βWidevine Dumpβ: Leaked Code Downloads HD Video from Disney+, Amazon, and Netflix
A GitHub user who goes by the name "Widevinedump" has published several repositories that allow people to download HD video from popular streaming platforms, including Disney+, Amazon, and Netflix. The code appears to be the real deal but the 'free' use is fairly limited and may not be very secure either.
With more ways to stream online video than ever before, protecting video continues to be a key issue for copyright holders.
This is often achieved through Digital Rights Management, which is often referred to by the initials DRM. In a nutshell, DRM is an anti-piracy tool that dictates when and where digital content can be accessed.
Widevine DRM is one of the leading players in the field. The Google-owned technology is used by many of the largest streaming services including Amazon, Netflix and Disney+. As such, keeping it secure is vital.
https://torrentfreak.com/widevine-dump-leaked-code-downloads-hd-video-from-disney-amazon-and-netflix-211227/
https://github.com/widevinedump
#leak #code #disney #amazon #netflix #download
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
A GitHub user who goes by the name "Widevinedump" has published several repositories that allow people to download HD video from popular streaming platforms, including Disney+, Amazon, and Netflix. The code appears to be the real deal but the 'free' use is fairly limited and may not be very secure either.
With more ways to stream online video than ever before, protecting video continues to be a key issue for copyright holders.
This is often achieved through Digital Rights Management, which is often referred to by the initials DRM. In a nutshell, DRM is an anti-piracy tool that dictates when and where digital content can be accessed.
Widevine DRM is one of the leading players in the field. The Google-owned technology is used by many of the largest streaming services including Amazon, Netflix and Disney+. As such, keeping it secure is vital.
https://torrentfreak.com/widevine-dump-leaked-code-downloads-hd-video-from-disney-amazon-and-netflix-211227/
https://github.com/widevinedump
#leak #code #disney #amazon #netflix #download
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Torrentfreak
'Widevine Dump": Leaked Code Downloads HD Video from Disney+, Amazon, and Netflix * TorrentFreak
A GitHub user has published repositories that allow people to download HD video from platforms, including Disney+, Amazon, and Netflix.
π1
Spider-Miner: With Great Power Comes Great Problems!
To lure in as many victims as possible, attackers must stay up to date with trending topics.
In this case, we are facing someone who has placed a Monero miner in a torrent download of what seems to be the new movie Spider-Man: No Way Home.
The file identifies itself as βspiderman_net_putidomoi.torrent.exe,β which translates from Russian to βspiderman_no_wayhome.torrent.exe.β The origin of the file is most likely from a Russian torrenting website.
This miner adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity.
https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
#spiderminer #monero #miner
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
To lure in as many victims as possible, attackers must stay up to date with trending topics.
In this case, we are facing someone who has placed a Monero miner in a torrent download of what seems to be the new movie Spider-Man: No Way Home.
The file identifies itself as βspiderman_net_putidomoi.torrent.exe,β which translates from Russian to βspiderman_no_wayhome.torrent.exe.β The origin of the file is most likely from a Russian torrenting website.
This miner adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity.
https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
#spiderminer #monero #miner
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Digital Justice Awards 2021 are open for nomination!
Is there a friend, an activist, a company, a (non-profit) organisation, a political party or a governmental agency that has done something outstanding for digital civil rights? Sign them up!
The Digital Justice Awards is a yearly award that is given to reputable instances and people who care about digital rights as much as you do.
https://digital-justice.com/articles/nominations-2021.html
#digitaljustice #award
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Is there a friend, an activist, a company, a (non-profit) organisation, a political party or a governmental agency that has done something outstanding for digital civil rights? Sign them up!
The Digital Justice Awards is a yearly award that is given to reputable instances and people who care about digital rights as much as you do.
https://digital-justice.com/articles/nominations-2021.html
#digitaljustice #award
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Digital-Justice
Digital Justice Awards 2021 are open for nomination!
This time, YOU get to decide who deserves the spotlight for promoting digital human rights.
LastPass users warned their master passwords are compromised
Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations.
The email notifications also mention that the login attempts have been blocked because they were made from unfamiliar locations worldwide.
"Someone just used your master password to try to log in to your account from a device or location we didn't recognize," the login alerts warn.
"LastPass blocked this attempt, but you should take a closer look. Was this you?"
Reports of compromised LastPass master passwords are streaming in via multiple social media sites and online platforms, including Twitter, Reddit, and Hacker News.
https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/
#lastpass
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations.
The email notifications also mention that the login attempts have been blocked because they were made from unfamiliar locations worldwide.
"Someone just used your master password to try to log in to your account from a device or location we didn't recognize," the login alerts warn.
"LastPass blocked this attempt, but you should take a closer look. Was this you?"
Reports of compromised LastPass master passwords are streaming in via multiple social media sites and online platforms, including Twitter, Reddit, and Hacker News.
https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/
#lastpass
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
BleepingComputer
LastPass users warned their master passwords are compromised
Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations.
Court Orders WhatsApp To Block Groups Sharing Pirated Newspapers
India's largest newspaper publishing group has filed a complaint at the Delhi High Court against dozens of defendants said to have illegally offered its copyrighted publications via WhatsApp. The full case will be heard next year but in the interim, WhatsApp is required to take down or block the infringing groups.
Sharing copyrighted content online is certainly nothing new but over the years the sharing mechanisms have expanded to incorporate new methods of distribution.
Where once peer-to-peer services were the obvious choice, these days people also utilize platforms such as WhatsApp, Discord and Facebook, which add social elements to the sharing experience by bringing like-minded people together, often around a central topic.
This is proving to be a problem at DB Corp Ltd, Indiaβs largest newspaper publishing group. The company publishes five newspapers with 61 editions but when people illegally share its digital content online, its ability to generate revenue comes under threat, the publisher says.
https://torrentfreak.com/court-orders-whatsapp-to-block-groups-sharing-pirated-newspapers-211228/
#whatsapp #india #pirated #newspaper
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
India's largest newspaper publishing group has filed a complaint at the Delhi High Court against dozens of defendants said to have illegally offered its copyrighted publications via WhatsApp. The full case will be heard next year but in the interim, WhatsApp is required to take down or block the infringing groups.
Sharing copyrighted content online is certainly nothing new but over the years the sharing mechanisms have expanded to incorporate new methods of distribution.
Where once peer-to-peer services were the obvious choice, these days people also utilize platforms such as WhatsApp, Discord and Facebook, which add social elements to the sharing experience by bringing like-minded people together, often around a central topic.
This is proving to be a problem at DB Corp Ltd, Indiaβs largest newspaper publishing group. The company publishes five newspapers with 61 editions but when people illegally share its digital content online, its ability to generate revenue comes under threat, the publisher says.
https://torrentfreak.com/court-orders-whatsapp-to-block-groups-sharing-pirated-newspapers-211228/
#whatsapp #india #pirated #newspaper
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Torrentfreak
Court Orders WhatsApp To Block Groups Sharing Pirated Newspapers * TorrentFreak
A court has ordered WhatsApp to block or take down groups being used by customers to share pirated copies of newspaper publications.
Media is too big
VIEW IN TELEGRAM
Stop general data retention in the EU β current plans for mass surveillance
In this joint talk, four internet freedom advocates will expose and criticize current plans for general mass collection of everyone's communication data. 2022 will bring threats to Internet freedoms but also opportunities for civil society to act.
We need to get back to basics: Let's set the default to zero mass surveillance.
β οΈ This Talk was translated into multiple languages (english/german). The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.
https://media.ccc.de/v/rc3-2021-cwtv-879-stop-general-data-rete
#ccc #rc3 #surveillance #video
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
In this joint talk, four internet freedom advocates will expose and criticize current plans for general mass collection of everyone's communication data. 2022 will bring threats to Internet freedoms but also opportunities for civil society to act.
We need to get back to basics: Let's set the default to zero mass surveillance.
β οΈ This Talk was translated into multiple languages (english/german). The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.
https://media.ccc.de/v/rc3-2021-cwtv-879-stop-general-data-rete
#ccc #rc3 #surveillance #video
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
LogMePwn
LogMePwn is a fully automated, multi-protocol, reliable, super-fast scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
π‘ Tool Highlights:
- Inherent support for automatic Canary Tokens generation using emails or webhooks.
- Multi-protocol support: HTTP, IMAP, SSH, FTP, etc.
- Support for multiple HTTP methods (GET, POST, PUT, DELETE, PATCH, etc)
- Customized HTTP request body fuzzing (JSON, XML, etc).
- Custom callback server and payload support.
- CIDR range scanning.
- Everything is multi-threaded and super fast (its written in Go).
- ...and many more. Checkout the documentation and the tool below!
https://github.com/0xInfection/LogMePwn
#LogMePwn #log4j #log4shell #vulnerability #toolkit
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
LogMePwn is a fully automated, multi-protocol, reliable, super-fast scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
π‘ Tool Highlights:
- Inherent support for automatic Canary Tokens generation using emails or webhooks.
- Multi-protocol support: HTTP, IMAP, SSH, FTP, etc.
- Support for multiple HTTP methods (GET, POST, PUT, DELETE, PATCH, etc)
- Customized HTTP request body fuzzing (JSON, XML, etc).
- Custom callback server and payload support.
- CIDR range scanning.
- Everything is multi-threaded and super fast (its written in Go).
- ...and many more. Checkout the documentation and the tool below!
https://github.com/0xInfection/LogMePwn
#LogMePwn #log4j #log4shell #vulnerability #toolkit
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
GitHub
GitHub - 0xInfection/LogMePwn: A fully automated, reliable, super-fast, scanning and validation toolkit for the Log4J RCE CVE-2021β¦
A fully automated, reliable, super-fast, scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability. - 0xInfection/LogMePwn
The Current State Of Play In Autonomous Cars
Bluster around the advent of self-driving cars has become a constant in the automotive world in recent years. Much is promised by all comers, but real-world results β and customer-ready technologies β remain scarce on the street.
Today, weβll dive in and take a look at the current state of play. What makes a self-driving car, how close are the main players, and what can we expect to come around the corner?
https://hackaday.com/2021/12/29/the-current-state-of-play-in-autonomous-cars/
#hackaday #autonomous #cars
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Bluster around the advent of self-driving cars has become a constant in the automotive world in recent years. Much is promised by all comers, but real-world results β and customer-ready technologies β remain scarce on the street.
Today, weβll dive in and take a look at the current state of play. What makes a self-driving car, how close are the main players, and what can we expect to come around the corner?
https://hackaday.com/2021/12/29/the-current-state-of-play-in-autonomous-cars/
#hackaday #autonomous #cars
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Hackaday
The Current State Of Play In Autonomous Cars
Bluster around the advent of self-driving cars has become a constant in the automotive world in recent years. Much is promised by all comers, but real-world results β and customer-ready technβ¦
Big Data May Not Know Your Name. But It Knows Everything Else
Data brokers claim that deidentified data on millions of Americans is risk-free. Lawmakers need to know that βanonymityβ is an abstraction.
Companies like Acxiom, LexisNexis, and others argue that thereβs nothing to worry about collecting and sharing Americansβ sensitive data, as long as their names and a few other identifiers arenβt attached. After all, their reasoning goes, this βanonymizedβ data canβt be linked to individuals, and is therefore harmless.
But as I testified to the Senate last week, you can basically reidentify anything. βAnonymityβ is an abstraction. Even if a company doesnβt have your name (which they probably do), they can still acquire your address, internet search history, smartphone GPS logs, and other data to pin you down. Yet this flawed, dangerous narrative persists and continues to persuade lawmakers, to the detriment of strong privacy regulation.
Data on hundreds of millions of Americansβ races, genders, ethnicities, religions, sexual orientations, political beliefs, internet searches, drug prescriptions, and GPS location histories (to name a few) are for sale on the open market, and there are far too many advertisers, insurance firms, predatory loan companies, US law enforcement agencies, scammers, and abusive domestic and foreign individuals (to name a few) willing to pay for it. There is virtually no regulation of the data brokerage circus.
Many brokers claim thereβs no need for regulation, because the data they buy and sell βisnβt linked to individualsβ simply because there isnβt, say, a βnameβ column in their spreadsheet detailing millions of Americansβ mental illnesses. The consumer credit reporting company Experian, for example, says its wide sharing of data with third parties includes information that is βnon-personal, de-identified, or anonymous.β Yodlee, the largest financial data broker in the US, has claimed that all the data it sells on Americans is βanonymous.β But corporations saying that such "anonymity" protects individuals from harm is patently false.
https://www.wired.com/story/big-data-may-not-know-your-name-but-it-knows-everything-else/
#bigdata #BigData #databrokers #privacy #ourdata
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Data brokers claim that deidentified data on millions of Americans is risk-free. Lawmakers need to know that βanonymityβ is an abstraction.
Companies like Acxiom, LexisNexis, and others argue that thereβs nothing to worry about collecting and sharing Americansβ sensitive data, as long as their names and a few other identifiers arenβt attached. After all, their reasoning goes, this βanonymizedβ data canβt be linked to individuals, and is therefore harmless.
But as I testified to the Senate last week, you can basically reidentify anything. βAnonymityβ is an abstraction. Even if a company doesnβt have your name (which they probably do), they can still acquire your address, internet search history, smartphone GPS logs, and other data to pin you down. Yet this flawed, dangerous narrative persists and continues to persuade lawmakers, to the detriment of strong privacy regulation.
Data on hundreds of millions of Americansβ races, genders, ethnicities, religions, sexual orientations, political beliefs, internet searches, drug prescriptions, and GPS location histories (to name a few) are for sale on the open market, and there are far too many advertisers, insurance firms, predatory loan companies, US law enforcement agencies, scammers, and abusive domestic and foreign individuals (to name a few) willing to pay for it. There is virtually no regulation of the data brokerage circus.
Many brokers claim thereβs no need for regulation, because the data they buy and sell βisnβt linked to individualsβ simply because there isnβt, say, a βnameβ column in their spreadsheet detailing millions of Americansβ mental illnesses. The consumer credit reporting company Experian, for example, says its wide sharing of data with third parties includes information that is βnon-personal, de-identified, or anonymous.β Yodlee, the largest financial data broker in the US, has claimed that all the data it sells on Americans is βanonymous.β But corporations saying that such "anonymity" protects individuals from harm is patently false.
https://www.wired.com/story/big-data-may-not-know-your-name-but-it-knows-everything-else/
#bigdata #BigData #databrokers #privacy #ourdata
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
WIRED
Big Data May Not Know Your Name. But It Knows Everything Else
Data brokers claim that deidentified data on millions of Americans is risk-free. Lawmakers need to know that βanonymityβ is an abstraction.
β€1
Media is too big
VIEW IN TELEGRAM
BIG DATA - 3.0 - "L1ZY"
Introducing the most advanced artificial intelligence platform in modern history...BIG DATA - 3.0 - "L1ZY"
https://www.youtube.com/watch?v=RfqM63CAC8g
#BigData #L1ZY #video #thinkabout #why
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
Introducing the most advanced artificial intelligence platform in modern history...BIG DATA - 3.0 - "L1ZY"
https://www.youtube.com/watch?v=RfqM63CAC8g
#BigData #L1ZY #video #thinkabout #why
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
Happy new year to all of you π
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
β€4π3π₯2
Media is too big
VIEW IN TELEGRAM
When Wikileaks bumped into the CIA: Operation Kudo exposed
This talk is about the experience of the Wikileaks project when it bumped into a small problem with the CIA. While it builds up on my last years talk 'CIA vs. WL' I am now able to provide a detailed report about how the operations unfolded and what it triggered; with refreshing material from various sources.
https://media.ccc.de/v/rc3-2021-chaoszone-409-when-wikileaks-bu
β οΈ This Talk was translated into multiple languages (en/ger/fr). The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.
#ccc #rc3 #wikileaks #cia #surveillance #video
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
This talk is about the experience of the Wikileaks project when it bumped into a small problem with the CIA. While it builds up on my last years talk 'CIA vs. WL' I am now able to provide a detailed report about how the operations unfolded and what it triggered; with refreshing material from various sources.
https://media.ccc.de/v/rc3-2021-chaoszone-409-when-wikileaks-bu
β οΈ This Talk was translated into multiple languages (en/ger/fr). The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.
#ccc #rc3 #wikileaks #cia #surveillance #video
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
π3π±3π₯1
Huge New Global Anti-Piracy Coalition Will Tackle Manga & Anime Piracy
Japan-based anti-piracy group CODA is building a huge coalition dedicated to tackling illegal online distribution of anime, manga and similar copyrighted content. The International Anti-Piracy Organisation will be compromised of 32 local companies including publisher Kodansha, Hollywood studios plus Netflix, and around 450 companies in China.
In the summer of 2017, some of the worldβs largest entertainment groups formed a huge coalition with a mission to reduce online piracy.
Comprised of more than 30 companies, the Alliance for Creativity is now at the forefront of global anti-piracy enforcement. By combining its membersβ resources to tackle infringement wherever it may occur in the world, the cross-border nature of piracy is now being addressed more effectively.
A new anti-piracy group set to launch this April appears to have similar goals in mind.
https://torrentfreak.com/huge-new-global-anti-piracy-coalition-will-tackle-manga-anime-piracy-220103/
#piracy #antipiracy #manga #anime
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Japan-based anti-piracy group CODA is building a huge coalition dedicated to tackling illegal online distribution of anime, manga and similar copyrighted content. The International Anti-Piracy Organisation will be compromised of 32 local companies including publisher Kodansha, Hollywood studios plus Netflix, and around 450 companies in China.
In the summer of 2017, some of the worldβs largest entertainment groups formed a huge coalition with a mission to reduce online piracy.
Comprised of more than 30 companies, the Alliance for Creativity is now at the forefront of global anti-piracy enforcement. By combining its membersβ resources to tackle infringement wherever it may occur in the world, the cross-border nature of piracy is now being addressed more effectively.
A new anti-piracy group set to launch this April appears to have similar goals in mind.
https://torrentfreak.com/huge-new-global-anti-piracy-coalition-will-tackle-manga-anime-piracy-220103/
#piracy #antipiracy #manga #anime
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Torrentfreak
Huge New Global Anti-Piracy Coalition Will Tackle Manga & Anime Piracy * TorrentFreak
Anti-piracy group CODA is building a huge coalition dedicated to tackling illegal distribution of anime, manga and similar content.
π±1
Hacker Factor on Snowflake Pluggable Transports
I missed this from earlier when Dr. Neal Krawetz posted his entry titled βTor 0day: Snowflake.β I will include the relevant part about detecting snowflake below. The other parts of his article cover the other issues with Tor covered in his previous blog posts as well as Nusenuβs discovery of an entity running hundreds of malicious Tor relays.
I also included a bit about Snowflake for those who are unaware.
https://darknetlive.com/post/hacker-factor-on-snowflake-pluggable-transports/
https://www.hackerfactor.com/blog/index.php?/archives/944-Tor-0day-Snowflake.html
π‘ Read as well:
Is βKAX17β performing de-anonymization Attacks against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
#tor #snowflake
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
I missed this from earlier when Dr. Neal Krawetz posted his entry titled βTor 0day: Snowflake.β I will include the relevant part about detecting snowflake below. The other parts of his article cover the other issues with Tor covered in his previous blog posts as well as Nusenuβs discovery of an entity running hundreds of malicious Tor relays.
I also included a bit about Snowflake for those who are unaware.
https://darknetlive.com/post/hacker-factor-on-snowflake-pluggable-transports/
https://www.hackerfactor.com/blog/index.php?/archives/944-Tor-0day-Snowflake.html
π‘ Read as well:
Is βKAX17β performing de-anonymization Attacks against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
#tor #snowflake
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Darknetlive
Hacker Factor on Snowflake Pluggable Transports | Darknetlive
I missed this from earlier when Dr. Neal Krawetz [url=https://archive.is/vO2Ue]posted[/url] his entry titled βTor 0day: Snowflake.β I will include the relevant
π1
Media is too big
VIEW IN TELEGRAM
PrivChat #6 - Privacy is a human right
If you missed the latest PrivChat - Privacy is a Human Right, you should absolutely catch the event now. This conversation about privacy, and how its central to the fight for human rights, is a great way to start the new year.
In this edition of PrivChat, we're bringing together a group of panelists with direct experience as activists or working with activist groups who will talk about their experiences with surveillance and privacy
https://nitter.pussthecat.org/torproject/status/1477749539842842625
via Twitter
https://www.youtube.com/watch?v=ttQiA_GfI6s&t
#tor #privacy #PrivChat #video
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
If you missed the latest PrivChat - Privacy is a Human Right, you should absolutely catch the event now. This conversation about privacy, and how its central to the fight for human rights, is a great way to start the new year.
In this edition of PrivChat, we're bringing together a group of panelists with direct experience as activists or working with activist groups who will talk about their experiences with surveillance and privacy
https://nitter.pussthecat.org/torproject/status/1477749539842842625
via Twitter
https://www.youtube.com/watch?v=ttQiA_GfI6s&t
#tor #privacy #PrivChat #video
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
2021.12.1_The+Spy+Next+Door_FINAL.pdf
448 KB
The Spy Next Door
The Danger of Neighborhood Surveillance Apps
https://www.stopspying.org/thespynextdoor
https://static1.squarespace.com/static/5c1bfc7eee175995a4ceb638/t/61a782ef437ba078b4a9732a/1638367984374/2021.12.1_The+Spy+Next+Door_FINAL.pdf
#stopspying #thespynextdoor #surveillance #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
The Danger of Neighborhood Surveillance Apps
https://www.stopspying.org/thespynextdoor
https://static1.squarespace.com/static/5c1bfc7eee175995a4ceb638/t/61a782ef437ba078b4a9732a/1638367984374/2021.12.1_The+Spy+Next+Door_FINAL.pdf
#stopspying #thespynextdoor #surveillance #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π1
Unmicrosofted Edge - block tracking in Microsoft Edge
Microsoft Edge is one of the worst web browsers privacy-wise, it tracks users, collects their data and sends it to Microsoft servers. But can we make Unmicrosofted Edge even though it is closed source? It seems that it could be (somewhat) possible.
If we cannot modify the closed source Microsoft Edge code to prevent sending requests, we can at least build a wall around it to block them. Therefore I have extracted Microsoft domains from the msedge.dll file using strings command. It is a long list of domains. I combined it with some other Microsoft tracking domains and made the /etc/hosts file for blocking Microsoft Edge tracking domains, which you should download and append to your system /etc/hosts file (on Windows it is %WinDir%\System32\drivers\etc\hosts).
And Voila! Here we have (sort of) Unmicrosofted Edge - no Microsoft, no Bing.
π‘ Hosts file:
https://gist.github.com/niutech/1f1c1518ce0eba7e8d429c812d39493d
π‘ Microsoft Edge is one of the worst web browsers privacy-wise:
https://www.kuketz-blog.de/microsoft-edge-datensendeverhalten-desktop-version-browser-check-teil4/
https://old.reddit.com/r/edge/comments/rvumg1/unmicrosofted_edge_block_tracking_in_microsoft/
#unmicrosofted #browser #edge #microsoft #tracking #privacy
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Microsoft Edge is one of the worst web browsers privacy-wise, it tracks users, collects their data and sends it to Microsoft servers. But can we make Unmicrosofted Edge even though it is closed source? It seems that it could be (somewhat) possible.
If we cannot modify the closed source Microsoft Edge code to prevent sending requests, we can at least build a wall around it to block them. Therefore I have extracted Microsoft domains from the msedge.dll file using strings command. It is a long list of domains. I combined it with some other Microsoft tracking domains and made the /etc/hosts file for blocking Microsoft Edge tracking domains, which you should download and append to your system /etc/hosts file (on Windows it is %WinDir%\System32\drivers\etc\hosts).
And Voila! Here we have (sort of) Unmicrosofted Edge - no Microsoft, no Bing.
π‘ Hosts file:
https://gist.github.com/niutech/1f1c1518ce0eba7e8d429c812d39493d
π‘ Microsoft Edge is one of the worst web browsers privacy-wise:
https://www.kuketz-blog.de/microsoft-edge-datensendeverhalten-desktop-version-browser-check-teil4/
https://old.reddit.com/r/edge/comments/rvumg1/unmicrosofted_edge_block_tracking_in_microsoft/
#unmicrosofted #browser #edge #microsoft #tracking #privacy
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Gist
/etc/hosts file for blocking Microsoft Edge tracking domains (and more)
/etc/hosts file for blocking Microsoft Edge tracking domains (and more) - hosts
The Thales security group attacked by Lockbit ransomware
The Lockbit ransomware gangβs website states that it has infiltrated the Thales group and offers the company around 13 days to pay ransom before exposing the data it has exfiltrated to the public.
While ransomware had a busy year in 2021, the new 2022 is unlikely to offer a break. Among the first targets of the year is Thales Group β a French multinational company headquartered in Parisβ business district, that provides services for the defense, aerospace, transportation, and security markets.
A cyberattack against the electronics company has just been claimed by the gang behind the Lockbit ransomware. There have been no details on the attack, but on their website, the cybercriminals have given a countdown of about 13 days to allow the Thales Group to negotiate a ransom before its data gets publicly released.
The Thales Group has commented on the case, noting that they are aware of an alleged βLockbit ransomwareβ attack targeting data belonging to the Thales group.
The company has made it clear that they are taking this still unfounded allegation β and whatever source it comes from β seriously, despite the fact that they have not received any direct ransom notification from anyone.
The matter is presently being investigated by a committed team of security experts. At the time of this writing, Thales claims that there is no concrete evidence of this incident, however, they are continuing their investigation with an extreme focus on the protection of their data as a top concern.
https://howtoremove.guide/thales-ransomware/
#thales #ransomware #lockbit
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
The Lockbit ransomware gangβs website states that it has infiltrated the Thales group and offers the company around 13 days to pay ransom before exposing the data it has exfiltrated to the public.
While ransomware had a busy year in 2021, the new 2022 is unlikely to offer a break. Among the first targets of the year is Thales Group β a French multinational company headquartered in Parisβ business district, that provides services for the defense, aerospace, transportation, and security markets.
A cyberattack against the electronics company has just been claimed by the gang behind the Lockbit ransomware. There have been no details on the attack, but on their website, the cybercriminals have given a countdown of about 13 days to allow the Thales Group to negotiate a ransom before its data gets publicly released.
The Thales Group has commented on the case, noting that they are aware of an alleged βLockbit ransomwareβ attack targeting data belonging to the Thales group.
The company has made it clear that they are taking this still unfounded allegation β and whatever source it comes from β seriously, despite the fact that they have not received any direct ransom notification from anyone.
The matter is presently being investigated by a committed team of security experts. At the time of this writing, Thales claims that there is no concrete evidence of this incident, however, they are continuing their investigation with an extreme focus on the protection of their data as a top concern.
https://howtoremove.guide/thales-ransomware/
#thales #ransomware #lockbit
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Virus Removal Guides
Lockbit ransomware attack on the Thales security group
The Lockbit ransomware gang's website states that it has infiltrated the Thales group and offers the company around 13 days to pay ransom.
π1
Call of Duty Cheat Maker βEngineOwningβ Sued By Activision Under The DMCA
Activision has filed a copyright infringement lawsuit against business entities and individuals allegedly offering cheats for its Call of Duty games. According to the complaint, the defendants supply tools via EngineOwning.to that violate the anti-circumvention provisions of the DMCA, spoil the gaming experience for legitimate players, and damage Activision's reputation.
...(...)... Lawsuit Filed in the United States
Filed in a California district court yesterday, the complaint targets EngineOwning UG, CMN Holdings S.A, six named individuals (Valentin Rick, Leonard Bugla, Leon Frisch, Ignacio Gayduchenko, Marc-Alexander Richts, Alexander Kleeman) and 50 βDoeβ defendants.
βBy this lawsuit, Activision seeks to put a stop to unlawful conduct by an organization that is distributing and selling for profit numerous malicious software products designed to enable members of the public to gain unfair competitive advantages (i.e., to cheat) in the COD Games. These ongoing activities damage Activisionβs games, its overall business, and the experience of the COD player community,β the lawsuit begins.
The defendants allegedly develop and distribute (via the website at EngineOwning.to) a portfolio of cheats and hacks for popular online games, including those in the Call of Duty series. According to Activision, the defendants are also preparing new cheating software for Overwatch, which is published by its affiliate Blizzard Entertainment.
βThe Cheating Software enables players to manipulate the COD Games to their personal advantage, such as by automatically aiming weapons, revealing the locations of opponents, and allowing the player to see information that is not normally available to players because it would give them an unfair advantage within the game,β Activision adds.
https://torrentfreak.com/call-of-duty-cheat-maker-engineowning-sued-by-activision-under-the-dmca-210106/
π‘ Lawsuit (PDF)
#engineowning #dmca #activision #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Activision has filed a copyright infringement lawsuit against business entities and individuals allegedly offering cheats for its Call of Duty games. According to the complaint, the defendants supply tools via EngineOwning.to that violate the anti-circumvention provisions of the DMCA, spoil the gaming experience for legitimate players, and damage Activision's reputation.
...(...)... Lawsuit Filed in the United States
Filed in a California district court yesterday, the complaint targets EngineOwning UG, CMN Holdings S.A, six named individuals (Valentin Rick, Leonard Bugla, Leon Frisch, Ignacio Gayduchenko, Marc-Alexander Richts, Alexander Kleeman) and 50 βDoeβ defendants.
βBy this lawsuit, Activision seeks to put a stop to unlawful conduct by an organization that is distributing and selling for profit numerous malicious software products designed to enable members of the public to gain unfair competitive advantages (i.e., to cheat) in the COD Games. These ongoing activities damage Activisionβs games, its overall business, and the experience of the COD player community,β the lawsuit begins.
The defendants allegedly develop and distribute (via the website at EngineOwning.to) a portfolio of cheats and hacks for popular online games, including those in the Call of Duty series. According to Activision, the defendants are also preparing new cheating software for Overwatch, which is published by its affiliate Blizzard Entertainment.
βThe Cheating Software enables players to manipulate the COD Games to their personal advantage, such as by automatically aiming weapons, revealing the locations of opponents, and allowing the player to see information that is not normally available to players because it would give them an unfair advantage within the game,β Activision adds.
https://torrentfreak.com/call-of-duty-cheat-maker-engineowning-sued-by-activision-under-the-dmca-210106/
π‘ Lawsuit (PDF)
#engineowning #dmca #activision #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Torrentfreak
Call of Duty Cheat Maker 'EngineOwning' Sued By Activision Under The DMCA * TorrentFreak
Activision has filed a copyright infringement lawsuit against business entities and individuals offering cheats for its Call of Duty games.
π2π±2
IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks
Security researcher discovers how to send unlimited HTTP requests with the same client
An IP spoofing vulnerability in Django REST allowed attackers to circumvent the frameworkβs throttling feature, which is supposed to protect applications against mass requests.
Django REST is a popular toolkit for developing web APIs and is used by Mozilla, Red Hat, and Heroku among others. It has a throttling feature that controls the rates of requests a client can make to the API.
This feature is meant to protect applications against bot activity, denial-of-service attacks, and malicious activities such as brute-force attempts on login pages, one-time passwords, and password reset pages.
https://portswigger.net/daily-swig/ip-spoofing-bug-leaves-django-rest-applications-open-to-ddos-password-cracking-attacks
#ip #spoofing #bug #django #rest #ddos #attacks
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Security researcher discovers how to send unlimited HTTP requests with the same client
An IP spoofing vulnerability in Django REST allowed attackers to circumvent the frameworkβs throttling feature, which is supposed to protect applications against mass requests.
Django REST is a popular toolkit for developing web APIs and is used by Mozilla, Red Hat, and Heroku among others. It has a throttling feature that controls the rates of requests a client can make to the API.
This feature is meant to protect applications against bot activity, denial-of-service attacks, and malicious activities such as brute-force attempts on login pages, one-time passwords, and password reset pages.
https://portswigger.net/daily-swig/ip-spoofing-bug-leaves-django-rest-applications-open-to-ddos-password-cracking-attacks
#ip #spoofing #bug #django #rest #ddos #attacks
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π4π₯2π1