Profil3r

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails.

‼️ For educational purposes only

https://github.com/Rog3rSm1th/Profil3r

#educational #profil3r #osint #tool #social #networks #email
📡 @nogoolag 📡 @blackbox_archiv

Answering Europe’s Call: Storing and Processing EU Data in the EU

Today we are announcing a new pledge for the European Union. If you are a commercial or public sector customer in the EU, we will go beyond our existing data storage commitments and enable you to process and store all your data in the EU. In other words, we will not need to move your data outside the EU. This commitment will apply across all of Microsoft’s core cloud services – Azure, Microsoft 365, and Dynamics 365. We are beginning work immediately on this added step, and we will complete by the end of next year the implementation of all engineering work needed to execute on it. We’re calling this plan the EU Data Boundary for the Microsoft Cloud.

The new step we’re taking builds on our already strong portfolio of solutions and commitments that protect our customers’ data, and we hope today’s update is another step toward responding to customers that want even greater data residency commitments. We will continue to consult with customers and regulators about this plan in the coming months, including adjustments that are needed in unique circumstances like cybersecurity, and we will move forward in a way that is responsive to their feedback.

Microsoft cloud services already comply with or exceed EU guidelines even before the plan we’re announcing today. We already provide commercial and public sector customers the choice to have data stored in the EU, and many Azure cloud services can already be configured to process data in the EU as well. In addition, we use world-class encryption and robust lockbox solutions that meet current regulatory guidance. Many of our services put control of customer data encryption in customers’ hands through the use of customer-managed keys, and we defend our customers’ data from improper access by any government in the world.

https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/

#microsoft #eu #data #boundary
📡 @nogoolag 📡 @blackbox_archiv

Epic exposes Apple's efforts to persuade Netflix to keep in-app subscriptions

In brief: Epic Games presented documents in its lawsuit against Apple showing that the Cupertino tech giant went to great lengths to prevent Netflix from dropping in-app payment (IAP) subscriptions from its iOS app. Efforts included special favors and the consideration of punitive measures. Epic hopes to portray Apple as "anything goes" when it comes to retaining its App Store commissions.

In 2018, Netflix was debating whether it should remove in-app subscriptions for new customers in its iPhone app. It planned to run tests that summer in select markets to see its effect on subscription numbers. When Apple learned this, it called all-hands-on-deck to prevent the streaming service from going through with it.

In an email thread (Exhibit A below), several Apple execs, including Vice President of the App Store Matt Fischer, Vice President of Marketing Pete Distad, Vice President of Service Peter Stern, and others, expressed their concerns over Netflix conducting the tests and the possibility of it removing IAPs from its app. Apple did not want Netflix to eliminate subscription options from the software for obvious reasons, but it also didn't like the company even conducting its own tests.

https://www.techspot.com/news/89580-epic-exposes-apple-efforts-persuade-netflix-keep-app.html

#apple #epic #netflix
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Don’t Try to Pirate Movies On Elon Musk’s Starlink

The Starlink team announced that if people try to openly pirate movies on SpaceX’s satellite internet service Starlink, then one has to be prepared to receive a warning from the company demanding that you stop. Starlink is an initiative by SpaceX with the objective of providing Internet From Space. Recently they have launched the first 60 production satellites of nearly 12,000 planned spacecraft into a low orbit above Earth.

Last weekend, a curious Starlink subscriber tested if SpaceX enforces its policy against downloading copyrighted content. The subscriber, “substrate-97,” indeed received the piracy warning notice and he posted the same from SpaceX on Reddit. “We must insist that you and/or others using your Starlink service refrains from illegal downloads of copyrighted content,” the notice says. “Downloading copyrighted materials without a license may lead to suspension or termination of your service, and put you at risk of legal action by the content owner,” the statement read.

Moreover, Starlink may also try to stop piracy if the ISP detects a download for a bootleg movie. The company will immediately send an automated warning to the offending subscriber. If the ISP recognises a download for a copyrighted movie, the provider can automatically issue a warning notification to the subscriber committing the offence.

https://www.gulte.com/trends/85497/dont-try-to-pirate-movies-on-elon-musks-starlink

#starlink #musk #movies #pirate
📡 @nogoolag 📡 @blackbox_archiv

RocketReach and the creepy world of data harvesting

You’ve probably never heard of RocketReach. But I think you should, as it’s got me properly riled up.

I just want people to leave me alone. My job is hard enough as it is, without people sliding into my inbox 24/7.

- Hey, got time for a quick 15 minute chat about this random tool you’ll never use? NO

- Hi, I’d love to chat with you about a potential partnership with-GO AWAY.

- We really think your organisation could benefit from- JUST LEAVE ME ALONE.

- I noticed you haven’t replied to our previous emails; just checking you didn’t miss this. I DIDN’T MISS IT I’M DELIBERATELY IGNORING YOU.

It’s constant, and it’s draining. I don’t know who out there is telling people that spamming folks with cold emails is the way to grow your business, but I’m begging them to stop.

I mean, it must be working, or they wouldn’t do it. But it’s just incredibly frustrating. Especially if you’re someone like me that doesn’t like to be mean to people. My deeply-instilled British values of politeness mean it pains me to ignore these people.

But I have to, or I wouldn’t be able to function. Just replying to these people would be a full-time job.

So imagine my dismay when I discovered there are websites out there specialising in making it even easier to contact me. And one of the worst offenders out there is RocketReach.

https://cookywook.co.uk/blog/rocketreach-and-the-creepy-world-of-data-harvesting/

#data #harvesting #BigData #privacy #rocketreach #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Building a supply chain attack with .NET, NuGet, DNS, source generators, and more!

For a couple of months now, I’ve been pondering about what tools are at your disposal in .NET to help build and execute a supply chain attack. My goal was to see what is available out there, and what we, as .NET developers, should be aware of. Prepare for a long read!

Now, forget that short introduction, and let’s start anew…

‼️ For educational purposes only

https://blog.maartenballiauw.be/post/2021/05/05/building-a-supply-chain-attack-with-dotnet-nuget-dns-source-generators-and-more.html

#supply #chain #attack #dotnet #nuget #dns #educational
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away

Software giant vows data processing of EU cloud services to stay in EU, which means that currently...

Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm's existing setup.

Those problems extend to UK public sector organisations seeking to stick within government guidance as well as a longstanding issue where personal data held in the EU can potentially be accessed via US security laws.

In a blog, Brad Smith, Microsoft’s president and chief legal officer, said the software and cloud services gaint would, by the end 2022, enable EU customers of Azure, Microsoft 365, and Dynamics 365 to have all their data processed physically within the EU.

https://www.theregister.com/2021/05/07/schrems_slams_microsoft_eu_data/

💡 read as well:
Answering Europe’s Call: Storing and Processing EU Data in the EU
https://t.iss.one/BlackBox_Archiv/2163

#microsoft #eu #data #boundary #nsa #schrems
📡 @nogoolag 📡 @blackbox_archiv

a MESSAGE to Anonymous #NewBlood from a Old Anonymous Coot #CyberWar #OpDeleteTheElite #Killuminati

https://www.youtube.com/watch?v=0Knb8HsSurs

#breakingnews #Cyberattack #columbia #OffCircuitSec #OCSec #AnonymousPhilippines #Anonymous #FreeGho57 #Arrested #OpColumbia #Columbian #Government #NWO #hostile #Rothschild #UN #LineInTheSand #GameOver #WorldWar #An0NiX #GhostSec #GhostSecurity #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Democracy in Telegram groups

Many of us spend time in specialized telegram groups. The power over communication here belongs to random people with their own shortcomings. Conflict and abuse occurs regularly. Is there another way to keep order so that scam spam doesn't flourish and no one has total control over group members?
In my case, these thoughts led to the development and testing of a system that can be connected to your Telegram today.

First of all, you need to determine what is the key aspect, the currency of the system. Not karma and not points, not likes and not a rating. Time itself became it. What follows from this?

https://habr.com/en/post/556474/

#telegram #democracy #whatUthink
📡 @nogoolag 📡 @blackbox_archiv

Tracking One Year of Malicious Tor Exit Relay Activities (Part II)

>25% of the Tor network’s exit capacity has been attacking Tor users

In August 2020 I reported about “How Malicious Tor Relays are Exploiting Users in 2020 (Part I)”. Back then I made the hypothesis that the entity behind these malicious tor relays is not going to stop its activities anytime soon. Unfortunately this turned out to be true. In this follow-up post, I will give you an update, share what additional information we learned about the attacker since August 2020 and to what extend they were and still are active on the tor network.

After publishing the previous blog post it took only a few days until two sets of relay groups that were on my radar at the time (Figure 8 in Part I) got confirmed performing the same kind of attacks against Tor users as previously observed:

https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df

#tor #exit #relay #malicious #activities
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

“We are apolitical” — DarkSide threat actors

By now, probably everyone has heard about the Colonial Pipeline security incident that has been linked to threat actors known as DarkSide.

On April 12, this site published an email chat with DarkSide. If you missed that chat write-up, you can read it here. On May 8, after the mainstream media reported that the Colonial Pipeline incident had been attributed to DarkSide by those familiar with the matter, I reached out to the threat actors to ask for a comment or response. As I tweeted and reported, they responded, “Hello, no comments,” but then immediately sent another reply explaining, “At the time of negotiations and in the case of payment, we do not disclose information about the transaction.”

That was their only acknowledgement by that point that they were involved.

Today, they have issued a statement on their leak site:

"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment and look for other our motives.

Our goal is to make money, and not creating problems for society.
From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."

That press statement is consistent with what they had stated in our email interview when I asked them if they ever had regretted any attack. They responded how they added funeral homes and crematoria to their exclusion list because they had regretted what a partner had done. Now they say they will start moderation to check companies that their partners want to encrypt.

Chalk this up as purely opinion, but I think it’s likely that they are quite serious about that. Since Colonial Pipeline is private industry and not a state/government entity, they probably did not consider it as infrastructure or political as much as just a typical big (lucrative) target by a partner.

Could DarkSide be state-related? Could they have lied about that? Sure. But then do we say the same thing about every threat actor group that may speak Russian? Is there any evidence that DarkSide has had any political or governmental targets?

https://www.databreaches.net/we-are-apolitical-darkside-threat-actors/

#colonial #pipeline #hack #ransomware #darkside #apolitical
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Garbage Collection – the silent enemy of data recovery

3 SSDs which we loaded with data sets and then issued the deleted command. Which disk would still have its data intact after 24hours?

Drive Rescue recently gave a guest lecture to the computer science class of a well-known Dublin third-level institution. Their lecturer wanted to give his class some real-world insights into how the world of practitioners sometimes differs to the world of academic theory. So, in the name of science and knowledge enhancement for all – we duly obliged.

The topic we decided to talk about was garbage collection in solid-state disks (SSD). Garbage collection is a silent (disk controller) process which runs in the background of most solid-state disks and operates as a sort of clean-up mechanism for data which had been recently subject to the delete command. This makes read, write and erase operations in SSDs more efficient. However, for the forensic investigator, the security analyst, the systems administrator or indeed the data recovery technician, the garbage collection feature has the potential to complicate investigations and recovery cases.

Data Deletion from HDDs

When data is deleted from traditional electro-mechanical hard disks, the space on the volume is marked as free by the disk. But the actual data is not deleted until it’s overwritten to the same location.

Why Garbage Collection is a problem

File deletion with SSDs works differently. Unlike HDDs, they cannot write data to a random area of the disk. SSDs must write to blank pages. Moreover, an SSD cannot erase data at page level, it must be block-level. For this reason, SSDs use TRIM and garbage collection to make sure there always pages ready available for writing.

https://datarecoveryireland.ie/garbage-collection-the-silent-enemy-of-data-recovery/

#data #recovery #ssd #hdd #drive #rescue #forensic
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

30 Years Of Linux - An Interview With Linus Torvalds: Open Source And Beyond - Part 2

The Linux kernel is celebrating its thirtieth anniversary this year. In part two of our interview, we conclude our conversation with Linux creator Linus Torvalds. If you haven't already, check out part one to learn all about Linux kernel development and the creation of the Git version control system.

In this second part, Linus offers insight and perspective gained from managing a large open source project for three decades. He also talks about his employment at the Linux Foundation, and describes what he does with his spare time when he's not focused on kernel development.

As to what makes an open source project successful, Linus admits, "I don't really know what the key to success is. Yes, Linux has been very successful, and clearly Git too started on the right foot, but it's always very hard to really attribute that to some deeper cause. Maybe I've just been lucky?" He goes on to offer three practical recommendations he's followed himself: be there for other developers, be open, and be honest.

https://www.tag1consulting.com/blog/interview-linus-torvalds-open-source-and-beyond-part-2

💡 read as well: An Interview With Linus Torvalds: Linux and Git - Part 1
https://www.tag1consulting.com/blog/interview-linus-torvalds-linux-and-git

#interview #torvalds #linux
📡 @nogoolag 📡 @blackbox_archiv

Actor sues TikTok for using her voice in viral tool

An actor is suing TikTok for using her voice in its text-to-speech function.

It converts writing into speech, which can then be played over videos uploaded to the app, often for comedic effect.

Bev Standing recorded about 10,000 sentences of audio for the state-backed Chinese Institute of Acoustics research body to use in translations, in 2018.

The legal action claims her voice can now be heard in viral videos featuring “foul and offensive language”, causing her reputation “irreparable harm”.

https://www.bbc.co.uk/news/technology-57063087

#DeleteTikTok #tiktok
📡 @nogoolag 📡 @blackbox_archiv

Colonial Hack Can’t Be Just Another Wake-Up Call

Companies and the government need to confront cyberattacks before an unmanageable disaster arrives.

Visit Colonial Pipeline’s corporate website and you’ll learn that the Alpharetta, Georgia, energy company is “committed to EXCELLENCE” and that “safety, environmental stewardship, and first-class customer service” drive its operating philosophy.

What you won’t find — unless you navigate to the bottom of the home page and click on “News & Media” — is any mention that the company that operates the largest refined fuels pipeline in the U.S. was brought to its knees by computer hackers Friday. That’s understandable, because it’s likely that Colonial still doesn’t completely understand what hit it.

In a brief statement Saturday, Colonial said it learned the previous day that hackers were trying to extort it using ransomware. In response, the company shut down its pipeline and some information technology systems and hired cybersleuths to sort out the damage. It offered more of the same Sunday evening, while also disclosing that the Department of Energy had joined a federal law enforcement investigation of the attack. Other than noting that its main lines were still closed, Colonial didn’t offer much clarity about when it would be back in business (which has left oil traders on edge and scrambling for alternatives).

Companies have their reasons for going mum when hacked, of course. They’re worried about reputational damage. If publicly traded, they also fear possible negligence lawsuits from investors (Colonial is privately held). But in an era in which nation-states and roving freelancers alike have turned rival governments, corporations, schools and universities, hospitals, research labs, fire and police departments, and other institutions into digital piñatas, hunkering down only perpetuates the problem.

https://www.bloomberg.com/opinion/articles/2021-05-10/colonial-hack-shows-we-re-one-attack-away-from-a-cyber-disaster

#colonial #pipeline #hack #ransomware #darkside #cyberattacks
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Beware of Applications Misusing Root Stores

We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. We provide a root store to be used for server authentication (TLS) and for digitally signed and encrypted email (S/MIME). Applications that use Mozilla’s root store for a purpose other than that have a critical security vulnerability. With the goal of improving the security ecosystem on the internet, below we clarify the correct and incorrect use of Mozilla’s root store, and provide tools for correct use.

....(....)

Misuse of Root Stores: We have been alerted that some applications are using root stores provided by Mozilla or an operating system (e.g. Linux) for purposes other than what the root store is curated for. An application that uses a root store for a purpose other than what the store was created for has a critical security vulnerability. This is no different than failing to validate a certificate at all.

https://blog.mozilla.org/security/2021/05/10/beware-of-applications-misusing-root-stores/

#mozilla #root #store #applications
📡 @nogoolag 📡 @blackbox_archiv

HakByte: How to find anything on the internet with Google Dorks

On this first episode of HakByte, we cover Google Dorking, which is an OSINT technique that takes advantage of the Google Search engine with advanced search strings. This video covers basic google dorks that will allow you to filter out irrelevant information for a google search, finding insecure websites, and even discovering exposed password databases. Finally, an open source tool called pagodo is covered, which automatically can pass thousands of google dorks while avoiding detection from google.

https://www.youtube.com/watch?v=lESeJ3EViCo

#hakbyte #osint #google #dorking #search #engine #educational #video
🎥 @nogoolag 🎥 @blackbox_archiv

Today the United States announced that it will join the Christchurch Call to Action to Eliminate Terrorist and Violent Extremist Content Online, a global pledge by member governments and technology partners to work together to address terrorist and violent extremist content online.

Countering the use of the internet by terrorists and violent extremists to radicalize and recruit is a significant priority for the United States. Joining the coalition of governments and companies that have endorsed the Christchurch Call to Action reinforces the need for collective action.

The United States applauds language in the Christchurch Call emphasizing the importance of respecting human rights and the rule of law, including the protection of freedom of expression. In joining the Christchurch Call, the United States will not take steps that would violate the freedoms of speech and association protected by the First Amendment to the U.S. Constitution, nor violate reasonable expectations of privacy.

The United States looks forward to participating in the Christchurch Call Second Anniversary virtual summit on May 14.

https://telegra.ph/Statement-by-Press-Secretary-Jen-Psaki-on-the-Occasion-of-the-United-States-Joining-the-Christchurch-Call-to-Action-to-Eliminate-05-10

via www.whitehouse.gov

#christchurch #call #action
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Apple accused of breaking UK competition law by overcharging for apps

Almost 20 million users could be eligible for compensation, with £1.5bn damages sought

Apple is facing a demand for billions of pounds of consumer compensation in a British lawsuit that accuses the company of overcharging users by up to 30% on its App Store.

The claim argues that Apple’s restrictive policies, which limit app developers to using its own payment systems, are generating “excessive” profits for the company and leading to consumers paying more than they otherwise would. As a collective action, it seeks to represent the almost 20 million people in the UK who have spent money on the App Store, and seeks damages of up to £1.5bn.

Apple has dismissed the action as “meritless”.

Leading the suit is Dr Rachael Kent, an expert in the digital economy and lecturer at King’s College, University of London, who said: “The App Store was a brilliant gateway for a range of interesting and innovative services that millions of us find useful, myself included. But 13 years after its launch, it has become the only gateway for millions of consumers. Apple guards access to the world of apps jealously, and charges entry and usage fees that are completely unjustified.

“This is the behaviour of a monopolist and is unacceptable.”

https://www.theguardian.com/technology/2021/may/11/apple-accused-of-breaking-uk-competition-law-by-overcharging-for-apps

#apple #uk #competition #law #apps #overcharging
📡 @nogoolag 📡 @blackbox_archiv