Facebook Loses Bid to Block Ruling on EU-U.S. Data Flows (Updated May 14, 2021)
Social-media company failed to block a privacy decision that could suspend its ability to send data about European users to U.S. computer servers
Facebook Inc. FB 2.42% lost a bid to block a European Union privacy decision that could suspend its ability to send data about European users to computer servers in the U.S., opening a pathway toward a precedent-setting interruption of its data flows.
Ireland’s High Court dismissed Friday all of Facebook’s procedural complaints about a preliminary decision on data flows that it received in August from Ireland’s Data Protection Commission. It rejected Facebook’s claims that the regulator had given it too little time to respond or issued a judgment prematurely.
The preliminary decision, which the court stayed in September pending its decision, could, if finalized, force the social-media company to suspend sending personal information about EU users to Facebook’s servers in the U.S.
To comply, Facebook would likely have to re-engineer its service to silo off most data it collects from European users, or stop serving them entirely, at least temporarily. In a securities filing this year, Facebook said that applying the regulator’s decision would “materially and adversely affect our business, financial condition and results of operations.”
While Friday’s court decision is a procedural one, the underlying questions are central to trans-Atlantic trade and the digital economy. Legal experts say the logic in Ireland’s provisional order could apply to other large tech companies that are subject to U.S. surveillance laws, such as cloud services and email providers—potentially leading to widespread disruption of trans-Atlantic data flows.
Ireland’s Data Protection Commission still needs to finalize its draft decision ordering a suspension of data transfers and submit it to other EU privacy regulators for approval before it becomes effective. That process could take months, before counting any further court challenges.
https://telegra.ph/Facebook-Loses-Bid-to-Block-Ruling-on-EU-US-Data-Flows-05-14
via www.wsj.com
#facebook #DeleteFacebook #eu #usa #dataflows
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Social-media company failed to block a privacy decision that could suspend its ability to send data about European users to U.S. computer servers
Facebook Inc. FB 2.42% lost a bid to block a European Union privacy decision that could suspend its ability to send data about European users to computer servers in the U.S., opening a pathway toward a precedent-setting interruption of its data flows.
Ireland’s High Court dismissed Friday all of Facebook’s procedural complaints about a preliminary decision on data flows that it received in August from Ireland’s Data Protection Commission. It rejected Facebook’s claims that the regulator had given it too little time to respond or issued a judgment prematurely.
The preliminary decision, which the court stayed in September pending its decision, could, if finalized, force the social-media company to suspend sending personal information about EU users to Facebook’s servers in the U.S.
To comply, Facebook would likely have to re-engineer its service to silo off most data it collects from European users, or stop serving them entirely, at least temporarily. In a securities filing this year, Facebook said that applying the regulator’s decision would “materially and adversely affect our business, financial condition and results of operations.”
While Friday’s court decision is a procedural one, the underlying questions are central to trans-Atlantic trade and the digital economy. Legal experts say the logic in Ireland’s provisional order could apply to other large tech companies that are subject to U.S. surveillance laws, such as cloud services and email providers—potentially leading to widespread disruption of trans-Atlantic data flows.
Ireland’s Data Protection Commission still needs to finalize its draft decision ordering a suspension of data transfers and submit it to other EU privacy regulators for approval before it becomes effective. That process could take months, before counting any further court challenges.
https://telegra.ph/Facebook-Loses-Bid-to-Block-Ruling-on-EU-US-Data-Flows-05-14
via www.wsj.com
#facebook #DeleteFacebook #eu #usa #dataflows
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Telegraph
Facebook Loses Bid to Block Ruling on EU-U.S. Data Flows
Facebook Inc. FB 2.37% lost a bid to block a European Union privacy decision that could suspend its ability to send data about European users to computer servers in the U.S., opening a pathway toward a precedent-setting interruption of its data flows. Ireland’s…
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.
“Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel.
https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/
#darkside #ransomware #servers #bitcoin #seized
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.
“Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel.
https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/
#darkside #ransomware #servers #bitcoin #seized
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Unstoppable Domains and Brave to Provide Millions of Users Access to the Decentralized Web
More than 30,000 decentralized websites and 700,000 blockchain domain names are now accessible by Brave users
SAN FRANCISCO — May 13, 2021 — Blockchain domain name provider Unstoppable Domains today announced a collaboration with privacy-oriented web browser Brave that enables native browser support for the crypto domain name company. With the latest Brave browser update, Brave users on desktop and Android platforms have access to 30,000 decentralized websites and 700,000 blockchain domain names registered with Unstoppable Domains.
“We are excited to work with Unstoppable Domains to enable decentralized DNS to a wider audience. At Brave, we see Web3 as a stepping stone to the future of digital ownership and decentralization,” said Brian Bondy, co-founder and CTO of Brave. “Unstoppable Domains was a natural fit for us, giving our users access to the decentralized web with the ability to visit any .crypto domain name. From registering .crypto domains to hosting an NFT art gallery, to sending and receiving crypto, the possibilities are limitless for Brave users.”
Launched in 2018, Unstoppable Domains provides .crypto and other top-level domain names to users with no renewal fees. When a user claims a domain, it is minted as an NFT on the Ethereum blockchain, granting the user full ownership and control. These .crypto domain names can point to content hosted on the Web, IPFS, or to cryptocurrency addresses, making it easy to send and receive over 70 different cryptocurrencies across 40+ cryptocurrency wallets and exchanges, including Coinbase Wallet, Litewallet, OKEx and MyEtherWallet.
“We’re on a mission to onboard three billion people to the decentralized web, and Brave is bringing us millions of people closer to that goal. We see Web3 as the future of the internet, where everyone has ownership and control of their own content,” said Matthew Gould, Co-Founder and CEO of Unstoppable Domains. “Brave’s integration with Unstoppable Domains means easy access to the decentralized internet without the hassle of browser extensions or custom DNS settings.”
Through this integration, the Brave browser is supporting a decentralized network not part of the traditional Domain Name Service (DNS), which is increasingly susceptible to hijacking, denial-of-service attacks, and phishing attacks. Unstoppable Domains allows users to build and host decentralized websites for a variety of use cases, including creating NFT galleries, video, and file sharing.
https://brave.com/unstoppable-domains/
#brave #browser #unstoppable #domains
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
More than 30,000 decentralized websites and 700,000 blockchain domain names are now accessible by Brave users
SAN FRANCISCO — May 13, 2021 — Blockchain domain name provider Unstoppable Domains today announced a collaboration with privacy-oriented web browser Brave that enables native browser support for the crypto domain name company. With the latest Brave browser update, Brave users on desktop and Android platforms have access to 30,000 decentralized websites and 700,000 blockchain domain names registered with Unstoppable Domains.
“We are excited to work with Unstoppable Domains to enable decentralized DNS to a wider audience. At Brave, we see Web3 as a stepping stone to the future of digital ownership and decentralization,” said Brian Bondy, co-founder and CTO of Brave. “Unstoppable Domains was a natural fit for us, giving our users access to the decentralized web with the ability to visit any .crypto domain name. From registering .crypto domains to hosting an NFT art gallery, to sending and receiving crypto, the possibilities are limitless for Brave users.”
Launched in 2018, Unstoppable Domains provides .crypto and other top-level domain names to users with no renewal fees. When a user claims a domain, it is minted as an NFT on the Ethereum blockchain, granting the user full ownership and control. These .crypto domain names can point to content hosted on the Web, IPFS, or to cryptocurrency addresses, making it easy to send and receive over 70 different cryptocurrencies across 40+ cryptocurrency wallets and exchanges, including Coinbase Wallet, Litewallet, OKEx and MyEtherWallet.
“We’re on a mission to onboard three billion people to the decentralized web, and Brave is bringing us millions of people closer to that goal. We see Web3 as the future of the internet, where everyone has ownership and control of their own content,” said Matthew Gould, Co-Founder and CEO of Unstoppable Domains. “Brave’s integration with Unstoppable Domains means easy access to the decentralized internet without the hassle of browser extensions or custom DNS settings.”
Through this integration, the Brave browser is supporting a decentralized network not part of the traditional Domain Name Service (DNS), which is increasingly susceptible to hijacking, denial-of-service attacks, and phishing attacks. Unstoppable Domains allows users to build and host decentralized websites for a variety of use cases, including creating NFT galleries, video, and file sharing.
https://brave.com/unstoppable-domains/
#brave #browser #unstoppable #domains
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Brave
Unstoppable Domains and Brave to Provide Millions of Users Access to the Decentralized Web | Brave
Blockchain domain name provider Unstoppable Domains today announced a collaboration with privacy-oriented web browser Brave that enables native browser support for the crypto domain name company.
Media is too big
VIEW IN TELEGRAM
Getting Started with Qubes OS
Qubes is "a reasonably secure operating system" designed to help take advantage of security by compartmentalization by running virtual machines on a Xen hypervisor to isolate your activities. This OS is great for those concerned with security, and privacy given the Whonix integration out of the box. In this video we'll look at how to install and get started using Qubes.
https://www.youtube.com/watch?v=FOdn2pZN9zw
#qubesOS #qubes #guide #video #hakbyte
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
Qubes is "a reasonably secure operating system" designed to help take advantage of security by compartmentalization by running virtual machines on a Xen hypervisor to isolate your activities. This OS is great for those concerned with security, and privacy given the Whonix integration out of the box. In this video we'll look at how to install and get started using Qubes.
https://www.youtube.com/watch?v=FOdn2pZN9zw
#qubesOS #qubes #guide #video #hakbyte
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
Media is too big
VIEW IN TELEGRAM
Edward Snowden: Spies and the Law
Edward Snowden, is responsible for the biggest leak of top secret intelligence files the world has ever seen,. For the first time he gives us an interview from within his russian residence.
https://www.youtube.com/watch?v=lcNIbb-58pk
#snowden #spies #law #interview #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
Edward Snowden, is responsible for the biggest leak of top secret intelligence files the world has ever seen,. For the first time he gives us an interview from within his russian residence.
https://www.youtube.com/watch?v=lcNIbb-58pk
#snowden #spies #law #interview #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
Forwarded from Aurora OSS
AuroraStore_4.0.5.apk
5.5 MB
Changelog : v4.0.5 (36)
• Add optional promotional apps
• Bug fixes & improvements
• Updated Translations
@AuroraSupport
• Add optional promotional apps
• Bug fixes & improvements
• Updated Translations
@AuroraSupport
Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims
Elliptic has identified the Bitcoin wallet used by the DarkSide ransomware group to receive ransom payments from its victims, based on our intelligence collection and analysis of blockchain transactions. This wallet received the 75 BTC payment made by Colonial Pipeline on May 8, following the crippling cyberattack on its operations - leading to widespread fuel shortages in the US.
The wallet has been active since 4th March 2021 and has received 57 payments from 21 different wallets. Some of these payments directly match ransoms known to have been paid to DarkSide by other victims, such as 78.29 BTC (worth $4.4 million) sent by chemical distribution company Brenntag on May 11.
In total, the DarkSide wallet has received Bitcoin transactions since March with a total value of $17.5 million. Ransoms associated with previous attacks were paid to other wallets.
💡Where is Darkside sending the bitcoins?
We can also use blockchain analysis to follow the money trail and determine where DarkSide is sending its ransomware proceeds, to launder them or convert them to cash.
It has been reported within the past hours that DarkSide itself has ceased operations and has had its funds seized - and indeed their wallet was emptied of the $5 million in Bitcoin it contained on Thursday afternoon.
But by tracing previous outflows from the wallet, we can gain insights into how DarkSide and its affiliates were laundering their previous proceeds. What we find is that 18% of the Bitcoin was sent to a small group of exchanges. This information will provide law enforcement with critical leads to identify the perpetrators of these attacks.
https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims
#darkside #ransomware #servers #bitcoin #seized
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Elliptic has identified the Bitcoin wallet used by the DarkSide ransomware group to receive ransom payments from its victims, based on our intelligence collection and analysis of blockchain transactions. This wallet received the 75 BTC payment made by Colonial Pipeline on May 8, following the crippling cyberattack on its operations - leading to widespread fuel shortages in the US.
The wallet has been active since 4th March 2021 and has received 57 payments from 21 different wallets. Some of these payments directly match ransoms known to have been paid to DarkSide by other victims, such as 78.29 BTC (worth $4.4 million) sent by chemical distribution company Brenntag on May 11.
In total, the DarkSide wallet has received Bitcoin transactions since March with a total value of $17.5 million. Ransoms associated with previous attacks were paid to other wallets.
💡Where is Darkside sending the bitcoins?
We can also use blockchain analysis to follow the money trail and determine where DarkSide is sending its ransomware proceeds, to launder them or convert them to cash.
It has been reported within the past hours that DarkSide itself has ceased operations and has had its funds seized - and indeed their wallet was emptied of the $5 million in Bitcoin it contained on Thursday afternoon.
But by tracing previous outflows from the wallet, we can gain insights into how DarkSide and its affiliates were laundering their previous proceeds. What we find is that 18% of the Bitcoin was sent to a small group of exchanges. This information will provide law enforcement with critical leads to identify the perpetrators of these attacks.
https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims
#darkside #ransomware #servers #bitcoin #seized
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
www.elliptic.co
Elliptic Follows Bitcoin Ransoms Paid by Ransomware Victims
Elliptic identifies the DarkSide Bitcoin wallet used to collect ransomware payments from Colonial Pipeline and other victims - and follows the money
Counter-Strike Global Offsets: reliable remote code execution
One of the factors contributing to Counter-Strike Global Offensive’s (herein “CS:GO”) massive popularity is the ability for anyone to host their own community server. These community servers are free to download and install and allow for a high grade of customization. Server administrators can create and utilize custom assets such as maps, allowing for innovative game modes.
However, this design choice opens up a large attack surface. Players can connect to potentially malicious servers, exchanging complex game messages and binary assets such as textures.
We’ve managed to find and exploit two bugs that, when combined, lead to reliable remote code execution on a player’s machine when connecting to our malicious server. The first bug is an information leak that enabled us to break ASLR in the client’s game process. The second bug is an out-of-bounds access of a global array in the .data section of one of the game’s loaded modules, leading to control over the instruction pointer.
‼️ For educational purposes only
https://secret.club/2021/05/13/source-engine-rce-join.html
#educational #rce #cs #go
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
One of the factors contributing to Counter-Strike Global Offensive’s (herein “CS:GO”) massive popularity is the ability for anyone to host their own community server. These community servers are free to download and install and allow for a high grade of customization. Server administrators can create and utilize custom assets such as maps, allowing for innovative game modes.
However, this design choice opens up a large attack surface. Players can connect to potentially malicious servers, exchanging complex game messages and binary assets such as textures.
We’ve managed to find and exploit two bugs that, when combined, lead to reliable remote code execution on a player’s machine when connecting to our malicious server. The first bug is an information leak that enabled us to break ASLR in the client’s game process. The second bug is an out-of-bounds access of a global array in the .data section of one of the game’s loaded modules, leading to control over the instruction pointer.
‼️ For educational purposes only
https://secret.club/2021/05/13/source-engine-rce-join.html
#educational #rce #cs #go
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
secret club
Counter-Strike Global Offsets: reliable remote code execution
One of the factors contributing to Counter-Strike Global Offensive’s (herein “CS:GO”) massive popularity is the ability for anyone to host their own community server. These community servers are free to download and install and allow for a high grade of customization.…
Bitcoin Core integration/staging tree
For an immediately usable, binary version of the Bitcoin Core software, see https://bitcoincore.org/en/download/.
Further information about Bitcoin Core is available in the doc folder.
https://github.com/bitcoin/bitcoin
#bitcoin #integration #staging #tree
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
For an immediately usable, binary version of the Bitcoin Core software, see https://bitcoincore.org/en/download/.
Further information about Bitcoin Core is available in the doc folder.
https://github.com/bitcoin/bitcoin
#bitcoin #integration #staging #tree
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Bitcoin Core
Download - Bitcoin
2105.02274.pdf
713.4 KB
Rethinking Search: Making Experts out of Dilettantes
When experiencing an information need, users want to engage with an expert, but often turn to an information retrieval system, such as a search engine, instead. Classical information retrieval systems do not answer information needs directly, but instead provide references to (hopefully authoritative) answers. Successful question answering systems offer a limited corpus created on-demand by human experts, which is neither timely nor scalable.
https://arxiv.org/pdf/2105.02274.pdf
#google #search #research #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
When experiencing an information need, users want to engage with an expert, but often turn to an information retrieval system, such as a search engine, instead. Classical information retrieval systems do not answer information needs directly, but instead provide references to (hopefully authoritative) answers. Successful question answering systems offer a limited corpus created on-demand by human experts, which is neither timely nor scalable.
https://arxiv.org/pdf/2105.02274.pdf
#google #search #research #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Edaqa's Secret Sharing
Use this tool to allow friends, colleagues, and loved ones, gain access to your systems in case of an emergency. It allows you to break a secret into parts, and if enough recipients agree to combine their parts, the initial secret can be recovered.
https://edaqa.com/edaqas-secrets.html
#edaqa #decryption #encryption #secret
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Use this tool to allow friends, colleagues, and loved ones, gain access to your systems in case of an emergency. It allows you to break a secret into parts, and if enough recipients agree to combine their parts, the initial secret can be recovered.
https://edaqa.com/edaqas-secrets.html
#edaqa #decryption #encryption #secret
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The app that lets you pay to control another person's life
How would you feel about being able to pay to control multiple aspects of another person's life? A new app is offering you the chance to do just that.
When writer Brandon Wong recently couldn't decide what takeaway to order one evening, he asked his followers on social media app NewNew to choose for him.
Those that wanted to get involved in the 24-year-old's dinner dilemma paid $5 (£3.50) to vote in a poll, and the majority verdict was that he should go for Korean food, so that was what he bought.
"I couldn't decide between Chinese or Korean, so it was very helpful," says Mr Wong, who lives in Edmonton, Canada. "I have also used NewNew polls to decide what clothes I should wear that day, and lots of other personal stuff.
"I joined back in March, and I post [polls] three or four times a week. I've now had more than 1,700 total votes."
NewNew is the brainchild of Los Angeles-based entrepreneur Courtne Smith. The app, which is still in its "beta" or pre-full release stage, describes itself as "a human stock market where you buy shares in the lives of real people, in order to control their decisions and watch the outcome".
https://www.bbc.com/news/business-57085557
#newnew #app #control #live
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
How would you feel about being able to pay to control multiple aspects of another person's life? A new app is offering you the chance to do just that.
When writer Brandon Wong recently couldn't decide what takeaway to order one evening, he asked his followers on social media app NewNew to choose for him.
Those that wanted to get involved in the 24-year-old's dinner dilemma paid $5 (£3.50) to vote in a poll, and the majority verdict was that he should go for Korean food, so that was what he bought.
"I couldn't decide between Chinese or Korean, so it was very helpful," says Mr Wong, who lives in Edmonton, Canada. "I have also used NewNew polls to decide what clothes I should wear that day, and lots of other personal stuff.
"I joined back in March, and I post [polls] three or four times a week. I've now had more than 1,700 total votes."
NewNew is the brainchild of Los Angeles-based entrepreneur Courtne Smith. The app, which is still in its "beta" or pre-full release stage, describes itself as "a human stock market where you buy shares in the lives of real people, in order to control their decisions and watch the outcome".
https://www.bbc.com/news/business-57085557
#newnew #app #control #live
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
BBC News
The app that lets you pay to control another person's life
NewNew aims to connect artists with their fans who can vote on aspects of their work and daily life.
Major Privacy Breach as Eufy Security Camera Owners Report Seeing Other Users' Video Feeds
Owners of Eufy home security cameras are this morning reporting seeing live and recorded feeds show up in the Eufy app from other users' cameras, in what appears to be a disturbing breach of privacy and a major malfunctioning of the company's service.
As with many connected domestic security cameras, Eufy cameras offer users the ability to view real-time and recorded streams of video feeds from the devices set up in and around the home. However, many Eufy owners are reporting seeing video feeds from cameras that are clearly not their own, while some users are claiming they are even able to pan and zoom strangers' cameras.
Eufy users on Monday took to Reddit to express their disbelief:
https://www.reddit.com/r/EufyCam/comments/nebii3/i_am_seeing_someone_elses_security_camera_feeds/
https://www.macrumors.com/2021/05/17/eufy-camera-users-security-breach/
#eufy #breach #privacy #security #camera
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Owners of Eufy home security cameras are this morning reporting seeing live and recorded feeds show up in the Eufy app from other users' cameras, in what appears to be a disturbing breach of privacy and a major malfunctioning of the company's service.
As with many connected domestic security cameras, Eufy cameras offer users the ability to view real-time and recorded streams of video feeds from the devices set up in and around the home. However, many Eufy owners are reporting seeing video feeds from cameras that are clearly not their own, while some users are claiming they are even able to pan and zoom strangers' cameras.
Eufy users on Monday took to Reddit to express their disbelief:
https://www.reddit.com/r/EufyCam/comments/nebii3/i_am_seeing_someone_elses_security_camera_feeds/
https://www.macrumors.com/2021/05/17/eufy-camera-users-security-breach/
#eufy #breach #privacy #security #camera
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Reddit
From the EufyCam community on Reddit: I am seeing someone else's security camera feeds on my phone
Explore this post and more from the EufyCam community
Amazon's Sidewalk Network Is Turned On by Default. Here's How to Turn It Off
The company's Sidewalk mesh network goes live June 8. The good news is that you can turn it off.
Last week, Amazon said it would turn on Sidewalk, its mesh network that uses Bluetooth and 900MHz radio signals to communicate between devices, on June 8. I imagine that most people, even those who bought an Echo smart speaker in the past few years, have no idea what Sidewalk is.
I suspect most of those people would be even more surprised to know that it's turned on by default on every one of their devices. I'll get to that part in just a minute.
First, let's talk about Sidewalk. The idea behind is actually really smart--make it possible for smart home devices to serve as a sort of bridge between your WiFi connection and one another. That way, if your Ring doorbell, for example, isn't located close to your WiFi router, but it happens to near an Echo Dot, it can use Sidewalk to stay connected.
The same is true if your internet connection is down. Your smart devices can connect to other smart devices, even if they aren't in your home. The big news on this front is that Tile is joining the Sidewalk network on June 14. That means that if you lose a Tile tracker, it can connect to any of the millions of Echo or Ring devices in your neighborhood and send its location back to you.
That's definitely a nice benefit, but it's also where things get a little murky from a privacy standpoint. That's because other people's devices, like your neighbor's, can also connect to your network.
Amazon is pretty clear that Sidewalk uses three layers of encryption so that no data is shared between say, someone's Tile tracker and your network. The signal from the Tile is encrypted all the way back to the Tile app on your iPhone or Android smartphone.
Still, a feature like this seems like the type of thing you'd want some control over. If suddenly my devices are going to start connecting to my neighbor's WiFi, or theirs to mine, it seems like you'd have to opt-in, right?
Nope.
https://www.inc.com/jason-aten/amazons-sidewalk-network-is-turned-on-by-default-heres-how-to-turn-it-off.html
#amazon #DeleteAmazon #sidewalk #network
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The company's Sidewalk mesh network goes live June 8. The good news is that you can turn it off.
Last week, Amazon said it would turn on Sidewalk, its mesh network that uses Bluetooth and 900MHz radio signals to communicate between devices, on June 8. I imagine that most people, even those who bought an Echo smart speaker in the past few years, have no idea what Sidewalk is.
I suspect most of those people would be even more surprised to know that it's turned on by default on every one of their devices. I'll get to that part in just a minute.
First, let's talk about Sidewalk. The idea behind is actually really smart--make it possible for smart home devices to serve as a sort of bridge between your WiFi connection and one another. That way, if your Ring doorbell, for example, isn't located close to your WiFi router, but it happens to near an Echo Dot, it can use Sidewalk to stay connected.
The same is true if your internet connection is down. Your smart devices can connect to other smart devices, even if they aren't in your home. The big news on this front is that Tile is joining the Sidewalk network on June 14. That means that if you lose a Tile tracker, it can connect to any of the millions of Echo or Ring devices in your neighborhood and send its location back to you.
That's definitely a nice benefit, but it's also where things get a little murky from a privacy standpoint. That's because other people's devices, like your neighbor's, can also connect to your network.
Amazon is pretty clear that Sidewalk uses three layers of encryption so that no data is shared between say, someone's Tile tracker and your network. The signal from the Tile is encrypted all the way back to the Tile app on your iPhone or Android smartphone.
Still, a feature like this seems like the type of thing you'd want some control over. If suddenly my devices are going to start connecting to my neighbor's WiFi, or theirs to mine, it seems like you'd have to opt-in, right?
Nope.
https://www.inc.com/jason-aten/amazons-sidewalk-network-is-turned-on-by-default-heres-how-to-turn-it-off.html
#amazon #DeleteAmazon #sidewalk #network
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Inc.com
Amazon's Massive Tracking Network Is Turned On By Default. Here's How to Turn It Off
The company's Sidewalk mesh network goes live June 8. The good news is that you can turn it off.
This media is not supported in your browser
VIEW IN TELEGRAM
The world´s most dangerous USB-Cable - O.MG Cable - The New Batch
‼️ For educational purposes only
https://www.youtube.com/watch?v=Y1xzkHOWFkA
#educational #usb #cable #hak5 #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
‼️ For educational purposes only
https://www.youtube.com/watch?v=Y1xzkHOWFkA
#educational #usb #cable #hak5 #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Season 2, Episode 1, An Epiphany on a Train
TikTok Started With a Tech Guy From China Who Decoded America’s Teens
Foundering, a podcast from Bloomberg Technology, tells the story of TikTok.
https://www.bloomberg.com/news/articles/2021-04-22/when-tiktok-started-a-tech-guy-from-china-decoded-america-s-teens
#tiktok #DeleteTikTok #podcast #bloomberg
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
Foundering, a podcast from Bloomberg Technology, tells the story of TikTok.
https://www.bloomberg.com/news/articles/2021-04-22/when-tiktok-started-a-tech-guy-from-china-decoded-america-s-teens
#tiktok #DeleteTikTok #podcast #bloomberg
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
Insider Q&A: Sophie Zhang, Facebook whistleblower
Sophie Zhang worked as a Facebook data scientist for nearly three years before was she fired in the fall of 2020. On her final day, she posted a 7,800-word memo to the company’s internal forum — such farewell notes, if not the length, are a common practice for departing employees. In the memo, first published by Buzzfeed, she outlined evidence that governments in countries like Azerbaijan and Honduras were using fake accounts to influence the public. Elsewhere, such as India and Ecuador, Zhang found coordinated activity intended to manipulate public opinion, although it wasn’t clear who was behind it. Facebook, she said, didn’t take her findings seriously.
Zhang’s experience led her to a stark conclusion: “I have blood on my hands.”
Facebook has not disputed the facts of Zhang’s story but has sought to diminish the importance of her findings.
“We fundamentally disagree with Ms. Zhang’s characterization of our priorities and efforts to root out abuse on our platform,” Facebook said in a statement. “As part of our crackdown against this kind of abuse, we have specialized teams focused on this work and have already taken down more than 150 networks of coordinated inauthentic behavior. Around half of them were domestic networks that operated in Latin America, the Middle East, North Africa, and in the Asia Pacific region.”
This interview has been edited for length and clarity.
https://apnews.com/article/europe-science-technology-business-6df84710d91b491d97eb98cde5432dc7
#facebook #DeleteFacebook #whistleblower #interview
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Sophie Zhang worked as a Facebook data scientist for nearly three years before was she fired in the fall of 2020. On her final day, she posted a 7,800-word memo to the company’s internal forum — such farewell notes, if not the length, are a common practice for departing employees. In the memo, first published by Buzzfeed, she outlined evidence that governments in countries like Azerbaijan and Honduras were using fake accounts to influence the public. Elsewhere, such as India and Ecuador, Zhang found coordinated activity intended to manipulate public opinion, although it wasn’t clear who was behind it. Facebook, she said, didn’t take her findings seriously.
Zhang’s experience led her to a stark conclusion: “I have blood on my hands.”
Facebook has not disputed the facts of Zhang’s story but has sought to diminish the importance of her findings.
“We fundamentally disagree with Ms. Zhang’s characterization of our priorities and efforts to root out abuse on our platform,” Facebook said in a statement. “As part of our crackdown against this kind of abuse, we have specialized teams focused on this work and have already taken down more than 150 networks of coordinated inauthentic behavior. Around half of them were domestic networks that operated in Latin America, the Middle East, North Africa, and in the Asia Pacific region.”
This interview has been edited for length and clarity.
https://apnews.com/article/europe-science-technology-business-6df84710d91b491d97eb98cde5432dc7
#facebook #DeleteFacebook #whistleblower #interview
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
AP NEWS
Insider Q&A: Sophie Zhang, Facebook whistleblower
Sophie Zhang worked as a Facebook data scientist for nearly three years before was she fired in the fall of 2020. On her final day, she posted a 7,800-word memo to the company’s internal forum — such farewell notes, if not the length, are a common practice…
Telemetry Debate Rocks Audacity Community in Open Source Dustup
Starting an open source project is easy: write some code, pick a compatible license, and push it up to GitHub. Extra points awarded if you came up with a clever logo and remembered to actually document what the project is supposed to do. But maintaining a large open source project and keeping its community happy while continuing to evolve and stay on the cutting edge is another story entirely.
Just ask the maintainers of Audacity. The GPLv2 licensed multi-platform audio editor has been providing a powerful and easy to use set of tools for amateurs and professionals alike since 1999, and is used daily by…well, it’s hard to say. Millions, tens of millions? Nobody really knows how many people are using this particular tool and on what platforms, so it’s not hard to see why a pull request was recently proposed which would bake analytics into the software in an effort to start answering some of these core questions.
https://hackaday.com/2021/05/17/telemetry-debate-rocks-audacity-community-in-open-source-dustup/
#telemetry #audacity #community #opensource #muse
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Starting an open source project is easy: write some code, pick a compatible license, and push it up to GitHub. Extra points awarded if you came up with a clever logo and remembered to actually document what the project is supposed to do. But maintaining a large open source project and keeping its community happy while continuing to evolve and stay on the cutting edge is another story entirely.
Just ask the maintainers of Audacity. The GPLv2 licensed multi-platform audio editor has been providing a powerful and easy to use set of tools for amateurs and professionals alike since 1999, and is used daily by…well, it’s hard to say. Millions, tens of millions? Nobody really knows how many people are using this particular tool and on what platforms, so it’s not hard to see why a pull request was recently proposed which would bake analytics into the software in an effort to start answering some of these core questions.
https://hackaday.com/2021/05/17/telemetry-debate-rocks-audacity-community-in-open-source-dustup/
#telemetry #audacity #community #opensource #muse
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Hackaday
Telemetry Debate Rocks Audacity Community In Open Source Dustup
Starting an open source project is easy: write some code, pick a compatible license, and push it up to GitHub. Extra points awarded if you came up with a clever logo and remembered to actually docu…
Ad block shouldn't break your checkout
We've recently started a shop with some merchandise using TeeSpring. We wanted to try out selling merch as a strategy for monetizing our game Bela Online. And while TeeSpring enabled us to set up this very fast and it is a no-brainer in terms of how hands off it is, there are some issues. Some critical issues.
What happened? 🤔
If your customer has an ad blocker enabled which blocks, well, ads, the whole checkout experience breaks. A friend of mine reported it today to me. He has uBlock Origin installed and when he clicks "Checkout" the site doesn't do anything. 😢
The experience just stops, and he couldn't go through with the order.
I've sent a report through a channel intended for reporting issues with your order, but I've also wanted to write this blog post as a cautionary tale for other developers.
uBlock Origin breaks things 😿
So, what is the root cause of this issue? If we look at the code that breaks:
https://ilakovac.com/teespring-ublock-issue/
#ublock #adblock #issues
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
We've recently started a shop with some merchandise using TeeSpring. We wanted to try out selling merch as a strategy for monetizing our game Bela Online. And while TeeSpring enabled us to set up this very fast and it is a no-brainer in terms of how hands off it is, there are some issues. Some critical issues.
What happened? 🤔
If your customer has an ad blocker enabled which blocks, well, ads, the whole checkout experience breaks. A friend of mine reported it today to me. He has uBlock Origin installed and when he clicks "Checkout" the site doesn't do anything. 😢
The experience just stops, and he couldn't go through with the order.
I've sent a report through a channel intended for reporting issues with your order, but I've also wanted to write this blog post as a cautionary tale for other developers.
uBlock Origin breaks things 😿
So, what is the root cause of this issue? If we look at the code that breaks:
https://ilakovac.com/teespring-ublock-issue/
#ublock #adblock #issues
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Ilakovac
Ad block shouldn't break your checkout
TeeSpring's checkout doesn't work if you have ad block turned on
Introducing Site Isolation in Firefox
When two major vulnerabilities known as Meltdown and Spectre were disclosed by security researchers in early 2018, Firefox promptly added security mitigations to keep you safe. Going forward, however, it was clear that with the evolving techniques of malicious actors on the web, we needed to redesign Firefox to mitigate future variations of such vulnerabilities and to keep you safe when browsing the web!
We are excited to announce that Firefox’ new Site Isolation architecture is coming together. This fundamental redesign of Firefox’ Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop. Isolating each site into a separate operating system process makes it even harder for malicious sites to read another site’s secret or private data.
We are currently finalizing Firefox’s Site Isolation feature by allowing a subset of users to benefit from this new security architecture on our Nightly and Beta channels and plan a roll out to more of our users later this year. If you are as excited about it as we are and would like to try it out, follow these steps:
💡 To enable Site Isolation on Firefox Nightly:
1.) Navigate to about:preferences#experimental
2.) Check the “Fission (Site Isolation)” checkbox to enable.
3.) Restart Firefox.
💡 To enable Site Isolation on Firefox Beta or Release:
1.) Navigate to about:config.
2.) Set
3.) Restart Firefox.
With this monumental change of secure browser design, users of Firefox Desktop benefit from protections against future variants of Spectre, resulting in an even safer browsing experience. If you aren’t a Firefox user yet, you can download the latest version here and if you want to know all the technical details about Firefox’ new security architecture, you can read it here.
https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/
#ff #firefox #site #isolation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
When two major vulnerabilities known as Meltdown and Spectre were disclosed by security researchers in early 2018, Firefox promptly added security mitigations to keep you safe. Going forward, however, it was clear that with the evolving techniques of malicious actors on the web, we needed to redesign Firefox to mitigate future variations of such vulnerabilities and to keep you safe when browsing the web!
We are excited to announce that Firefox’ new Site Isolation architecture is coming together. This fundamental redesign of Firefox’ Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop. Isolating each site into a separate operating system process makes it even harder for malicious sites to read another site’s secret or private data.
We are currently finalizing Firefox’s Site Isolation feature by allowing a subset of users to benefit from this new security architecture on our Nightly and Beta channels and plan a roll out to more of our users later this year. If you are as excited about it as we are and would like to try it out, follow these steps:
💡 To enable Site Isolation on Firefox Nightly:
1.) Navigate to about:preferences#experimental
2.) Check the “Fission (Site Isolation)” checkbox to enable.
3.) Restart Firefox.
💡 To enable Site Isolation on Firefox Beta or Release:
1.) Navigate to about:config.
2.) Set
fission.autostart pref to true.3.) Restart Firefox.
With this monumental change of secure browser design, users of Firefox Desktop benefit from protections against future variants of Spectre, resulting in an even safer browsing experience. If you aren’t a Firefox user yet, you can download the latest version here and if you want to know all the technical details about Firefox’ new security architecture, you can read it here.
https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/
#ff #firefox #site #isolation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Mozilla Security Blog
Introducing Site Isolation in Firefox
With Site Isolation enabled on Firefox for Desktop, Mozilla takes its security guarantees to the next level.
Colonial Pipeline Hit by Network Outage Just Days After Hack Shutdown
NEW YORK (Reuters) - Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation's biggest fuel pipeline reopened after a week-long ransomware attack.
The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.
Last week's closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.
Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries - which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.
After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.
Colonial's shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.
https://money.usnews.com/investing/news/articles/2021-05-18/colonial-pipeline-nomination-system-shut-tuesday-market-sources
https://twitter.com/IntelPointAlert/status/1394672389464670212
#colonial #pipeline #network #issues
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
NEW YORK (Reuters) - Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation's biggest fuel pipeline reopened after a week-long ransomware attack.
The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.
Last week's closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.
Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries - which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.
After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.
Colonial's shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.
https://money.usnews.com/investing/news/articles/2021-05-18/colonial-pipeline-nomination-system-shut-tuesday-market-sources
https://twitter.com/IntelPointAlert/status/1394672389464670212
#colonial #pipeline #network #issues
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
US News & World Report
Colonial Pipeline Hit by Brief Network Outage Amid Efforts to Harden System | Investing News | US News
US News is a recognized leader in college, grad school, hospital, mutual fund, and car rankings. Track elected officials, research health conditions, and find news you can use in politics, business, health, and education.