The app that lets you pay to control another person's life

How would you feel about being able to pay to control multiple aspects of another person's life? A new app is offering you the chance to do just that.

When writer Brandon Wong recently couldn't decide what takeaway to order one evening, he asked his followers on social media app NewNew to choose for him.

Those that wanted to get involved in the 24-year-old's dinner dilemma paid $5 (£3.50) to vote in a poll, and the majority verdict was that he should go for Korean food, so that was what he bought.

"I couldn't decide between Chinese or Korean, so it was very helpful," says Mr Wong, who lives in Edmonton, Canada. "I have also used NewNew polls to decide what clothes I should wear that day, and lots of other personal stuff.

"I joined back in March, and I post [polls] three or four times a week. I've now had more than 1,700 total votes."

NewNew is the brainchild of Los Angeles-based entrepreneur Courtne Smith. The app, which is still in its "beta" or pre-full release stage, describes itself as "a human stock market where you buy shares in the lives of real people, in order to control their decisions and watch the outcome".

https://www.bbc.com/news/business-57085557

#newnew #app #control #live
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Major Privacy Breach as Eufy Security Camera Owners Report Seeing Other Users' Video Feeds

Owners of Eufy home security cameras are this morning reporting seeing live and recorded feeds show up in the Eufy app from other users' cameras, in what appears to be a disturbing breach of privacy and a major malfunctioning of the company's service.

As with many connected domestic security cameras, Eufy cameras offer users the ability to view real-time and recorded streams of video feeds from the devices set up in and around the home. However, many Eufy owners are reporting seeing video feeds from cameras that are clearly not their own, while some users are claiming they are even able to pan and zoom strangers' cameras.

Eufy users on Monday took to Reddit to express their disbelief:
https://www.reddit.com/r/EufyCam/comments/nebii3/i_am_seeing_someone_elses_security_camera_feeds/

https://www.macrumors.com/2021/05/17/eufy-camera-users-security-breach/

#eufy #breach #privacy #security #camera
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Amazon's Sidewalk Network Is Turned On by Default. Here's How to Turn It Off

The company's Sidewalk mesh network goes live June 8. The good news is that you can turn it off.

Last week, Amazon said it would turn on Sidewalk, its mesh network that uses Bluetooth and 900MHz radio signals to communicate between devices, on June 8. I imagine that most people, even those who bought an Echo smart speaker in the past few years, have no idea what Sidewalk is.

I suspect most of those people would be even more surprised to know that it's turned on by default on every one of their devices. I'll get to that part in just a minute.

First, let's talk about Sidewalk. The idea behind is actually really smart--make it possible for smart home devices to serve as a sort of bridge between your WiFi connection and one another. That way, if your Ring doorbell, for example, isn't located close to your WiFi router, but it happens to near an Echo Dot, it can use Sidewalk to stay connected.

The same is true if your internet connection is down. Your smart devices can connect to other smart devices, even if they aren't in your home. The big news on this front is that Tile is joining the Sidewalk network on June 14. That means that if you lose a Tile tracker, it can connect to any of the millions of Echo or Ring devices in your neighborhood and send its location back to you.

That's definitely a nice benefit, but it's also where things get a little murky from a privacy standpoint. That's because other people's devices, like your neighbor's, can also connect to your network.

Amazon is pretty clear that Sidewalk uses three layers of encryption so that no data is shared between say, someone's Tile tracker and your network. The signal from the Tile is encrypted all the way back to the Tile app on your iPhone or Android smartphone.

Still, a feature like this seems like the type of thing you'd want some control over. If suddenly my devices are going to start connecting to my neighbor's WiFi, or theirs to mine, it seems like you'd have to opt-in, right?

Nope.

https://www.inc.com/jason-aten/amazons-sidewalk-network-is-turned-on-by-default-heres-how-to-turn-it-off.html

#amazon #DeleteAmazon #sidewalk #network
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The world´s most dangerous USB-Cable - O.MG Cable - The New Batch

‼️ For educational purposes only

https://www.youtube.com/watch?v=Y1xzkHOWFkA

#educational #usb #cable #hak5 #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

TikTok Started With a Tech Guy From China Who Decoded America’s Teens

Foundering, a podcast from Bloomberg Technology, tells the story of TikTok.

https://www.bloomberg.com/news/articles/2021-04-22/when-tiktok-started-a-tech-guy-from-china-decoded-america-s-teens

#tiktok #DeleteTikTok #podcast #bloomberg
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv

Insider Q&A: Sophie Zhang, Facebook whistleblower

Sophie Zhang worked as a Facebook data scientist for nearly three years before was she fired in the fall of 2020. On her final day, she posted a 7,800-word memo to the company’s internal forum — such farewell notes, if not the length, are a common practice for departing employees. In the memo, first published by Buzzfeed, she outlined evidence that governments in countries like Azerbaijan and Honduras were using fake accounts to influence the public. Elsewhere, such as India and Ecuador, Zhang found coordinated activity intended to manipulate public opinion, although it wasn’t clear who was behind it. Facebook, she said, didn’t take her findings seriously.

Zhang’s experience led her to a stark conclusion: “I have blood on my hands.”

Facebook has not disputed the facts of Zhang’s story but has sought to diminish the importance of her findings.

“We fundamentally disagree with Ms. Zhang’s characterization of our priorities and efforts to root out abuse on our platform,” Facebook said in a statement. “As part of our crackdown against this kind of abuse, we have specialized teams focused on this work and have already taken down more than 150 networks of coordinated inauthentic behavior. Around half of them were domestic networks that operated in Latin America, the Middle East, North Africa, and in the Asia Pacific region.”

This interview has been edited for length and clarity.

https://apnews.com/article/europe-science-technology-business-6df84710d91b491d97eb98cde5432dc7

#facebook #DeleteFacebook #whistleblower #interview
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Telemetry Debate Rocks Audacity Community in Open Source Dustup

Starting an open source project is easy: write some code, pick a compatible license, and push it up to GitHub. Extra points awarded if you came up with a clever logo and remembered to actually document what the project is supposed to do. But maintaining a large open source project and keeping its community happy while continuing to evolve and stay on the cutting edge is another story entirely.

Just ask the maintainers of Audacity. The GPLv2 licensed multi-platform audio editor has been providing a powerful and easy to use set of tools for amateurs and professionals alike since 1999, and is used daily by…well, it’s hard to say. Millions, tens of millions? Nobody really knows how many people are using this particular tool and on what platforms, so it’s not hard to see why a pull request was recently proposed which would bake analytics into the software in an effort to start answering some of these core questions.

https://hackaday.com/2021/05/17/telemetry-debate-rocks-audacity-community-in-open-source-dustup/

#telemetry #audacity #community #opensource #muse
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Ad block shouldn't break your checkout

We've recently started a shop with some merchandise using TeeSpring. We wanted to try out selling merch as a strategy for monetizing our game Bela Online. And while TeeSpring enabled us to set up this very fast and it is a no-brainer in terms of how hands off it is, there are some issues. Some critical issues.

What happened? 🤔

If your customer has an ad blocker enabled which blocks, well, ads, the whole checkout experience breaks. A friend of mine reported it today to me. He has uBlock Origin installed and when he clicks "Checkout" the site doesn't do anything. 😢

The experience just stops, and he couldn't go through with the order.

I've sent a report through a channel intended for reporting issues with your order, but I've also wanted to write this blog post as a cautionary tale for other developers.

uBlock Origin breaks things 😿

So, what is the root cause of this issue? If we look at the code that breaks:

https://ilakovac.com/teespring-ublock-issue/

#ublock #adblock #issues
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Introducing Site Isolation in Firefox

When two major vulnerabilities known as Meltdown and Spectre were disclosed by security researchers in early 2018, Firefox promptly added security mitigations to keep you safe. Going forward, however, it was clear that with the evolving techniques of malicious actors on the web, we needed to redesign Firefox to mitigate future variations of such vulnerabilities and to keep you safe when browsing the web!

We are excited to announce that Firefox’ new Site Isolation architecture is coming together. This fundamental redesign of Firefox’ Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop. Isolating each site into a separate operating system process makes it even harder for malicious sites to read another site’s secret or private data.

We are currently finalizing Firefox’s Site Isolation feature by allowing a subset of users to benefit from this new security architecture on our Nightly and Beta channels and plan a roll out to more of our users later this year. If you are as excited about it as we are and would like to try it out, follow these steps:

💡 To enable Site Isolation on Firefox Nightly:

1.) Navigate to about:preferences#experimental

2.) Check the “Fission (Site Isolation)” checkbox to enable.

3.) Restart Firefox.

💡 To enable Site Isolation on Firefox Beta or Release:

1.) Navigate to about:config.

2.) Set fission.autostart pref to true.

3.) Restart Firefox.

With this monumental change of secure browser design, users of Firefox Desktop benefit from protections against future variants of Spectre, resulting in an even safer browsing experience. If you aren’t a Firefox user yet, you can download the latest version here and if you want to know all the technical details about Firefox’ new security architecture, you can read it here.

https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/

#ff #firefox #site #isolation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Colonial Pipeline Hit by Network Outage Just Days After Hack Shutdown

NEW YORK (Reuters) - Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation's biggest fuel pipeline reopened after a week-long ransomware attack.

The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.

Last week's closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.

Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries - which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.

After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.

Colonial's shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.

https://money.usnews.com/investing/news/articles/2021-05-18/colonial-pipeline-nomination-system-shut-tuesday-market-sources

https://twitter.com/IntelPointAlert/status/1394672389464670212

#colonial #pipeline #network #issues
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hackers - 23 part -I - (1990) The KGB, the Computer and Me (Part 1)

What was it like to be a hacker back in the 80’s? 23 looks into the life of legendary hacker Karl Koch and his tragic end.

https://archive.org/details/Hackers_-_23_part_-I_-_

#hackers #movie #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Hackers - 23 part -II -(1998) Nothing is as it seems (Part 2)

What was it like to be a hacker back in the 80’s? 23 looks into the life of legendary hacker Karl Koch and his tragic end.

https://archive.org/details/Hackers_-_23_part_-II_-

#hackers #movie #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Improving Firefox stability on Linux

Roughly a year ago at Mozilla we started an effort to improve Firefox stability on Linux. This effort quickly became an example of good synergies between FOSS projects.

Every time Firefox crashes, the user can send us a crash report which we use to analyze the problem and hopefully fix it:

https://hacks.mozilla.org/2021/05/improving-firefox-stability-on-linux/

#ff #firefox #stability #linux
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Recycle Your Phone, Sure, But Maybe Not Your Number

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.

Researchers in the computer science department at Princeton University say they sampled 259 phone numbers at two major wireless carriers, and found 171 of them were tied to existing accounts at popular websites, potentially allowing those accounts to be hijacked.

The Princeton team further found 100 of those 259 numbers were linked to leaked login credentials on the web, which could enable account hijackings that defeat SMS-based multi-factor authentication.

https://krebsonsecurity.com/2021/05/recycle-your-phone-sure-but-maybe-not-your-number/

💡 read as well: (PDF)
Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States
https://t.iss.one/BlackBox_Archiv/2135

#security #privacy #phone #number #recycling #usa #mobile #carriers #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

How Myanmar's military moved in on the telecoms sector to spy on citizens

In the months before the Myanmar military's Feb. 1 coup, the country's telecom and internet service providers were ordered to install intercept spyware that would allow the army to eavesdrop on the communications of citizens, sources with direct knowledge of the plan told Reuters.

The technology gives the military the power to listen in on calls, view text messages and web traffic including emails, and track the locations of users without the assistance of the telecom and internet firms, the sources said.

The directives are part of a sweeping effort by the army to deploy electronic surveillance systems and exert control over the internet with the aim of keeping tabs on political opponents, squashing protests and cutting off channels for any future dissent, they added.

Decision makers at the civilian Ministry of Transport and Communications that delivered the orders were ex-military officials, according to one industry executive with direct knowledge of the plans and another briefed on the matter.

"They presented it as coming from the civilian government, but we knew the army would have control and were told you could not refuse," the executive with direct knowledge said, adding that officials from the military-controlled Ministry of Home Affairs also sat in on the meetings.

More than a dozen people with knowledge of the intercept spyware used in Myanmar have been interviewed by Reuters. All asked to remain anonymous, citing fear of retribution from the military junta.

https://www.reuters.com/world/asia-pacific/how-myanmars-military-moved-telecoms-sector-spy-citizens-2021-05-18/

#myanmar #military #telecom #surveillance #internet #spyware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

What the NSA provides to its foreign partners, and vice versa

The cooperation between (signals) intelligence agencies of different countries is strictly quid pro quo, which means what you get is equivalent to what you give. This is perfectly illustrated by a small series of documents from the Snowden trove, which summarize what the NSA provides to its foreign partners, along what they provide to the NSA.

Two of these documents are about the NSA's Second Party partners (better known as the Five Eyes): Canada and New Zealand, and six about Third Party partners: Germany, Israel, Norway, Saudi Arabia, Sweden and Turkey. Another NSA document provides some characteristics of these relationships.

The documents about the various NSA partners are information papers prepared by the Country Desk Officer (CDO) for the particular country at the NSA's Foreign Affairs Directorate (FAD). All but one date from April 2013, which is just a month before Snowden left the agency. It's not known whether there are also papers about other NSA partners among the Snowden files.

The information papers describe the relationship between the NSA and the foreign partner in a standardized way: they all start with an introduction, mention some "Key Issues", followed by "What NSA Provides to Partner" and "What Partner Provides to NSA". The papers end with "Success Stories" and "Problems/Challenges with the Partner".

https://www.electrospaces.net/2021/05/what-nsa-provides-to-its-foreign.html

#usa #nsa #FiveEyes #cooperation #leaked #papers
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The new corporate owner of Freenode is Imperial Family Companies

https://imperialfamily.com/

https://freenode.net/

#freenode #imperialfamily
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hetzner has banned crypto mining and Chia farming

Hetzner has silently adjusted its T&Cs and blocked entire IP ranges this morning around 9:20. In the last 36h 50x AX41 canceled and moved. I am deeply disappointed, even if the change does not affect me.

https://nitter.pussthecat.org/Hetzner_Online/status/1394957824749457409

via https://twitter.com/Hetzner_Online/status/1394957824749457409

#hetzner #server #hosting #germany
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Developers Flee Open Source Project After ‘Takeover’ By Korean Crown Prince

Developers of the popular open source network Freenode are quitting en masse and accusing Andrew Lee, the Crown Prince of Korea, of a “hostile takeover” of the organization.

Developers of the open source organization Freenode are quitting en masse after Andrew Lee, a tech entrepreneur and the Crown Prince of Korea, has taken control of the network in what developers are describing as an "hostile takeover."

Freenode was founded in 1994 and has since become the largest free and open source project that runs Internet Relay Chat (or IRC) networks, which were once hugely popular and are still an important internet chat protocol. It has traditionally been run by volunteers and has amassed "90,000 users and just shy of 50,000 registered channels," according to the organization's official website. While it is not as popular as it used to be, it is still a key site for free software project coordination.

On Wednesday, a dozen Freenode staff volunteers published posts announcing their resignations, which explain their decision to quit. The broad strokes of the letters explain that they believe Lee bought the entire Freenode network under what they believe are false—but legal—pretenses, and that they have lost control over the network. They said there is little the staff can do to oppose changes that Lee wants to implement.

The now former staff members announced that they are launching a new chat network, Libera.chat, to continue Freenode's mission.

https://www.vice.com/en/article/m7ev8y/freenode-open-source-korea-crown-prince-takeover

💡 read as well:
The new corporate owner of Freenode is Imperial Family Companies
https://t.iss.one/BlackBox_Archiv/2239

#freenode #imperialfamily
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv