Methods To Block Program Backdoors/Privacy Violations (Audacity Privacy Policy Example)

You can do this for ALL non internet needing programs to maximize privacy/security. We cover many ways we can restrict ALL non internet using programs from sending your IP address/backdoors (reverse shells?) and then use Audacity's new Privacy Policy and data sharing potential as an example: You should do this with All non internet programs to protect security + privacy.

https://devtube.dev-wiki.de/videos/watch/25321ef1-8663-43c9-926a-678df26c6d5e

https://www.buymeacoffee.com/politictech/block-program-backdoors-privacy-violations-related-ex-use-audacity-your-data-may-now-be-shared

#privacy #security #backdoors #audacity #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

NOTHING TO HIDE documentary (Eng, 2017)

NOTHING TO HIDE (2017) deals with the acceptance of mass surveillance through the "I have nothing to hide" narrative. “Eye-opening” (Forbes) “Fascinating” (Les Inrocks).
Support the Creative Commons Non Derivative Non Commercial licence of the film: leetchi.com/c/project-nothing-to-hide allowing the film to be online for free.

💡 More info about Nothing to Hide and its sequel Disappear:
https://deepdocs.eu

https://invidious.fdn.fr/watch?v=M3mQu9YQesk

#snowden #NothingToHide #documentation
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

BREAKING: Binance suspends euro bank transfers amid regulatory heat

As of 8 am UTC on Wednesday, Binance users will no longer be able to make euro deposits through their bank. However, they can still fund their accounts with credit cards and debit cards.

Regulatory constraints facing Binance have forced the popular cryptocurrency exchange to temporarily halt bank transfers denominated in euros, according to an email sent to its customers on Tuesday.

Specifically, euro deposits via the Single Europe Payments Area, or SEPA, have been put on hold indefinitely due to circumstances beyond the exchange’s control, Binance said in the email:

“Due to events beyond our control, we are temporarily suspending EUR deposits via SEPA Bank Transfers from 8 am UTC on July 7, 2021.”

https://cointelegraph.com/news/breaking-binance-suspends-euro-bank-transfers-amid-regulatory-heat

#binance #euro #bank #transfers #regulation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Kaspersky Password Manager: All your passwords are belong to us

tl;dr: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. All the passwords it created could be bruteforced in seconds. This article explains how to securely generate passwords, why Kaspersky Password Manager failed, and how to exploit this flaw. It also provides a proof of concept to test if your version is vulnerable.

💡 The product has been updated and its newest versions aren’t affected by this issue.

Introduction
Two years ago, we looked at Kaspersky Password Manager (KPM), a password manager developed by Kaspersky. Kaspersky Password Manager is a product that securely stores passwords and documents into an encrypted vault, protected by a password. This vault is protected with a master password, so, as with other password managers, users have to remember a single password to use and manage all their passwords. Product is available for various operating systems (Windows, macOS, Android, iOS, Web…) Encrypted data can then be automatically synchronized between all your devices, always protected by your master password.

The main functionality of KPM is password management. One key point with password managers is that, contrary to humans, these tools are good to generate random, strong passwords. To generate secure passwords, Kaspersky Password Manager must rely on a secure password generation mechanism. We will first see an example of a good password generation method, to explain after why the method used by Kaspersky was flawed, and how we exploited it. As we will see, passwords generated by this tool can be bruteforced in seconds.

After a bit less than two years, this vulnerability has been patched on all versions of KPM. Vulnerability has been assigned CVE-2020-27020.

https://donjon.ledger.com/kaspersky-password-manager/

#kaspersky #password #manager #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

ACE/MPA Seize Dozens Of Pirate Streaming Domains, Demand Data on Dozens More

The Alliance for Creativity and Entertainment and partners the MPA have seized dozens of pirate-streaming related domains. In addition, the anti-piracy giants are demanding information that will allow them to identify the operators of dozens more pirate streaming sites, including the massive Streamtape.com and others involved in the supply of IPTV packages.

The past decade has seen an explosion of illegal streaming sites offering the latest movies and TV shows but despite enforcement efforts in many shapes and sizes, the flood seems never ending.

At the forefront of combating this threat is the Alliance For Creativity and Entertainment (ACE), the world’s largest anti-piracy coalition featuring dozens of the planet’s richest and most powerful entertainment industry groups.

The Motion Picture Association is deeply embedded within ACE and together these groups have shut down a large number of illegal platforms and targeted release groups plus other closely aligned entities.

https://torrentfreak.com/ace-mpa-seize-dozens-of-pirate-streaming-domains-demand-data-on-dozens-more-210706/

#ace #mpa #seized #pirate #domains
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Russian lawmakers prepare legal amendment to confiscate crypto

Russia’s prosecutor general, Igor Krasnov, says new crypto regulations are needed to combat corruption as — in his view — digital assets are often used to facilitate crime.

Russian lawmakers are working on new legislation that would allow the government to confiscate cryptocurrencies, according to a senior official.

Russian Prosecutor General Igor Krasnov claimed that the government is now developing a set of amendments to the country’s criminal code to allow authorities to seize crypto obtained from illegal activity, local news agency TASS reported.

Speaking at a conference of prosecutors’ offices of European countries on Wednesday, Krasnov stressed that cryptocurrencies like Bitcoin (BTC) have been increasingly used for corruption and bribery. The official said that cryptocurrency is also a tool for laundering embezzled budget funds.

“The criminal usage of cryptocurrencies poses a serious challenge in our country,” Krasnov said. He claimed that Russia’s adopted crypto law “On Digital Financial Assets” (DFA) has played a crucial role in tackling this problem, but new criminal code amendments would bring additional protection. “This would allow the application of restrictive measures and confiscation of virtual assets,” Krasnov stated.

According to some local industry experts, no amount of legislation would make it possible for the government to actually seize crypto assets. Nikita Soshnikov, a former senior lawyer at Deloitte CIS and director of Alfacash, told Cointelegraph that it is “obvious that digital assets kept in wallets would be impossible to confiscate like any other type of assets.” “However, there is already one landmark case where FSB officers were found guilty for accepting bribes, and the court formally seized 0.1 and 4.70235 BTC as state revenue,” he noted.

https://cointelegraph.com/news/russian-lawmakers-prepare-legal-amendment-to-confiscate-crypto

#russia #lawmakers #crypto #regulations
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Invites are live on https://cock.li!

Each user has been granted 5 invites, except for accounts over 3 years old which have 15. Invites will be replenished from time to time.

You can create your invites at https://cock.li/invites . Have fun!

https://nitter.pussthecat.org/gexcolo/status/1412682754224017414

via Twitter

#vincent #cockli #email #invites
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Shocking extent of biometric surveillance in Europe

A network of civil rights organizations has studied biometric surveillance systems in Germany, the Netherlands and Poland. The study concludes that the systems are often used unlawfully.

https://edri.org/wp-content/uploads/2021/07/EDRI_RISE_REPORT.pdf

#eu #biometric #surveillance #study #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

PrintNightmare Hits Windows, REvil Kaseya Ransomware Hits Businesses Worldwide - ThreatWire

3 Vulnerabilities were Found In Netgear Routers, Ransomware Hits Businesses Worldwide, and PrintNightmare Leads to remote code execution attacks! All that coming up now on ThreatWire.

https://www.youtube.com/watch?v=iCGuqW7NL9U

#threatwire #hak5 #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Movie Companies Want U.S. Internet Provider ‘Frontier’ to Block Pirate Sites

A group of independent movie companies want to hold Internet provider Frontier Communications liable for pirating subscribers. In addition to damages, the filmmakers request a site-blocking order, targeting The Pirate Bay, YTS, RARBG, and many others. As a bonus, the movie companies note that the most prolific pirates can be sued directly too.

Over the past two decades, online piracy has proven a massive challenge for the entertainment industries.

It’s a global issue that’s hard to contain, but Hollywood and the major U.S. record labels are at the forefront of this battle.

One of the key strategies they’ve employed in recent years is website blocking. US companies have traveled to courts all over the world to have ISP blockades put in place, with quite a bit of success.

Interestingly, however, site blocking is noticeably absent in the United States, which harbors the most pirates of any country in the world. This can, in part, be explained by legislative backlashes and legal uncertainty. But it’s noteworthy nonetheless.

In recent years, the tide slowly started to turn, with major copyright groups strengthening their calls for blockades. However, the first move in court now comes from a group of smaller movie companies, including Millenium Media and Voltage Pictures, which have built up an impressive anti-piracy track record in recent years.

https://torrentfreak.com/movie-companies-want-u-s-internet-provider-frontier-to-block-pirate-sites-210707/

#usa #isp #block #pirate #sites
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya

Resecurity® HUNTER, cyber threat intelligence and R&D unit, identified a strong connection to a cloud hosting and IoT company servicing the domain belonging to cybercriminals.

According to the recent research published by ReSecurity on Twitter, starting January 2021 REVil leveraged a new domain ‘decoder[.]re’ in addition to a ransomware page available in the TOR network.

https://securityaffairs.co/wordpress/119799/cyber-crime/researchers-infrastructure-revil-ransomware-gang.html

#revil #kaseya #ransomware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Mozilla Investigation: YouTube Algorithm Recommends Videos that Violate the Platform’s Very Own Policies

Conducted using data donated by thousands of YouTube users, research reveals the algorithm is recommending videos with misinformation, violent content, hate speech, and scams.

Research also finds that people in non-English speaking countries are far more likely to encounter disturbing videos.

(July 7, 2021) -- YouTube’s controversial algorithm is recommending videos considered disturbing and hateful that often violate the platform’s very own content policies, according to a 10-month long, crowdsourced investigation released today by Mozilla. The in-depth study also found that people in non-English speaking countries are far more likely to encounter videos they considered disturbing.

https://foundation.mozilla.org/en/blog/mozilla-investigation-youtube-algorithm-recommends-videos-that-violate-the-platforms-very-own-policies/

👉🏼 The Report (PDF)
https://assets.mofoprod.net/network/documents/Mozilla_YouTube_Regrets_Report.pdf

#mozilla #research #youtube #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

China’s gene giant harvests data from millions of women

A prenatal test used worldwide sends gene data of pregnant women to the company that developed it with China's military. The U.S. sees a security risk.

A Chinese gene company selling prenatal tests around the world developed them in collaboration with the country's military and is using them to collect genetic data from millions of women for sweeping research on the traits of populations, a Reuters review of scientific papers and company statements found.

U.S. government advisors warned in March that a vast bank of genomic data that the company, BGI Group, is amassing and analyzing with artificial intelligence could give China a path to economic and military advantage. As science pinpoints new links between genes and human traits, access to the biggest, most diverse set of human genomes is a strategic edge. The technology could propel China to dominate global pharmaceuticals, and also potentially lead to genetically enhanced soldiers, or engineered pathogens to target the U.S. population or food supply, the advisors said.

Reuters has found that BGI’s prenatal test, one of the most popular in the world, is a source of genetic data for the company, which has worked with the Chinese military to improve “population quality” and on genetic research to combat hearing loss and altitude sickness in soldiers.

BGI says it stores and re-analyzes left-over blood samples and genetic data from the prenatal tests, sold in at least 52 countries to detect abnormalities such as Down syndrome in the fetus. The tests – branded NIFTY for “Non-Invasive Fetal TrisomY” – also capture genetic information about the mother, as well as personal details such as her country, height and weight, but not her name, BGI computer code viewed by Reuters shows.

So far, more than 8 million women have taken BGI’s prenatal tests globally. BGI has not said how many of the women took the test abroad, and said it only stores location data on women in mainland China.

https://www.reuters.com/investigates/special-report/health-china-bgi-dna/

#china #bgi #dna #security #risk #usa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

iMessage: End-to-end encryption leveraged by iCloud backup.

Apple itself states that all communication via iMessage is end-to-end encrypted (E2EE). Unfortunately, the messenger is not open source and thus the security cannot be independently confirmed. That being said, messages are only actually E2E encrypted if the iCloud backup feature is disabled for iMessage. By default, iMessage messages that are readable with a private key stored on the local device are namely transmitted to the iCloud.

Before being transferred to the iCloud, the messages are decrypted locally (with the private key) and then transferred to the iCloud via TLS channel. There they are encrypted again with a key that is, however, managed by Apple or is known there. This enables Apple to read all iMessage messages or forward them to the authorities. E2E encryption reduced to absurdity.

So, if you want your iMessage messages to actually remain E2EE, you have to manually deactivate the backup function for iMessages in iOS.

However, this problem does not only apply in connection with iMessage, but also with other messengers whose messages are transferred to the iCloud as a backup.

💡And what do we learn from this:
Manufacturers often advertise security and data protection features in their external presentation, which, on closer inspection, only serve marketing purposes and practically have little to no effect - except under certain conditions. Now you can check whether you have already manually deactivated the backup of iMessage messages on your device.

https://www.kuketz-blog.de/imessage-ende-zu-ende-verschluesselung-durch-icloud-backup-ausgehebelt/

#imessage #icloud #backup #encryption
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Code in huge ransomware attack written to avoid computers that use Russian, says new report

"They don't want to annoy the local authorities, and they know they will be able to run their business much longer if they do it this way," said an expert.

WASHINGTON — The computer code behind the massive ransomware attack by the Russian-speaking hacking ring REvil was written so that the malware avoids systems that primarily use Russian or related languages, according to a new report by a cybersecurity firm.

It's long been known that some malicious software includes this feature, but the report by Trustwave SpiderLabs, obtained exclusively by NBC News, appears to be the first to publicly identify it as an element of the latest attack, which is believed to be the largest ransomware campaign ever.

"They don't want to annoy the local authorities, and they know they will be able to run their business much longer if they do it this way," said Ziv Mador, Trustwave SpiderLabs' vice president of security research.

https://www.nbcnews.com/politics/national-security/code-huge-ransomware-attack-written-avoid-computers-use-russian-says-n1273222

👉🏼 read the report:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/diving-deeper-into-the-kaseya-vsa-attack-revil-returns-and-other-hackers-are-riding-their-coattails/

#ransomware #revil #usa #russia
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

US offers Julian Assange time in Australian prison instead of American supermax if he loses London extradition fight Appeal against January decision to be heard by High Court

Julian Assange will remain in a British prison for now after the US government won permission to appeal against a January court ruling that freed him from extradition to America.

News of the appeal came as the US Department of Justice offered Assange a deal that would keep him out of the notoriously cruel US supermax prisons, according to The Times.

The High Court this morning granted the US permission to appeal against a ruling by Westminster Magistrates' Court that Assange couldn't be extradited because he would commit suicide if handed over to the Americans. The WikiLeaker-in-chief's legal team lost on every other legal ground against extradition.

US authorities gained that permission on three grounds, including a deal that would rule out his being sent to a federal supermax in Colorado or being automatically subject to extra-harsh punishments within prison.

"The United States has also provided an assurance that the United States will consent to Mr Assange being transferred to Australia to serve any custodial sentence imposed on him," said the High Court's ruling.

https://www.theregister.com/2021/07/08/assange_us_to_appeal_extradition_ruling/

#assange #usa #australia #london
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation

Russia and Ukraine promised to cooperate and help catch the world’s most successful hackers. But things didn’t quite go to plan.

The American cops took the slower, cheaper train from Kyiv to Donetsk.

After repeatedly traveling between Ukraine and the United States, there were more comfortable ways to make this final, 400-mile journey. But the five FBI agents felt like luxury tourists compared to most travelers onboard. They could afford spacious private rooms while locals were sleeping 10 to a cabin. The train moved haltingly, past empty country and villages that, to the Americans at least, looked as if they’d been frozen in the Cold War.

The overnight trek was set to take 12 hours, but it had truly begun two years earlier, in 2008, at the FBI offices in Omaha, Nebraska. That’s where the agents had started trying to understand a cybercrime explosion that was targeting Americans and pulling in millions of dollars from victims. At that point, with at least $79 million stolen, it was by far the biggest cybercrime case the FBI had ever seen. Even today, there are few to match its scale.

Bit by bit, the American investigators began to sketch a picture of the culprits. Soon Operation Trident Breach, as they called it, homed in on a highly advanced organized-crime operation that was based in Eastern Europe but had global reach. As evidence came in from around the world, the Bureau and its international partners slowly put names and faces to the gang and started plotting the next step.

As the train made its way across Ukraine, Jim Craig, who was leading his very first case with the FBI, couldn’t sleep. He passed the time moving between his cabin and the drinks car, a baroque affair with velvet curtains. Craig stayed awake for the entire trip, staring out the window into the darkness as the country passed by.

For more than a year, Craig had traveled all over Ukraine to build a relationship between the American, Ukrainian, and Russian governments. It had been an unprecedented effort to work together and knock down the rapidly metastasizing cybercrime underworld. US agents exchanged intelligence with their Ukrainian and Russian counterparts, they drank together, and they planned a sweeping international law enforcement action.

https://www.technologyreview.com/2021/07/08/1027999/fbi-russia-ukraine-cybercrime-investigation-ransomware/

#fbi #russia #ukraine #cybercrime #investigation #ransomware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

SOS (Stephen's OS)

This is my personal operating system project. It targets the 32-bit ARMv7-A architecture. The main target board is qemu, but progress is being made on the Raspberry Pi 4B target! Despite being very imited, this one-person project has actually made a great deal of progress and continues to improve.

To build and run this, you need two important pieces of software:
QEMU 4.2+, and an ARM cross compiler. These dependencies are straightforward on Arch Linux, but Ubuntu users should see more detailed setup instructions in Ubuntu.md.

https://github.com/brenns10/sos

#sos #raspberry
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Biden signs new order cracking down on Big Tech

President Joe Biden has signed an executive order aimed at cracking down on big tech firms and promoting competition.

The move points to Mr Biden's desire for tougher scrutiny of Big Tech, which the administration has accused of "undermining competition".

"Capitalism without competition isn't capitalism. It's exploitation," Mr Biden said at Friday's signing event.

The order includes 72 actions and recommendations involving ten agencies.

It suggests that problems have arisen because of large tech firms collecting too much personal information, buying up potential competitors and competing unfairly with small businesses.

💡Several recommendations it sets out include:

- Greater scrutiny of mergers in the tech sector
- New rules to be set out by the Federal Trade Commission (FTC) on data collection
- Barring unfair methods of competition on internet marketplaces.

The Biden administration is also targeting a number of other sectors with the order.

https://www.bbc.co.uk/news/business-57783824

#usa #biden #BigTech #crackdown
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The FBI’s honeypot Pixel 4a gets detailed in new report

FBI honeypot phones are now public—and showing up on the secondary market.

Last month, authorities disclosed that the FBI and Australian Federal Police secretly operated an "encrypted device company" called "Anom." The company sold 12,000 smartphones to criminal syndicates around the world. These were pitched as secure devices but were actually honeypot devices that routed all messages to an FBI-owned server. The disclosure was light on details, but now that it's public, Anom phones are being unloaded on the secondary market. That means us normal people are finally getting a look at them, starting with this Vice article detailing one of the devices.

The FBI has basically weaponized what the Android modding community has been doing for years. Some Android phones have unlockable bootloaders, which let you wipe out the original operating system and replace it with your own build of an OS, called a custom ROM. The Anom device Vice got was a Google Pixel 4a, one of the most developer-friendly devices out there. The FBI's custom ROM shows an "ArcaneOS" boot screen, and it replaced the normal Google Android distribution with the FBI's skin of Android 10.

https://arstechnica.com/gadgets/2021/07/how-the-fbi-weaponized-android-modding-with-anom-devices/

#fbi #honeypot #android #anom #report
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Surveilling the Gamers: Privacy Impacts of the Video Game Industry

With many million users across all age groups and income levels, video games have become the world’s leading entertainment industry. Behind the fun experience they provide, it goes largely unnoticed that modern game devices pose a serious threat to consumer privacy. To illustrate the industry’s potential for illegitimate surveillance and user profiling, this paper offers a classification of data types commonly gathered by video games.

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3881279

#surveillance #privacy #profiling #gamers #videogames #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv