You Can Gain Admin Privileges to Any Windows Machine by Plugging in a Razer Mouse

Is it an interesting security hack, or a PSA to keep your computer safe? (It's both.)

Not all users are equal in Windows. Without administrator access, you can use the computer, but you aren’t allowed to install certain apps or perform commands, and you’re generally blocked from full control of the machine. But right now, you can grant yourself SYSTEM privileges on any Windows 10 machine simply by plugging in a Razer keyboard or mouse. That seems... bad.

Usually, different “user rights” are a good thing for Windows. It protects your system from people who would abuse those privileges, either nefariously or not. When you have admin—or SYSTEM—privileges, you are in total control over Windows, so it can be dangerous to give that power to just anyone.

The idea that plugging in the right mouse could give you total control over a computer sounds more unrealistic than a TV hacker, but it’s true. When you plug in one of these Razer peripherals, Windows will automatically download Razer Synapse, the software that controls certain settings for your mouse or keyboard. Said Razer software has SYSTEM privileges, since it launches from a Windows process with SYSTEM privileges.

https://lifehacker.com/you-can-gain-admin-privileges-to-any-windows-machine-by-1847537634

#razer #mouse #windows #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

US authorities want more and more location data from Google

The cell phone in your pocket often leaves a rich data trail, including its location. U.S. investigative agencies are asking for more and more of this data to track down possible suspects who were in a particular place at a particular time. Now Google has published figures for the first time.

https://services.google.com/fh/files/misc/supplemental_information_geofence_warrants_united_states.pdf

#google #usa #geofence #warrants #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Razer Mice + Microsoft Windows = Privilege Escalation - ThreatWire

Razer mice plus a windows machine can give you admin privileges, contact tracing data is exposed in a data leak, and a t-mobile hack followup - yes, it’s real! All that coming up now on ThreatWire.

https://www.youtube.com/watch?v=NA1ocWiAMVg

#threatwire #hak5 #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Ransomware gang's script shows exactly the files they're after

A PowerShell script used by the Pysa ransomware operation gives us a sneak peek at the types of data they attempt to steal during a cyberattack.

When ransomware gangs compromise a network, they usually start with limited access to a single device.

They then use various tools and exploits to steal other credentials used on the Windows domain or gain elevated privileges on different devices.

Once they gain access to a Windows domain controller, they search for and steal data on the network before encrypting devices.

The threat actors use this stolen data in two ways.

The first is to generate a ransom demand based on company revenue and whether they have insurance policies. The second is to scare the victims into paying a ransom because the gang will leak the data.

https://www.bleepingcomputer.com/news/security/ransomware-gangs-script-shows-exactly-the-files-theyre-after/

#ransomware #pysa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

LibreTranslator

LibreTranslater a translator based on LibreTranslate

💡 Features:
- translate your text into up to 16 languages
- 5 different themes
- share translation easily from the app
- completely open source
- more coming...

https://f-droid.org/en/packages/de.beowulf.libretranslater/

#translator #apk #LibreTranslate #fdroid
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Popular IPTV Service and Android Application Offline

Germany, August 23, 2021 – The Alliance for Creativity and Entertainment (ACE), the world’s leading coalition dedicated to protecting the dynamic legal marketplace and reducing digital piracy, today announced it has successfully taken down both Iconic Streams, a popular IPTV service and Fillelinked, an Android app used to sideload applications.

Iconic Streams offered over 3,500 channels, with a specific focus on premium sports channels. After successful outreach and action executed by ACE with the service’s operator in Dresden, the service has not been available to consumers since June.

Once a popular bulk downloader tool for Amazon Fire TV and Android devices, the Filelinked app was used to sideload applications. More specifically, users could install pirate applications on their Android devices via unofficial sources. This service was popular in both the US and in Europe, running operations out of Freising.

All Iconic Streams domains and all domains related to the Filelinked app have now been transferred to ACE and are redirecting to the Watch Legally section on the ACE website.

https://www.alliance4creativity.com/news/ace-actions-successfully-shut-down-iconic-streams-and-filelinked/

#iptv #ace #takedown #filelinked #IconicStreams #germany
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

OnlyFans Drops Planned Porn Ban, Will Continue to Allow Sexually Explicit Content

OnlyFans said it has dropped plans to ban pornography from its service, less than a week after the U.K. content-creator subscription site had announced the change citing the need to comply with policies of banking partners.

On Wednesday, the company said it “secured assurances necessary to support our diverse creator community,” suggesting that it has agreements with banks to pay OnlyFans’ content creators, including those who share sexually explicit material.

“Thank you to everyone for making your voices heard. We have secured assurances necessary to support our diverse creator community and have suspended the planned October 1 policy change,” the company said in a tweet Wednesday.

“OnlyFans stands for inclusion and we will continue to provide a home for all creators,” the company said.

So was this all much ado about nothing?

OnlyFans may have been able to resolve its conflict with banks — some of which had refused to do business with the site — by going public with the issue. OnlyFans founder and CEO Tim Stokely put the blame for the porn ban on banks in an interview with the Financial Times published Aug. 24, saying that banks including JP Morgan Chase, Bank of New York Mellon and the U.K.’s Metro Bank had cut off OnlyFans’ ability to pay creators.

https://variety.com/2021/digital/news/onlyfans-drops-porn-ban-sexually-explicit-policy-1235048705/

https://nitter.pussthecat.org/onlyfans/status/1430499277302816773

#onlyfans #porn #ban
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The All-Seeing "i": Apple Just Declared War on Your Privacy

“Under His Eye,” she says. The right farewell. “Under His Eye,” I reply, and she gives a little nod.

By now you've probably heard that Apple plans to push a new and uniquely intrusive surveillance system out to many of the more than one billion iPhones it has sold, which all run the behemoth's proprietary, take-it-or-leave-it software. This new offensive is tentatively slated to begin with the launch of iOS 15⁠—almost certainly in mid-September⁠—with the devices of its US user-base designated as the initial targets. We’re told that other countries will be spared, but not for long.

You might have noticed that I haven’t mentioned which problem it is that Apple is purporting to solve. Why? Because it doesn’t matter.

Having read thousands upon thousands of remarks on this growing scandal, it has become clear to me that many understand it doesn't matter, but few if any have been willing to actually say it. Speaking candidly, if that’s still allowed, that’s the way it always goes when someone of institutional significance launches a campaign to defend an indefensible intrusion into our private spaces. They make a mad dash to the supposed high ground, from which they speak in low, solemn tones about their moral mission before fervently invoking the dread spectre of the Four Horsemen of the Infopocalypse, warning that only a dubious amulet—or suspicious software update—can save us from the most threatening members of our species.

Suddenly, everybody with a principled objection is forced to preface their concern with apologetic throat-clearing and the establishment of bonafides: I lost a friend when the towers came down, however... As a parent, I understand this is a real problem, but...

https://edwardsnowden.substack.com/p/all-seeing-i

#snowden #apple #privacy #infopocalypse
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Facebook used facial recognition without consent 200,000 times, says South Korea's data watchdog

Hands Zuck its second-largest fine ever, also makes Netflix pay up and warns Google to be more obvious about privacy.

Facebook, Netflix and Google have all received reprimands or fines, and an order to make corrective action, from South Korea's government data protection watchdog, the Personal Information Protection Commission (PIPC).

The PIPC announced a privacy audit last year and has revealed that three companies – Facebook, Netflix and Google – were in violations of laws and had insufficient privacy protection.

Facebook alone was ordered to pay 6.46 billion won (US$5.5M) for creating and storing facial recognition templates of 200,000 local users without proper consent between April 2018 and September 2019.

Another 26 million won (US$22,000) penalty was issued for illegally collecting social security numbers, not issuing notifications regarding personal information management changes, and other missteps.

Facebook has been ordered to destroy facial information collected without consent or obtain consent, and was prohibited from processing identity numbers without legal basis. It was also ordered to destroy collected data and disclose contents related to foreign migration of personal information. Zuck's brainchild was then told to make it easier for users to check legal notices regarding personal information.

https://www.theregister.com/2021/08/26/facebook_fined_by_south_korea/

#DeleteFacebook #facebook #fb #southkorea #fine #data #watchdog
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Spotfy.one – Privacy-aware and login-free Spotify clone

https://spotfy.one/

#SpotfyOne #spotfy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Ads, privacy and confusion

The consumer internet industry spent two decades building a huge, complex, chaotic pile of tools and systems to track and analyse what people do on the internet, and we’ve spent the last half-decade arguing about that, sometimes for very good reasons, and sometimes with strong doses of panic and opportunism. Now that’s mostly going to change, between unilateral decisions by some big tech platforms and waves of regulation from all around the world. But we don’t have any clarity on what that would mean, or even quite what we’re trying to achieve, and there are lots of unresolved questions. We are confused.

First, can we achieve the underlying economic aims of online advertising in a private way? Advertisers don’t necessarily want (or at least need) to know who you are as an individual. As Tim O’Reilly put it, data is sand, not oil - all this personal data actually only has value in the aggregate of millions. Advertisers don’t really want to know who you are - they want to show diaper ads to people who have babies, not to show them to people who don’t, and to have some sense of which ads drove half a million sales and which ads drove a million sales. Targeting ads per se doesn’t seem fundamentally evil, unless you think putting car ads in car magazines is also evil. But the internet became able to show car ads to people who read about cars yesterday, somewhere else - to target based on the user rather than the context. This is both exactly the same and completely different.

https://www.ben-evans.com/benedictevans/2021/8/27/understanding-privacy

#privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

"Made to Measure" The lookalike

The documentary project "Made to Measure" wants to investigate whether it is possible to re-enact a person's life using their Google data. The experiment shows how little we now understand about what corporations can glean from our data traces.

https://www.madetomeasure.online/en/

#privacy #BigData #google #docu #experiment
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The authorities in #China have today announced that for, anyone under 18 years old, they're to be limited to playing online games to only 3 hours a week! Plus only these 3 hours: 8 til 9 pm on Friday, Saturday and Sunday. There will be Chinese teenagers flipping out right now!

https://nitter.pussthecat.org/StephenMcDonell/status/1432277087830908931

#china #gaming #online #limited
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

FitGirl Pirate Repacker Warns Domain Name Could Be Lost, Perhaps Forever

FitGirl Repacks is currently one of the most popular torrent sites on the Internet but its operator is warning of turbulent times ahead. Site operator FitGirl says that due to a serious domain issue, the site's main domain could go offline temporarily or even forever.

In piracy circles, ‘FitGirl’ is a very well known brand, especially for gamers looking for the latest titles without the usual price tag.

Operating from the domain fitgirl-repacks.site, platform operator FitGirl is perhaps the most well-known ‘repacker’ online today due to her/his ability to compress full-size games into more manageable packages.

The resulting smaller file sizes are useful for people who want to download pirated games but don’t have (or don’t want to use up) lots of bandwidth. And according to traffic data, that’s a lot of people.

After FitGirl Repacks became one of the most-visited torrent sites last year, TorrentFreak was able to interview FitGirl who was happy to explain how the site began and more details about its rise to fame. Now, however, the site may be facing a more stormy period with its main domain under threat.

https://torrentfreak.com/fitgirl-pirate-repacker-warns-domain-name-could-be-lost-perhaps-forever-210830/

#fitgirl #pirates #games #repacker
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Movie Companies Want VPNs to Log User Data and Disconnect Pirates

A group of movie companies continues its legal efforts to hold VPN services liable for pirating subscribers. A new lawsuit lists Surfshark, VPN Unlimited, Zenmate, and ExpressVPN as defendants. Besides damages, the filmmakers want the VPNs to block pirate sites and start logging user data. The accused companies have yet to respond in court.

Amidst growing concerns about online privacy and security, VPN services have become increasingly popular in recent years.

Millions of people use VPNs to stay secure and prevent outsiders from tracking their online activities. As with regular Internet providers, a subsection of these subscribers may be engaged in piracy activities.

Over the past years, we have seen copyright holders take several ISPs to court, accusing them of failing to disconnect repeat copyright infringers. These lawsuits have expanded recently, with VPN providers as the main targets.

The VPN lawsuits are filed by a group of independent movies companies that also go after piracy sites and apps. They include the makers of films such as The Hitman’s Bodyguard, Dallas Buyers Club, and London Has Fallen.

Last week, these companies filed a new lawsuit at a federal court in Virginia, targeting four VPN services. In their complaint, the filmmakers accuse Surfshark, VPN Unlimited, Zenmate and ExpressVPN of being involved in widespread copyright infringement.

https://torrentfreak.com/movie-companies-want-vpns-to-log-user-data-and-disconnect-pirates-210830/

#movie #pirates #vpn #copyright #lawsuits
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Quad9: Breach of Duty of Care - New Legal Uncertainty for DNS Resolver

The non-commercial DNS service has initially lost in the dispute with Sony Music: The Hamburg Regional Court affirms "Stoererhaftung" (Breach of Duty of Care).

The legal dispute between Sony Music and the DNS resolver Quad9 goes into the next round. In June, the operator of a free, privacy-friendly DNS resolver, the Swiss-based Quad9 Foundation, became the target of a preliminary injunction issued by the Hamburg Regional Court. The order requires Quad9 to block access to a website operated by a third party, which in turn links to alleged copyright infringements on another website, for German users of the DNS resolver. The news triggered a wave of solidarity with the non-commercial, purely donation-funded service.

According to the Hamburg Regional Court, Quad9 is liable for copyright infringements by third parties according to the principles of "Stoererhaftung" (Breach of Duty of Care) and cannot invoke the exclusion of liability for Internet access services provided for in the German Telemedia Act. The Society for Freedom Rights (Gesellschaft für Freiheitsrechte e.V.), where I lead the control © project, is now supporting Quad9 in its appeal against the preliminary injunction, as the case is of great importance for the operation of non-profit IT infrastructure. DNS services must be exempt from "Stoererhaftung" (Breach of Duty of Care) just like Internet access providers, especially since they are even further away from third party infringements than Internet providers. The establishment of network blocks violates the fundamental rights of Internet users and imposes disproportionate obligations on Quad9.

https://netzpolitik.org/2021/edit-policy-quad9-in-stoererhaftung-neue-rechtsunsicherheit-fuer-dns-resolver/

#quad9 #dns #stoererhaftung #sony #copyright #infringements #germany
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Iconic “Piracy Is a Crime” Domain Now Redirects to IT-Crowd Parody

The movie industry's "Piracy it's a crime" video is, without doubt, the most iconic anti-piracy PSA ever made. The video became the inspiration for countless memes and satire. The once-official piracyisacrime.com campaign site shut down years ago but, this week, the domain started linking to the IT Crowd parody.

https://torrentfreak.com/iconic-piracy-is-a-crime-domain-now-redirects-to-it-crowd-parody-210905/

#piracy #video
🎥 @cRyPtHoN_INFOSEC_FR
🎥 @cRyPtHoN_INFOSEC_EN
🎥 @cRyPtHoN_INFOSEC_DE
🎥 @BlackBox_Archiv

German police secretly bought NSO Pegasus spyware

Sources have confirmed media reports that federal criminal police purchased and used the controversial Israeli surveillance spyware despite lawyers' objections.

The German Federal Criminal Police Office (BKA) bought notorious Pegasus spyware from the Israeli firm NSO in 2019, it was revealed Tuesday.

The federal government informed the Interior Committee of the Bundestag of the purchase in a closed-doors session, parliament sources said. That confirmed earlier reports published in German newspaper Die Zeit.

The software was procured under "the utmost secrecy," according to Die Zeit, despite the hesitations of lawyers as the surveillance tool can do much more than German privacy laws permit.

https://www.dw.com/en/german-police-secretly-bought-nso-pegasus-spyware/a-59113197

#germany #bka #nso #pegasus #spyware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users

WhatsApp assures users that no one can see their messages — but the company has an extensive monitoring operation and regularly shares personal information with prosecutors.

When Mark Zuckerberg unveiled a new “privacy-focused vision” for Facebook in March 2019, he cited the company’s global messaging service, WhatsApp, as a model. Acknowledging that “we don’t currently have a strong reputation for building privacy protective services,” the Facebook CEO wrote that “I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever. This is the future I hope we will help bring about. We plan to build this the way we’ve developed WhatsApp.”

Zuckerberg’s vision centered on WhatsApp’s signature feature, which he said the company was planning to apply to Instagram and Facebook Messenger: end-to-end encryption, which converts all messages into an unreadable format that is only unlocked when they reach their intended destinations. WhatsApp messages are so secure, he said, that nobody else — not even the company — can read a word. As Zuckerberg had put it earlier, in testimony to the U.S. Senate in 2018, “We don’t see any of the content in WhatsApp.”

WhatsApp emphasizes this point so consistently that a flag with a similar assurance automatically appears on-screen before users send messages: “No one outside of this chat, not even WhatsApp, can read or listen to them.”

Those assurances are not true. WhatsApp has more than 1,000 contract workers filling floors of office buildings in Austin, Texas, Dublin and Singapore, where they examine millions of pieces of users’ content. Seated at computers in pods organized by work assignments, these hourly workers use special Facebook software to sift through streams of private messages, images and videos that have been reported by WhatsApp users as improper and then screened by the company’s artificial intelligence systems. These contractors pass judgment on whatever flashes on their screen — claims of everything from fraud or spam to child porn and potential terrorist plotting — typically in less than a minute.

https://www.propublica.org/article/how-facebook-undermines-privacy-protections-for-its-2-billion-whatsapp-users

#whatsapp #DeleteWhatsapp #privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

We leaked the upcoming IPCC report!

We have leaked part III of the upcoming IPCC report. There’s no time to wait around, there’s no time for continued inaction – the people deserve to know NOW what our corporate owned politicians have done to them.

The greatest crime ever has already been carried out – the perpetrators are still at liberty, but the victims are starting to pile up.

https://scientistrebellion.com/we-leaked-the-upcoming-ipcc-report/

👉🏽 PDF (Part1)
https://files.shitpost.to/jfl2ssgv8xum82n2.pdf?key=s18a9Flb1I3RgebFIxGNc0Y8F4jMQ6Rc

👉🏽 PDF (Part2)
https://files.shitpost.to/ijohuebjziricbsf.pdf?key=XhYG5lAFZ7BgUSvVuJHY1g2Cxp6ePGia

#ipcc #leak #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The disastrous voyage of Satoshi, the world’s first cryptocurrency cruise ship

Last year, three cryptocurrency enthusiasts bought a cruise ship. They named it the Satoshi, and dreamed of starting a floating libertarian utopia. It didn’t work out.

On the evening of 7 December 2010, in a hushed San Francisco auditorium, former Google engineer Patri Friedman sketched out the future of humanity. The event was hosted by the Thiel Foundation, established four years earlier by the arch-libertarian PayPal founder Peter Thiel to “defend and promote freedom in all its dimensions”. From behind a large lectern, Friedman – grandson of Milton Friedman, one of the most influential free-market economists of the last century – laid out his plan. He wanted to transform how and where we live, to abandon life on land and all our decrepit assumptions about the nature of society. He wanted, quite simply, to start a new city in the middle of the ocean.

https://www.theguardian.com/news/2021/sep/07/disastrous-voyage-satoshi-cryptocurrency-cruise-ship-seassteading

#satoshi #cryptocurrency #cruiseship
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv