www.slashgear.com/facebook-shut-down-signals-ads-because-they-exposed-too-much-04671574/
💡 read as well:
https://t.iss.one/BlackBox_Archiv/2138
#signal #instagram #facebook #DeleteFacebook #ads #data #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Slash Gear
Facebook Shut Down Signal's Ads Because They Exposed Too Much
Facebook has barred privacy-focused messaging app Signal from running a series of Instagram ads, which would have exposed just how much personal information the photo-sharing…
US state of New York to stop cryptomining
A politician wants to suspend cryptomining in New York and have its impact on the environment examined.
Cryptomining is considered to be harmful to the environment. But how severe are the effects? A senator in the US state of New York wants to find out and is proposing to suspend cryptomining for some time. He has introduced a corresponding bill in the state Senate.
https://legiscan.com/NY/bill/S06486/2021
#cryptomining #ny #usa #environment
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
A politician wants to suspend cryptomining in New York and have its impact on the environment examined.
Cryptomining is considered to be harmful to the environment. But how severe are the effects? A senator in the US state of New York wants to find out and is proposing to suspend cryptomining for some time. He has introduced a corresponding bill in the state Senate.
https://legiscan.com/NY/bill/S06486/2021
#cryptomining #ny #usa #environment
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
LegiScan
New York S06486 | 2021-2022 | General Assembly
Summary (2022-03-21) Establishes a moratorium on cryptocurrency mining operations that use proof-of-work authentication methods to validate blockchain transactions; provides that such operations shall be subject to a full generic environmental impact statement…
Facebook's Trump ban upheld by Oversight Board, for now
Donald Trump's ban from Facebook and Instagram has been upheld by Facebook's Oversight Board.
But it criticised the permanent nature of the ban as beyond the scope of Facebook's normal penalties.
It has ordered Facebook to review the decision and "justify a proportionate response" that is applied to everyone, including ordinary users.
The former president was banned from both sites in January following the Capitol Hill riots.
The Oversight Board said the initial decision to permanently suspend Mr Trump was "indeterminate and standardless", and that the correct response should be "consistent with the rules that are applied to other users of its platform".
Facebook must respond within six months, it said.
At a press conference, Oversight Board co-chair Helle Thorning-Schmidt admitted: "We did not have an easy answer."
The Board was due to announce its decision last month but delayed the ruling in order to review more than 9,000 public responses to cases, it said.
In the meantime, Mr Trump, who is also banned from Twitter, launched a new website on Tuesday to update supporters with his thoughts.
https://www.bbc.com/news/technology-56985583
#ToddlerTrump #trump #facebook #DeleteFacebook
📡 @nogoolag 📡 @blackbox_archiv
Donald Trump's ban from Facebook and Instagram has been upheld by Facebook's Oversight Board.
But it criticised the permanent nature of the ban as beyond the scope of Facebook's normal penalties.
It has ordered Facebook to review the decision and "justify a proportionate response" that is applied to everyone, including ordinary users.
The former president was banned from both sites in January following the Capitol Hill riots.
The Oversight Board said the initial decision to permanently suspend Mr Trump was "indeterminate and standardless", and that the correct response should be "consistent with the rules that are applied to other users of its platform".
Facebook must respond within six months, it said.
At a press conference, Oversight Board co-chair Helle Thorning-Schmidt admitted: "We did not have an easy answer."
The Board was due to announce its decision last month but delayed the ruling in order to review more than 9,000 public responses to cases, it said.
In the meantime, Mr Trump, who is also banned from Twitter, launched a new website on Tuesday to update supporters with his thoughts.
https://www.bbc.com/news/technology-56985583
#ToddlerTrump #trump #facebook #DeleteFacebook
📡 @nogoolag 📡 @blackbox_archiv
Bbc
Facebook's Trump ban upheld by Oversight Board for now
Facebook's top "court" says the company has six months to justify its permanent ban of Mr Trump.
This media is not supported in your browser
VIEW IN TELEGRAM
Xenobots 2.0: Scientists Create Next Generation of Living Robots
The next version of Xenobots have been created — they're faster, live longer, and can now record information.
https://www.youtube.com/watch?v=G-zpsO8szEI
#xenobots #living #robots #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag
The next version of Xenobots have been created — they're faster, live longer, and can now record information.
https://www.youtube.com/watch?v=G-zpsO8szEI
#xenobots #living #robots #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag
What happens to privacy once AIs start hacking systems – and people?
Artificial Intelligence (AI) has mostly figured in this blog because of its ability to sift through information – for example, finding patterns in data, or matching faces. But one of the reasons that AI is such a powerful and important technology is that it is completely general: it can be applied to almost anything. As a new paper by the well-known security expert Bruce Schneier explores, one area where AI will have a major impact is hacking, in all its forms. It’s extremely wide-ranging, and well-worth reading in its entirety (there’s also a good summary by Schneier himself) but this post will concentrate on the ways in which AI hacking is likely to impact privacy and data protection. Schneier writes:
"One area that seems particularly fruitful for AI systems is vulnerability finding. Going through software code line by line is exactly the sort of tedious problem at which AIs excel, if they can only be taught how to recognize a vulnerability. Many domain-specific challenges will need to be addressed, of course, but there is a healthy amount of academic literature on the topic – and research is continuing. There’s every reason to expect AI systems will improve over time, and some reason to expect them to eventually become very good at it."
If that happens, it will have a huge and direct impact on data protection. Over the last few years, we have already seen massive leaks of personal data caused by people breaking into supposedly secure systems through the use of flaws in the code.
https://www.privateinternetaccess.com/blog/what-happens-to-privacy-once-ais-start-hacking-systems-and-people/
#privacy #data #protection #ai #hacking #systems
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Artificial Intelligence (AI) has mostly figured in this blog because of its ability to sift through information – for example, finding patterns in data, or matching faces. But one of the reasons that AI is such a powerful and important technology is that it is completely general: it can be applied to almost anything. As a new paper by the well-known security expert Bruce Schneier explores, one area where AI will have a major impact is hacking, in all its forms. It’s extremely wide-ranging, and well-worth reading in its entirety (there’s also a good summary by Schneier himself) but this post will concentrate on the ways in which AI hacking is likely to impact privacy and data protection. Schneier writes:
"One area that seems particularly fruitful for AI systems is vulnerability finding. Going through software code line by line is exactly the sort of tedious problem at which AIs excel, if they can only be taught how to recognize a vulnerability. Many domain-specific challenges will need to be addressed, of course, but there is a healthy amount of academic literature on the topic – and research is continuing. There’s every reason to expect AI systems will improve over time, and some reason to expect them to eventually become very good at it."
If that happens, it will have a huge and direct impact on data protection. Over the last few years, we have already seen massive leaks of personal data caused by people breaking into supposedly secure systems through the use of flaws in the code.
https://www.privateinternetaccess.com/blog/what-happens-to-privacy-once-ais-start-hacking-systems-and-people/
#privacy #data #protection #ai #hacking #systems
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Malicious Office 365 Apps Are the Ultimate Insiders
Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.
These attacks begin with an emailed link that when clicked loads not a phishing site but the user’s actual Office 365 login page — whether that be at microsoft.com or their employer’s domain. After logging in, the user might see a prompt that looks something like this:
https://krebsonsecurity.com/
#microsoft #office #phishing #email #malware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.
These attacks begin with an emailed link that when clicked loads not a phishing site but the user’s actual Office 365 login page — whether that be at microsoft.com or their employer’s domain. After logging in, the user might see a prompt that looks something like this:
https://krebsonsecurity.com/
#microsoft #office #phishing #email #malware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit
Back in college, I was very interested in Java bytecode. When I got an internship at Google in 2013, I was skeptical of the security of the Java version of Google App Engine and got permission to spend the last week of my internship doing a mini red team exercise, trying to break into App Engine. This is the story of how I found a vulnerability and developed an exploit to break out of the App Engine sandbox and get arbitrary code execution on a Google server.
Background
One of the reasons I was skeptical was Java’s poor security track record. Java is unusual among programming languages in attempting to do in-process sandboxing with its Applet model, where trusted and untrusted code run within the same language runtime.
Back in the dark ages before Javascript and Webassembly took over the world, website authors that wanted to include nontrivial interactivity had to rely on browser plugins. Sun’s entry into the fray was Java Applets, a system that allowed website authors to include precompiled Java classfiles on their site. When the user views the embedding page, the browser sends that code to the Java Virtual Machine (JVM) installed on the user’s computer for execution.
In order to keep things secure, Java used a permission system to control what running code could and couldn’t do. Desktop applications were executed with all permissions by default, while Java applets ran with a very restrictive policy that prevented stuff like accessing the user’s local files.
Unfortunately, applets were still plagued with security vulnerabilities. One issue is that most of the Java runtime library is itself implemented in Java. Trusted and untrusted code run side by side in the same VM, with the only thing separating them being the permission system and visibility modifiers (public, protected, private, etc.)
This means that a bug anywhere in the JVM or standard libraries is liable to become a security vulnerability. Additionally, the attack surface is huge. The Java 7 runtime included over 17,000 classes, a lot of places for bugs to creep in.
https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html
#google #app #engine #hacked #java #bytecode #exploit
📡 @nogoolag 📡 @blackbox_archiv
Back in college, I was very interested in Java bytecode. When I got an internship at Google in 2013, I was skeptical of the security of the Java version of Google App Engine and got permission to spend the last week of my internship doing a mini red team exercise, trying to break into App Engine. This is the story of how I found a vulnerability and developed an exploit to break out of the App Engine sandbox and get arbitrary code execution on a Google server.
Background
One of the reasons I was skeptical was Java’s poor security track record. Java is unusual among programming languages in attempting to do in-process sandboxing with its Applet model, where trusted and untrusted code run within the same language runtime.
Back in the dark ages before Javascript and Webassembly took over the world, website authors that wanted to include nontrivial interactivity had to rely on browser plugins. Sun’s entry into the fray was Java Applets, a system that allowed website authors to include precompiled Java classfiles on their site. When the user views the embedding page, the browser sends that code to the Java Virtual Machine (JVM) installed on the user’s computer for execution.
In order to keep things secure, Java used a permission system to control what running code could and couldn’t do. Desktop applications were executed with all permissions by default, while Java applets ran with a very restrictive policy that prevented stuff like accessing the user’s local files.
Unfortunately, applets were still plagued with security vulnerabilities. One issue is that most of the Java runtime library is itself implemented in Java. Trusted and untrusted code run side by side in the same VM, with the only thing separating them being the permission system and visibility modifiers (public, protected, private, etc.)
This means that a bug anywhere in the JVM or standard libraries is liable to become a security vulnerability. Additionally, the attack surface is huge. The Java 7 runtime included over 17,000 classes, a lot of places for bugs to creep in.
https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html
#google #app #engine #hacked #java #bytecode #exploit
📡 @nogoolag 📡 @blackbox_archiv
Considerations on Codecrafting
How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit
Back in college, I was very interested in Java bytecode. When I got an internship at Google in 2013, I was skeptical of the security of the Java version of Google App Engine and got permission to spend the last week of my internship doing a mini red team…
Facebook’s Nextdoor-clone Neighborhoods is coming soon to four US cities
It’s already available across Canada
Facebook, which never saw a social network it couldn’t copy, says its Nextdoor-clone Neighborhoods is now available across Canada and is coming soon to four US cities. According to CNET, the US locations being targeted are Charlotte, North Carolina; San Diego, California; Baton Rouge, Louisiana; and Newark, New Jersey.
Like Nextdoor, Neighborhoods is all about corralling geographically-defined groups of users into a single space to discuss local goings-on. Facebook says users should be able to get to know neighbors, ask for recommendations for the best coffee shops or locksmiths, and organize local events. Users can also create splinter groups specific to their interests.
https://www.theverge.com/2021/5/5/22420597/facebook-nextdoor-clone-neighborhoods-canada-us-cities-launch
#facebook #DeleteFacebook #nextdoor #clone #neighborhoods #usa #canada
📡 @nogoolag 📡 @blackbox_archiv
It’s already available across Canada
Facebook, which never saw a social network it couldn’t copy, says its Nextdoor-clone Neighborhoods is now available across Canada and is coming soon to four US cities. According to CNET, the US locations being targeted are Charlotte, North Carolina; San Diego, California; Baton Rouge, Louisiana; and Newark, New Jersey.
Like Nextdoor, Neighborhoods is all about corralling geographically-defined groups of users into a single space to discuss local goings-on. Facebook says users should be able to get to know neighbors, ask for recommendations for the best coffee shops or locksmiths, and organize local events. Users can also create splinter groups specific to their interests.
https://www.theverge.com/2021/5/5/22420597/facebook-nextdoor-clone-neighborhoods-canada-us-cities-launch
#facebook #DeleteFacebook #nextdoor #clone #neighborhoods #usa #canada
📡 @nogoolag 📡 @blackbox_archiv
Russia’s plot to control the Internet is no longer a secret
Russia’s campaign to control the Internet isn’t just a secret intelligence gambit any longer. It’s an explicit goal, proclaimed by Russian President Vladimir Putin as a key element of the Kremlin’s foreign policy.
Putin complained during his annual address to the Russian federal assembly on April 21 that the United States and other western countries are “stubbornly rejecting Russia’s numerous proposals to establish an international dialogue on information and cybersecurity. We have come up with these proposals many times. They avoid even discussing this matter.”
Asking for “international dialogue” takes some nerve, coming from the world’s biggest cyberbully — a country that notoriously meddled in the 2016, 2018 and 2020 U.S. elections, and has engaged in similar Internet mischief throughout the world. Controlling the “information space,” as the Russians sometimes call it, has long been an intelligence priority for Moscow.
Russia is waging its cyberdiplomacy offensive on two fronts: First, the United Nations has embraced Russia’s proposal to write a new treaty governing cybercrime, to replace the 2001 Budapest convention that Moscow rejected because it was too intrusive. And second, Russia is lobbying for its candidate to head the U.N.’s International Telecommunications Union (ITU) and use it to supplant the current private group, known as ICANN, that coordinates Internet addresses.
These international regulatory battles sound obscure, but they will help determine who writes the rules for Internet communications for the rest of the 21st century. The fundamental question is whether the governance process will benefit authoritarian states that want to control information or the advocates of openness and freedom.
https://telegra.ph/Opinion--Russias-plot-to-control-the-Internet-is-no-longer-a-secret-05-05
via www.washingtonpost.com
#opinion #russia #putin #plot #control #internet
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Russia’s campaign to control the Internet isn’t just a secret intelligence gambit any longer. It’s an explicit goal, proclaimed by Russian President Vladimir Putin as a key element of the Kremlin’s foreign policy.
Putin complained during his annual address to the Russian federal assembly on April 21 that the United States and other western countries are “stubbornly rejecting Russia’s numerous proposals to establish an international dialogue on information and cybersecurity. We have come up with these proposals many times. They avoid even discussing this matter.”
Asking for “international dialogue” takes some nerve, coming from the world’s biggest cyberbully — a country that notoriously meddled in the 2016, 2018 and 2020 U.S. elections, and has engaged in similar Internet mischief throughout the world. Controlling the “information space,” as the Russians sometimes call it, has long been an intelligence priority for Moscow.
Russia is waging its cyberdiplomacy offensive on two fronts: First, the United Nations has embraced Russia’s proposal to write a new treaty governing cybercrime, to replace the 2001 Budapest convention that Moscow rejected because it was too intrusive. And second, Russia is lobbying for its candidate to head the U.N.’s International Telecommunications Union (ITU) and use it to supplant the current private group, known as ICANN, that coordinates Internet addresses.
These international regulatory battles sound obscure, but they will help determine who writes the rules for Internet communications for the rest of the 21st century. The fundamental question is whether the governance process will benefit authoritarian states that want to control information or the advocates of openness and freedom.
https://telegra.ph/Opinion--Russias-plot-to-control-the-Internet-is-no-longer-a-secret-05-05
via www.washingtonpost.com
#opinion #russia #putin #plot #control #internet
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Telegraph
Opinion | Russia’s plot to control the Internet is no longer a secret
Secretary of State Antony Blinken stressed on Tuesday the importance of this contest. “There are relatively few items that are ultimately going to have a greater impact on the lives of people around the world than the ITU post. It may seem dry and esoteric…
This massive DDoS attack took large sections of a country's internet offline
More than 200 organisations across Belgium including the government and parliament were affected by a DDoS attack that overwhelmed them with bad traffic.
A massive distributed denial of service (DDoS) attack took down the websites of more than 200 organisations across Belgium, including government, parliament, universities and research institutes.
The DDoS attack started at 11am on Tuesday 4 May and overwhelmed the web sites with traffic, rendering their public-facing sites unusable for visitors, while the attack overwhelmed internal systems, cutting them off from the internet.
The attack targeted Belnet, the government-funded ISP provider for the county's educational institutions, research centres, scientific institutes and government services – including government ministries and the Belgian parliament. Some debates and committee meetings had to be postponed as users couldn't access the virtual services required to take part.
https://www.zdnet.com/article/this-massive-ddos-attack-took-large-sections-of-a-countrys-internet-offline/
#ddos #attack #belgium
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
More than 200 organisations across Belgium including the government and parliament were affected by a DDoS attack that overwhelmed them with bad traffic.
A massive distributed denial of service (DDoS) attack took down the websites of more than 200 organisations across Belgium, including government, parliament, universities and research institutes.
The DDoS attack started at 11am on Tuesday 4 May and overwhelmed the web sites with traffic, rendering their public-facing sites unusable for visitors, while the attack overwhelmed internal systems, cutting them off from the internet.
The attack targeted Belnet, the government-funded ISP provider for the county's educational institutions, research centres, scientific institutes and government services – including government ministries and the Belgian parliament. Some debates and committee meetings had to be postponed as users couldn't access the virtual services required to take part.
https://www.zdnet.com/article/this-massive-ddos-attack-took-large-sections-of-a-countrys-internet-offline/
#ddos #attack #belgium
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
ZDNet
This massive DDoS attack took large sections of a country's internet offline | ZDNet
More than 200 organisations across Belgium including the government and parliament were affected by a DDoS attack that overwhelmed them with bad traffic.
Peloton’s leaky API let anyone grab riders’ private account data
But the company won't say if it has evidence of malicious exploitation
Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data.
My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed anyone to pull users’ private account data directly from Peloton’s servers, even with their profile set to private.
Peloton, the at-home fitness brand synonymous with its indoor stationary bike and beleaguered treadmills, has more than three million subscribers. Even President Biden is said to own one. The exercise bike alone costs upwards of $1,800, but anyone can sign up for a monthly subscription to join a broad variety of classes.
As Biden was inaugurated (and his Peloton moved to the White House — assuming the Secret Service let him), Jan Masters, a security researcher at Pen Test Partners, found he could make unauthenticated requests to Peloton’s API for user account data without it checking to make sure the person was allowed to request it. (An API allows two things to talk to each other over the internet, like a Peloton bike and the company’s servers storing user data.)
But the exposed API let him — and anyone else on the internet — access a Peloton user’s age, gender, city, weight, workout statistics and, if it was the user’s birthday, details that are hidden when users’ profile pages are set to private.
Masters reported the leaky API to Peloton on January 20 with a 90-day deadline to fix the bug, the standard window time that security researchers give to companies to fix bugs before details are made public.
https://techcrunch.com/2021/05/05/peloton-bug-account-data-leak
#peloton #leak #api #private #account #data #exploitation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
But the company won't say if it has evidence of malicious exploitation
Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data.
My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed anyone to pull users’ private account data directly from Peloton’s servers, even with their profile set to private.
Peloton, the at-home fitness brand synonymous with its indoor stationary bike and beleaguered treadmills, has more than three million subscribers. Even President Biden is said to own one. The exercise bike alone costs upwards of $1,800, but anyone can sign up for a monthly subscription to join a broad variety of classes.
As Biden was inaugurated (and his Peloton moved to the White House — assuming the Secret Service let him), Jan Masters, a security researcher at Pen Test Partners, found he could make unauthenticated requests to Peloton’s API for user account data without it checking to make sure the person was allowed to request it. (An API allows two things to talk to each other over the internet, like a Peloton bike and the company’s servers storing user data.)
But the exposed API let him — and anyone else on the internet — access a Peloton user’s age, gender, city, weight, workout statistics and, if it was the user’s birthday, details that are hidden when users’ profile pages are set to private.
Masters reported the leaky API to Peloton on January 20 with a 90-day deadline to fix the bug, the standard window time that security researchers give to companies to fix bugs before details are made public.
https://techcrunch.com/2021/05/05/peloton-bug-account-data-leak
#peloton #leak #api #private #account #data #exploitation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
TechCrunch
Peloton’s leaky API let anyone grab riders’ private account data
But the company won't say if it has evidence of malicious exploitation.
Report on University of Minnesota Breach-of-Trust Incident
On April 20, 2021, in response to the perception that a group of University of Minnesota (UMN) researchers had resumed sending compromised code submissions to the Linux kernel, Greg Kroah-Hartman asked the community to stop accepting patches from UMN and began a re-review of all submissions previously accepted from the University.
This report summarizes the events that led to this point, reviews the "Hypocrite Commits" paper that had been submitted for publication, and reviews all known prior kernel commits from UMN paper authors that had been accepted into our source repository.
https://lwn.net/ml/linux-kernel/202105051005.49BFABCE@keescook/
#linux #kernel #university #minnesota #breach #trust
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
On April 20, 2021, in response to the perception that a group of University of Minnesota (UMN) researchers had resumed sending compromised code submissions to the Linux kernel, Greg Kroah-Hartman asked the community to stop accepting patches from UMN and began a re-review of all submissions previously accepted from the University.
This report summarizes the events that led to this point, reviews the "Hypocrite Commits" paper that had been submitted for publication, and reviews all known prior kernel commits from UMN paper authors that had been accepted into our source repository.
https://lwn.net/ml/linux-kernel/202105051005.49BFABCE@keescook/
#linux #kernel #university #minnesota #breach #trust
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag