VPN Provider Agrees to Block Torrent Traffic and The Pirate Bay on U.S. Servers

VPN Unlimited has settled a copyright lawsuit filed by several movie companies. The VPN provider stood accused of failing to take action against subscribers who were pirating films. As part of the settlement, the company agreed to block BitTorrent traffic and prominent pirate sites including 'Pirate Bay,' 'YTS', and 'RARBG' on U.S. servers.

https://torrentfreak.com/vpn-provider-agrees-to-block-torrent-traffic-and-the-pirate-bay-on-u-s-servers-220117/

#vpn #torrent #blocking #thepiratebay #usa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Adblocking Does Not Constitute Copyright Infringement, Court Rules

Axel Springer has lost its copyright infringement lawsuit against Eyeo GmbH, the company behind Adblock Plus. The German publishing house, which owns the Bild and Die Welt brands, among others, claimed that adblockers interfere with the presentation of websites in browsers, thus breaching copyright. In a victory for Eyeo, the Hamburg District Court has dismissed the case.

In order to finance their operations, millions of websites rely on advertising to generate revenue. For some readers, however, excessive or obtrusive advertising is something to be combatted, often through the use of adblocking tools.

Developed by German company Eyeo GmbH and available on Firefox, Chrome, Safari, Android and iOS, one of the most popular tools is AdBlock Plus. It’s able to drastically reduce the volume of advertising seen by its users but that didn’t sit well with publishing giant Axel Springer.

The publisher, which owns Bild and Die Welt, among others, claimed that AdBlock Plus and its users interfere with its business model so in response took legal action to bring that to an end. However, after trips through regional courts and eventually Germany’s Supreme Court, in April 2018 Adblock Plus and Eyeo came out on top having been found not in breach of competition law.

https://torrentfreak.com/adblocking-does-not-constitute-copyright-infringement-court-rules-220118/

#springer #court #germany #adblock #adblockplus #copyright #infringement
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Israel police uses NSO’s Pegasus to spy on citizens

Mayors, leaders of political protests against former Prime Minister Benjamin Netanyahu, and former governmental employees, were among those tracked by police without a search or bugging warrant authorizing the surveillance

Israel police uses NSO’s Pegasus spyware to remotely hack phones of Israeli citizens, control them and extract information from them, Calcalist has revealed. Among those who had their phones broken into by police are mayors, leaders of political protests against former Prime Minister Benjamin Netanyahu, former governmental employees, and a person close to a senior politician. Calcalist learned that the hacking wasn’t done under court supervision, and police didn’t request a search or bugging warrant to conduct the surveillance. There is also no supervision on the data being collected, the way police use it, and how it distributes it to other investigative agencies, like the Israel Securities Authority and the Tax Authority.

One of the problematic instances that has been uncovered is the tracking of activists in the protests against former Prime Minister Benjamin Netanyahu while he was still in office. The protests against Netanyahu gathered momentum during 2020 as the Covid-19 pandemic hit the country and the first lockdowns were imposed on Israelis. With the level of anxiety in the Netanyahu government continually rising, efforts were made to reduce the magnitude of the protests through the use of judicial and procedural tools, with police increasing the force and violence against protesters, the leaders in particular.

https://archive.ph/yt1E0

via calcalistech.com

#israel #nso #surveillance
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Safari and iOS users: Your browsing activity is being leaked in real time

Unfixed bug violating the Internet's most foundational rules is easy to exploit.

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.

The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab.

https://arstechnica.com/information-technology/2022/01/safari-and-ios-bug-reveals-your-browsing-activity-and-id-in-real-time/

#safari #ios #iPadOS #exploit
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The EU Wants Its Own DNS Resolver that Can Block ‘Unlawful’ Traffic

The EU is planning to develop its own government-run DNS resolver. The project dubbed DNS4EU is meant to offer a counterweight to the popular resolvers that are mostly based in the U.S. Aside from offering privacy and security to users, the DNS solution will also be able to block "illegal" websites, including pirate sites.

https://torrentfreak.com/the-eu-wants-its-own-dns-resolver-that-can-block-unlawful-traffic-220119/

#eu #dns
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Ads may be coming to KDE, the popular Linux desktop

Qt, the framework that powers the KDE desktop, is announcing support for ads in client-side applications. This means that application developers will now be able to serve ads in traditional desktop applications like KdenLive. Windows users have been dealing with this in Metro UI apps since Windows 8 and it’s something that’s never gone over well on the desktop.

While it’s doubtful you’ll see ads in KDE’s core applications, it would be possible for distributions that wish to further monetize their work to fork these applications, placing ads in them. From the press release:

"Our focus is to fill an existing gap in the Qt framework for developers using Qt for mobile and desktop applications. We want to enable the easy integration of advertising. Our offering aims to disrupt the IoT industry, enabling new business models and business cases that before were not possible. We enable Qt users to insert advertising as a native component to complex user interfaces."

https://www.neowin.net/news/ads-may-be-coming-to-kde-the-popular-linux-desktop/

#kde #linux #advertising
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Meet the NSA spies shaping the future

In his first interview as leader of the NSA's Research Directorate, Gil Herrera lays out challenges in quantum computing, cybersecurity, and the technology American intelligence needs to master to secure and spy into the future.

For someone with a deeply scientific job, Gil Herrera has a nearly mystical mandate: Look into the future and then shape it, at the level of strange quantum physics and inextricable math theorems, to the advantage of the United States.

Herrera is the newly minted leader of the National Security Agency’s Research Directorate. The directorate, like the rest of the NSA, has a dual mission: secure American systems and spy on the rest of the world. The budget is classified, a secret among secrets, but the NSA is one of the world’s largest spy agencies by any measure and Herrera’s directorate is the entire US intelligence community’s biggest in-house research and development arm. The directorate must come up with solutions to problems that are not yet real, in a world that doesn’t yet exist.

https://www.technologyreview.com/2022/02/01/1044561/meet-the-nsa-spies-shaping-the-future/

#nsa #research
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Study: Using Stylometry to Detect Cross-Market Vendor Profiles

Researchers analyzed the literary style of darkweb vendors to identify vendors using different identities.

Using stylometry, researchers analyzed thousands of vendor identities on four darkweb marketplaces and linked more than 700 identities. The study involved the collection of information nodes, which included vendor profiles from four defunct marketplaces, including Valhalla (522), Dream Market (2,547), Evolution (1,650), and Silk Road 2 (681).

https://darknetlive.com/post/study-using-stylometry-to-detect-a-vendors-alternate-profiles/

PDF:
https://darknetlive.com/post/study-using-stylometry-to-detect-a-vendors-alternate-profiles/documents/fingerprints.pdf

#study #stylometry #fingerprints #darkweb #marketplaces #vendors #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

FBI Admits Purchasing NSO Group's Pegasus Spyware

The FBI purchased the NSO Group’s Pegasus spyware but only for “testing and evaluation,” they claimed.

The Federal Bureau of Investigation confirmed to The Guardian that the Bureau had purchased a license to access Pegasus for “product testing and evaluation only.” NSO Group, an Israeli firm, sells spyware and hacking tools to “government intelligence and law enforcement agencies” across the globe. The company’s products are “classified as a military export by Israel.” Pegasus is “one of the world’s most sophisticated hacking tools.

https://darknetlive.com/post/fbi-admits-purchasing-nso-group-s-pegasus-spyware/

#fbi #pegasus #nso #spyware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

SentryPeer

A distributed peer to peer list of bad actor IP addresses and phone numbers collected via a SIP Honeypot.

This is basically a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call. Those details are then used to block them at the service providers network and the next time a user/customer tries to call a collected number, it’s blocked.

Traditionally this data is shipped to a central place, so you don’t own the data you’ve collected. This project is all about Peer to Peer sharing of that data. The user owning the data and various Service Provider / Network Provider related feeds of the data is the key bit for me. I’m sick of all the services out there that keep it and sell it. If you’ve collected it, you should have the choice to keep it and/or opt in to share it with other SentryPeer community members via p2p methods.

https://sentrypeer.org/

#sentrypeer #fraud #detection #tool
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Matrix vs. XMPP

What are XMPP and Matrix and what makes them special?

XMPP and Matrix are two decentralized and federated free software projects for chat, including true end-to-end encrypted chat.

Users can either install the software on their own server if they want, but they can also easily register on any public server—both allow any XMPP or Matrix user to talk to users on their server or on any other one. In essence, it works like email: you might have an email account on a different site than your friend, but all accounts on all sites can communicate.

In a world where most communication is done on centralized proprietary platforms without end-to-end encryption like Facebook, Telegram and Google, Matrix and XMPP both are permanent solutions to communication privacy. Even based boomerware like IRC has to play second fiddle to them.

The only question is, "Which is better? XMPP or Matrix?"

https://lukesmith.xyz/articles/matrix-vs-xmpp

💡 Read as well:
Internet Messaging versus Congested Network

#matrix #xmpp #privacy #amdocs #israel #intelligence
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

"Your account has been deactivated"

I've received that message today. I'm from Belarus.

"We noticed an issue when verifying your account. The legal entity information associated with your account fully matches a restricted party or one or more parties from the United States government's consolidated screening list, another government's sanctions list, or a restricted regions list."

I know nothing about sanctions but I'm 100% sure that's how sanctions should not work by discriminating developers from country which governments appeared in any sanctions list.

https://developer.apple.com/forums/thread/700036

#apple #developers #belarus #sanctions #usa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Foreign Office target of 'serious cyber incident'

The UK's Foreign, Commonwealth and Development Office (FCDO) was the target of a "serious cyber-security incident", it has emerged.

The details came via a tender document published on a government website, seemingly by mistake.

It revealed that cyber-security firm BAE Systems Applied Intelligence was called on for "urgent support".

The BBC understands unidentified hackers got inside the FCDO systems, but were detected.

https://www.bbc.co.uk/news/technology-60309335

#uk #fcdo #hacked
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Belarusian activists hacked railway servers in order to interfere with Russian troop relocations.

Hackers knows as "Cyber Guerillas" have hacked and encrypted the servers and the database of the Belarus railroad company. The backups were deleted as well. The goal of the attack was to make it harder for the Russian army to move its troops into Belarus.

#Russia has been gathering troops near Ukrainian borders for several months now. Earlier, #Belarus and Russia announced joint military exercises in February.

OATHqr - Turn your secrets into scannable QR codes

OATHqr helps you create security credentials for use with 2FA/MFA and other OATH-enabled apps. Use it to generate scannable QR codes for one-time password authenticator apps such as Aegis or YubiKey. Or skip the QR code altogether and paste the formatted otpauth URI it creates directly into OpenPGP-activated password managers such as the remarkable Pass standard unix password manager.

💡 Features:

- Makes no external requests and may be run completely offline.

- Installable application can be added to mobile device home screen.

- Friendly form accessible to both sighted and non-sighted users.

- Utilizes strict default-src Content-Security Policy as sandbox.

- Proactively disables Google FLoC surveillance for affected users.

- Promotes ethical software alternatives to Google Authenticator.

- Automatic light/dark color scheme based on system preference.

https://codeberg.org/vhs/oathqr

#oathqr #qrcodes #2fa #mfa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Binance, led by the world’s richest crypto billionaire, is taking a $200 million stake in Forbes

Binance, the world's biggest cryptocurrency exchange, is making a $200 million strategic investment in Forbes, the 104-year-old magazine and digital publisher, CNBC has learned.

The funds will help Forbes execute on its plan to merge with a publicly traded special purpose acquisition company, or SPAC, in the first quarter, according to people with knowledge of the deal.

Investors have grown skeptical of SPAC deals generally, and media deals in particular, in recent months amid the broader stock market retrenchment. Binance will replace half of the $400 million in commitments from institutional investors announced by Forbes in August, said the people, who declined to be identified before the transaction is announced.

That would make Binance one of the top two biggest owners of Forbes, which will be listed on the New York Stock Exchange under the ticker FRBS, the people said. The crypto company will also get two directors out of nine total board seats, they said.

The move shows the increasing real-world influence of the crypto sector, which has seen surging valuations and minted a new class of billionaires amid global interest in digital assets. While crypto companies have gone public, affixed their names to sports arenas and flooded airwaves with celebrity endorsements, this is the sector's first big investment in a traditional U.S. media property.

https://www.cnbc.com/2022/02/10/forbes-spac-binance-led-by-the-worlds-richest-crypto-billionaire-is-taking-a-200-million-stake-in-forbes-.html

#binance #crypto #forbes
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Bvp47: Top-tier Backdoor of US NSA Equation Group

In 2016 and 2017, “The Shadow Brokers” published two batches of hacking files claimed to be used by
“The Equation Group”. In these hacking files, researchers form Pangu Lab found the private key that can
be used to remotely trigger the backdoor Bvp47. Therefor, It can be concluded that Bvp47 is a hacker tool
belonging to " The Equation Group".

https://files.shitpost.to/rvfxfdj9zmajdtww.pdf?key=SxiRfjPs1SFpxU2gUK5PBmx08w2KTIL7

⚠️ I strongly advise everyone to pass pdfs through something like DangerZone or MAT2 before opening them.

#Bvp47 #nsa #backdoor #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

email2phonenumber

email2phonenumber is an OSINT tool that allows you to obtain a target's phone number just by having his email address.

💡 For full details check:
https://www.martinvigo.com/email2phonenumber

💡 Demo:
https://www.youtube.com/watch?v=dfvqhDUn81s

‼️ IMPORTANT:
*email2phonenumber is a proof-of-concept tool I wrote during my research on new OSINT methodologies to obtain a target's phone number. The supported services (Ebay, Lastpass, Amazon and Twitter) have long added protections to protect from these type of scraping like having to receive a code over email first or simply adding captchas. There are of course many other sites that are still leaking phone number digits but I am focused on other research projects. Feel free to submit pull request if you want to add support for new sites.

Please check out my newer tool "Phonerator", which is maintained and focuses on the novel aspect of this research, generating valid phone numbers. See more details. There is also a small OSINT challenge in there... ;)

https://github.com/martinvigo/email2phonenumber

https://www.martinvigo.com/tools/phonerator/

#osint #email2phonenumber #phonerator
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Ukraine calls on hacker underground to defend against Russia

Feb 24 (Reuters) - The government of Ukraine is asking for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according two people involved in the project.

As Russian forces attacked cities across Ukraine, requests for volunteers began to appear on hacker forums on Thursday morning, as many residents fled the capital Kyiv. read more

"Ukrainian cybercommunity! It's time to get involved in the cyber defense of our country," the post read, asking hackers and cybersecurity experts to submit an application via Google docs, listing their specialties, such as malware development, and professional references.

Yegor Aushev, co-founder of a cybersecurity company in Kyiv, told Reuters he wrote the post at the request of a senior Defense Ministry official who contacted him on Thursday. Aushev's firm Cyber Unit Technologies is known for working with Ukraine's government on the defense of critical infrastructure.

https://www.reuters.com/world/exclusive-ukraine-calls-hacker-underground-defend-against-russia-2022-02-24/

#ukraine #russia #hacker #cyberdefence
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Bye fsb.ru

https://nitter.pussthecat.org/YourAnonNews/status/1500169119219466251

via Twitter

💡 Read as well:
Anonymous has taken down the FSB website

#OpRussia #anonymous #fsb
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv