SOS (Stephen's OS)

This is my personal operating system project. It targets the 32-bit ARMv7-A architecture. The main target board is qemu, but progress is being made on the Raspberry Pi 4B target! Despite being very imited, this one-person project has actually made a great deal of progress and continues to improve.

To build and run this, you need two important pieces of software:
QEMU 4.2+, and an ARM cross compiler. These dependencies are straightforward on Arch Linux, but Ubuntu users should see more detailed setup instructions in Ubuntu.md.

https://github.com/brenns10/sos

#sos #raspberry
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Biden signs new order cracking down on Big Tech

President Joe Biden has signed an executive order aimed at cracking down on big tech firms and promoting competition.

The move points to Mr Biden's desire for tougher scrutiny of Big Tech, which the administration has accused of "undermining competition".

"Capitalism without competition isn't capitalism. It's exploitation," Mr Biden said at Friday's signing event.

The order includes 72 actions and recommendations involving ten agencies.

It suggests that problems have arisen because of large tech firms collecting too much personal information, buying up potential competitors and competing unfairly with small businesses.

💡Several recommendations it sets out include:

- Greater scrutiny of mergers in the tech sector
- New rules to be set out by the Federal Trade Commission (FTC) on data collection
- Barring unfair methods of competition on internet marketplaces.

The Biden administration is also targeting a number of other sectors with the order.

https://www.bbc.co.uk/news/business-57783824

#usa #biden #BigTech #crackdown
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The FBI’s honeypot Pixel 4a gets detailed in new report

FBI honeypot phones are now public—and showing up on the secondary market.

Last month, authorities disclosed that the FBI and Australian Federal Police secretly operated an "encrypted device company" called "Anom." The company sold 12,000 smartphones to criminal syndicates around the world. These were pitched as secure devices but were actually honeypot devices that routed all messages to an FBI-owned server. The disclosure was light on details, but now that it's public, Anom phones are being unloaded on the secondary market. That means us normal people are finally getting a look at them, starting with this Vice article detailing one of the devices.

The FBI has basically weaponized what the Android modding community has been doing for years. Some Android phones have unlockable bootloaders, which let you wipe out the original operating system and replace it with your own build of an OS, called a custom ROM. The Anom device Vice got was a Google Pixel 4a, one of the most developer-friendly devices out there. The FBI's custom ROM shows an "ArcaneOS" boot screen, and it replaced the normal Google Android distribution with the FBI's skin of Android 10.

https://arstechnica.com/gadgets/2021/07/how-the-fbi-weaponized-android-modding-with-anom-devices/

#fbi #honeypot #android #anom #report
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Surveilling the Gamers: Privacy Impacts of the Video Game Industry

With many million users across all age groups and income levels, video games have become the world’s leading entertainment industry. Behind the fun experience they provide, it goes largely unnoticed that modern game devices pose a serious threat to consumer privacy. To illustrate the industry’s potential for illegitimate surveillance and user profiling, this paper offers a classification of data types commonly gathered by video games.

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3881279

#surveillance #privacy #profiling #gamers #videogames #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Tracking The White House YouTube channel

A website for tracking YouTube's removal of dislikes on White House videos

Verifying the accuracy of the data

I encourage visitors to this site, especially reporters, to verify the deletion phenomenon for themselves. To do so, go to the official White House YouTube channel and find a new video that is a few hours old. Click on the video and go to its page. Take a screenshot of the likes and dislikes, being sure that your computer's/phone's clock is visible in the screenshot (example). Once per hour, come back to the page, reload it so that the newest totals appear, and take another screenshot.

Do that over the course of the day, and you will almost certainly see that YouTube deletes dislikes repeatedly. Check back the next day, and you will see the deletions continuing throughout that day as well. Finally, check your screenshots against the video's chart at 81m.org (based on the timestamp in each of your screenshots), and you will see that the two data sources, your screenshots and my charts, line up for the official likes and dislikes. (There might be small discrepancies due to our respective samples being taken a few minutes apart.)

If you want to go further:

My real likes and real dislikes stats are simply computed from all the increases to likes/dislikes (but ignoring decreases). You can check the arithmetic in the "Last ... stats" table on each video page at 81m.org. You can download the full data on each page as CSV, TSV, or JSON files if you want to do your own charting. Also note that my real likes and real dislikes statistics almost always line up very closely for the videos in the comparison data, like those by PewDiePie.

https://81m.org/

#tracking #whitehouse #youtube #manipulation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Without Banks, Cannabis Companies Are Turning to Crypto

Here's one way that cryptocurrencies can help businesses that can't access traditional financial services.

Medicinal cannabis is now legal in 36 states, and 17 states allow recreational use.

However, banking is difficult for cannabis companies. Banks are nervous about working with cannabis businesses because federal law still prohibits the sale and distribution of marijuana -- no matter what local legislators say.

As a result, cannabis cash could be considered laundered money, and banks are reluctant to expose themselves to that kind of risk. Similarly, credit card companies and payment processors don't want to be liable if there's any kind of lawsuit.

There is a cannabis banking bill in the pipeline that may make things easier. But in the meantime, some cannabis companies are turning to cryptocurrencies to meet their banking needs.

https://www.fool.com/the-ascent/cryptocurrency/articles/without-banks-cannabis-companies-are-turning-to-crypto/

#cannabis #banking #crypto
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Today OONI data shows that #Cuba started blocking WhatsApp, Telegram & Signal amid protests.

Blocking appears to be happening by injecting a TCP RST packet during the TLS handshake.

https://nitter.pussthecat.org/OpenObservatory/status/1414622433156476930#m

#cuba #blocking #telegram #whatsapp #signal
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Bogdan Botezatu from Bitdefender in conversation with Tarnkappe.info (Interview)

Bitdefender security researcher Bogdan Botezatu on government malware, surveillance and a second firewall alongside Windows Defender.

Bogdan Botezatu is working at Bitdefender as an IT security expert since May 2008. Botezatu has many years of experience in the areas of cyberware as well as mobile and social network malware.

Botezatu kindly answers the many questions of the Tarnkappe.info community. In Bucharest, he works for Bitdefender as Director of Threat Research & Reporting. Botezatu runs his own blog and is reachable via LinkedIn, Twitter and Facebook, for example.

https://tarnkappe.info/bogdan-botezatu-from-bitdefender-in-conversation-with-tarnkappe-info/

#interview #bitdefender
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

You make a privacy-first service → You get banned on Google

TL;DR: Google and Microsoft have super opaque and unpredictable ad moderation.

There are unofficial policies that indirectly ban the advertising of privacy-first services.

DuckDuckGo and StartPage.com use their platforms.

If you’re banned (like I am), unban is highly unlikely to happen, and the chances of your success are extremely low.

This topic is unpleasant, so there won’t be a lot of jokes. You need to have a lot of courage and composure to make jokes about your deadly wound when you’re still severely bleeding.

https://dkzlv.medium.com/google-bans-privacy-first-services-b9452e281439

#DeleteGoogle #google #privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Introduction: Singleboard Computers vs Microcontrollers (Explained)

Singleboard computers vs Microcontrollers explained.

Singleboard computers like Pine64 A64 LTS or Raspberry Pi run entire operating systems such as Linux, FreeBSD, whereas microcontrollers such as the ESP32 focus on specialized tasks yet use much less power.

There are many ways to get into this and I will be doing series coming up to help people get into Singleboard computers and Microcontrollers using security/privacy benefits I think you will find useful.

https://devtube.dev-wiki.de/videos/watch/405263e6-c746-4ffe-88b0-9a4b2e922ead

#rasperry #pine #microcontrollers #ESP32
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Brazil’s Anti-Piracy “Operation 404” Leads to Arrests, Shutdowns, and Site Blocking

Brazilian law enforcement agencies have announced the third wave of anti-piracy "Operation 404." With support from the United States and the UK, the authorities blocked or shut down 334 websites and 94 piracy apps, while making five arrests. The blocking targets include 1337x and The Pirate Bay but those domains were not seized.

In the fall of 2019, Brazilian law enforcement conducted a large anti-piracy campaign codenamed ‘Operation 404,’ referring to the well-known HTTP error code.

With help from international law enforcement, the authorities took down hundreds of sites and apps and arrested several suspects.

A year later a new wave of anti-piracy action followed. Under the banner “Operation 404 #2”, law enforcement authorities blocked or seized the domain names of more than 300 pirate sites and streaming apps.
Operation 404 #3

Last week, Brazil’s Ministry of Justice announced the third wave of Operation 404. With 11 search and seizure warrants in hand, law enforcement officials blocked or seized the domains of 334 websites, 94 piracy apps, and 20 IP addresses.

https://torrentfreak.com/brazils-anti-piracy-operation-404-leads-to-arrests-shutdowns-and-site-blocking-210712/

#AntiPiracy #brazil #shutdown #siteblocking #1337x #PirateBay
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hackers Move to Extort Gaming Giant EA

After trying to sell a cache of stolen data, hackers are now dumping some of the information publicly in the hopes of forcing EA to pay a ransom.

The hackers who previously stole a wealth of data from gaming giant Electronic Artshave moved from trying to sell that data to now releasing parts of it publicly. In one message on a forum accompanying the data dump, the hackers say explicitly they are trying to extort EA as well.

"Few week ago we send email for ransome [sic] to EA but we dont get any response so we will posting the src [source]," one of the posts from the hackers reads. A compressed, 1.3GB cache the hackers released appears to include references to internal EA tools and the company's Origin store, according to a copy viewed by Motherboard.

"If they dont contact us or dont pay us we will keep posting it," the hackers threatened. The data they stole totals in at around 780GB, Motherboard previously reported. That data includes source code for the Frostbite engine, used in games such as Battlefield; internal development tools, and software development kits (SDKs). The hackers also provided Motherboard with screenshots that appear to show data related to The Sims.

https://www.vice.com/en/article/m7e57n/hackers-extort-ea-fifa

#ea #games #hacked #hacker #ransom
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Fast API resolving of REvil Ransomware related to Kaseya attack

This sample of REvil Ransomware is performing dynamically resolving of API functions via API name hashing. In this video I will show you 4 fast methods how you can do the API resolving of REvil Ransomware related to Kaseya attack.

3 methods are for IDAPro (renimp.idc + memsnapshot, Universal Unpacker Manual Reconstruct, Pe-Tree) and last 1 method (x64dbg + Scylla plugin)

https://www.youtube.com/watch?v=QYQQUUpU04s

#revil #ransomware #kaseya #api #resolving #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

A Conversation with Daniel Ellsberg - The whistleblower who started it all

For the Fourth of July, I reached out to an old friend, Daniel Ellsberg, to experiment with recording little conversations for you about big topics. Production quality will be a bit rough around the edges until I get the hang of it, but I hope you enjoy it.

https://edwardsnowden.substack.com/p/ellsberg1

#snowden #ellsberg #whistleblower #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv

Linux version of HelloKitty ransomware targets VMware ESXi servers

The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage.

As the enterprise increasingly moves to virtual machines for easier backup and resource management, ransomware gangs are evolving their tactics to create Linux encryptors that target these servers.

VMware ESXi is one of the most popular enterprise virtual machine platforms. Over the past year, there has been an increasing number of ransomware gangs releasing Linux encryptors targeting this platform.

https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/

#hellokitty #linux #ransomware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Security Analysis of Telegram (Symmetric Part)

We performed a detailed security analysis of the encryption offered by the popular Telegram messaging platform. As a result of our analysis, we found several cryptographic weaknesses in the protocol, from technically trivial and easy to exploit to more advanced and of theoretical interest.

For most users, the immediate risk is low, but these vulnerabilities highlight that Telegram fell short of the cryptographic guarantees enjoyed by other widely deployed cryptographic protocols such as TLS. We made several suggestions to the Telegram developers that enable providing formal assurances that rule out a large class of cryptographic attacks, similarly to other, more established, cryptographic protocols.

We disclosed the following vulnerabilities to the Telegram development team on 16 April 2021 and agreed with them on a disclosure on 16 July 2021:

https://mtpsym.github.io/

💡 Read as well: Four cryptographic vulnerabilities in Telegram
https://t.iss.one/BlackBox_Archiv/2391

#telegram #messenger #security #vulnerabilities #disclosure
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus

💡 Summary:

— Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts.

— Using Internet scanning we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.

— We identified a politically active victim in Western Europe and recovered a copy of Candiru’s Windows spyware.

— Working with Microsoft Threat Intelligence Center (MSTIC) we analyzed the spyware, resulting in the discovery of CVE-2021-31979 and CVE-2021-33771 by Microsoft, two privilege escalation vulnerabilities exploited by Candiru. Microsoft patched both vulnerabilities on July 13th, 2021.

— As part of their investigation, Microsoft observed at least 100 victims in Palestine, Israel, Iran, Lebanon, Yemen, Spain, United Kingdom, Turkey, Armenia, and Singapore. Victims include human rights defenders, dissidents, journalists, activists, and politicians.

— We provide a brief technical overview of the Candiru spyware’s persistence mechanism and some details about the spyware’s functionality.

— Candiru has made efforts to obscure its ownership structure, staffing, and investment partners. Nevertheless, we have been able to shed some light on those areas in this report.

https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/

#candiru #mercenary #spyware #israel
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Four cryptographic vulnerabilities in Telegram

An international research team of cryptographers completed a detailed security analysis of the popular Telegram messaging platform identifying several weaknesses in its protocol that demonstrate the product falls short of some essential data security guarantees.

💡 First, the “crime-pizza” vulnerability
Researchers assessed that the most significant vulnerabilities relate to the ability of an attacker on the network to manipulate the sequencing of messages coming from a client to one of the cloud servers that Telegram operates globally. Imagine the potential damage that could occur in swapping the sequence of messages. For example, if the order of the messages in the sequence “I say ’yes’ to”, “pizza”, “I say ’no’ to”, “crime” was altered then it would appear that the client is declaring their willingness to commit a crime.

💡 Second, the “every bit of information is too much” attack
Mostly of theoretical interest, this vulnerability allows for an attacker on the network to detect which of two messages are encrypted by a client or a server. Cryptographic protocols are designed to rule out even such attacks.

💡 Third, the “adjust your clocks” attack
Researchers studied the implementation of Telegram clients and found that three - Android, iOS, and Desktop - contained code which, in principle, permitted attackers to recover some plaintext from encrypted messages. While this seems alarming, it would require an attacker to send millions of carefully crafted messages to a target and observe minute differences in how long the response takes to be delivered. Nevertheless, if this type of attack were successful it would be devastating for the confidentiality of Telegram messages and, of course its users. Fortunately, this attack is almost impossible to pull off in practice. But, before you breathe a sigh of relief, this type of attack is mostly mitigated by the sheer coincidence that some metadata in Telegram is selected at random and kept secret.

💡 Fourth, the “piggy in the middle” game
The researchers also show how an attacker can mount an "attacker-in-the-middle" type of attack on the initial key negotiation between the client and the server. This allows an attacker to impersonate the server to a client, enabling it to break both the confidentiality and integrity of the communication. Luckily this attack, too, is quite difficult to pull off as it requires the attacker to send billions of messages to a Telegram server within minutes. However, this attack highlights that while users are required to trust Telegram’s severs, the security of Telegram's servers and their implementations cannot be taken for granted.

⚠️ As is usual in this area of research, the team informed Telegram developers of their findings 90 days prior to making them public, offering the company ample time to address the issues identified. In the meantime, Telegram has reacted to the results and fixed the security issues found by the researchers with software updates.

💡 Read as well: Security Analysis of Telegram (Symmetric Part)
https://t.iss.one/BlackBox_Archiv/2389

https://ethz.ch/en/news-and-events/eth-news/news/2021/07/four-cryptographic-vulnerabilities-in-telegram.html

#telegram #messenger #security #vulnerabilities #disclosure
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Is Proton Mail Really Private, Secure, and Anonymous?

In this video I tackle the topic of whether or not Proton mail is Really Private, Secure, and Anonymous

Privacy Watchdogs article about Proton mail being a honey pot which covers some of the issues in this video in more details, plus other things I didn't talk about.

https://lbry.tv/@AlphaNerd:8/is-proton-mail-really-private,-secure,:f

#protonmail #privacy #security #anonymous #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Phishing Army

Phishing is a critical cyber-attack vector - Let's fight the criminals!

Compatible with Pi-hole, AdAway, Blokada, AdGuard and any other Host/DNS filtering system. Already included in NextDNS Threat Intelligence Feed.

Generated every 6 hours from PhishTank, OpenPhish, Cert.pl, PhishFindR, Urlscan.io and Phishunt.io reports. Each domain is analyzed to eliminate false positives, through the Whitelist of Anudeep and the Alexa Rank.

👉🏼 Get the Blocklist:
https://phishing.army/download/phishing_army_blocklist.txt

👉🏼 Get the Extended Blocklist:
https://phishing.army/download/phishing_army_blocklist_extended.txt

💡 Extended or Normal Blocklist:
The difference is in the subdomains. The phishing kits can be reached even without subdomains. The extended blocklist also contains domains without subdomains. For example, it will contain the domain pay.phishing.com and phishing.com.

https://phishing.army/

#phishing #blocklist #host #dns #filtering
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Revealed: leak uncovers global abuse of cyber-surveillance weapon

Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests.

Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.

Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.

Forbidden Stories, a Paris-based media nonprofit organisation, and Amnesty International initially had access to the leaked list and shared access with media partners as part of the Pegasus project, a reporting consortium.

The presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to an attempted hack. However, the consortium believes the data is indicative of the potential targets NSO’s government clients identified in advance of possible surveillance attempts.

https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus

https://nitter.net/Snowden/status/1416797153524174854

#leak #surveillance #nso #pegasus #spyware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv