2105.02274.pdf
713.4 KB
Rethinking Search: Making Experts out of Dilettantes
When experiencing an information need, users want to engage with an expert, but often turn to an information retrieval system, such as a search engine, instead. Classical information retrieval systems do not answer information needs directly, but instead provide references to (hopefully authoritative) answers. Successful question answering systems offer a limited corpus created on-demand by human experts, which is neither timely nor scalable.
https://arxiv.org/pdf/2105.02274.pdf
#google #search #research #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
When experiencing an information need, users want to engage with an expert, but often turn to an information retrieval system, such as a search engine, instead. Classical information retrieval systems do not answer information needs directly, but instead provide references to (hopefully authoritative) answers. Successful question answering systems offer a limited corpus created on-demand by human experts, which is neither timely nor scalable.
https://arxiv.org/pdf/2105.02274.pdf
#google #search #research #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Edaqa's Secret Sharing
Use this tool to allow friends, colleagues, and loved ones, gain access to your systems in case of an emergency. It allows you to break a secret into parts, and if enough recipients agree to combine their parts, the initial secret can be recovered.
https://edaqa.com/edaqas-secrets.html
#edaqa #decryption #encryption #secret
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Use this tool to allow friends, colleagues, and loved ones, gain access to your systems in case of an emergency. It allows you to break a secret into parts, and if enough recipients agree to combine their parts, the initial secret can be recovered.
https://edaqa.com/edaqas-secrets.html
#edaqa #decryption #encryption #secret
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
The app that lets you pay to control another person's life
How would you feel about being able to pay to control multiple aspects of another person's life? A new app is offering you the chance to do just that.
When writer Brandon Wong recently couldn't decide what takeaway to order one evening, he asked his followers on social media app NewNew to choose for him.
Those that wanted to get involved in the 24-year-old's dinner dilemma paid $5 (Β£3.50) to vote in a poll, and the majority verdict was that he should go for Korean food, so that was what he bought.
"I couldn't decide between Chinese or Korean, so it was very helpful," says Mr Wong, who lives in Edmonton, Canada. "I have also used NewNew polls to decide what clothes I should wear that day, and lots of other personal stuff.
"I joined back in March, and I post [polls] three or four times a week. I've now had more than 1,700 total votes."
NewNew is the brainchild of Los Angeles-based entrepreneur Courtne Smith. The app, which is still in its "beta" or pre-full release stage, describes itself as "a human stock market where you buy shares in the lives of real people, in order to control their decisions and watch the outcome".
https://www.bbc.com/news/business-57085557
#newnew #app #control #live
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
How would you feel about being able to pay to control multiple aspects of another person's life? A new app is offering you the chance to do just that.
When writer Brandon Wong recently couldn't decide what takeaway to order one evening, he asked his followers on social media app NewNew to choose for him.
Those that wanted to get involved in the 24-year-old's dinner dilemma paid $5 (Β£3.50) to vote in a poll, and the majority verdict was that he should go for Korean food, so that was what he bought.
"I couldn't decide between Chinese or Korean, so it was very helpful," says Mr Wong, who lives in Edmonton, Canada. "I have also used NewNew polls to decide what clothes I should wear that day, and lots of other personal stuff.
"I joined back in March, and I post [polls] three or four times a week. I've now had more than 1,700 total votes."
NewNew is the brainchild of Los Angeles-based entrepreneur Courtne Smith. The app, which is still in its "beta" or pre-full release stage, describes itself as "a human stock market where you buy shares in the lives of real people, in order to control their decisions and watch the outcome".
https://www.bbc.com/news/business-57085557
#newnew #app #control #live
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
BBC News
The app that lets you pay to control another person's life
NewNew aims to connect artists with their fans who can vote on aspects of their work and daily life.
Major Privacy Breach as Eufy Security Camera Owners Report Seeing Other Users' Video Feeds
Owners of Eufy home security cameras are this morning reporting seeing live and recorded feeds show up in the Eufy app from other users' cameras, in what appears to be a disturbing breach of privacy and a major malfunctioning of the company's service.
As with many connected domestic security cameras, Eufy cameras offer users the ability to view real-time and recorded streams of video feeds from the devices set up in and around the home. However, many Eufy owners are reporting seeing video feeds from cameras that are clearly not their own, while some users are claiming they are even able to pan and zoom strangers' cameras.
Eufy users on Monday took to Reddit to express their disbelief:
https://www.reddit.com/r/EufyCam/comments/nebii3/i_am_seeing_someone_elses_security_camera_feeds/
https://www.macrumors.com/2021/05/17/eufy-camera-users-security-breach/
#eufy #breach #privacy #security #camera
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Owners of Eufy home security cameras are this morning reporting seeing live and recorded feeds show up in the Eufy app from other users' cameras, in what appears to be a disturbing breach of privacy and a major malfunctioning of the company's service.
As with many connected domestic security cameras, Eufy cameras offer users the ability to view real-time and recorded streams of video feeds from the devices set up in and around the home. However, many Eufy owners are reporting seeing video feeds from cameras that are clearly not their own, while some users are claiming they are even able to pan and zoom strangers' cameras.
Eufy users on Monday took to Reddit to express their disbelief:
https://www.reddit.com/r/EufyCam/comments/nebii3/i_am_seeing_someone_elses_security_camera_feeds/
https://www.macrumors.com/2021/05/17/eufy-camera-users-security-breach/
#eufy #breach #privacy #security #camera
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Reddit
From the EufyCam community on Reddit: I am seeing someone else's security camera feeds on my phone
Explore this post and more from the EufyCam community
Amazon's Sidewalk Network Is Turned On by Default. Here's How to Turn It Off
The company's Sidewalk mesh network goes live June 8. The good news is that you can turn it off.
Last week, Amazon said it would turn on Sidewalk, its mesh network that uses Bluetooth and 900MHz radio signals to communicate between devices, on June 8. I imagine that most people, even those who bought an Echo smart speaker in the past few years, have no idea what Sidewalk is.
I suspect most of those people would be even more surprised to know that it's turned on by default on every one of their devices. I'll get to that part in just a minute.
First, let's talk about Sidewalk. The idea behind is actually really smart--make it possible for smart home devices to serve as a sort of bridge between your WiFi connection and one another. That way, if your Ring doorbell, for example, isn't located close to your WiFi router, but it happens to near an Echo Dot, it can use Sidewalk to stay connected.
The same is true if your internet connection is down. Your smart devices can connect to other smart devices, even if they aren't in your home. The big news on this front is that Tile is joining the Sidewalk network on June 14. That means that if you lose a Tile tracker, it can connect to any of the millions of Echo or Ring devices in your neighborhood and send its location back to you.
That's definitely a nice benefit, but it's also where things get a little murky from a privacy standpoint. That's because other people's devices, like your neighbor's, can also connect to your network.
Amazon is pretty clear that Sidewalk uses three layers of encryption so that no data is shared between say, someone's Tile tracker and your network. The signal from the Tile is encrypted all the way back to the Tile app on your iPhone or Android smartphone.
Still, a feature like this seems like the type of thing you'd want some control over. If suddenly my devices are going to start connecting to my neighbor's WiFi, or theirs to mine, it seems like you'd have to opt-in, right?
Nope.
https://www.inc.com/jason-aten/amazons-sidewalk-network-is-turned-on-by-default-heres-how-to-turn-it-off.html
#amazon #DeleteAmazon #sidewalk #network
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
The company's Sidewalk mesh network goes live June 8. The good news is that you can turn it off.
Last week, Amazon said it would turn on Sidewalk, its mesh network that uses Bluetooth and 900MHz radio signals to communicate between devices, on June 8. I imagine that most people, even those who bought an Echo smart speaker in the past few years, have no idea what Sidewalk is.
I suspect most of those people would be even more surprised to know that it's turned on by default on every one of their devices. I'll get to that part in just a minute.
First, let's talk about Sidewalk. The idea behind is actually really smart--make it possible for smart home devices to serve as a sort of bridge between your WiFi connection and one another. That way, if your Ring doorbell, for example, isn't located close to your WiFi router, but it happens to near an Echo Dot, it can use Sidewalk to stay connected.
The same is true if your internet connection is down. Your smart devices can connect to other smart devices, even if they aren't in your home. The big news on this front is that Tile is joining the Sidewalk network on June 14. That means that if you lose a Tile tracker, it can connect to any of the millions of Echo or Ring devices in your neighborhood and send its location back to you.
That's definitely a nice benefit, but it's also where things get a little murky from a privacy standpoint. That's because other people's devices, like your neighbor's, can also connect to your network.
Amazon is pretty clear that Sidewalk uses three layers of encryption so that no data is shared between say, someone's Tile tracker and your network. The signal from the Tile is encrypted all the way back to the Tile app on your iPhone or Android smartphone.
Still, a feature like this seems like the type of thing you'd want some control over. If suddenly my devices are going to start connecting to my neighbor's WiFi, or theirs to mine, it seems like you'd have to opt-in, right?
Nope.
https://www.inc.com/jason-aten/amazons-sidewalk-network-is-turned-on-by-default-heres-how-to-turn-it-off.html
#amazon #DeleteAmazon #sidewalk #network
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Inc.com
Amazon's Massive Tracking Network Is Turned On By Default. Here's How to Turn It Off
The company's Sidewalk mesh network goes live June 8. The good news is that you can turn it off.
This media is not supported in your browser
VIEW IN TELEGRAM
The worldΒ΄s most dangerous USB-Cable - O.MG Cable - The New Batch
βΌοΈ For educational purposes only
https://www.youtube.com/watch?v=Y1xzkHOWFkA
#educational #usb #cable #hak5 #video
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
βΌοΈ For educational purposes only
https://www.youtube.com/watch?v=Y1xzkHOWFkA
#educational #usb #cable #hak5 #video
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Season 2, Episode 1, An Epiphany on a Train
TikTok Started With a Tech Guy From China Who Decoded Americaβs Teens
Foundering, a podcast from Bloomberg Technology, tells the story of TikTok.
https://www.bloomberg.com/news/articles/2021-04-22/when-tiktok-started-a-tech-guy-from-china-decoded-america-s-teens
#tiktok #DeleteTikTok #podcast #bloomberg
π@cRyPtHoN_INFOSEC_FR
π@cRyPtHoN_INFOSEC_EN
π@cRyPtHoN_INFOSEC_DE
π@BlackBox_Archiv
Foundering, a podcast from Bloomberg Technology, tells the story of TikTok.
https://www.bloomberg.com/news/articles/2021-04-22/when-tiktok-started-a-tech-guy-from-china-decoded-america-s-teens
#tiktok #DeleteTikTok #podcast #bloomberg
π@cRyPtHoN_INFOSEC_FR
π@cRyPtHoN_INFOSEC_EN
π@cRyPtHoN_INFOSEC_DE
π@BlackBox_Archiv
Insider Q&A: Sophie Zhang, Facebook whistleblower
Sophie Zhang worked as a Facebook data scientist for nearly three years before was she fired in the fall of 2020. On her final day, she posted a 7,800-word memo to the companyβs internal forum β such farewell notes, if not the length, are a common practice for departing employees. In the memo, first published by Buzzfeed, she outlined evidence that governments in countries like Azerbaijan and Honduras were using fake accounts to influence the public. Elsewhere, such as India and Ecuador, Zhang found coordinated activity intended to manipulate public opinion, although it wasnβt clear who was behind it. Facebook, she said, didnβt take her findings seriously.
Zhangβs experience led her to a stark conclusion: βI have blood on my hands.β
Facebook has not disputed the facts of Zhangβs story but has sought to diminish the importance of her findings.
βWe fundamentally disagree with Ms. Zhangβs characterization of our priorities and efforts to root out abuse on our platform,β Facebook said in a statement. βAs part of our crackdown against this kind of abuse, we have specialized teams focused on this work and have already taken down more than 150 networks of coordinated inauthentic behavior. Around half of them were domestic networks that operated in Latin America, the Middle East, North Africa, and in the Asia Pacific region.β
This interview has been edited for length and clarity.
https://apnews.com/article/europe-science-technology-business-6df84710d91b491d97eb98cde5432dc7
#facebook #DeleteFacebook #whistleblower #interview
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Sophie Zhang worked as a Facebook data scientist for nearly three years before was she fired in the fall of 2020. On her final day, she posted a 7,800-word memo to the companyβs internal forum β such farewell notes, if not the length, are a common practice for departing employees. In the memo, first published by Buzzfeed, she outlined evidence that governments in countries like Azerbaijan and Honduras were using fake accounts to influence the public. Elsewhere, such as India and Ecuador, Zhang found coordinated activity intended to manipulate public opinion, although it wasnβt clear who was behind it. Facebook, she said, didnβt take her findings seriously.
Zhangβs experience led her to a stark conclusion: βI have blood on my hands.β
Facebook has not disputed the facts of Zhangβs story but has sought to diminish the importance of her findings.
βWe fundamentally disagree with Ms. Zhangβs characterization of our priorities and efforts to root out abuse on our platform,β Facebook said in a statement. βAs part of our crackdown against this kind of abuse, we have specialized teams focused on this work and have already taken down more than 150 networks of coordinated inauthentic behavior. Around half of them were domestic networks that operated in Latin America, the Middle East, North Africa, and in the Asia Pacific region.β
This interview has been edited for length and clarity.
https://apnews.com/article/europe-science-technology-business-6df84710d91b491d97eb98cde5432dc7
#facebook #DeleteFacebook #whistleblower #interview
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
AP NEWS
Insider Q&A: Sophie Zhang, Facebook whistleblower
Sophie Zhang worked as a Facebook data scientist for nearly three years before was she fired in the fall of 2020. On her final day, she posted a 7,800-word memo to the companyβs internal forum β such farewell notes, if not the length, are a common practiceβ¦
Telemetry Debate Rocks Audacity Community in Open Source Dustup
Starting an open source project is easy: write some code, pick a compatible license, and push it up to GitHub. Extra points awarded if you came up with a clever logo and remembered to actually document what the project is supposed to do. But maintaining a large open source project and keeping its community happy while continuing to evolve and stay on the cutting edge is another story entirely.
Just ask the maintainers of Audacity. The GPLv2 licensed multi-platform audio editor has been providing a powerful and easy to use set of tools for amateurs and professionals alike since 1999, and is used daily byβ¦well, itβs hard to say. Millions, tens of millions? Nobody really knows how many people are using this particular tool and on what platforms, so itβs not hard to see why a pull request was recently proposed which would bake analytics into the software in an effort to start answering some of these core questions.
https://hackaday.com/2021/05/17/telemetry-debate-rocks-audacity-community-in-open-source-dustup/
#telemetry #audacity #community #opensource #muse
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Starting an open source project is easy: write some code, pick a compatible license, and push it up to GitHub. Extra points awarded if you came up with a clever logo and remembered to actually document what the project is supposed to do. But maintaining a large open source project and keeping its community happy while continuing to evolve and stay on the cutting edge is another story entirely.
Just ask the maintainers of Audacity. The GPLv2 licensed multi-platform audio editor has been providing a powerful and easy to use set of tools for amateurs and professionals alike since 1999, and is used daily byβ¦well, itβs hard to say. Millions, tens of millions? Nobody really knows how many people are using this particular tool and on what platforms, so itβs not hard to see why a pull request was recently proposed which would bake analytics into the software in an effort to start answering some of these core questions.
https://hackaday.com/2021/05/17/telemetry-debate-rocks-audacity-community-in-open-source-dustup/
#telemetry #audacity #community #opensource #muse
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Hackaday
Telemetry Debate Rocks Audacity Community In Open Source Dustup
Starting an open source project is easy: write some code, pick a compatible license, and push it up to GitHub. Extra points awarded if you came up with a clever logo and remembered to actually docuβ¦
Ad block shouldn't break your checkout
We've recently started a shop with some merchandise using TeeSpring. We wanted to try out selling merch as a strategy for monetizing our game Bela Online. And while TeeSpring enabled us to set up this very fast and it is a no-brainer in terms of how hands off it is, there are some issues. Some critical issues.
What happened? π€
If your customer has an ad blocker enabled which blocks, well, ads, the whole checkout experience breaks. A friend of mine reported it today to me. He has uBlock Origin installed and when he clicks "Checkout" the site doesn't do anything. π’
The experience just stops, and he couldn't go through with the order.
I've sent a report through a channel intended for reporting issues with your order, but I've also wanted to write this blog post as a cautionary tale for other developers.
uBlock Origin breaks things πΏ
So, what is the root cause of this issue? If we look at the code that breaks:
https://ilakovac.com/teespring-ublock-issue/
#ublock #adblock #issues
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
We've recently started a shop with some merchandise using TeeSpring. We wanted to try out selling merch as a strategy for monetizing our game Bela Online. And while TeeSpring enabled us to set up this very fast and it is a no-brainer in terms of how hands off it is, there are some issues. Some critical issues.
What happened? π€
If your customer has an ad blocker enabled which blocks, well, ads, the whole checkout experience breaks. A friend of mine reported it today to me. He has uBlock Origin installed and when he clicks "Checkout" the site doesn't do anything. π’
The experience just stops, and he couldn't go through with the order.
I've sent a report through a channel intended for reporting issues with your order, but I've also wanted to write this blog post as a cautionary tale for other developers.
uBlock Origin breaks things πΏ
So, what is the root cause of this issue? If we look at the code that breaks:
https://ilakovac.com/teespring-ublock-issue/
#ublock #adblock #issues
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Ilakovac
Ad block shouldn't break your checkout
TeeSpring's checkout doesn't work if you have ad block turned on
Introducing Site Isolation in Firefox
When two major vulnerabilities known as Meltdown and Spectre were disclosed by security researchers in early 2018, Firefox promptly added security mitigations to keep you safe. Going forward, however, it was clear that with the evolving techniques of malicious actors on the web, we needed to redesign Firefox to mitigate future variations of such vulnerabilities and to keep you safe when browsing the web!
We are excited to announce that Firefoxβ new Site Isolation architecture is coming together. This fundamental redesign of Firefoxβ Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop. Isolating each site into a separate operating system process makes it even harder for malicious sites to read another siteβs secret or private data.
We are currently finalizing Firefoxβs Site Isolation feature by allowing a subset of users to benefit from this new security architecture on our Nightly and Beta channels and plan a roll out to more of our users later this year. If you are as excited about it as we are and would like to try it out, follow these steps:
π‘ To enable Site Isolation on Firefox Nightly:
1.) Navigate to about:preferences#experimental
2.) Check the βFission (Site Isolation)β checkbox to enable.
3.) Restart Firefox.
π‘ To enable Site Isolation on Firefox Beta or Release:
1.) Navigate to about:config.
2.) Set
3.) Restart Firefox.
With this monumental change of secure browser design, users of Firefox Desktop benefit from protections against future variants of Spectre, resulting in an even safer browsing experience. If you arenβt a Firefox user yet, you can download the latest version here and if you want to know all the technical details about Firefoxβ new security architecture, you can read it here.
https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/
#ff #firefox #site #isolation
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
When two major vulnerabilities known as Meltdown and Spectre were disclosed by security researchers in early 2018, Firefox promptly added security mitigations to keep you safe. Going forward, however, it was clear that with the evolving techniques of malicious actors on the web, we needed to redesign Firefox to mitigate future variations of such vulnerabilities and to keep you safe when browsing the web!
We are excited to announce that Firefoxβ new Site Isolation architecture is coming together. This fundamental redesign of Firefoxβ Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop. Isolating each site into a separate operating system process makes it even harder for malicious sites to read another siteβs secret or private data.
We are currently finalizing Firefoxβs Site Isolation feature by allowing a subset of users to benefit from this new security architecture on our Nightly and Beta channels and plan a roll out to more of our users later this year. If you are as excited about it as we are and would like to try it out, follow these steps:
π‘ To enable Site Isolation on Firefox Nightly:
1.) Navigate to about:preferences#experimental
2.) Check the βFission (Site Isolation)β checkbox to enable.
3.) Restart Firefox.
π‘ To enable Site Isolation on Firefox Beta or Release:
1.) Navigate to about:config.
2.) Set
fission.autostart pref to true.3.) Restart Firefox.
With this monumental change of secure browser design, users of Firefox Desktop benefit from protections against future variants of Spectre, resulting in an even safer browsing experience. If you arenβt a Firefox user yet, you can download the latest version here and if you want to know all the technical details about Firefoxβ new security architecture, you can read it here.
https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/
#ff #firefox #site #isolation
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Mozilla Security Blog
Introducing Site Isolation in Firefox
With Site Isolation enabled on Firefox for Desktop, Mozilla takes its security guarantees to the next level.
Colonial Pipeline Hit by Network Outage Just Days After Hack Shutdown
NEW YORK (Reuters) - Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation's biggest fuel pipeline reopened after a week-long ransomware attack.
The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.
Last week's closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.
Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries - which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.
After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.
Colonial's shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.
https://money.usnews.com/investing/news/articles/2021-05-18/colonial-pipeline-nomination-system-shut-tuesday-market-sources
https://twitter.com/IntelPointAlert/status/1394672389464670212
#colonial #pipeline #network #issues
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
NEW YORK (Reuters) - Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation's biggest fuel pipeline reopened after a week-long ransomware attack.
The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.
Last week's closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.
Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries - which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.
After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.
Colonial's shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.
https://money.usnews.com/investing/news/articles/2021-05-18/colonial-pipeline-nomination-system-shut-tuesday-market-sources
https://twitter.com/IntelPointAlert/status/1394672389464670212
#colonial #pipeline #network #issues
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
US News & World Report
Colonial Pipeline Hit by Brief Network Outage Amid Efforts to Harden System | Investing News | US News
US News is a recognized leader in college, grad school, hospital, mutual fund, and car rankings. Track elected officials, research health conditions, and find news you can use in politics, business, health, and education.
Media is too big
VIEW IN TELEGRAM
Hackers - 23 part -I - (1990) The KGB, the Computer and Me (Part 1)
What was it like to be a hacker back in the 80βs? 23 looks into the life of legendary hacker Karl Koch and his tragic end.
https://archive.org/details/Hackers_-_23_part_-I_-_
#hackers #movie #video
π½@cRyPtHoN_INFOSEC_FR
π½@cRyPtHoN_INFOSEC_EN
π½@cRyPtHoN_INFOSEC_DE
π½@BlackBox_Archiv
What was it like to be a hacker back in the 80βs? 23 looks into the life of legendary hacker Karl Koch and his tragic end.
https://archive.org/details/Hackers_-_23_part_-I_-_
#hackers #movie #video
π½@cRyPtHoN_INFOSEC_FR
π½@cRyPtHoN_INFOSEC_EN
π½@cRyPtHoN_INFOSEC_DE
π½@BlackBox_Archiv
Media is too big
VIEW IN TELEGRAM
Hackers - 23 part -II -(1998) Nothing is as it seems (Part 2)
What was it like to be a hacker back in the 80βs? 23 looks into the life of legendary hacker Karl Koch and his tragic end.
https://archive.org/details/Hackers_-_23_part_-II_-
#hackers #movie #video
π½@cRyPtHoN_INFOSEC_FR
π½@cRyPtHoN_INFOSEC_EN
π½@cRyPtHoN_INFOSEC_DE
π½@BlackBox_Archiv
What was it like to be a hacker back in the 80βs? 23 looks into the life of legendary hacker Karl Koch and his tragic end.
https://archive.org/details/Hackers_-_23_part_-II_-
#hackers #movie #video
π½@cRyPtHoN_INFOSEC_FR
π½@cRyPtHoN_INFOSEC_EN
π½@cRyPtHoN_INFOSEC_DE
π½@BlackBox_Archiv
Improving Firefox stability on Linux
Roughly a year ago at Mozilla we started an effort to improve Firefox stability on Linux. This effort quickly became an example of good synergies between FOSS projects.
Every time Firefox crashes, the user can send us a crash report which we use to analyze the problem and hopefully fix it:
https://hacks.mozilla.org/2021/05/improving-firefox-stability-on-linux/
#ff #firefox #stability #linux
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Roughly a year ago at Mozilla we started an effort to improve Firefox stability on Linux. This effort quickly became an example of good synergies between FOSS projects.
Every time Firefox crashes, the user can send us a crash report which we use to analyze the problem and hopefully fix it:
https://hacks.mozilla.org/2021/05/improving-firefox-stability-on-linux/
#ff #firefox #stability #linux
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Mozilla Hacks β the Web developer blog
Improving Firefox stability on Linux
A year ago at Mozilla we started to improve Firefox stability on Linux. This effort quickly became an example of good synergies between FOSS.
Recycle Your Phone, Sure, But Maybe Not Your Number
Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.
Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.
Researchers in the computer science department at Princeton University say they sampled 259 phone numbers at two major wireless carriers, and found 171 of them were tied to existing accounts at popular websites, potentially allowing those accounts to be hijacked.
The Princeton team further found 100 of those 259 numbers were linked to leaked login credentials on the web, which could enable account hijackings that defeat SMS-based multi-factor authentication.
https://krebsonsecurity.com/2021/05/recycle-your-phone-sure-but-maybe-not-your-number/
π‘ read as well: (PDF)
Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States
https://t.iss.one/BlackBox_Archiv/2135
#security #privacy #phone #number #recycling #usa #mobile #carriers #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.
Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.
Researchers in the computer science department at Princeton University say they sampled 259 phone numbers at two major wireless carriers, and found 171 of them were tied to existing accounts at popular websites, potentially allowing those accounts to be hijacked.
The Princeton team further found 100 of those 259 numbers were linked to leaked login credentials on the web, which could enable account hijackings that defeat SMS-based multi-factor authentication.
https://krebsonsecurity.com/2021/05/recycle-your-phone-sure-but-maybe-not-your-number/
π‘ read as well: (PDF)
Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States
https://t.iss.one/BlackBox_Archiv/2135
#security #privacy #phone #number #recycling #usa #mobile #carriers #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Krebs on Security
Recycle Your Phone, Sure, But Maybe Not Your Number
Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to aβ¦
How Myanmar's military moved in on the telecoms sector to spy on citizens
In the months before the Myanmar military's Feb. 1 coup, the country's telecom and internet service providers were ordered to install intercept spyware that would allow the army to eavesdrop on the communications of citizens, sources with direct knowledge of the plan told Reuters.
The technology gives the military the power to listen in on calls, view text messages and web traffic including emails, and track the locations of users without the assistance of the telecom and internet firms, the sources said.
The directives are part of a sweeping effort by the army to deploy electronic surveillance systems and exert control over the internet with the aim of keeping tabs on political opponents, squashing protests and cutting off channels for any future dissent, they added.
Decision makers at the civilian Ministry of Transport and Communications that delivered the orders were ex-military officials, according to one industry executive with direct knowledge of the plans and another briefed on the matter.
"They presented it as coming from the civilian government, but we knew the army would have control and were told you could not refuse," the executive with direct knowledge said, adding that officials from the military-controlled Ministry of Home Affairs also sat in on the meetings.
More than a dozen people with knowledge of the intercept spyware used in Myanmar have been interviewed by Reuters. All asked to remain anonymous, citing fear of retribution from the military junta.
https://www.reuters.com/world/asia-pacific/how-myanmars-military-moved-telecoms-sector-spy-citizens-2021-05-18/
#myanmar #military #telecom #surveillance #internet #spyware
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
In the months before the Myanmar military's Feb. 1 coup, the country's telecom and internet service providers were ordered to install intercept spyware that would allow the army to eavesdrop on the communications of citizens, sources with direct knowledge of the plan told Reuters.
The technology gives the military the power to listen in on calls, view text messages and web traffic including emails, and track the locations of users without the assistance of the telecom and internet firms, the sources said.
The directives are part of a sweeping effort by the army to deploy electronic surveillance systems and exert control over the internet with the aim of keeping tabs on political opponents, squashing protests and cutting off channels for any future dissent, they added.
Decision makers at the civilian Ministry of Transport and Communications that delivered the orders were ex-military officials, according to one industry executive with direct knowledge of the plans and another briefed on the matter.
"They presented it as coming from the civilian government, but we knew the army would have control and were told you could not refuse," the executive with direct knowledge said, adding that officials from the military-controlled Ministry of Home Affairs also sat in on the meetings.
More than a dozen people with knowledge of the intercept spyware used in Myanmar have been interviewed by Reuters. All asked to remain anonymous, citing fear of retribution from the military junta.
https://www.reuters.com/world/asia-pacific/how-myanmars-military-moved-telecoms-sector-spy-citizens-2021-05-18/
#myanmar #military #telecom #surveillance #internet #spyware
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Reuters
Insight: How Myanmarβs military moved in on the telecoms sector to spy on citizens
In the months before the Myanmar military's Feb. 1 coup, the country's telecom and internet service providers were ordered to install intercept spyware that would allow the army to eavesdrop on the communications of citizens, sources with direct knowledgeβ¦
Forwarded from cRyPtHoNβ’ INFOSEC (EN)
What the NSA provides to its foreign partners, and vice versa
The cooperation between (signals) intelligence agencies of different countries is strictly quid pro quo, which means what you get is equivalent to what you give. This is perfectly illustrated by a small series of documents from the Snowden trove, which summarize what the NSA provides to its foreign partners, along what they provide to the NSA.
Two of these documents are about the NSA's Second Party partners (better known as the Five Eyes): Canada and New Zealand, and six about Third Party partners: Germany, Israel, Norway, Saudi Arabia, Sweden and Turkey. Another NSA document provides some characteristics of these relationships.
The documents about the various NSA partners are information papers prepared by the Country Desk Officer (CDO) for the particular country at the NSA's Foreign Affairs Directorate (FAD). All but one date from April 2013, which is just a month before Snowden left the agency. It's not known whether there are also papers about other NSA partners among the Snowden files.
The information papers describe the relationship between the NSA and the foreign partner in a standardized way: they all start with an introduction, mention some "Key Issues", followed by "What NSA Provides to Partner" and "What Partner Provides to NSA". The papers end with "Success Stories" and "Problems/Challenges with the Partner".
https://www.electrospaces.net/2021/05/what-nsa-provides-to-its-foreign.html
#usa #nsa #FiveEyes #cooperation #leaked #papers
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
The cooperation between (signals) intelligence agencies of different countries is strictly quid pro quo, which means what you get is equivalent to what you give. This is perfectly illustrated by a small series of documents from the Snowden trove, which summarize what the NSA provides to its foreign partners, along what they provide to the NSA.
Two of these documents are about the NSA's Second Party partners (better known as the Five Eyes): Canada and New Zealand, and six about Third Party partners: Germany, Israel, Norway, Saudi Arabia, Sweden and Turkey. Another NSA document provides some characteristics of these relationships.
The documents about the various NSA partners are information papers prepared by the Country Desk Officer (CDO) for the particular country at the NSA's Foreign Affairs Directorate (FAD). All but one date from April 2013, which is just a month before Snowden left the agency. It's not known whether there are also papers about other NSA partners among the Snowden files.
The information papers describe the relationship between the NSA and the foreign partner in a standardized way: they all start with an introduction, mention some "Key Issues", followed by "What NSA Provides to Partner" and "What Partner Provides to NSA". The papers end with "Success Stories" and "Problems/Challenges with the Partner".
https://www.electrospaces.net/2021/05/what-nsa-provides-to-its-foreign.html
#usa #nsa #FiveEyes #cooperation #leaked #papers
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
www.electrospaces.net
What the NSA provides to its foreign partners, and vice versa
A weblog about Signals Intelligence, Communications Security and top level telecommunications equipment
The new corporate owner of Freenode is Imperial Family Companies
https://imperialfamily.com/
https://freenode.net/
#freenode #imperialfamily
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
https://imperialfamily.com/
https://freenode.net/
#freenode #imperialfamily
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv