Google turned me into a serial killer

As I was scrolling through my inbox today, I stumbled upon an e-mail from a former colleague of mine who wanted to inform me that a Google search of my name yields a picture of me linked to a Wikipedia article about a serial killer who happens to have the same name as mine.

https://hristo-georgiev.com/google-turned-me-into-a-serial-killer

#google #DeleteGoogle
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Update: Warp-Plus-Cloudflare - A project for getting unlimited GB on Warp+ ( https://1.1.1.1/ )

WARP+ uses Cloudflare’s virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet. Read more.

https://github.com/ALIILAPRO/warp-plus-cloudflare

#cloudflare #warp #script #tool
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Elcomsoft Breaks the Latest Version of VeraCrypt

Elcomsoft updates Elcomsoft Forensic Disk Decryptor, the company’s all-in-one tool for accessing encrypted disks and containers. In this update, the tool adds support for the latest versions of VeraCrypt, enabling experts to extract on-the-fly encryption keys from the computer’s RAM to instantly mount or decrypt VeraCrypt-protected disks without running password attacks and bypassing the associated complexity altogether.

Recent versions of VeraCrypt are using a newer, stronger way to keep on-the-fly encryption keys in the computer’s RAM. Elcomsoft Forensic Disk Decryptor 2.18 can now extract these on-the-fly encryption keys from the computer’s RAM for the latest versions of VeraCrypt.

https://www.elcomsoft.com/press_releases/efdd_20210603.html

#elcomsoft #forensic #veracrypt
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Mozilla: Take control over your data with Rally, a novel privacy-first data sharing platform

Mozilla teams up with Princeton University researchers to enable crowdsourced science for public good; collaborates with research groups at Princeton, Stanford on upcoming studies.

Your data is valuable. But for too long, online services have pilfered, swapped, and exploited your data without your awareness. Privacy violations and filter bubbles are all consequences of a surveillance data economy. But what if, instead of companies taking your data without giving you a say, you could select who gets access to your data and put it to work for public good?

Today, we’re announcing the Mozilla Rally platform. Built for the browser with privacy and transparency at its core, Rally puts users in control of their data and empowers them to contribute their browsing data to crowdfund projects for a better Internet and a better society. At Mozilla, we’re working on building a better internet, one that puts people first, respects their privacy and gives them power over their online experience. We’ve been a leader in privacy features that help you control your data by blocking trackers. But, being “data-empowered” also requires the ability to choose who you want to access your data.

https://blog.mozilla.org/en/mozilla/take-control-over-your-data-with-rally-a-novel-privacy-first-data-sharing-platform/

#mozilla #privacy #rally #data #sharing
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Key witness in Assange case admits to lies in indictment

A maj­or wit­n­ess in the United States’ Depart­ment of Justice ca­se against Ju­li­an Assange has admitted to fabricat­ing key accusati­ons in the indict­ment against the Wiki­leaks found­er.

A major witness in the United States’ Department of Justice case against Julian Assange has admitted to fabricating key accusations in the indictment against the Wikileaks founder. The witness, who has a documented history with sociopathy and has received several convictions for sexual abuse of minors and wide-ranging financial fraud, made the admission in a newly published interview in Stundin where he also confessed to having continued his crime spree whilst working with the Department of Justice and FBI and receiving a promise of immunity from prosecution.

The man in question, Sigurdur Ingi Thordarson, was recruited by US authorities to build a case against Assange after misleading them to believe he was previously a close associate of his. In fact he had volunteered on a limited basis to raise money for Wikileaks in 2010 but was found to have used that opportunity to embezzle more than $50,000 from the organization. Julian Assange was visiting Thordarson’s home country of Iceland around this time due to his work with Icelandic media and members of parliament in preparing the Icelandic Modern Media Initiative, a press freedom project that produced a parliamentary resolution supporting whistleblowers and investigative journalism.

The United States is currently seeking Assange’s extradition from the United Kingdom in order to try him for espionage relating to the release of leaked classified documents. If convicted, he could face up to 175 years in prison. The indictment has sparked fears for press freedoms in the United States and beyond and prompted strong statements in support of Assange from Amnesty International, Reporters without borders, the editorial staff of the Washington Post and many others.

US officials presented an updated version of an indictment against him to a Magistrate court in London last summer. The veracity of the information contained therein is now directly contradicted by the main witness, whose testimony it is based on.

https://stundin.is/grein/13627/

#assange #wikileaks #usa #uk #extradition #indictment
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Whistleblowers, The State, and Surveillance with Journalist Barrett Brown

Journalist Barrett Brown will be joining us to discuss the state, digital media, and FBI surveillance, The Intercept, Glenn Greenwald, and other issues related to political struggle.

https://www.youtube.com/watch?v=MBeMZ4UFMaM

#whistleblower #fbi #surveillance #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Craig Wright was granted default judgement against Cobra

Now Cobra will have to remove all references to the Bitcoin whitepaper from bitcoin.org in the UK. The Judge criticized Cobra for not defending himself, despite his multiple emails to the court begging to adjourn the decision until after the COPA ruling.

He also highlighted that Cobra was unwilling to defend himself in front of the court, yet was still sitting in the aisles of the MS teams group as "Cobra" the anon. The judge actually pointed out that the defendant, who refused to defend himself in front of the court, was sitting right there in the aisles.

Cobra now has to pay £35,000 to the court. In addition to adhering to it's judgment.

https://www.reddit.com/r/bitcoincashSV/comments/o9ivuw/craig_wright_was_granted_default_judgement/

#bitcoin #whitepaper #wright #cobra #uk #copa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Data Poisoning Won't Save You From Facial Recognition

Data poisoning has been proposed as a compelling defense against facial recognition models trained on Web-scraped pictures. By perturbing the images they post online, users can fool models into misclassifying future (unperturbed) pictures.

We demonstrate that this strategy provides a false sense of security, as it ignores an inherent asymmetry between the parties: users' pictures are perturbed once and for all before being published (at which point they are scraped) and must thereafter fool all future models -- including models trained adaptively against the users' past attacks, or models that use technologies discovered after the attack.

https://arxiv.org/abs/2106.14851

#facial #recognition #defense #data #poisoning #study #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

DoubleVPN servers, logs, and account info seized by law enforcement

Law enforcement has seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities.

DoubleVPN is a Russian-based VPN service that double-encrypts data sent through their service.

Servers and data seized by law enforcement

The doublevpn.com [archive.org] website was seized today by law enforcement, who stated that they gained access to the servers for DoubleVPN and took personal information, logs, and statistics for the service's customers.

"On 29th of June 2021, law enforcement took down DoubleVPN. Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers. DoubleVPN’s owners failed to provide the services they promised," says the now-seized doublevpn.com website.

"International law enforcement continues to work collectively against facilitators of cybercrime, wherever and however it is committed. The investigation regarding customer data of this network will continue."

https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/

#doublevpn #seized #police
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Court Orders YouTube Rippers to Log and Share Data with Record Labels

A Virginia District Court has ordered the Russian operator of two popular YouTube rippers to keep extensive logs of user activity and hand these over to the major record labels. The order was requested by the labels, which argue that FLVTO.biz and 2conv.com facilitate massive copyright infringement in the United States and abroad.

The major record labels believe that YouTube rippers are the most significant piracy threat on the Internet.

https://torrentfreak.com/court-orders-youtube-rippers-to-log-and-share-user-data-210629/

#youtube #piracy #rippers #copyright #userdata
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

iodéOS – does the data saving Android operating system fulfill its promise?

We took a close look at iodéOS, which is based on LineageOS. Can the privacy friendly operating system fulfill its promises? Read our test!

As already mentioned, iodéOS is an Android operating system based on LineageOS with a special focus on privacy. The manufacturer claims that the user can use the full comfort of Android without being spied on by Google and other data octopuses all the way. At least that is what the founder of iodé, Antoine Maurino, promises us.

The increasingly frequent data scandals at Google or Facebook, to name just the two most important ones, usually seem „far away„. But more and more people seem to be slowly realizing that they, too, are a small but important part of this constantly expanding data collection.

Most of the time, it starts out small. An app here, another one there. And then, before you know it, you have countless apps installed on your Android phone.

But all these apps have one thing in common. That’s right, they collect data. Your data! And mostly behind your back. Did you know that Google alone requests location information and other data from your Android smartphone 340 times in a 24-hour period?

https://tarnkappe.info/iodeos-does-the-data-saving-android-operating-system-fulfill-its-promise/

#android #iodéOS #DeleteGoogle #aurora #microG
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

PokeBeach Hacked, Next Steps for the Site

PokeBeach was hacked on Monday. All files were deleted. We have been assessing the situation for the last 72 hours. I have barely slept.

No user data was stolen or compromised.

The hacking was a professional job conducted by an overseas team who wanted to hold the website hostage for monetary gain. The team gained access to the site through an exploit in a popular piece of software we use, which we updated a week prior. We can’t go into too many details because we are currently exploring our legal options.

The team first reverse-engineered our backup script to delete all of our offsite backups. This wasn’t noticed until it was too late. They also attempted to modify PokeBeach’s article program so that new subscribers would be referred to their Paypal account. This was instantly reported to Paypal, who worked with us to confirm no new accounts were affected.

As we locked them out of the web server, they issued a command to wipe it clean. We discovered they were in the process of downloading it so they could offer it back to us for payment. It’s also why they deleted our backups.

Later we received a message from an individual who suggested I should mail him my cards from this tweet if I want some of my files back. He disappeared after I ignored him.

The hackers never had access to our databases. No news stories, forum posts, or user accounts have been affected. However, the last few years of media files are gone. This includes news story images, forum attachments, and similar. We are currently trying to find local backups and use recovery software, but the outlook is grim. Our web host Linode even kindly pooled its team together to help with our recovery efforts.

https://www.pokebeach.com/2021/07/pokebeach-hacked-next-steps-for-the-site

#pokebeach #hacked
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

How to bypass the Windows 11 TPM 2.0 requirement

Microsoft now requires a computer to have a TPM 2.0 module to install Windows 11. However, new Registry entries have been discovered that allow you to bypass the TPM requirement and minimum memory and secure boot requirements.

With Windows 11, Microsoft added new minimum system requirements that all devices need to have a TPM 2.0 security processor to power some of the operating system's security features.

"The following Windows features require TPM 2.0: Measured Boot, Device Encryption, WD System Guard, Device Health Attestation, Windows Hello/Hello for Business, TPM Platform Crypto Provider Key Storage, SecureBIO, DRTM, vTPM in Hyper-V," Microsoft told BleepingComputer.

For most people running CPUs created in the past 5-6 years, a firmware-based TPM (fTPM) is built into the CPU and can be enabled in the BIOS.

To enable the fTPM, simply boot your computer into the BIOS and enable the Intel Platform Trust Technology (Intel PTT) or the AMD Platform Security Processor, depending on your CPU.

For those who do not have this feature, you may be able to install a discrete TPM 2.0 processor on the motherboard. However, if your processor is old enough that it does not have one built-in fTPM, your motherboard's module will likely be TPM 1.2, which is not compatible with Windows 11.

This requirement is frustrating for users running Windows 10 on older equipment, as now they are being forced to purchase new hardware to install Windows 11.

Furthermore, as Microsoft has stated in documentation that OEMs can get permission to disable the TPM requirement in Windows 11 for their devices, the question becomes: Do you really need a TPM 2.0 processor to use Windows 11?

https://www.bleepingcomputer.com/news/microsoft/how-to-bypass-the-windows-11-tpm-20-requirement/

#microsoft #windows #tpm
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

REvil ransomware executes supply chain attack via malicious Kaseya update

The REvil ransomware gang appears to have gained access to the infrastructure of Kaseya, a provider of remote management solutions, and is using a malicious update for the VSA software to deploy ransomware to companies across the world.

The incident first came to light earlier today in a Reddit section dedicated to managed service providers (MSPs), companies that provide remote IT services to smaller businesses lacking an IT department and which are usually Kaseya’s primary customers.

MSPs use Kaseya’s VSA platform to manage and deploy software updates to customer networks or access remote systems to troubleshoot a customer’s IT problems; however, this very same functionality can be abused by threat actors who manage to gain access to an MSP’s VSA platform.

While at the time of writing, it is unclear how widespread the incident is, security firm Huntress Labs is reporting that at least four MSPs have been hit so far.

According to security firm Sophos, MSPs appear to be getting infected with ransomware via a malicious update to Kaseya VSA on-prem servers.

"We are monitoring a REvil 'supply chain' attack outbreak, which seems to stem from a malicious Kaseya update. REvil binary C:Windowsmpsvc.dll is side-loaded into a legit Microsoft Defender copy, copied into C:WindowsMsMpEng.exe to run the encryption from a legit process."

https://therecord.media/revil-ransomware-executes-supply-chain-attack-via-malicious-kaseya-update/

#revil #ransomware #kaseya
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Not Disclosing That a Photo Was Retouched is Now Illegal in Norway

Norway has recently passed legislation that makes it illegal for photos that feature any kind of retouching without disclosing the edits posted by celebrities and influencers as part of a pushback against unrealistic beauty standards and a rise in body dysmorphic disorder.

The law comes as an amendment to the country’s 2009 Marketing Act that makes it illegal for influencers to share retouched photos of their bodies in promotional posts on social media without disclosing that the image has been edited. The law passed with a considerable majority of 72 to 15 votes and requires advertisements featuring a person with any edits to a body’s size, shape, or skin to be marked with a standardized label designed by the government.

“Advertisements” encompasses celebrities and influencers, as the term is for anyone who receives payment or other benefits as the result of a post on social media. The specific platforms called out were Facebook, Instagram, Snapchat, TikTok, and Twitter. Violators of the law are subject to fines that can escalate in scale and lead to — in extreme cases — imprisonment.

https://petapixel.com/2021/07/02/not-disclosing-that-a-photo-was-retouched-is-now-illegal-in-norway/

#norway #photos #disclosing #influencer
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Build a Hackable Router with a $5 ESP32

If you're looking for a data-connected router for use as a Wi-Fi hacking punching bag, you can set one up for as little as $5. We'll use an ESP32 to create a Wi-Fi network and sniff traffic to discover logins, all using a low-cost microcontroller. This project is also useful for connecting IoT devices, making Wi-Fi honeypots, extending the range of a network.

https://www.youtube.com/watch?v=41Lymi6rXA8

#hak5 #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Binance Deploys Crypto Monitoring 'Traveler' System to Comply With FATF Travel Rule

Binance announced yesterday it deployed Ciphertrace’s Traveler system as part of its compliance efforts. Traveler is the first system designed for exchanges to comply with the Travel Rule proposed by the Financial Action Task Force. The exchange would be among the first wave of exchanges implementing this automatic Travel Rule compliance system.

Binance Implements Ciphertrace’s Traveler Protocol in Its Trading Platform

Binance, one of the largest cryptocurrency exchanges in the market, announced the implementation of Traveler, a system that will help them comply with the Travel Rule established by the Financial Action Task Force (FATF). Ciphertrace, a blockchain analytics startup, created Traveler as a third-party compliance platform.

Ciphertrace claims Traveler automatizes the process of complying with FATFs mandate, automatically making connections and identifying different VASPs (Virtual Asset Service Providers). Therefore, exchanges simplify their due diligence burden by implementing it.

https://news.bitcoin.com/binance-deploys-crypto-monitoring-traveler-system-to-comply-with-fatf-travel-rule/

#binance #crypto #monitoring #traveler #system #fatf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

US companies hit by 'colossal' cyber-attack

About 200 US businesses have been hit by a "colossal" ransomware attack, according to a cyber-security firm.

Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.

Kaseya said in a statement on its own website that it was investigating a "potential attack".

Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.

The US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack.

The cyber-breach emerged on Friday afternoon as companies across the US were clocking off for the long Independence Day weekend.

The two big things that are keeping cyber-security professionals up at night lately are ransomware attacks and supply chain attacks. This latest incident combines both nightmares into one big Independence Holiday weekend-ruining event for hundreds of US IT teams.

Ransomware is the scourge of the internet. Multiple organised criminal gangs are constantly attempting to gain access to computer networks to hold them hostage. The rate of attack is relentless but it can take a lot of time and effort on the criminals part to successfully hijack one victim's computer system.

In this latest incident the hackers showed that by going after the software supplier of multiple organisations they can pop dozens, perhaps hundreds of victims in one go. We've seen horrendous supply chain attacks in the past but this one has the potential to be the biggest incident involving ransomware yet.

It shows that ransomware gangs are thinking creatively about how to have the most impact possible and command the biggest ransom possible.

https://www.bbc.co.uk/news/world-us-canada-57703836

#kaseya #ransomware #revil #attack #usa #cybersecurity
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Digital Violence: How the NSO Group Enables State Terror

The data for the project is based on fifteen months of open source research that extracted data from hundreds of pages of documents as well as interviews. The Platform offers the most comprehensive database to date (containing over a thousand data points) of the reported infections of the phones using Pegasus.

https://forensic-architecture.org/investigation/digital-violence-how-the-nso-group-enables-state-terror

#digital #violence #nso #pegasus #surveillance #state #terror
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

If you use Audacity, the new owners just updated the terms of service so they can collect data on you, including for very open-ended "legal enforcement"; and then sell it to "potential buyers" all without your consent.

https://nitter.pussthecat.org/KrashHash/status/1411725491581587457

via Twitter

https://appleinsider.com/articles/21/07/04/open-source-audacity-deemed-spyware-over-data-collection-changes

#audacity
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Darknet Diaries - EP 96: The Police Station Incident

Nicole Beckwith wears a lot of hats. She’s a programmer, incident responder, but also a cop and Secret Service agent. In this episode she tells a story which involves all of these roles.

https://darknetdiaries.com/episode/96/

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv