102: Money Maker
Darknet Diaries - EP 102: Money Maker
Frank Bourassa had an idea. He was going to make money. Literally. Listen to the story of a master counterfeiter.
https://darknetdiaries.com/episode/102/
💡 Read as well:
On Master Counterfeiter Frank Bourassa
https://www.loyalnana.com/stories-1/2019/2/25/on-master-counterfeiter-frank-bourassa
#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
Frank Bourassa had an idea. He was going to make money. Literally. Listen to the story of a master counterfeiter.
https://darknetdiaries.com/episode/102/
💡 Read as well:
On Master Counterfeiter Frank Bourassa
https://www.loyalnana.com/stories-1/2019/2/25/on-master-counterfeiter-frank-bourassa
#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
Media is too big
VIEW IN TELEGRAM
Restor is a science-based open data platform to support and connect the global restoration movement
Restor is accelerating the global restoration movement by connecting everyone, everywhere to local restoration. Restor connects people to scientific data, supply chains, funding, and each other to increase the impact, scale, and sustainability of restoration efforts. We believe that anyone can be a restoration champion, including you.
https://www.restor.eco/
#restor #nature #restoration #movement #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv
Restor is accelerating the global restoration movement by connecting everyone, everywhere to local restoration. Restor connects people to scientific data, supply chains, funding, and each other to increase the impact, scale, and sustainability of restoration efforts. We believe that anyone can be a restoration champion, including you.
https://www.restor.eco/
#restor #nature #restoration #movement #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv
2110.06636.pdf
2.8 MB
Unique on Facebook: Formulation and Evidence of (Nano)targeting Individual Users with non-PII Data
The privacy of an individual is bounded by the ability of a third party to reveal their identity. Certain data items such as a passport ID or a mobile phone number may be used to uniquely identify a person. These are referred to as Personal Identifiable Information (PII) items.
Previous literature has also reported that, in datasets including millions of users, a combination of several non-PII items (which alone are not enough to identify an individual) can uniquely identify an individual within the dataset. In this paper, we define a data-driven model to quantify the number of interests from a user that make them unique on Facebook.
https://arxiv.org/abs/2110.06636
#facebook #DeleteFacebook #nanotargeting #targeting #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The privacy of an individual is bounded by the ability of a third party to reveal their identity. Certain data items such as a passport ID or a mobile phone number may be used to uniquely identify a person. These are referred to as Personal Identifiable Information (PII) items.
Previous literature has also reported that, in datasets including millions of users, a combination of several non-PII items (which alone are not enough to identify an individual) can uniquely identify an individual within the dataset. In this paper, we define a data-driven model to quantify the number of interests from a user that make them unique on Facebook.
https://arxiv.org/abs/2110.06636
#facebook #DeleteFacebook #nanotargeting #targeting #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
If you need another reason to switch to Tor Browser, check out @arthuredelstein's https://privacytests.org, an open-source tool using rigorous automated privacy tests to find out what kind of data different browsers leak.
https://nitter.pussthecat.org/torproject/status/1448411718749593604
via Twitter
https://privacytests.org/
#browser #privacy #tor
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
https://nitter.pussthecat.org/torproject/status/1448411718749593604
via Twitter
https://privacytests.org/
#browser #privacy #tor
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
privacytests.org
Which browsers are best for privacy?
An open-source privacy audit of popular web browsers.
Leave no trace: how a teenage hacker lost himself online
Edwin Robbe had a troubled life, but found excitement and purpose by joining an audacious community of hackers. Then the real world caught up with his online activities
José Robbe was leaving her place of work in Rotterdam when she saw a man and a woman walking towards her. It was a Tuesday afternoon, 20 March 2012. “Are you Mrs Robbe?” She nodded. The woman, who was wearing jeans and a black windcheater, explained that she was with the police. “I’d like to talk to you for a minute. It’s about your son, Edwin. We’re arresting him.” José stared, frozen. The woman asked if she would accompany them. Warily, José agreed.
At the police car, the officer told her they intended to surprise her son at the family home in Barendrecht, just south of Rotterdam, and arrest him on the spot. She asked if José wanted to be there for her son’s arrest. “No,” she replied grimly. It felt as if she had just betrayed her son. To stand by and watch would make it even worse. The police asked José for her house keys and dropped her off at a plaza by the local supermarket a few blocks from her house. She felt terrible as the officers drove away to arrest her eldest child, just a troubled 17-year-old. A little while later, three officers emerged from the house, escorting Edwin between them. He offered no resistance.
Edwin was taken to a detention centre in Houten, near Utrecht. Once he was gone, José finally re-entered her house. She sat on the living-room sofa, watching as officers rummaged through cabinets, filed up and down the stairs and bagged up flash drives, CD-Roms and telephones.
https://www.theguardian.com/technology/2021/oct/14/leave-no-trace-how-a-teenage-hacker-lost-himself-online
#teen #hacker
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Edwin Robbe had a troubled life, but found excitement and purpose by joining an audacious community of hackers. Then the real world caught up with his online activities
José Robbe was leaving her place of work in Rotterdam when she saw a man and a woman walking towards her. It was a Tuesday afternoon, 20 March 2012. “Are you Mrs Robbe?” She nodded. The woman, who was wearing jeans and a black windcheater, explained that she was with the police. “I’d like to talk to you for a minute. It’s about your son, Edwin. We’re arresting him.” José stared, frozen. The woman asked if she would accompany them. Warily, José agreed.
At the police car, the officer told her they intended to surprise her son at the family home in Barendrecht, just south of Rotterdam, and arrest him on the spot. She asked if José wanted to be there for her son’s arrest. “No,” she replied grimly. It felt as if she had just betrayed her son. To stand by and watch would make it even worse. The police asked José for her house keys and dropped her off at a plaza by the local supermarket a few blocks from her house. She felt terrible as the officers drove away to arrest her eldest child, just a troubled 17-year-old. A little while later, three officers emerged from the house, escorting Edwin between them. He offered no resistance.
Edwin was taken to a detention centre in Houten, near Utrecht. Once he was gone, José finally re-entered her house. She sat on the living-room sofa, watching as officers rummaged through cabinets, filed up and down the stairs and bagged up flash drives, CD-Roms and telephones.
https://www.theguardian.com/technology/2021/oct/14/leave-no-trace-how-a-teenage-hacker-lost-himself-online
#teen #hacker
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
the Guardian
Leave no trace: how a teenage hacker lost himself online
The long read: Edwin Robbe had a troubled life, but found excitement and purpose by joining an audacious community of hackers. Then the real world caught up with his online activities
UK schools will use facial recognition to speed up lunch payments
Facial recognition may soon play a role in your child's lunch. The Financial Times reports that nine schools in the UK's North Ayrshire will start taking payments for canteen (aka cafeteria) lunches by scanning students' faces. The technology should help minimize touch during the pandemic, but is mainly meant to speed up transaction times. That could be important when you may have roughly 25 minutes to serve an entire school of hungry kids.
Both the schools and system installer CRB Cunningham argued the systems would address privacy and security concerns. CRB Cunningham noted its hardware wasn't using live facial recognition (actively scanning crowds), and was checking against encrypted faceprint templates. Schools were already using fingerprint readers, too, so this was more of a shift in biometric technology than a brand new layer of security. There were also concerns about fraud using conventional PINs — facial recognition is theoretically safer. North Ayrshire's council added that 97 percent of children or parents had offered consent.
https://telegra.ph/UK-schools-will-use-facial-recognition-to-speed-up-lunch-payments--Engadget-10-18
via www.engadget.com
#uk #facial #recognition
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Facial recognition may soon play a role in your child's lunch. The Financial Times reports that nine schools in the UK's North Ayrshire will start taking payments for canteen (aka cafeteria) lunches by scanning students' faces. The technology should help minimize touch during the pandemic, but is mainly meant to speed up transaction times. That could be important when you may have roughly 25 minutes to serve an entire school of hungry kids.
Both the schools and system installer CRB Cunningham argued the systems would address privacy and security concerns. CRB Cunningham noted its hardware wasn't using live facial recognition (actively scanning crowds), and was checking against encrypted faceprint templates. Schools were already using fingerprint readers, too, so this was more of a shift in biometric technology than a brand new layer of security. There were also concerns about fraud using conventional PINs — facial recognition is theoretically safer. North Ayrshire's council added that 97 percent of children or parents had offered consent.
https://telegra.ph/UK-schools-will-use-facial-recognition-to-speed-up-lunch-payments--Engadget-10-18
via www.engadget.com
#uk #facial #recognition
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Telegraph
UK schools will use facial recognition to speed up lunch payments | Engadget
Facial recognition may soon play a role in your child's lunch. The Financial Times reports that nine schools in the UK's North Ayrshire will start taking payments for canteen (aka cafeteria) lunches by scanning students' faces. The technology should help…
DPC sent "take down request" to noyb, after publishing a problematic Draft Decision stripping Facebook users of their rights under GDPR
Yesterday night, the Irish Data Protection Commission (DPC) sent an extraordinary letter (PDF) to noyb, saying it would "require [noyb] to remove the draft decision from your website forthwith, and to desist from any further or other publication or disclosure of same". noyb refused to self-censor and limit the public's access to problematic decisions. Alternatively, noyb invited the DPC to bring legal proceedings before the relevant Court in Austria, instead of sending letters that are intended to intimidate complainants.
— Take Down" request by the DPC of 14.10.2021 (PDF)
— Response by noyb of 15.10.2021 (PDF)
— noyb's posting on the draft decision
https://noyb.eu/en/dpc-requires-noyb-take-down-documents-website
#schrems #noyb #dpc #irland #austria #gdpr #facebook #DeleteFacebook #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Yesterday night, the Irish Data Protection Commission (DPC) sent an extraordinary letter (PDF) to noyb, saying it would "require [noyb] to remove the draft decision from your website forthwith, and to desist from any further or other publication or disclosure of same". noyb refused to self-censor and limit the public's access to problematic decisions. Alternatively, noyb invited the DPC to bring legal proceedings before the relevant Court in Austria, instead of sending letters that are intended to intimidate complainants.
— Take Down" request by the DPC of 14.10.2021 (PDF)
— Response by noyb of 15.10.2021 (PDF)
— noyb's posting on the draft decision
https://noyb.eu/en/dpc-requires-noyb-take-down-documents-website
#schrems #noyb #dpc #irland #austria #gdpr #facebook #DeleteFacebook #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Disinformation guru “Hacker X” names his employer: NaturalNews.com
Statement: 10/18/21
I decided to write this statement after seeing the continued escalation of dis/misinformation towards innocent bystanders, my background, and who the organization is/was. After reading many comments on the Ars article, I realize that many people feel that I am protecting the organization by not naming them. Some also feel that my coming forward was about me seeking to redeem myself publicly, and this couldn’t be further from the truth; I personally was on nobody’s radar prior to voluntarily coming forward, this was completely unforced. I came out a couple years ago masked, and I feel like I had to come forward unmasked to inform the public on how this news traveled, the mechanisms behind it, and the role I played in one of the organizations at the time, so the public could piece together what happened to better understand how to fight it and to help wake people up who are actively being manipulated. I knew there would be fallout from this, and if anyone thinks someone is willing to go under the constant horrible threats that I have gone under willingly to try to wake people up, I don’t know what more I can say.
I see things mentioned about money. I made very little money from this, I was frugal and saved, which is how I was able to have enough to get into the infosec industry full time.
I am seeing many conspiracy theories about Ax Sharma. Ax and I are not the same person. There wasn’t any ‘conspiracy’ associated with the article, or anything between him and I. He was wrongfully fired from Ars Technica. The only times I have spoken to Ax have been him getting quotes from me or asking me something about an article he was doing involving the hacking group I’m a part of.
https://robertwillishacking.com/statement-10-18-21/
#disinformation #hackerX #hacker #infosec #NaturalNews
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Statement: 10/18/21
I decided to write this statement after seeing the continued escalation of dis/misinformation towards innocent bystanders, my background, and who the organization is/was. After reading many comments on the Ars article, I realize that many people feel that I am protecting the organization by not naming them. Some also feel that my coming forward was about me seeking to redeem myself publicly, and this couldn’t be further from the truth; I personally was on nobody’s radar prior to voluntarily coming forward, this was completely unforced. I came out a couple years ago masked, and I feel like I had to come forward unmasked to inform the public on how this news traveled, the mechanisms behind it, and the role I played in one of the organizations at the time, so the public could piece together what happened to better understand how to fight it and to help wake people up who are actively being manipulated. I knew there would be fallout from this, and if anyone thinks someone is willing to go under the constant horrible threats that I have gone under willingly to try to wake people up, I don’t know what more I can say.
I see things mentioned about money. I made very little money from this, I was frugal and saved, which is how I was able to have enough to get into the infosec industry full time.
I am seeing many conspiracy theories about Ax Sharma. Ax and I are not the same person. There wasn’t any ‘conspiracy’ associated with the article, or anything between him and I. He was wrongfully fired from Ars Technica. The only times I have spoken to Ax have been him getting quotes from me or asking me something about an article he was doing involving the hacking group I’m a part of.
https://robertwillishacking.com/statement-10-18-21/
#disinformation #hackerX #hacker #infosec #NaturalNews
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Ongoing Cyber Threats to U.S. Water and Wastewater Systems
Note: This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity—by both known and unknown actors—targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities. This activity—which includes attempts to compromise system integrity via unauthorized access—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities. Note: although cyber threats across critical infrastructure sectors are increasing, this advisory does not intend to indicate greater targeting of the WWS Sector versus others.
To secure #WWS facilities—including Department of Defense (#DoD) water treatment facilities in the United States and abroad—against the TTPs listed below, #CISA, #FBI, #EPA, and #NSA strongly urge organizations to implement the measures described in the Recommended Mitigations section of this advisory.
https://us-cert.cisa.gov/ncas/alerts/aa21-287a
#usa #cyber #threats
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Note: This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity—by both known and unknown actors—targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities. This activity—which includes attempts to compromise system integrity via unauthorized access—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities. Note: although cyber threats across critical infrastructure sectors are increasing, this advisory does not intend to indicate greater targeting of the WWS Sector versus others.
To secure #WWS facilities—including Department of Defense (#DoD) water treatment facilities in the United States and abroad—against the TTPs listed below, #CISA, #FBI, #EPA, and #NSA strongly urge organizations to implement the measures described in the Recommended Mitigations section of this advisory.
https://us-cert.cisa.gov/ncas/alerts/aa21-287a
#usa #cyber #threats
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Agencies say agriculture groups being targeted by BlackMatter ransomware
A trio of federal agencies on Monday sounded the alarm about critical infrastructure groups, particularly agricultural organizations, being targeted by a prolific ransomware group.
The FBI, the Cybersecurity and Infrastructure Security Agency #CISA and the National Security Agency #NSA put out a joint advisory warning of targeting by “ #BlackMatter ransomware,” connecting the group to previous attacks this year.
“Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations,” the agencies wrote.
https://thehill.com/policy/cybersecurity/577266-agencies-say-agriculture-groups-being-targeted-by-blackmatter-ransomware
https://us-cert.cisa.gov/ncas/alerts/aa21-291a
#usa #cyber #ransomware #cisa #fbi #cybersecurity #agriculture #blackmatter
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
A trio of federal agencies on Monday sounded the alarm about critical infrastructure groups, particularly agricultural organizations, being targeted by a prolific ransomware group.
The FBI, the Cybersecurity and Infrastructure Security Agency #CISA and the National Security Agency #NSA put out a joint advisory warning of targeting by “ #BlackMatter ransomware,” connecting the group to previous attacks this year.
“Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations,” the agencies wrote.
https://thehill.com/policy/cybersecurity/577266-agencies-say-agriculture-groups-being-targeted-by-blackmatter-ransomware
https://us-cert.cisa.gov/ncas/alerts/aa21-291a
#usa #cyber #ransomware #cisa #fbi #cybersecurity #agriculture #blackmatter
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
TheHill
Agencies say agriculture groups being targeted by BlackMatter ransomware
A trio of federal agencies on Monday sounded the alarm about critical infrastructure groups, particularly agricultural organizations, being targeted by a prolific ransomware group.
Sinclair Broadcast Group says it suffered a ransomware attack and has had data stolen
Sinclair Broadcast Group, which operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that some of its data was stolen from the company's network.
The company said it started investigating the potential security incident on Saturday and on Sunday it and found that certain office and operational networks were disrupted.
The Hunt Valley, Maryland-based company owns and/or operates 21 regional sports network and owns, operates and/or provides services to 185 television stations in 86 markets.
The broadcast group, which is known for pushing a conservative viewpoint through editorials and reports that it compels its stations to run, did not immediately say how many TV stations were directly affected.
Nashville, Tennessee's WZTV put out a notice on its website Monday about "serious technical issues" at the TV station affecting its ability to stream content.
"We are also currently unable to access our email and your phone calls to the station," it said.
https://www.npr.org/2021/10/18/1047071268/sinclair-broadcast-group-ransomware-attack
#ransomware #usa #WZTV #sinclair #broadcast
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Sinclair Broadcast Group, which operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that some of its data was stolen from the company's network.
The company said it started investigating the potential security incident on Saturday and on Sunday it and found that certain office and operational networks were disrupted.
The Hunt Valley, Maryland-based company owns and/or operates 21 regional sports network and owns, operates and/or provides services to 185 television stations in 86 markets.
The broadcast group, which is known for pushing a conservative viewpoint through editorials and reports that it compels its stations to run, did not immediately say how many TV stations were directly affected.
Nashville, Tennessee's WZTV put out a notice on its website Monday about "serious technical issues" at the TV station affecting its ability to stream content.
"We are also currently unable to access our email and your phone calls to the station," it said.
https://www.npr.org/2021/10/18/1047071268/sinclair-broadcast-group-ransomware-attack
#ransomware #usa #WZTV #sinclair #broadcast
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Credit card PINs can be guessed even when covering the ATM pad
Researchers have proven it’s possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands.
The attack requires the setting up of a replica of the target ATM because training the algorithm for the specific dimensions and key spacing of the different PIN pads is crucially important.
Next, the machine-learning model is trained to recognize pad presses and assign specific probabilities on a set of guesses, using video of people typing PINs on the ATM pad.
For the experiment, the researchers collected 5,800 videos of 58 different people of diverse demographics, entering 4-digit and 5-digit PINs.
The machine that ran the prediction model was a Xeon E5-2670 with 128 GB of RAM and three Tesla K20m with 5GB of RAM each. Certainly not your average system, but well within a practical economical spectrum.
By using three tries, which is typically the maximum allowed number of attempts before the card is withheld, the researchers reconstructed the correct sequence for 5-digit PINs 30% of the time, and reached 41% for 4-digit PINs.
The model can exclude keys based on the non-typing hand coverage, and deduces the pressed digits from the movements of the other hand by evaluating the topological distance between two keys.
https://www.bleepingcomputer.com/news/security/credit-card-pins-can-be-guessed-even-when-covering-the-atm-pad/
#atm #deeplearning #algorithm #attack
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Researchers have proven it’s possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands.
The attack requires the setting up of a replica of the target ATM because training the algorithm for the specific dimensions and key spacing of the different PIN pads is crucially important.
Next, the machine-learning model is trained to recognize pad presses and assign specific probabilities on a set of guesses, using video of people typing PINs on the ATM pad.
For the experiment, the researchers collected 5,800 videos of 58 different people of diverse demographics, entering 4-digit and 5-digit PINs.
The machine that ran the prediction model was a Xeon E5-2670 with 128 GB of RAM and three Tesla K20m with 5GB of RAM each. Certainly not your average system, but well within a practical economical spectrum.
By using three tries, which is typically the maximum allowed number of attempts before the card is withheld, the researchers reconstructed the correct sequence for 5-digit PINs 30% of the time, and reached 41% for 4-digit PINs.
The model can exclude keys based on the non-typing hand coverage, and deduces the pressed digits from the movements of the other hand by evaluating the topological distance between two keys.
https://www.bleepingcomputer.com/news/security/credit-card-pins-can-be-guessed-even-when-covering-the-atm-pad/
#atm #deeplearning #algorithm #attack
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
BleepingComputer
Credit card PINs can be guessed even when covering the ATM pad
Researchers have proven it's possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands.
Windows 11: Microsoft's pointless update
After a couple of weeks using the beta and a week with the final version of Windows 11, I've yet to find a real reason to use it.
Sometimes, Microsoft has no choice but to upgrade Windows. Windows Millennium Edition, aka Windows Me, was awful. Its successor, Windows XP, was much better.
XP's replacement, Vista, was lousy. Microsoft made us forget about Vista with Windows 7, which to many people — I'm one of them — was the best version of Windows. Microsoft then tried, and failed, to replace it with the dismal Windows 8 and 8.1. Then, the company got it right again with Windows 10. That should have been the end of it.
While Windows continued to get major updates, such as Windows 10 version 21H1, the brand was still Windows 10 until it wasn't. So it is that we now have Windows 11.
Do you notice a pattern here? Microsoft seems to alternate bad and then good operating systems releases. If Windows 10 was good, Windows 11 is going to be a poor successor.
After working with Windows 11 for a few weeks, I wouldn't call it bad. Instead, I find it pointless.
Yes, the Windows 11 security updates are good — if you have the right hardware. But as I pointed out recently, you can already use those security updates if you're running the Windows 10 20H2 release (Windows 10 October 2020 Update). So the point in upgrading from Windows 10 to 11 is…what, exactly?
Some people think it looks nice. That's a matter of taste. To me, it's "Meh." It's Windows 10's face with some cosmetic "improvements" such as a taskbar with all your icons centered by default. The Start menu has returned and now comes with pinned and recommended apps. Windows 7 style widgets have also made a comeback. I don't use them, mind you, but they're there. Oh, and Live Tiles, buh-bye! (Did anyone ever use those?)
Upgrading an existing PC to Windows 11 is still something of a crapshoot. Some otherwise-fast processors can't run it. And without Trusted Platform Module (TPM) 2.0, you're going nowhere. Out of the half-dozen Windows 10 systems I or my partner owned in 2020, not one could run Windows 11. Before you even think about moving to Windows 11, you must run Microsoft’s PC Health Check app.
https://www.computerworld.com/article/3636788/windows-11-microsofts-pointless-update.html
#opinion #microsoft #windows #windows11
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
After a couple of weeks using the beta and a week with the final version of Windows 11, I've yet to find a real reason to use it.
Sometimes, Microsoft has no choice but to upgrade Windows. Windows Millennium Edition, aka Windows Me, was awful. Its successor, Windows XP, was much better.
XP's replacement, Vista, was lousy. Microsoft made us forget about Vista with Windows 7, which to many people — I'm one of them — was the best version of Windows. Microsoft then tried, and failed, to replace it with the dismal Windows 8 and 8.1. Then, the company got it right again with Windows 10. That should have been the end of it.
While Windows continued to get major updates, such as Windows 10 version 21H1, the brand was still Windows 10 until it wasn't. So it is that we now have Windows 11.
Do you notice a pattern here? Microsoft seems to alternate bad and then good operating systems releases. If Windows 10 was good, Windows 11 is going to be a poor successor.
After working with Windows 11 for a few weeks, I wouldn't call it bad. Instead, I find it pointless.
Yes, the Windows 11 security updates are good — if you have the right hardware. But as I pointed out recently, you can already use those security updates if you're running the Windows 10 20H2 release (Windows 10 October 2020 Update). So the point in upgrading from Windows 10 to 11 is…what, exactly?
Some people think it looks nice. That's a matter of taste. To me, it's "Meh." It's Windows 10's face with some cosmetic "improvements" such as a taskbar with all your icons centered by default. The Start menu has returned and now comes with pinned and recommended apps. Windows 7 style widgets have also made a comeback. I don't use them, mind you, but they're there. Oh, and Live Tiles, buh-bye! (Did anyone ever use those?)
Upgrading an existing PC to Windows 11 is still something of a crapshoot. Some otherwise-fast processors can't run it. And without Trusted Platform Module (TPM) 2.0, you're going nowhere. Out of the half-dozen Windows 10 systems I or my partner owned in 2020, not one could run Windows 11. Before you even think about moving to Windows 11, you must run Microsoft’s PC Health Check app.
https://www.computerworld.com/article/3636788/windows-11-microsofts-pointless-update.html
#opinion #microsoft #windows #windows11
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Computerworld
Windows 11: Microsoft's pointless update
After a couple of weeks using the beta and a week with the final version of Windows 11, I've yet to find a real reason to use it.
China-linked hacking group accessing calling records worldwide, CrowdStrike says
SAN FRANCISCO, Oct 19 (Reuters) - A hacking group with suspected ties to China burrowed into mobile telephone networks around the world and used specialized tools to grab calling records and text messages from telecommunication carriers, a U.S. cybersecurity company said on Tuesday.
CrowdStrike said the group, which it dubbed LightBasin, had been acting since at least 2016, but had more recently been detected wielding tools that are among the most sophisticated yet discovered.
Telecoms companies have long been a top target for nation-states, with attacks or attempts seen from China, Russia, Iran, and others. The United States also seeks access to calling records, which show which numbers called each other, how often and for how long.
CrowdStrike Senior Vice President Adam Meyers said his company gleaned the information by responding to incidents in multiple countries, which he declined to name. The company on Tuesday published technical details to let other companies check for similar attacks.
Meyers said the programs could retrieve specific data unobtrusively. "I've never seen this degree of purpose-built tools," he told Reuters.
Meyers said his team was not accusing the Chinese government of directing the attacks by the hacking group. But he said the attacks had connections to China including cryptography relying on Pinyin phonetic versions of Chinese language characters, as well as techniques that echoed previous attacks by the Chinese government.
The Chinese embassy in Washington did not respond to questions from Reuters.
https://www.reuters.com/technology/china-linked-hacking-group-accessing-calling-records-worldwide-crowdstrike-says-2021-10-19/
💡Read as well:
LightBasin: A Roaming Threat to Telecommunications Companies
https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
#crowdstrike #china #hacking #calling #records #worldwide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
SAN FRANCISCO, Oct 19 (Reuters) - A hacking group with suspected ties to China burrowed into mobile telephone networks around the world and used specialized tools to grab calling records and text messages from telecommunication carriers, a U.S. cybersecurity company said on Tuesday.
CrowdStrike said the group, which it dubbed LightBasin, had been acting since at least 2016, but had more recently been detected wielding tools that are among the most sophisticated yet discovered.
Telecoms companies have long been a top target for nation-states, with attacks or attempts seen from China, Russia, Iran, and others. The United States also seeks access to calling records, which show which numbers called each other, how often and for how long.
CrowdStrike Senior Vice President Adam Meyers said his company gleaned the information by responding to incidents in multiple countries, which he declined to name. The company on Tuesday published technical details to let other companies check for similar attacks.
Meyers said the programs could retrieve specific data unobtrusively. "I've never seen this degree of purpose-built tools," he told Reuters.
Meyers said his team was not accusing the Chinese government of directing the attacks by the hacking group. But he said the attacks had connections to China including cryptography relying on Pinyin phonetic versions of Chinese language characters, as well as techniques that echoed previous attacks by the Chinese government.
The Chinese embassy in Washington did not respond to questions from Reuters.
https://www.reuters.com/technology/china-linked-hacking-group-accessing-calling-records-worldwide-crowdstrike-says-2021-10-19/
💡Read as well:
LightBasin: A Roaming Threat to Telecommunications Companies
https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
#crowdstrike #china #hacking #calling #records #worldwide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Reuters
China-linked hacking group accessing calling records worldwide, CrowdStrike says
A hacking group with suspected ties to China burrowed into mobile telephone networks around the world and used specialized tools to grab calling records and text messages from telecommunication carriers, a U.S. cybersecurity company said on Tuesday.
Data Scrapers Expose 2.6 Million Instagram and TikTok Users
Security researchers have discovered over two million social media user profiles scraped from the internet after they were unwittingly exposed online by an analytics firm, Infosecurity can reveal.
A team at reviews site SafetyDetectives led by Anurag Sen found the data located on a misconfigured Elasticsearch server, left exposed without any password protection or encryption in place.
It quickly traced the 3.6GB trove of more than 2.6 million TikTok and Instagram profiles to IGBlade, a firm that provides marketing insights on social media users for its customers.
“The scraped data of users on the server is the same data that features each user’s corresponding IGBlade.com page, and the database often provides links back to IGBlade,” the researchers wrote. “This is how we know the database belongs to IGBlade.com.”
Although data scraping is not illegal, and all of the user info contained in the exposed database was publicly available, it breaks the terms of service for TikTok and Instagram.
The leak could also be a boon for cyber-criminals, who can accelerate mass social engineering and fraud campaigns with large volumes of user information collected in one place.
According to the report, the exposed information was left publicly available online for over a month before the research team found it and reached out to IGBlade. The Romanian firm secured it on the same day, July 5.
The trove included full names and usernames, profile pictures, “about” details, email addresses, phone numbers and location data. Celebrities including Alicia Keys, Ariana Grande, Kim Kardashian, Kylie Jenner, and Loren Gray were caught in the privacy issue.
https://www.infosecurity-magazine.com/news/data-scrapers-expose-26-million/
#leak #data #scrapers #instagram #tiktok
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Security researchers have discovered over two million social media user profiles scraped from the internet after they were unwittingly exposed online by an analytics firm, Infosecurity can reveal.
A team at reviews site SafetyDetectives led by Anurag Sen found the data located on a misconfigured Elasticsearch server, left exposed without any password protection or encryption in place.
It quickly traced the 3.6GB trove of more than 2.6 million TikTok and Instagram profiles to IGBlade, a firm that provides marketing insights on social media users for its customers.
“The scraped data of users on the server is the same data that features each user’s corresponding IGBlade.com page, and the database often provides links back to IGBlade,” the researchers wrote. “This is how we know the database belongs to IGBlade.com.”
Although data scraping is not illegal, and all of the user info contained in the exposed database was publicly available, it breaks the terms of service for TikTok and Instagram.
The leak could also be a boon for cyber-criminals, who can accelerate mass social engineering and fraud campaigns with large volumes of user information collected in one place.
According to the report, the exposed information was left publicly available online for over a month before the research team found it and reached out to IGBlade. The Romanian firm secured it on the same day, July 5.
The trove included full names and usernames, profile pictures, “about” details, email addresses, phone numbers and location data. Celebrities including Alicia Keys, Ariana Grande, Kim Kardashian, Kylie Jenner, and Loren Gray were caught in the privacy issue.
https://www.infosecurity-magazine.com/news/data-scrapers-expose-26-million/
#leak #data #scrapers #instagram #tiktok
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Infosecurity Magazine
Data Scrapers Expose 2.6 Million Instagram and TikTok Users
Information was found in a misconfigured Elasticsearch server
Edward Snowden: ‘If you weaken encryption, people will die’
Our online privacy faces growing threats. Governments around the world are calling for encryption backdoors that would enable access to personal information.
They argue that encryption protects criminals. But it also protects activists, dissidents, persecuted groups, and ordinary citizens.
Edward Snowden is among the most prominent beneficiaries. The whistleblower’s first messages to journalists were made with encryption. They resulted in revelations that millions of Americans had been under illegal mass surveillance.
“If you weaken encryption, people will die,” said Snowden in a statement. “This year alone, after the fall of the government of Afghanistan, we saw how crucial encryption is in keeping ordinary people safe.”
Snowden has joined the Global Encryption Coalition to launch a campaign to protect encryption. The group of civil society organizations and tech firms warns that undermining encryption will leave people more vulnerable to crime and surveillance.
“I have seen first-hand how governments can abuse the power they have to access the personal data of innocent people in the name of national security,” said Snowden. “Weakening encryption would be a colossal mistake that could put thousands of lives at risk.”
End-to-end encryption would make it harder to implement spy programs like the one Snowden exposed — which may be one reason why governments want to circumvent it. It would not be the first time that lawmakers have undermined our privacy in the name of fighting terrorism.
https://thenextweb.com/news/edward-snowden-warns-encryption-is-under-attack
#snowden #encryption #surveillance #backdoors
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Our online privacy faces growing threats. Governments around the world are calling for encryption backdoors that would enable access to personal information.
They argue that encryption protects criminals. But it also protects activists, dissidents, persecuted groups, and ordinary citizens.
Edward Snowden is among the most prominent beneficiaries. The whistleblower’s first messages to journalists were made with encryption. They resulted in revelations that millions of Americans had been under illegal mass surveillance.
“If you weaken encryption, people will die,” said Snowden in a statement. “This year alone, after the fall of the government of Afghanistan, we saw how crucial encryption is in keeping ordinary people safe.”
Snowden has joined the Global Encryption Coalition to launch a campaign to protect encryption. The group of civil society organizations and tech firms warns that undermining encryption will leave people more vulnerable to crime and surveillance.
“I have seen first-hand how governments can abuse the power they have to access the personal data of innocent people in the name of national security,” said Snowden. “Weakening encryption would be a colossal mistake that could put thousands of lives at risk.”
End-to-end encryption would make it harder to implement spy programs like the one Snowden exposed — which may be one reason why governments want to circumvent it. It would not be the first time that lawmakers have undermined our privacy in the name of fighting terrorism.
https://thenextweb.com/news/edward-snowden-warns-encryption-is-under-attack
#snowden #encryption #surveillance #backdoors
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
TNW
Edward Snowden: ‘If you weaken encryption, people will die’
Our online freedom is under growing attacks from governments around the world. Snowden has joined a campaign to protect our privacy by promoting encryption.
Global Encryption Day: #MakeTheSwitch
Today, Oct 21, 2021, is the very first Global Encryption Day, organized by the Global Encryption Coalition, where we are a member. Global Encryption Day is an opportunity for businesses, civil society organizations, technologists, and millions of Internet users worldwide to show our communities why encryption matters. It’s also a day for all of us to pledge to Make the Switch to encrypted services (like Tor!) and prioritize our privacy and security online.
At the Tor Project, we’re proud to help millions of people take back their right to privacy, to freely access and share information, and to more easily circumvent internet censorship--and encryption makes this possible.
Encryption allows us to provide these tools: for example, Tor uses three layers of encryption in the Tor circuit; each relay decrypts one layer before passing the request on to the next relay. Encryption is used in many other ways as well! Without encryption, millions of people would lose their access to the safe and uncensored internet.
In honor of this inaugural Global Encryption Day, the Tor Project, along with 148 other organizations and businesses have signed the Global Encryption Day Statement, calling on governments and businesses to reject efforts to undermine encryption and instead pursue policies that enhance, strengthen, and promote use of strong encryption to protect people everywhere.
https://blog.torproject.org/first-global-encryption-day
#encryption #MakeTheSwitch #gec #tor
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Today, Oct 21, 2021, is the very first Global Encryption Day, organized by the Global Encryption Coalition, where we are a member. Global Encryption Day is an opportunity for businesses, civil society organizations, technologists, and millions of Internet users worldwide to show our communities why encryption matters. It’s also a day for all of us to pledge to Make the Switch to encrypted services (like Tor!) and prioritize our privacy and security online.
At the Tor Project, we’re proud to help millions of people take back their right to privacy, to freely access and share information, and to more easily circumvent internet censorship--and encryption makes this possible.
Encryption allows us to provide these tools: for example, Tor uses three layers of encryption in the Tor circuit; each relay decrypts one layer before passing the request on to the next relay. Encryption is used in many other ways as well! Without encryption, millions of people would lose their access to the safe and uncensored internet.
In honor of this inaugural Global Encryption Day, the Tor Project, along with 148 other organizations and businesses have signed the Global Encryption Day Statement, calling on governments and businesses to reject efforts to undermine encryption and instead pursue policies that enhance, strengthen, and promote use of strong encryption to protect people everywhere.
https://blog.torproject.org/first-global-encryption-day
#encryption #MakeTheSwitch #gec #tor
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
blog.torproject.org
Global Encryption Day: #MakeTheSwitch | Tor Blog
Today, Oct 21, 2021, is the very first Global Encryption Day, organized by the Global Encryption Coalition. Global Encryption Day is an opportunity for businesses, civil society organizations, technologists, and millions of Internet users worldwide to show…
Tesla’s driving data storage system hacked by Dutch investigators
The data could have implications for crash investigators in the US
A team of Dutch forensic researchers have decrypted Tesla’s data storage system, providing access to a trove of information that could be useful in crash investigations. (The news was first reported by Reuters.)
It’s no secret that Tesla records information about its customers’ driving behavior, both to improve its advanced driver assistance system, Autopilot, and also in the event of a crash, to provide to investigators.
But researchers at the Netherlands Forensic Institute (NFI) discovered that Tesla’s vehicles store far more detailed data than previously known, including speed, accelerator pedal position, steering wheel angle, and brake usage. Some of this data can be stored for up to a year, the institute said.
https://www.theverge.com/2021/10/21/22738747/tesla-driving-data-hack-dutch-investigators-autopilot
#tesla #hacked #driving #data #dutch #forensic
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The data could have implications for crash investigators in the US
A team of Dutch forensic researchers have decrypted Tesla’s data storage system, providing access to a trove of information that could be useful in crash investigations. (The news was first reported by Reuters.)
It’s no secret that Tesla records information about its customers’ driving behavior, both to improve its advanced driver assistance system, Autopilot, and also in the event of a crash, to provide to investigators.
But researchers at the Netherlands Forensic Institute (NFI) discovered that Tesla’s vehicles store far more detailed data than previously known, including speed, accelerator pedal position, steering wheel angle, and brake usage. Some of this data can be stored for up to a year, the institute said.
https://www.theverge.com/2021/10/21/22738747/tesla-driving-data-hack-dutch-investigators-autopilot
#tesla #hacked #driving #data #dutch #forensic
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The Verge
Tesla’s driving data storage system hacked by Dutch investigators
The system stores driving data for at least a year.
Disabling JavaScript Won’t Save You from Fingerprinting
Fingerprinting is a way to identify website users without using cookies or data storage. Instead, device properties like language and installed fonts are used to create highly accurate, unique identifiers that work even if the browser has incognito mode turned on.
A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.
Check out the demo to see it in action:
Fingerprinting is a way to identify website users without using cookies or data storage. Instead, device properties like language and installed fonts are used to create highly accurate, unique identifiers that work even if the browser has incognito mode turned on.
A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.
Check out the demo to see it in action:
Fingerprinting is a way to identify website users without using cookies or data storage. Instead, device properties like language and installed fonts are used to create highly accurate, unique identifiers that work even if the browser has incognito mode turned on.
A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.
💡 Check out the demo to see it in action:
https://noscriptfingerprint.com/
The demo should show the same fingerprint, even if visitors attempt to conceal their identities using the following methods (among others):
— Requesting desktop mode in mobile browsers
— Spoofing the user agent
— Using incognito mode
— Changing the internet connection
https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/
#browser #fingerprinting #js #java #JavaScript
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Fingerprinting is a way to identify website users without using cookies or data storage. Instead, device properties like language and installed fonts are used to create highly accurate, unique identifiers that work even if the browser has incognito mode turned on.
A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.
Check out the demo to see it in action:
Fingerprinting is a way to identify website users without using cookies or data storage. Instead, device properties like language and installed fonts are used to create highly accurate, unique identifiers that work even if the browser has incognito mode turned on.
A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.
Check out the demo to see it in action:
Fingerprinting is a way to identify website users without using cookies or data storage. Instead, device properties like language and installed fonts are used to create highly accurate, unique identifiers that work even if the browser has incognito mode turned on.
A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.
💡 Check out the demo to see it in action:
https://noscriptfingerprint.com/
The demo should show the same fingerprint, even if visitors attempt to conceal their identities using the following methods (among others):
— Requesting desktop mode in mobile browsers
— Spoofing the user agent
— Using incognito mode
— Changing the internet connection
https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/
#browser #fingerprinting #js #java #JavaScript
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
DarkFi - Anonymous, Uncensored, Sovereign
DarkFi is an anonymous DeFi network. Its objective is to offer flexible private primitives that can be wielded to create any kind of application. DarkFi uses advances in zero-knowledge cryptography and creates a contracting language and developer toolkits aimed to make anonymous engineering highly accessible to developers.
Anonymity as a design space has been hitherto unexplored. DarkFi is blowing the door to this wide open. In the open air of a fully dark, anonymous system, cryptocurrency has the potential to birth new technological concepts. This can be a creative, regenerative space – the dawn of a Dark Renaissance.
https://dark.fi/
https://github.com/darkrenaissance/darkfi
#DarkFi #defi #network #anonymous #uncensored
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
DarkFi is an anonymous DeFi network. Its objective is to offer flexible private primitives that can be wielded to create any kind of application. DarkFi uses advances in zero-knowledge cryptography and creates a contracting language and developer toolkits aimed to make anonymous engineering highly accessible to developers.
Anonymity as a design space has been hitherto unexplored. DarkFi is blowing the door to this wide open. In the open air of a fully dark, anonymous system, cryptocurrency has the potential to birth new technological concepts. This can be a creative, regenerative space – the dawn of a Dark Renaissance.
https://dark.fi/
https://github.com/darkrenaissance/darkfi
#DarkFi #defi #network #anonymous #uncensored
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
211003.1205: Cybercrime
Rear Vision
Cybercrime
While #cybercrime and #cybersurveillance are commonplace today, how many of us understand their effect our everyday lives? What’s revealed in the history of cybercrime, from its rudimentary beginnings in the 1980s to today?
#truecrime #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
While #cybercrime and #cybersurveillance are commonplace today, how many of us understand their effect our everyday lives? What’s revealed in the history of cybercrime, from its rudimentary beginnings in the 1980s to today?
#truecrime #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv