Disney Patents Blockchain-Based Movie Distribution System to Stop Pirates

As a prime content producer, Disney has a vested interest in keeping pirates at bay. The entertainment company is involved in various enforcement initiatives and a few days ago, added a new anti-piracy patent to its arsenal. With a blockchain-based distribution system, Disney hopes to make it harder for pirates to intercept films being distributed to movie theaters.

Disney is one of the best known brands in the world and the owner of an impressive collection of movies and TV shows.

New and old releases earn the company a healthy stream of revenue, both in movie theaters and through its own movie streaming service Disney+.

While there is plenty of competition from other movie studios, Disney’s single biggest threat appears to be piracy. To tackle this issue, Disney’s in-house anti-piracy team works around the clock, and the company takes part in the ACE coalition as well.

Disney’s Blockchain Anti-Piracy Patent

Through these anti-piracy efforts, Disney has helped to take down dozens of piracy sites and services. However, the media giant is also trying to be more proactive. A newly awarded patent proposes a blockchain-based media distribution system that aims to prevent early piracy leaks.

The patent in question, titled “Blockchain configuration for secure content delivery,” focuses on the distribution of content to movie theaters. This is a vulnerable process where pirates with the right connections can make copies during or after delivery.

https://torrentfreak.com/disney-patents-blockchain-based-movie-distribution-system-to-stop-pirates-210512/

💡 https://torrentfreak.com/images/disney-blockchain.pdf

#disney #blockchain #movie #pirates #antipiracy #patent #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

DOS Gaming In Docker

Its been three decades since the height of the DOS era, and look how far we’ve come! A machine that used to cost $2,000 can be emulated - down to the processor! — in our web browsers while also checking email or watching a YouTube video. However, amidst these advancements, our old software falls by the wayside and stops working. Games are especially prone to this, since they often relied on incompatible tricks to eke out every ounce of performance from these old machines.

Many projects have sprung up to help preserve this heritage. DOSBox provides a modern, compatible environment for old games (and other software), while projects like the Internet Archive provide a massive library of DOS games, freely available to play in your browser. In my experience, they play pretty well!

However, I still miss those less-connected days of the early 90’s. I remember the thrill of riding my bike to the store to pick up a shareware copy of whatever game was available for $1. I then held a physical disk, with the game on it, ready to install on the nearest accessible computer. The self-contained nature of it all was magical. Nowadays, many web pages are bigger than the shareware games I used to buy.

This got me thinking: “Floppies can be imaged. That sounds kind of like a Docker image. I wonder… could I make DOS shareware Docker images?”

Turns out you can!

https://earthly.dev/blog/dos-gaming-in-docker/

#dos #gaming #docker
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Dreaming at Dusk

More than 15 years ago, Tor onion services were brought to digital life. An ecosystem of onions has been blooming ever since.

To commemorate this landmark in the history of privacy, we collaborated with @ixshells to create a one-of-a-kind digital artifact: a generative art piece derived using the private key of the very first onion service, duskgytldkxiuqc6.onion.

This auction benefits the Tor Project, the nonprofit protecting your human right to privacy.

https://foundation.app/torproject/dreaming-at-dusk-35855

#tor #project #network #onion #services #artifact
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom

(Bloomberg) -- Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said.Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

A representative from Colonial declined to comment.

https://telegra.ph/Colonial-Pipeline-Paid-Hackers-Nearly-5-Million-in-Ransom-05-13

via finance.yahoo.com

💡 read as well:
https://www.nytimes.com/2021/05/13/technology/colonial-pipeline-ransom.html

#colonial #pipeline #hack #ransomware #darkside #cyberattacks
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox

In this article we introduce a scheme flooding vulnerability, explain how the exploit works across four major desktop browsers and show why it's a threat to anonymous browsing.

In our research into anti-fraud techniques, we have discovered a vulnerability that allows websites to identify users reliably across different desktop browsers and link their identities together. The desktop versions of Tor Browser, Safari, Chrome, and Firefox are all affected.

We will be referring to this vulnerability as scheme flooding, as it uses custom URL schemes as an attack vector. The vulnerability uses information about installed apps on your computer in order to assign you a permanent unique identifier even if you switch browsers, use incognito mode, or use a VPN.

💡 Test the vulnerability on our live demo site. (Works on desktop browsers only.)
https://schemeflood.com/

‼️ Why does this matter?

The scheme flooding vulnerability allows for third party tracking across different browsers and thus is a violation of privacy.

https://fingerprintjs.com/blog/external-protocol-flooding/

#browser #tracking #vulnerability #fingerprinting #tor #safari #chrome #firefox
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Irish healthcare service targeted by "significant ransomware attack"

Ireland's health care service (HSE) announced on Friday that it has shut down its IT systems due to a "significant ransomware attack."

"There is a significant ransomware attack on HSE IT systems. We have taken the precaution of shutting down all our IT systems in order to protect them from this attack and to allow us to fully assess the situation with our own security partners, HSE said on Twitter.

It added that the attack and decision to shut down its IT infrastructure had no impact on COVID-19 vaccinations or the dispatch of ambulances nationally.

Ransomware is a form of malware — malicious software — that encrypts a victim's files with the attacker demanding payment to unlock the data.

But some medical appointments were being cancelled on Friday morning with Dublin's Rotunda Hospital — which provides maternal care — announcing on Twitter that "due to a serious IT issue all outpatient visits are cancelled today — unless you are at 36 weeks pregnant or later." Paediatrics appointments were not affected.

https://www.euronews.com/2021/05/14/irish-healthcare-service-targeted-by-significant-ransomware-attack

#irland #ransomware #attack #healthcare
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

FBI Has Gained Access to Sci-Hub Founder’s Apple Account, Email Claims

Sci-Hub founder Alexandra Elbakyan reports that she has received a worrying email, ostensibly from Apple, revealing that law enforcement has demanded and gained access to her account data. The email indicates an FBI investigation although the precise nature of any inquiry remains unclear.

As the world’s leading distributor of millions of otherwise ‘paywalled’ research papers, Sci-Hub is often described as “The Pirate Bay of Science”.

At the same time as being loved by many academics and students, Sci-Hub has become public enemy #1 in publishing circles, with the major academic publishers doing everything in their power to shut the platform down, hinder access to it, and prevent its operator from communicating with the world.

A large proportion of that action has taken place via various lawsuits, including one currently pending in India, but other platforms have taken action too. In the UK, for example, a new blocking injunction was quietly passed early this year at the behest of Elsevier and Springer Nature and, in January, it was revealed that Twitter had suspended the official Sci-Hub account.

https://torrentfreak.com/fbi-has-gained-access-to-sci-hub-founders-apple-account-email-claims-210513/

#fbi #scihub #apple #account
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Popular Russian hacking forum XSS bans all ransomware topics

One of the most popular Russian-speaking hacker forums, XSS, has banned all topics promoting ransomware to prevent unwanted attention.

XSS is a Russian-speaking hacking forum created to share knowledge about exploits, vulnerabilities, malware, and network penetration.

With the rise of ransomware, Ransomware-as-a-Service (RaaS) gangs, such as REvil, LockBit, DarkSide, Netwalker, Nefilim, have increasingly been using the forum to enlist new affiliates/partners to their operation.

After DarkSide encrypted Colonial Pipeline and disrupted the U.S. fuel pipeline's operation, law enforcement and security researchers have been increasingly scrutinizing the ransomware gang and sites that promote it.

In a forum post discovered by Advanced Intel's Yelisey Boguslavskiy, the owner of the XSS hacking forum, known as 'Admin,' posted today that forum topics promoting ransomware are no longer allowed at the site.

https://www.bleepingcomputer.com/news/security/popular-russian-hacking-forum-xss-bans-all-ransomware-topics/

#ransomware #xxs #russian #hacking #forum
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Facebook Loses Bid to Block Ruling on EU-U.S. Data Flows (Updated May 14, 2021)

Social-media company failed to block a privacy decision that could suspend its ability to send data about European users to U.S. computer servers

Facebook Inc. FB 2.42% lost a bid to block a European Union privacy decision that could suspend its ability to send data about European users to computer servers in the U.S., opening a pathway toward a precedent-setting interruption of its data flows.

Ireland’s High Court dismissed Friday all of Facebook’s procedural complaints about a preliminary decision on data flows that it received in August from Ireland’s Data Protection Commission. It rejected Facebook’s claims that the regulator had given it too little time to respond or issued a judgment prematurely.

The preliminary decision, which the court stayed in September pending its decision, could, if finalized, force the social-media company to suspend sending personal information about EU users to Facebook’s servers in the U.S.

To comply, Facebook would likely have to re-engineer its service to silo off most data it collects from European users, or stop serving them entirely, at least temporarily. In a securities filing this year, Facebook said that applying the regulator’s decision would “materially and adversely affect our business, financial condition and results of operations.”

While Friday’s court decision is a procedural one, the underlying questions are central to trans-Atlantic trade and the digital economy. Legal experts say the logic in Ireland’s provisional order could apply to other large tech companies that are subject to U.S. surveillance laws, such as cloud services and email providers—potentially leading to widespread disruption of trans-Atlantic data flows.

Ireland’s Data Protection Commission still needs to finalize its draft decision ordering a suspension of data transfers and submit it to other EU privacy regulators for approval before it becomes effective. That process could take months, before counting any further court challenges.

https://telegra.ph/Facebook-Loses-Bid-to-Block-Ruling-on-EU-US-Data-Flows-05-14

via www.wsj.com

#facebook #DeleteFacebook #eu #usa #dataflows
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.

“Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel.

https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/

#darkside #ransomware #servers #bitcoin #seized
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Unstoppable Domains and Brave to Provide Millions of Users Access to the Decentralized Web

More than 30,000 decentralized websites and 700,000 blockchain domain names are now accessible by Brave users

SAN FRANCISCO — May 13, 2021 — Blockchain domain name provider Unstoppable Domains today announced a collaboration with privacy-oriented web browser Brave that enables native browser support for the crypto domain name company. With the latest Brave browser update, Brave users on desktop and Android platforms have access to 30,000 decentralized websites and 700,000 blockchain domain names registered with Unstoppable Domains.

“We are excited to work with Unstoppable Domains to enable decentralized DNS to a wider audience. At Brave, we see Web3 as a stepping stone to the future of digital ownership and decentralization,” said Brian Bondy, co-founder and CTO of Brave. “Unstoppable Domains was a natural fit for us, giving our users access to the decentralized web with the ability to visit any .crypto domain name. From registering .crypto domains to hosting an NFT art gallery, to sending and receiving crypto, the possibilities are limitless for Brave users.”

Launched in 2018, Unstoppable Domains provides .crypto and other top-level domain names to users with no renewal fees. When a user claims a domain, it is minted as an NFT on the Ethereum blockchain, granting the user full ownership and control. These .crypto domain names can point to content hosted on the Web, IPFS, or to cryptocurrency addresses, making it easy to send and receive over 70 different cryptocurrencies across 40+ cryptocurrency wallets and exchanges, including Coinbase Wallet, Litewallet, OKEx and MyEtherWallet.

“We’re on a mission to onboard three billion people to the decentralized web, and Brave is bringing us millions of people closer to that goal. We see Web3 as the future of the internet, where everyone has ownership and control of their own content,” said Matthew Gould, Co-Founder and CEO of Unstoppable Domains. “Brave’s integration with Unstoppable Domains means easy access to the decentralized internet without the hassle of browser extensions or custom DNS settings.”

Through this integration, the Brave browser is supporting a decentralized network not part of the traditional Domain Name Service (DNS), which is increasingly susceptible to hijacking, denial-of-service attacks, and phishing attacks. Unstoppable Domains allows users to build and host decentralized websites for a variety of use cases, including creating NFT galleries, video, and file sharing.

https://brave.com/unstoppable-domains/

#brave #browser #unstoppable #domains
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Getting Started with Qubes OS

Qubes is "a reasonably secure operating system" designed to help take advantage of security by compartmentalization by running virtual machines on a Xen hypervisor to isolate your activities. This OS is great for those concerned with security, and privacy given the Whonix integration out of the box. In this video we'll look at how to install and get started using Qubes.

https://www.youtube.com/watch?v=FOdn2pZN9zw

#qubesOS #qubes #guide #video #hakbyte
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Edward Snowden: Spies and the Law

Edward Snowden, is responsible for the biggest leak of top secret intelligence files the world has ever seen,. For the first time he gives us an interview from within his russian residence.

https://www.youtube.com/watch?v=lcNIbb-58pk

#snowden #spies #law #interview #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Changelog : v4.0.5 (36)

• Add optional promotional apps
• Bug fixes & improvements
• Updated Translations

@AuroraSupport

Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims

Elliptic has identified the Bitcoin wallet used by the DarkSide ransomware group to receive ransom payments from its victims, based on our intelligence collection and analysis of blockchain transactions. This wallet received the 75 BTC payment made by Colonial Pipeline on May 8, following the crippling cyberattack on its operations - leading to widespread fuel shortages in the US.

The wallet has been active since 4th March 2021 and has received 57 payments from 21 different wallets. Some of these payments directly match ransoms known to have been paid to DarkSide by other victims, such as 78.29 BTC (worth $4.4 million) sent by chemical distribution company Brenntag on May 11.

In total, the DarkSide wallet has received Bitcoin transactions since March with a total value of $17.5 million. Ransoms associated with previous attacks were paid to other wallets.

💡Where is Darkside sending the bitcoins?

We can also use blockchain analysis to follow the money trail and determine where DarkSide is sending its ransomware proceeds, to launder them or convert them to cash.

It has been reported within the past hours that DarkSide itself has ceased operations and has had its funds seized - and indeed their wallet was emptied of the $5 million in Bitcoin it contained on Thursday afternoon.

But by tracing previous outflows from the wallet, we can gain insights into how DarkSide and its affiliates were laundering their previous proceeds. What we find is that 18% of the Bitcoin was sent to a small group of exchanges. This information will provide law enforcement with critical leads to identify the perpetrators of these attacks.

https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims

#darkside #ransomware #servers #bitcoin #seized
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Counter-Strike Global Offsets: reliable remote code execution

One of the factors contributing to Counter-Strike Global Offensive’s (herein “CS:GO”) massive popularity is the ability for anyone to host their own community server. These community servers are free to download and install and allow for a high grade of customization. Server administrators can create and utilize custom assets such as maps, allowing for innovative game modes.

However, this design choice opens up a large attack surface. Players can connect to potentially malicious servers, exchanging complex game messages and binary assets such as textures.

We’ve managed to find and exploit two bugs that, when combined, lead to reliable remote code execution on a player’s machine when connecting to our malicious server. The first bug is an information leak that enabled us to break ASLR in the client’s game process. The second bug is an out-of-bounds access of a global array in the .data section of one of the game’s loaded modules, leading to control over the instruction pointer.

‼️ For educational purposes only

https://secret.club/2021/05/13/source-engine-rce-join.html

#educational #rce #cs #go
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Bitcoin Core integration/staging tree

For an immediately usable, binary version of the Bitcoin Core software, see https://bitcoincore.org/en/download/.

Further information about Bitcoin Core is available in the doc folder.

https://github.com/bitcoin/bitcoin

#bitcoin #integration #staging #tree
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Rethinking Search: Making Experts out of Dilettantes

When experiencing an information need, users want to engage with an expert, but often turn to an information retrieval system, such as a search engine, instead. Classical information retrieval systems do not answer information needs directly, but instead provide references to (hopefully authoritative) answers. Successful question answering systems offer a limited corpus created on-demand by human experts, which is neither timely nor scalable.

https://arxiv.org/pdf/2105.02274.pdf

#google #search #research #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Edaqa's Secret Sharing

Use this tool to allow friends, colleagues, and loved ones, gain access to your systems in case of an emergency. It allows you to break a secret into parts, and if enough recipients agree to combine their parts, the initial secret can be recovered.

https://edaqa.com/edaqas-secrets.html

#edaqa #decryption #encryption #secret
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The app that lets you pay to control another person's life

How would you feel about being able to pay to control multiple aspects of another person's life? A new app is offering you the chance to do just that.

When writer Brandon Wong recently couldn't decide what takeaway to order one evening, he asked his followers on social media app NewNew to choose for him.

Those that wanted to get involved in the 24-year-old's dinner dilemma paid $5 (£3.50) to vote in a poll, and the majority verdict was that he should go for Korean food, so that was what he bought.

"I couldn't decide between Chinese or Korean, so it was very helpful," says Mr Wong, who lives in Edmonton, Canada. "I have also used NewNew polls to decide what clothes I should wear that day, and lots of other personal stuff.

"I joined back in March, and I post [polls] three or four times a week. I've now had more than 1,700 total votes."

NewNew is the brainchild of Los Angeles-based entrepreneur Courtne Smith. The app, which is still in its "beta" or pre-full release stage, describes itself as "a human stock market where you buy shares in the lives of real people, in order to control their decisions and watch the outcome".

https://www.bbc.com/news/business-57085557

#newnew #app #control #live
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Major Privacy Breach as Eufy Security Camera Owners Report Seeing Other Users' Video Feeds

Owners of Eufy home security cameras are this morning reporting seeing live and recorded feeds show up in the Eufy app from other users' cameras, in what appears to be a disturbing breach of privacy and a major malfunctioning of the company's service.

As with many connected domestic security cameras, Eufy cameras offer users the ability to view real-time and recorded streams of video feeds from the devices set up in and around the home. However, many Eufy owners are reporting seeing video feeds from cameras that are clearly not their own, while some users are claiming they are even able to pan and zoom strangers' cameras.

Eufy users on Monday took to Reddit to express their disbelief:
https://www.reddit.com/r/EufyCam/comments/nebii3/i_am_seeing_someone_elses_security_camera_feeds/

https://www.macrumors.com/2021/05/17/eufy-camera-users-security-breach/

#eufy #breach #privacy #security #camera
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv