Order of the HmbBfDI: Ban of further processing of WhatsApp user data by Facebook

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) issued an order prohibiting Facebook Ireland Ltd. from processing personal data from WhatsApp for its own purposes. The order is immediately enforceable. This is done under the urgency procedure of the General Data Protection Regulation (GDPR), which provides for the adoption of provisional measures with a specified period of validity in the respective territory, in this case Germany. The background to the proceedings is the request to all WhatsApp users to agree to the new terms and privacy policy by May 15, which grant WhatsApp far-reaching powers to share data with Facebook.

https://datenschutz-hamburg.de/assets/pdf/2021-05-11-press-release-facebook.pdf

#whatsapp #DeleteWhatsApp #user #data #facebook #DeleteFacebook #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The widely anticipated quantum internet breakthrough is finally here

A Delft University spinout is commercialising a quantum modem that can link quantum machines into superfast networks.

f you thought quantum computing was a leap forward, get ready for the next step: the quantum internet, where quantum machines can be linked to each other to create powerful networks of superfast computing power.

The vision is now even closer to becoming reality. QphoX, a Delft University spinout, has created a quantum modem that can get these machines talking to each other. It plans to be the first to take it out of the research lab and turn it into a commercial project — and has raised €2m seed round to build the company.

It is the next big step in quantum computing. Today’s biggest quantum computers have less than 100 qubits, but scientists say that the machines will need at least 1k qubits to be truly commercially useful. Scaling up the computers themselves will take time, but a quantum internet could connect smaller machines to get to 1k+ qubits faster.

“Scaling a quantum computer even beyond 100 qubits is hard at the moment, but you could link 10 together to get 1k,” says Simon Gröblacher, CEO and cofounder of QphoX. Gröblacher says they expect to have a working modem ready for customers to test within two years.

The seed funding round was led by Quantonation, Speedinvest and High-Tech Gründerfonds, with participation from TU Delft.

https://sifted.eu/articles/quantum-internet-breakthrough/

#quantum #internet #breakthrough
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Stopping the Manipulation Machines - Some things are difficult by design.

Consider Amazon. The company perfected the one-click checkout. But canceling a $119 Prime subscription is a labyrinthine process that requires multiple screens and clicks.

Or Ticketmaster. Online customers are bombarded with options for ticket insurance, subscription services for razors and other items and, when users navigate through those, they can expect to receive a battery of text messages from the company with no clear option to stop them.

https://www.nytimes.com/2021/04/30/opinion/dark-pattern-internet-ecommerce-regulation.html

#manipulation #amazon #DeleteAmazon #ticketmaster #opinion
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Facebook Ordered to Stop Collecting German WhatsApp Data

Facebook Inc. was ordered to stop collecting German users’ data from its WhatsApp unit, after a regulator in the nation said the company’s attempt to make users agree to the practice in its updated terms isn’t legal.

Johannes Caspar, who heads Hamburg’s privacy authority, issued a three-month emergency ban, prohibiting Facebook from continuing with the data collection. He also asked a panel of European Union data regulators to take action and issue a ruling across the 27-nation bloc. The new WhatsApp terms enabling the data scoop are invalid because they are intransparent, inconsistent and overly broad, he said.

“The order aims to secure the rights and freedoms of millions of users which are agreeing to the terms Germany-wide,” Caspar said in a statement on Tuesday. “We need to prevent damage and disadvantages linked to such a black-box-procedure.”

https://www.bloomberg.com/news/articles/2021-05-11/facebook-ordered-to-stop-collecting-german-whatsapp-users-data

💡 read as well (PDF)
Order of the HmbBfDI: Ban of further processing of WhatsApp user data by Facebook
https://t.iss.one/BlackBox_Archiv/2184

#whatsapp #DeleteWhatsApp #user #data #facebook #DeleteFacebook #gdpr #eu #germany
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Colonial Pipeline Hit With Ransomware; Apple AirTags Hacked - ThreatWire

A Qualcomm SoC could be exploited by attackers, the US’s biggest gas pipeline is hit with ransomware, and Apple AirTags get hacked! All that coming up now on ThreatWire.

https://www.youtube.com/watch?v=QjLvIDWnc3w

#threatwire #hak5 #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Collection of novel security vulnerabilities that affect Wi-Fi devices

11 May 2021 — This website presents FragAttacks (fragmentation and aggregation attacks) which is a collection of novel security vulnerabilities that affect Wi-Fi devices. An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices. Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices. On top of this, several other vulnerabilities were discovered that are caused by widespread programming mistakes in Wi-Fi products. Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.

The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected. This means that several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997! Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings. As a result, in practice the biggest concern are the programming mistakes in Wi-Fi products since several of them are trivial to exploit.

https://www.fragattacks.com/

#fragattacks #wifi #security #vulnerabilities #exploit #educational
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Delete Google from Your Life Now

DELETE GOOGLE!

https://www.youtube.com/watch?v=94ENNlF_05k

#google #DeleteGoogle #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Bitcoin Privacy Feud Erupts After Edward Snowden Pans Long-Awaited Taproot Upgrade

Core devs say the Taproot software update for Bitcoin will improve privacy. Edward Snowden said it doesn't fix Bitcoin's bigger privacy problem. Who's right?

Edward Snowden is a former National Security Agency contractor who exposed a secret surveillance program of American citizens. As one of the world's foremost privacy advocates, he thinks Bitcoin isn't private enough—and that an upcoming software update could make it worse.

His comments have created something of an uproar from fellow activists such as Alex Gladstein, the Chief Strategy Officer of the Human Rights Foundation, who thinks Snowden has misrepresented the upgrade, known as Taproot. Others have argued that the Russian exile can't see the importance of mainstream adoption to the project, which could falter if it turns too far toward anonymity.

"Cryptocurrency, and by this I'm just going to say Bitcoin, is really failing comprehensively, terribly, on the privacy angle," Snowden told the Electronic Frontier Foundation's Marta Belcher at the Ethereal Summit on Thursday. Taproot, he added, isn't a good fix.

Taproot, which was first proposed in early 2018, is in the process of making its way from developers' brains to the Bitcoin protocol itself. When it does come online, it's supposed to improve privacy as well as scalability and security.

https://decrypt.co/70470/bitcoin-privacy-feud-erupts-edward-snowden-pans-long-awaited-taproot-upgrade

#bitcoin #cryptocurrency #privacy #snowden #taproot #upgrade
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Deep Web - the downfall of the Silk Road (full documentary)

Documentary about the dark side of the Internet: for some the Deep Web and for others the Dark Web, where people trade in stolen identities, illegal substances and secret knowledge. Within a short time, the Silk Road, the "Ebay for drugs," becomes a hotly contested trans-shipment center for everything forbidden. Both the FBI and Europol try everything to track down the mastermind behind the website, known on the Deep Web only as DPR - Dread Pirate Roberts.

https://www.youtube.com/watch?v=y7x4CmWIeGE

#silkroad #doku #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Facebook says it will ignore emergency data collection ban issued in Germany over WhatApp rules

Privacy watchdog is calling on GDPR regulators to enforce an EU-wide ban

A hot potato: Germany has banned Facebook from collecting data on WhatsApp users within its borders. The Hamburg Data Protection and Freedom of Information (HmbBfDI) commission claims that the app's new data collection policies and Facebook's heavy-handed efforts to get users to accept them violate the General Data Protection Regulation (GDPR).

Johannes Caspar, the commissioner of the HmbBfDI, indicated in a press release that Facebook has a history of user-privacy abuse, pointing to the Cambridge Analytica scandal and the recent leak of 500 million records. More urgently, Caspar fears that WhatsApp's less than transparent advertising policies will influence German elections coming up in September.

"The data protection scandals of the last few years from 'Cambridge Analytica' to the data leak that recently became known, which affected more than 500 million Facebook users, show the extent and the dangers of massive profiling," said Caspar. "This affects not only privacy but also the possibility of using profiles to influence voter decisions in order to manipulate democratic decisions. In view of the nearly 60 million WhatsApp users with a view to the upcoming federal elections in Germany in September 2021, the risk is all the more concrete, as these will arouse desires after influencing the opinion-forming of Facebook's advertisers."

https://www.techspot.com/news/89639-facebook-ignore-emergency-data-collection-ban-issued-germany.html

#whatsapp #DeleteWhatsApp #user #data #facebook #DeleteFacebook #gdpr #eu #germany
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Darknet Diaries - Ep 92: The Pirate Bay

The Pirate Bay is a website, a search engine, which has an index of torrent files. A lot of copyrighted material is listed on the site, but the site doesn’t store any of the copyrighted material. It just points the user to where you can download it from. So for a while The Pirate Bay has been the largest places you can find pirated movies, music, games, and apps. But this site first came up 2003. And is still up and operation now, 18 years later! You would think someone would shut this place down by now. How does the biggest source for copyrighted material stay up and online for that long? Listen to this episode to find out.

https://darknetdiaries.com/episode/92/

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv

Ransomware crooks post cops’ psych evaluations after talks with DC police stall

Babuk demands $4 million, Metropolitan Police Department offers $100,000.

A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department (MPD) in April posted personnel records on Tuesday that revealed highly sensitive details for almost two dozen officers, including the results of psychological assessments and polygraph tests; driver's license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories.

The data, included in a 161MB download from a website on the dark web, was made available after negotiations broke down between members of the Babuk ransomware group and MPD officials, according to screenshots purporting to be chat transcripts between the two organizations. After earlier threatening to leak the names of confidential informants to crime gangs, the operators agreed to remove the data while they carried out the now-aborted negotiations, the transcripts showed.

https://arstechnica.com/gadgets/2021/05/ransomware-crooks-post-cops-psych-evaluations-after-talks-with-dc-police-stall/

#ransomware #babuk #usa #dc #police
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Brave — Stealing your cookies remotely

Brave for Android had a vulnerability that allowed a malicious web page to steal your cookies remotely. The vulnerability was reported through HackerOne and took 5 months to fix.

Introduction

During my research with Android applications, I found a few vulnerabilities in some of the most used browsers. When researching Brave, I noticed that it was using a Content Provider that was exposing all files from the public directory as well as its private files.

https://infosecwriteups.com/brave-stealing-your-cookies-remotely-1e09d1184675

#brave #browser #android #cookies #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

FragAttacks: Demonstration of Flaws in WPA2/3

This is not a "hacking" tutorial but a demonstration about academic IT security research. Made by Mathy Vanhoef of New York University and KU Leuven.

https://www.youtube.com/watch?v=88YZ4061tYw

💡 read as well: Collection of novel security vulnerabilities that affect Wi-Fi devices
https://t.iss.one/BlackBox_Archiv/2189

#fragattacks #wifi #security #vulnerabilities #exploit #educational #poc #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Determining The Extent Of Video Surveillance Through Google Street View Data

Google Street View’s continuous coverage of the world’s thoroughfares represents possibly the most complete, consistent and coherent visual record of global society, with the exception of countries that impose bans on the search giant’s roving data-gathering vehicles.

As a revenue-delivering contributor to Google Maps’ infrastructure, the Google Street View panopticon is a rich data seam for machine learning analysis. Besides its propensity to unwittingly capture criminal acts, it has been used to estimate regional income from car quality in Google Street View images, evaluate greenery in urban environments, identify utility poles, classify buildings and estimate the demographic make-up of US neighborhoods, among many other initiatives.

Google Street View’s continuous coverage of the world’s thoroughfares represents possibly the most complete, consistent and coherent visual record of global society, with the exception of countries that impose bans on the search giant’s roving data-gathering vehicles.

As a revenue-delivering contributor to Google Maps’ infrastructure, the Google Street View panopticon is a rich data seam for machine learning analysis. Besides its propensity to unwittingly capture criminal acts, it has been used to estimate regional income from car quality in Google Street View images, evaluate greenery in urban environments, identify utility poles, classify buildings and estimate the demographic make-up of US neighborhoods, among many other initiatives.

Limited Statistics On Surveillance Camera Diffusion In The United States

Despite wide usage of Google Maps’ data for socially aware machine learning initiatives, there are very few Street View-based datasets that include labeled examples of surveillance cameras. The Mapillary Vistas dataset is among the small number available that offer this functionality, though it includes less than 20 labeled public video cameras in the United States.

Much of the video surveillance infrastructure in the US only intersects the State when authorities demand corroborating footage after local incidents that may have been recorded. Beyond zoning regulations, and in the context of permissive privacy laws that do little to address private surveillance of public spaces, there is no federal administrative framework that can provide hard statistics on the number of public-facing cameras in the US.

Anecdotal data and limited surveys contend that video camera diffusion in the US may be on a par with China, but it’s not easy to prove.

https://www.unite.ai/determining-the-extent-of-video-surveillance-through-google-street-view-data/

#usa #video #surveillance #google #streetview
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

WhatsApp breaks App Store guidelines by limiting functionality for users who do not accept new privacy policy

Facebook’s WhatsApp has announced that users that don’t accept a new set of terms and conditions will be barred from certain features of the messaging app.

This move goes against Apple’s App Store policies, which explicitly state that such behavior is strictly prohibited.
If WhatsApp implements the announced changes, the app could be removed from the App Store.

WhatsApp’s controversial new privacy policy, which goes into effect on May 15th, 2021, will limit functionality on the app — such as the access to the contact/chat list and the primary screen of the app if users do not accept the privacy policy. If the user continues to refuse accepting, they will eventually lose access to calls, and will no longer receive notifications, rendering the app practically useless.

💡 Quoting the App Store guideline 3.2.2 (vi):

"Apps should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc. Apps should not require users to rate the app, review the app, watch videos, download other apps, tap on advertisements, enable tracking, or take other similar actions in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codes."

Therefore, WhatsApp’s actions are not allowed under the App Store guidelines, which could result in the removal of the app from the App Store, or termination of their developer account, according to Apple’s policies.

https://applescoop.org/story/whatsapp-breaks-app-store-guidelines-by-limiting-functionality-for-users-who-do-not-accept-new-privacy-policy

#apple #appstore #whatsapp #DeleteWhatsApp
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Using a gaming mouse as a microphone

I wrote a small utility to read and amplify mouse movements, and the Logitech G502 Lightspeed mouse is so sensitive (25600 DPI) that it can sense sound, if loud enough. This is a quick demo.

👉🏼 Github repository of the utility is at
https://github.com/ortegaalfredo/mousemic

https://www.youtube.com/watch?v=ExfrCdW-Xwk

#gaming #mouse #microphone #sound #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine

https://arxiv.org/pdf/2105.02124.pdf

💡Computation - Finite and infinite Machines (Marvin L. Minsky)
https://regmedia.co.uk/2021/05/10/mit_minsky_paper.pdf

#arbitrary #code #execution #universal #turing #machine #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Disney Patents Blockchain-Based Movie Distribution System to Stop Pirates

As a prime content producer, Disney has a vested interest in keeping pirates at bay. The entertainment company is involved in various enforcement initiatives and a few days ago, added a new anti-piracy patent to its arsenal. With a blockchain-based distribution system, Disney hopes to make it harder for pirates to intercept films being distributed to movie theaters.

Disney is one of the best known brands in the world and the owner of an impressive collection of movies and TV shows.

New and old releases earn the company a healthy stream of revenue, both in movie theaters and through its own movie streaming service Disney+.

While there is plenty of competition from other movie studios, Disney’s single biggest threat appears to be piracy. To tackle this issue, Disney’s in-house anti-piracy team works around the clock, and the company takes part in the ACE coalition as well.

Disney’s Blockchain Anti-Piracy Patent

Through these anti-piracy efforts, Disney has helped to take down dozens of piracy sites and services. However, the media giant is also trying to be more proactive. A newly awarded patent proposes a blockchain-based media distribution system that aims to prevent early piracy leaks.

The patent in question, titled “Blockchain configuration for secure content delivery,” focuses on the distribution of content to movie theaters. This is a vulnerable process where pirates with the right connections can make copies during or after delivery.

https://torrentfreak.com/disney-patents-blockchain-based-movie-distribution-system-to-stop-pirates-210512/

💡 https://torrentfreak.com/images/disney-blockchain.pdf

#disney #blockchain #movie #pirates #antipiracy #patent #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

DOS Gaming In Docker

Its been three decades since the height of the DOS era, and look how far we’ve come! A machine that used to cost $2,000 can be emulated - down to the processor! — in our web browsers while also checking email or watching a YouTube video. However, amidst these advancements, our old software falls by the wayside and stops working. Games are especially prone to this, since they often relied on incompatible tricks to eke out every ounce of performance from these old machines.

Many projects have sprung up to help preserve this heritage. DOSBox provides a modern, compatible environment for old games (and other software), while projects like the Internet Archive provide a massive library of DOS games, freely available to play in your browser. In my experience, they play pretty well!

However, I still miss those less-connected days of the early 90’s. I remember the thrill of riding my bike to the store to pick up a shareware copy of whatever game was available for $1. I then held a physical disk, with the game on it, ready to install on the nearest accessible computer. The self-contained nature of it all was magical. Nowadays, many web pages are bigger than the shareware games I used to buy.

This got me thinking: “Floppies can be imaged. That sounds kind of like a Docker image. I wonder… could I make DOS shareware Docker images?”

Turns out you can!

https://earthly.dev/blog/dos-gaming-in-docker/

#dos #gaming #docker
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv